ISO 37500:2014

ISO 37500
ISO 37500
Guidance on
outsourcing
First edition
2014-11-01

---------------------- Page: 1 ----------------------
Our vision Our process
To be the world’s leading provider of high Our standards are developed by experts
quality, globally relevant International all over the world who work on a volunteer
Standards through its members and or part-time basis. We sell International
stakeholders. Standards to recover the costs of organ-
izing this process and making standards
Our mission widely available.
Please respect our licensing terms and
ISO develops high quality voluntary
copyright to ensure this system remains
International Standards that facilitate
international exchange of goods and ser- independent.
vices, support sustainable and equita-
If you would like to contribute to the devel-
ble economic growth, promote innova-
opment of ISO standards, please contact
tion and protect health, safety and the
the ISO Member Body in your country:
environment.
www.iso.org/iso/home/about/iso_
members.htm
This document has been prepared by:
Copyright protected document
ISO/PC 259, Outsourcing All rights reserved. Unless otherwise
specified, no part of this publication may
Committee members:
be reproduced or utilized otherwise in
any form or by any means, electronic
AENOR, AFNOR, BDS, BIS, BSI, DIN,
or mechanical, including photocopy, or
DS, DSM, GOST R, KATS, NEN, SCC, SFS
posting on the internet or intranet, with-
(P-members);
out prior permission. Permission can be
requested from either ISO at the address
IACCM (A liaison)
below or ISO’s member body in the country
This list reflects contributing members at of the requester:
the time of publication.
© ISO 2014, Published in Switzerland
Cover photo credit: ISO/CS, 2014
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. +41 22 749 01 11
Fax. +41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
© ISO 2014 – All rights reserved
2

---------------------- Page: 2 ----------------------
ISO 37500:2014
Executive summary
• Outsourcing is a business model which has been adopted across all industry
sectors around the globe.
• Outsourcing enables an organization to achieve business objectives, add value, tap
into a resource base and/or mitigate risk.
• The application of this guidance provides all the parties involved in outsourcing
with the assurance that business objectives can be achieved through utilization of
common governance and processes throughout the outsourcing lifecycle.
• This outsourcing guidance can help organizations to identify the business case for
outsourcing, select the most appropriate partner, transition to the new operating
model and make sure that value is delivered through effective governance from
the relationship.
• An outsourcing arrangement that meets business goals and requirements
throughout the outsourcing lifecycle can ensure effectiveness and efficiency for
the organization.
• The benefits of outsourcing can include managing costs, supporting business
strategy, accessing capabilities not available in-house, transfer of risks, increasing
development opportunities, obtaining flexibility and scalability.
© ISO 2014 – All rights reserved
3

---------------------- Page: 3 ----------------------
ISO 37500:2014
Contents Page
Executive summary .3
Foreword .7
Introduction .8
1 Scope .9
2 Normative references .9
3 Terms and definitions .9
4 Outsourcing introduction and model . 13
4.1 Contextual model of outsourcing .13
4.2 Reasons for outsourcing .13
4.3 Risks of outsourcing .14
4.4 Outsourcing life cycle model .15
4.5 Summary of main outsourcing life cycle outputs .18
4.6 Repeating the outsourcing life cycle .19
5 Outsourcing governance framework . 20
5.1 General .20
5.2 Management structure and functions .21
5.3 Joint governance committees .22
5.4 Appreciation of cultural differences .22
5.5 Processes of outsourcing governance .23
6 Phase 1: Outsourcing strategy analysis . 29
6.1 General .29
6.2 Check outsourcing prerequisites .31
6.3 Understand services eligible for outsourcing .32
6.4 Assess organizational impact of outsourcing of services .33
6.5 Define outsourcing strategy .35
6.6 Develop initial business case(s) for outsourcing .36
6.7 Evaluate and decide .37
6.8 Set up outsourcing project .38
7 Phase 2: Initiation and selection . 38
7.1 General .38
7.2 Detail required services .39
7.3 Detail outsourcing model .40
7.4 Define agreement requirements and structure .41
7.5 Identify potential providers .42
7.6 Shortlist providers .44
7.7 Outline agreements .45
7.8 Negotiate and establish agreements .46
8 Phase 3: Transition . 47
8.1 General .47
8.2 Establish transition project team .49
8.3 Establish outsourcing governance .49
8.4 Refine delivery frameworks and transition plan .50
8.5 Refine knowledge acquisition .51
8.6 Execute transition of knowledge, people, processes and technology .52
8.7 Deploy the quality, risk, audit and compliance frameworks .54
8.8 Deploy asset and knowledge management framework .54
8.9 Deploy delivery frameworks .55
© ISO 2014 – All rights reserved
4

