| 4.1 — 4.4 |
Context: internal/external issues, interested parties, SMS scope, general requirements |
Context analysis
Interested parties register
Scope statement
SMS manual
Third-party services policy
|
| 5.1 — 5.3 |
Leadership: management commitment, service management policy, roles and responsibilities |
SMS policy
Management commitment
RACI matrix
Role descriptions
SMS organizational chart
|
| 6.1 — 6.3 |
Planning: actions to address risks and opportunities, objectives, SMS change planning |
Risk procedure
Risk register
SMS objectives
Service management plan
SMS changes
|
| 7.1 — 7.5 |
SMS support: resources, competence, awareness, communication, documentation |
Resource management
Competency matrix
Training plan
Awareness
Communication procedure
Document control
Records management
|
| 7.6 |
Knowledge management: determine, maintain, share knowledge needed for the SMS and services (new clause 2018) |
Knowledge management procedure
Knowledge base
Lessons-learned form
Dissemination procedure
|
| 8.1 — 8.2 |
Operational planning, service portfolio, lifecycle stakeholder control, service catalog, asset and configuration management |
Operational planning
Service portfolio
Service catalog
Third-party control
Asset management
Configuration management
Configuration information
|
| 8.3.1 — 8.3.4 |
Business relationship, service level management, external supplier management (contract) and internal (documented agreement) |
Business relationship
SLM procedure
SLA template
External supplier contract
Internal supplier agreement
Complaint management
|
| 8.4.1 — 8.4.3 |
Supply and demand: service budgeting and accounting, demand management, capacity management |
Service budgeting
Service accounting
Billing template
Demand management
Capacity management
Capacity requirements
|
| 8.5.1 — 8.5.3 |
Change management policy, change procedure, design and transition of new/changed services, release and deployment management |
Change policy
Change procedure
Design & transition
Acceptance criteria
Release management
Release types and frequency
Release plan
|
| 8.6.1 — 8.6.3 |
Incident management (including major incidents), service request management, problem management |
Incident management
Major incidents
Service requests
Problem management
Escalation tree
|
| 8.7.1 — 8.7.3 |
Service assurance: availability management, continuity management, information security management (policy, controls, incidents) — aligned with HIPAA Security Rule and SOC 2 |
Availability management
Availability requirements
Continuity management
Continuity plan(s)
Information security policy
Security controls
Information security incidents
|
| 9.1 — 9.3 |
Monitoring, measurement, analysis, evaluation; internal audit; management review (12 mandatory inputs) |
Monitoring and measurement
SMS dashboard
Customer satisfaction
Internal audit procedure
Audit program
Management review
Review agenda
|
| 9.4 |
Service reporting: reporting requirements, trends, decisions and actions based on reports |
Service reporting procedure
Service report template
SLA report template
Monthly SMS report
|
| 10.1 — 10.2 |
Nonconformities and corrective actions, continual improvement with opportunity evaluation criteria |
Nonconformity management
Corrective actions
NC register
Continual improvement
Evaluation criteria
CSI register
|
| Not included |
Elements specific to each organization and its ITSM tooling — which must be filled in or configured case by case by your team |
Filled-in configuration information (real inventory)
SLAs signed with customers
Signed external supplier contracts
ITSM tool configuration
Technical runbooks per service
Operational technical procedures (per infrastructure)
Tested continuity plan (DRP)
|