1、BS ISO/IEC 30105-5:2016 Information technology IT Enabled Services-Business Process Outsourcing (ITES-BPO) lifecycle processes Part 5: Guidelines BSI Standards Publication WB11885_BSI_StandardCovs_2013_AW.indd 1 15/05/2013 15:06BS ISO/IEC 30105-5:2016 BRITISH STANDARD National foreword This British
2、Standard is the UK implementation of ISO/IEC 30105-5:2016. The UK participation in its preparation was entrusted to Technical Committee IST/60, IT Service Management and IT Governance. A list of organizations represented on this committee can be obtained on request to its secretary. This publication
3、 does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. The British Standards Institution 2016. Published by BSI Standards Limited 2016 ISBN 978 0 580 88923 3 ICS 35.080 Compliance with a British Standard cannot confer immunity from
4、 legal obligations. This British Standard was published under the authority of the Standards Policy and Strategy Committee on 30 November 2016. Amendments/corrigenda issued since publication Date T e x t a f f e c t e dBS ISO/IEC 30105-5:2016 Information technology IT Enabled Services-Business Proce
5、ss Outsourcing (ITES-BPO) lifecycle processes Part 5: Guidelines Technologies de linformation Processus du cycle de vie de la dlocalisation du processus daffaires des services activs par IT Partie 5: Lignes directrices INTERNATIONAL STANDARD ISO/IEC 30105-5 Reference number ISO/IEC 30105-5:2016(E) F
6、irst edition 2016-11-15 ISO/IEC 2016 BS ISO/IEC 30105-5:2016ii ISO/IEC 2016 All rights reserved COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2016, Published in Switzerland All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by a
7、ny means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Ch. de Blandonnet 8 CP 4
8、01 CH-1214 Vernier, Geneva, Switzerland Tel. +41 22 749 01 11 Fax +41 22 749 09 47 copyrightiso.org www.iso.org ISO/IEC 30105-5:2016(E)BS ISO/IEC 30105-5:2016ISO/IEC 30105-5:2016(E)Foreword iv Introduction v 1 Scope . 1 2 Normative references 1 3 T erms and definitions . 1 4 Purpose 2 5 ITES-BPO pro
9、cess context . 3 6 ITES-BPO process structure 4 7 Stak eholders and stak eholder v alue definition . 8 8 Process reference model .10 9 Process assessment model 11 10 Framework for assessment of process capability .15 10.1 Components of assessment .15 10.2 Measurement framework .17 11 Organization ma
10、turity model 19 12 Process capability assessment 22 12.1 Process capability initiation 22 12.2 Process assessment output 22 13 Process risk determination 24 13.1 Process risk determination Introduction 24 13.2 Process risk determination Steps25 13.2.1 Step 1 Initiate process risk determination 25 13
11、.2.2 Step 2 Set target capability .26 13.2.3 Step 3 Assess current capability 26 13.2.4 Step 4 Determine proposed capability .26 13.2.5 Step 5 Verify proposed capability .27 13.2.6 Step 6 Analyse process related risks and act on results 27 14 Process improvement .28 14.1 Process improvement purpose
12、and outcomes 28 14.2 Types of process improvement 28 14.3 Process improvement programme .30 14.3.1 Examine organizations business goals to set improvement objectives .30 14.3.2 Initiate process improvement cycle .31 14.3.3 Identify improvement areas 32 14.3.4 Analyse assessment strengths and weaknes
13、ses 32 14.3.5 Review organizational improvement objectives .33 14.3.6 Generate and identify improvement areas .33 14.3.7 Derive action plan 33 14.3.8 Implement improvements 34 14.3.9 Monitoring implementation 35 14.3.10 Confirm improvements .35 14.3.11 Sustain and monitor improvements 35 Bibliograph
14、y .37 ISO/IEC 2016 All rights reserved iii Contents PageBS ISO/IEC 30105-5:2016ISO/IEC 30105-5:2016(E) Foreword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies
15、that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other inte
16、rnational organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. The procedures used to develop this document and those intended for it
17、s further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directi
18、ves). Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be
19、in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents). Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement. For an explanation on the meaning of ISO specific terms and expressions
20、 related to conformit y assessment, as well as information about ISOs adherence to the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following URL: www.iso.org/iso/foreword.html. The committee responsible for this document is ISO/IEC JTC 1, Information te
21、chnology, Subcommittee SC 40, IT Service Management and IT Governance. A list of all parts in the ISO/IEC 30105 series can be found on the ISO website.iv ISO/IEC 2016 All rights reservedBS ISO/IEC 30105-5:2016ISO/IEC 30105-5:2016(E) Introduction ITES-BPO services encompass the delegation of one or m
22、ore IT enabled business processes to a service provider who uses appropriate technology to deliver service. Such a service provider manages, delivers, improves and administers the outsourced business processes in accordance with predefined and measurable performance metrics. This covers diverse busi
23、ness process areas such as finance, human resource management, administration, health care, banking and financial services, supply chain management, travel and hospitality, media, market research, analytics, telecommunication, manufacturing, etc. These services provide business solutions to customer
24、s across the globe and form part of the core service delivery chain for customers. ISO/IEC 30105 (all parts) specifies the lifecycle processes requirements involved in the ITES-BPO industry. It provides an overarching standard for all aspects of ITES-BPO industry from the view of the service provide
25、r that performs the outsourced business processes. This is applicable for any ITES- BPO service provider providing services to customers through contracts and in industry verticals. It covers the entire outsourcing lifecycle and defines the processes that are considered to be good practices. It is a
26、n improvement standard that enables risk determination and improvement for service providers performing outsourced business processes. It also serves as a process reference model for service providers. It focuses on IT enabled business processes which are outsourced. It is generic and can be applied
27、 to all IT enabled business process outsourced services, regardless of type, size and the nature of the services delivered. Process improvement implemented using ISO/IEC 30105 (all parts) can lead to clear return on investment for customers and service providers. Alignment to ISO/IEC 30105 (all part