---------------------- Page: 4 ----------------------
ISO 37500:2014
8.10 Test service delivery capability .56
8.11 Pilot and handover.57
9 Phase 4: Deliver value . 58
9.1 General .58
9.2 Deliver service .60
9.3 Monitor and review service performance (ongoing) .61
9.4 Manage and resolve issues (ongoing) .62
9.5 Deliver and manage changes (ongoing) .63
9.6 Deliver innovation (optional, ongoing) .64
9.7 Deliver transformation (optional).65
9.8 Manage finances .66
9.9 Manage relationships .67
9.10 Manage the agreement .68
9.11 Value and business case assurance .69
9.12 Continuation or end of agreement preparation .70
Annex A (informative) Governance committees and meeting structure . 72
Annex B (informative) Checklist of potential outsourcing risks per phase . 74
Annex C (informative) Phase 1 Checklist for the outsourcing business case . 77
Annex D (informative) Phase 2 Typical topics included in the checklist for request for
information . 79
Annex E (informative) Phase 2 Checklist for the request for proposal . 81
Annex F (informative) Phase 2 Examples of agreement topics . 82
Annex G (informative) Phase 3 Checklist of transition plan . 83
Annex H (informative) Phase 4 Example of innovation funnel process . 87
Annex I (informative) Outsourcing life cycle exit . 89
Bibliography . 91
© ISO 2014 – All rights reserved
5

---------------------- Page: 5 ----------------------
ISO 37500:2014
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of
national standards bodies (ISO member bodies). The work of preparing International
Standards is normally carried out through ISO technical committees. Each member body
interested in a subject for which a technical committee has been established has the
right to be represented on that committee. International organizations, governmental
and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates
closely with the International Electrotechnical Commission (IEC) on all matters of elec-
trotechnical standardization.
The procedures used to develop this document and those intended for its further main-
tenance are described in the ISO/IEC Directives, Part 1. In particular the different
approval criteria needed for the different types of ISO documents should be noted. This
document was drafted in accordance with the editorial rules of the ISO/IEC Directives,
Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be
the subject of patent rights. ISO shall not be held responsible for identifying any or all
such patent rights. Details of any patent rights identified during the development of the
document will be in the Introduction and/or on the ISO list of patent declarations received
(see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users
and does not constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to con-
formity assessment, as well as information about ISO’s adherence to the WTO principles in
the Technical Barriers to Trade (TBT) see the following URL: Foreword - Supplementary
information
The committee responsible for this document is Project Committee ISO/PC 259, Outsourcing.
© ISO 2014 – All rights reserved
7

---------------------- Page: 6 ----------------------
ISO 37500:2014
Introduction
Around the globe, outsourcing is increasingly an opportunity to add value, tap into a
resource base and/or mitigate risk. This International Standard aims to provide general
guidance for outsourcing for any organization in any sector. It provides a vocabulary
for outsourcing practitioners across all industry sectors. It includes typical outsourcing
concepts to improve the understanding of all stakeholders, by providing a set of practices
that can be used to manage the outsourcing life cycle.
Outsourcing is a business model for the delivery of a product or service to a client by a
provider, as an alternative to the provision of those products or services within the cli-
ent organization, where:
— the outsourcing process is based on a sourcing decision (make or buy);
— resources can be transferred to the provider;
— the provider is responsible for delivering outsourced services for an agreed period
of time;
— the services can be transferred from an existing provider to another;
— the client is accountable for the outsourced services and the provider is
responsible for performing them.
This International Standard starts with the precondition that an organization has already
established a sourcing strategy and concluded that outsourcing might be a beneficial
approach.
Continuation or termination of an outsourcing arrangement forms an integral part of the
outsourcing life cycle. Continuation commences as long as the outsourcing business case
is valid and the outsourcing option is feasible within the sourcing portfolio. The decision
to continue or terminate outsourcing as a sourcing strategy option is an outcome from
the sourcing process of the client and is outside the scope of this International Standard.
This International Standard:
a) covers the entire outsourcing life cycle in four phases, as depicted in Figure 2, and
provides definitions for the terms, concepts, and processes that are considered
good practice;
b) provides detailed guidance on the outsourcing life cycle, processes and their
outputs;
c) provides a generic and industry independent foundation, which can be
supplemented and tailored to suit industry-specific requirements;
d) can be used before, during and after the decision is made to outsource;
e) aims to enable mutually beneficial collaborative relationships.
The description of each outsourcing phase provides information for the client side as
well as the provider side.
© ISO 2014 – All rights reserved
8

