3.1 Availability

Availability is a characteristic that applies to a service or service
component. A service or service component is available if it is able to
perform its required function at a specific point in time or according to a
pre-established time schedule. Availability is often expressed as a ratio or
a percentage that compares how long the service is actually available for
use by the customer against how long it should have been available.

3.2 Configuration baseline

A configuration baseline is an official description of a service or service
component that has been formally designated at a specific time in its life
cycle. This configuration information is used as an official starting point
for future development work.

3.3 Configuration item (CI)

A configuration item is any element that needs to be managed and
controlled in order to ensure the successful delivery of a service or
services. CIs can vary quite a bit. Examples include software elements
such as applications, systems, and modules; and hardware elements such
as computers, tools, equipment, furniture, and buildings. CIs can also
include documents such as drawings, photographs, plans, policies, procedures, manuals, contracts, licenses, and agreements.

3.4 Configuration management database (CMDB)

A configuration management database stores data about the attributes of
configuration items and the relationships between these items. It is used
to control items and to track how they change throughout their lifecycle.

3.5 Continual improvement

Continual improvement is a set of recurring activities that organizations
carry out in order to enhance their ability to meet service requirements.
Continual improvements can be achieved by performing audits, reviews,
and measurements, by managing service incidents, requests, and risks,
and by solving service problems. Continual improvements can also be
achieved by collecting data, analyzing information, setting objectives,
monitoring performance, evaluating results, and implementing
corrective and preventive actions.

3.6 Corrective action

Corrective actions are steps that are taken to eliminate the causes of
existing nonconformities in order to prevent recurrence. The corrective
action process tries to make sure that existing nonconformities and
undesirable situations don’t happen again.

3.7 Customer

A customer is anyone who receives a service or services from a service
provider. Customers can be people or organizations and can be either
external or internal to the service provider's organization.

3.8 Document

When information is placed on a medium, it becomes a document.
Examples include policies, procedures, plans, agreements, contracts,
records, and process descriptions.

NOTE: ISO IEC 20000-1 2011 does not expect you to write a manual.

3.9 Effectiveness

Effectiveness refers to the degree to which a planned effect is achieved.
Planned activities are effective if these activities are actually carried out
and planned results are effective if these results are actually achieved.

3.10 Incident

An incident is any unplanned service interruption or any reduction in
service quality. The term incident also includes any event that has not
yet interrupted service to the customer or reduced its quality but could
potentially cause a disruption or a deterioration in quality.

3.11 Information security

The purpose of information security is to protect and preserve the
confidentiality, integrity, and accessibility of information. It may also
involve protecting and preserving the authenticity and reliability of
information and ensuring that entities can be held accountable.

NOTE: The ISO IEC 27000 2014 information security standard refers to
the availability of information (instead of accessibility). ISO IEC 20000
uses the term accessibility because the term availability is already being
used to refer to a characteristic that applies to a service (see 3.1 above).

3.12 Information security incident

An information security incident is made up of one or more unwanted or
unexpected information security events that could possibly compromise
the security of information and weaken or impair business operations.

Information security incident management is a process that is used
to address incidents. It includes a detection process, a reporting process,
an assessment process, a response process, and a learning process.

3.13 Interested party

An interested party is a person or group that has a stake in the success
or performance of a service provider’s activities. Interested parties may
be directly affected by a service provider or actively concerned about
its activities. Interested parties can come from inside the organization or
outside of it. Examples of interested parties include customers, suppliers,
owners, partners, employees, unions, bankers, or members of the general
public. Interested parties may also be referred to as stakeholders.

3.14 Internal group

An internal group is any part of a service provider’s organization that
has formally agreed to contribute to the design, deployment, delivery,
or improvement of its services. Such agreements are documented.

Whenever internal groups help service providers to design, deploy,
deliver, or improve services, service providers must monitor them to
ensure that appropriate governance methods are being used. This
is because section 4.2 expects service providers to monitor internal
groups to ensure that proper governance methods are being used
whenever these groups operate processes or parts of processes
referred to in sections 5 to 9 (processes like service design,
deployment, delivery, and improvement).

3.15 Known error

A known error is a problem that has an identified root cause or a
problem that has a method that can be used to reduce or remove
its impact on service delivery. The impact is often reduced or
removed by working around it.

3.16 Nonconformity

Nonconformity is a nonfulfillment or failure to meet a requirement.
A requirement is a need, expectation, or obligation. It can be stated or
implied by an organization, its customers, or other interested parties.