28、s) can improve consistency, delivery quality and predictability in delivery of services. Figure 1 illustrates the key entities and relationships involved in an ITES-BPO service. It includes the customer, the ITES-BPO service provider and various levels of suppliers. This is in line with the supply c
29、hain relationship depicted in ISO/IEC 20000-1:2011, 7.2. Figure 1 ITES-BPO key entities This document provides guidance to the other parts of ISO/IEC 30105 and the requirements for assessing processes. This document, in such a context, provides guidance on the application of the process assessment m
30、odel, how to strategically leverage the assessment and then how to use it in the context of an improvement programme for an ITES-BPO organization. ISO/IEC 2016 All rights reserved vBS ISO/IEC 30105-5:2016BS ISO/IEC 30105-5:2016Information technology IT Enabled Services-Business Process Outsourcing (
31、ITES-BPO) lifecycle processes Part 5: Guidelines 1 Scope ISO/IEC 30105 specifies the lifecycle process requirements performed by the IT enabled business process outsourcing service provider for the outsourced business processes. It defines the processes to plan, establish, implement, operate, monito
32、r, review, maintain and improve its services. This document: covers IT enabled business processes that are outsourced; is not intended to cover IT services but includes similar, relevant process for completeness; is applicable to the service provider, not to the customer; is applicable to all lifecy
33、cle processes of ITES-BPO; provides guidance on application of the process assessment model, how to strategically leverage the assessment and to use it in the context of an improvement programme or risk assessment for an ITES-BPO service provider organization. 2 Normative references The following do
34、cuments are referred to in the text in such a way that some or all of their content constitutes requirements of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO/IEC 30105
35、-2:2016, Information technology IT Enabled Services-Business Process Outsourcing (ITES-BPO) lifecycle processes Part 2: Process assessment model (PAM) ISO/IEC 30105-3:2016, Information technology IT Enabled Services-Business Process Outsourcing (ITES- BPO) lifecycle processes Part 3: Measurement fra
36、mework (MF) and organization maturity model (OMM) ISO/IEC 33020, Information technology Process assessment Process measurement framework for assessment of process capability 3 T erms a nd definiti ons For the purposes of this document, the terms and definitions given in ISO/IEC 30105-4, ISO/IEC 3300
37、1 and ISO/IEC 33020 apply. ISO and IEC maintain terminological databases for use in standardization at the following addresses: IEC Electropedia: available at http:/ /www.electropedia.org/ ISO Online browsing platform: available at http:/ /www.iso.org/obp INTERNATIONAL ST ANDARD ISO/IEC 30105-5:2016
38、(E) ISO/IEC 2016 All rights reserved 1BS ISO/IEC 30105-5:2016ISO/IEC 30105-5:2016(E) 4 Purpose This document aims to provide guidance on the following: a) the key parts of ISO/IEC 30105 (all parts), including the process assessment model, measurement framework and the organization maturity model; b)
39、 how to undertake process assessment and determine organization maturity through assessment of process risk; c) the approach to the organization maturity model (OMM), including the organization maturity rating scale. This scale represents the extent to which an organization is able to demonstrate it
40、s maturity through process quality. Process quality is demonstrated through assessment of the organizations ability to establish, manage and execute its processes with high capability; d) use of the assessment and outcomes as part of a framework for performing process improvement (PI) in a continual
41、 cycle. Assessment of process capability is concerned with analysing the output of conformant process assessments to identify the strengths, weaknesses and risks associated with deploying the processes to meet a specific requirement. Assessment of process risk is applicable across all ITES-BPO domai
42、ns and to any ITES-BPO service provider organization wanting to determine the process risks of its own processes. PI uses the results of a current state assessment for an ITES-BPO service provider organization to formulate and prioritize improvement plans. These plans improve the processes, thus cre
43、ating the inherent ability to support continual improvement. Analysis of the output from a process assessment and process risk determination findings against an organizational units business goals and the joint business goals of a customer-service provider engagement will lead to identification of t
44、he strengths, weaknesses and risks related to the processes, operations, structure, etc. This can help to determine whether the processes are effective in achieving business goals and provide the critical triggers for making improvements. The guidance on assessment of process risk covers the followi
45、ng: overview of process capability: target capability, process oriented risk analysis; guidance for conducting an assessment of process capability: core and extended. The guidance on PI provides the following: a) overview of PI: the factors which drive ITES-BPO process improvement and the underlying
46、 general principles; b) methodology for PI: improving ITES-BPO processes within a continual improvement cycle; c) measurement framework and management: ITES-BPO process improvement from a management perspective, including an overall framework for process measurement. The PAM is designed to provide o
47、rganizations with an integrated approach to organizational performance management that results in the following: delivery of increased effectiveness in driving outcomes to customers and stakeholders, contributing to organizational sustainability; improvement of overall organizational effectiveness a
48、nd capabilities; organizational and personal learning. These service provider improvements can be marketed to outsourcing companies (customers) and can provide increased value to customers and stakeholders.2 ISO/IEC 2016 All rights reservedBS ISO/IEC 30105-5:2016ISO/IEC 30105-5:2016(E) For all pract
49、ical purposes, “value” can be considered as business outcomes achieved in line with the requirements of the customer contract or customer requirements. The adoption and implementation of ISO/IEC 30105 (all parts) can lead to the following benefits: a) a greater degree of standardization of base practices in this important industry segment; b) benchmarking for useful comparisons across adopting service provider organizations; c) im