---------------------- Page: 7 ----------------------
ISO 37500:2014
1 Scope
This International Standard covers the main phases, processes and governance aspects of
outsourcing, independent of size and sectors of industry and commerce. It is intended to
provide a good foundation to enable organizations to enter into, and continue to sustain,
successful outsourcing arrangements throughout the contractual period.
This International Standard gives guidance on:
— good outsourcing governance for the mutual benefit of client and provider;
— flexibility of outsourcing arrangements, accommodating changing business
requirements;
— identifying risks involved with outsourcing;
— enabling mutually beneficial collaborative relationships.
This International Standard can be tailored and extended to industry-specific needs to
accommodate international, national and local laws and regulations (including those
related to the environment, labour, health and safety), the size of the outsourcing arrange-
ment and the type of industry sector.
This International Standard recognizes that the various stakeholders act separately
in some phases of the outsourcing life cycle and together in others. It is not possible to
exclusively allocate processes within the outsourcing life cycle to either client or provider.
For each outsourcing arrangement, process responsibility is intended to be interpreted
accordingly and tailored by the user.
This International Standard is intended to relate to any outsourcing relationship, whether
outsourcing for the first time or not, using a single-provider or multi-provider model, or
draft agreements based on services or outcomes. Processes mentioned in this International
Standard are intended to be tailored to fit the outsourcing strategy and maturity of the
client and provider organizations.
This International Standard is intended to be used by outsourcing clients, providers and
practitioners, such as:
— decision makers and their empowered representatives;
— all stakeholders engaged in facilitating the creation and/or management of
outsourcing arrangements;
— staff at all levels of experience in outsourcing.
2 Normative references
There are no normative references.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
© ISO 2014 – All rights reserved
9

---------------------- Page: 8 ----------------------
ISO 37500:2014
3.1
baseline
agreed reference value or set of values which can be derived from past experience, often
used for comparing with ongoing performance data, values and/or outcomes
3.2
business case
structured proposal for business improvement that functions as a decision package for
decision-makers
Note 1 to entry: The business case should explain why outsourcing is required for the business
and what the product or service is going to be. It should include an outline of the return on
investment (ROI), or a cost/benefit analysis, the performance characteristics, major project risks
and the opportunities. The business case addresses, at a high level, the business needs that the
outsourcing project seeks to meet. It includes the reasons for outsourcing, the expected business
benefits, the options considered with reasons for rejecting or carrying forward each option, the
expected costs of the outsourcing project, a gap analysis and the expected risks.
[SOURCE: ISO/TR 25104:2008, 3.3, modified]
3.3
client
individual or group of organizations entering into an agreement with a provider for
products and services for their own use
[SOURCE: ISO 24803:2007, 3.2, modified]
3.4
due diligence
detailed assessment of one or more business processes or production lines, culture,
assets, liabilities, intellectual property, judicial and financial situation in order to make
the outsourcing decisions
3.5
framework
documented set of guidelines to create a common understanding of the ways of working
3.6
innovation
implementation of a new or significantly improved product (good or service), or process,
new marketing method, or new organizational method in business practices, workplace
organization or external relations
[SOURCE: CEN/TS 16555-1:2013, 3.1]
3.7
innovation and transformation committee
joint management team that governs the process of managing innovation and transfor-
mation in the outsourced processes in order to enhance delivered value
Note 1 to entry: The committee follows a mutually accepted procedure of evaluating the potential
value impact, assessing effort, risk, time to market and sharing of costs and rewards.
Note 2 to entry: The committee usually has representatives from the client and the provider.
© ISO 2014 – All rights reserved
10