3.17 Organization

An organization is a group of people who share a set of facilities
and have established a set of orderly arrangements, relationships,
responsibilities, and authorities. An organization could be a company,
corporation, enterprise, firm, partnership, charity, or institution. It could
also be a smaller part of a larger entity or a combination of entities. And
it could be either incorporated or unincorporated and be either privately
or publicly owned.

3.18 Preventive action

Preventive actions are steps that are taken to remove the causes of
potential nonconformities or potential situations that are undesirable.
The preventive action process is designed to prevent the occurrence
of nonconformities or situations that do not yet exist.

3.19 Problem

ISO 20000-1 uses the term problem to refer to the “root cause of one or
more incidents”. ISO 20000-1, section 8.2, expects you to use a formal
problem management procedure to investigate reported problems in
order to uncover the real underlying problem (i.e., the root cause).

3.20 Procedure

A procedure is a way of carrying out a process or activity. According to
ISO IEC 20000-1, procedures may or may not be documented. However,
in most cases, ISO IEC 20000-1 wants you to document your procedures.

3.21 Process

A process is a set of activities that are interrelated or that interact with
one another. Processes use resources to transform inputs into outputs.
Processes are interconnected because the output from one process
becomes the input for another process.

3.22 Record

A record is a type of document. Records provide evidence that activities
were performed or results were achieved. They always document the past.
Records are, for example, used to show that incidents were reported, that
audits were done, that people were trained, or that meetings took place.

3.23 Release

A release is a collection of one or more new or modified configuration
items that are deployed into a live environment. And since a configuration
item is any element that needs to be controlled in order to deliver a service,
the concept of a release is very broad. It includes not only software
releases and document releases but hardware releases as well.

3.24 Request for change

A request for change is an official proposal to change a service, a service
component, or the service management system. Requests for change can
include not only proposals to modify existing services but can also include
proposals to create new services or to remove old ones.

3.25 Risk

According to ISO 31000, risk is the “effect of uncertainty on objectives”
and an effect is a positive or negative deviation from what is expected.
The following paragraph will try to explain what this means.

This definition recognizes that all of us operate in an uncertain world.
Whenever we try to achieve an objective, there’s always the chance that
things will not go according to plan. Sometimes we get positive results
and sometimes we get negative results and occasionally we get both.
Because of this, we need to reduce uncertainty as much as possible.

3.26 Service

A service is a means or a method that organizations use to deliver
results that customers value and wish to achieve. These results are
usually intangible although they may also include tangible elements.

3.27 Service component

A service component is a single unit of a service. Service components
are made of configuration items. When several service components
are combined, they make up a complete service. Examples of service
components include hardware, software, documents, information,
processes, and other supporting services.

3.28 Service continuity

Service continuity is a corporate capability. This capability exists
whenever organizations are capable of managing risks and events
that could have a serious impact on their ability to continually
deliver service at agreed levels.

3.29 Service level agreement (SLA)

A service level agreement identifies services and service targets and
is between a service provider and a customer. It can also be between a
service provider and a supplier (or an internal group or customer acting
as a supplier). Service level agreements are documented. They can be
standalone agreements or be part of a larger agreement or contract.

3.30 Service Management

Service management is a set of capabilities and processes that service
providers use to direct and control the activities and resources needed
to fulfill service requirements. Service management is used to direct and
control the design, deployment, delivery, and improvement of services.

3.31 Service management system (SMS)

A service management system is a set of interrelated or interacting
elements that service providers use to direct and control their service
management activities. These elements include all of the service
management policies, objectives, processes, procedures, documents,
and resources that service providers use in order to direct and control
how services are planned, designed, developed, implemented, deployed,
delivered, monitored, measured, reviewed, maintained, and improved
(i.e., how these service management activities are carried out).

3.32 Service provider

A service provider is an organization or part of an organization that
manages and delivers a service to customers. Customers can be
either external or internal to the service provider’s organization.

3.33 Service request

A service request could be a request for information or for advice or it
could be a request for access to a service or to a pre-approved change.

3.34 Service requirement

A service requirement is a service need, expectation, or obligation.
It can be stated or implied by service users and customers and
by service providers.

3.35 Supplier

A supplier is an external organization or part of an external organization
that has contractually agreed to help the service provider to design,
deploy, deliver, or improve a service or process.

3.36 Top management

The term top management refers to a person or a group of people
at the highest level who direct and control the service provider.

3.37 Transition

The term transition refers to all the activities that are carried out when
a new or changed service is moved to or from a live environment.