---------------------- Page: 9 ----------------------
ISO 37500:2014
3.8
knowledge acquisition
process of locating, collecting, and refining knowledge and converting it into a form that
can be further processed by a knowledge-based system
[SOURCE: ISO/IEC 2382-31:1997, 31.01.04]
3.9
knowledge transfer
structured process of imparting pre-existing or acquired information to a team or a
person, to help them attain a required level of proficiency in skill
Note 1 to entry: Knowledge transfer is not a synonym for training.
3.10
outsourcing
business model for the delivery of a product or services to a client by a provider
3.11
outsourcing arrangement
contractual arrangement between two or more organizations for the provision of specific
services for a fixed period of time, where one organization is the client for those services
and the other organization is the provider
3.12
outsourcing governance
joint set of structures and processes that are implemented to ensure effective leadership
and management, which enables an outsourcing arrangement to achieve its joint objec-
tives within the framework of agreed values
3.13
outsourcing governance framework
outline of guidelines and processes that enables continual monitoring and management
of outsourcing arrangements to sustain value delivery between client and provider
Note 1 to entry: In order to keep it relevant in a changing environment, the governing committee
of the two organizations may modify the governance framework occasionally.
3.14
outsourcing model
formalized concept of the scope of an outsourcing arrangement and how it is structured
and carried out
3.15
provider
organization that offers a product or service to a client
Note 1 to entry: The term “provider” within this International Standard is used in a generic, sin-
gular fashion. In practice, however, outsourcing arrangements may consist of many stakeholders
or sub-contractors involved in one outsourcing arrangement. Often they are supplemented by
advisors and consultants facilitating the outsourcing process.
© ISO 2014 – All rights reserved
11

---------------------- Page: 10 ----------------------
ISO 37500:2014
3.16
responsibility matrix
chart that describes the participation by various roles in completing tasks or deliverables
for an outsourcing arrangement
3.17
retained organization
organizational units and/or employee roles, retained within the client organization,
providing the client interface for the provider
3.18
service
product
result of activities performed by the provider according to the agreed scope, service
levels and client demands
Note 1 to entry: Depending on the industry sector, it may be appropriate to use the term “product”
rather than “service”. Each industry uses specific terminology. This is also true for the distinc-
tion of delivering a product or a service. Theoretically, any product or service is in fact a hybrid
of both worlds. In the interests of readability, only the term “service” is used throughout this
International Standard.
3.19
service catalogue
list of services that an organization provides to its clients or employees
Note 1 to entry: Each service within the catalogue typically includes a description of the service,
timeframes or service level agreements for fulfilling the service, who is entitled to request/view
the service, costs (if any), and how to fulfil the service.
3.20
service level agreement
SLA
documented agreement between the client and provider that identifies services and
service targets, including prerequisites for service levels and measures for performance
3.21
sourcing strategy
organization’s action plan to obtain products and services that are essential to run its
business in the most effective and efficient manner
3.22
standard operating procedure
SOP
authorized, documented procedure or set of procedures, work instructions and test
instructions for production and control
[SOURCE: ISO 15378:2011, 3.58]
© ISO 2014 – All rights reserved
12

---------------------- Page: 11 ----------------------
ISO 37500:2014
3.23
transformation
process of profound and radical change that orients an organization in a new direction
and takes it to an entirely different level of effectiveness
Note 1 to entry: Unlike incremental change or continual improvement, transformation implies
little or no resemblance with the past configuration or structure.
3.24
transition
activities for migrating agreed upon knowledge, assets, liabilities, systems, processes
and people from the client to the provider in order to create desired delivery capability
3.25
value
quantifiable financial or non-financial gain
4 Outsourcing introduction and model
4.1 Contextual model of outsourcing
Organizations are complex systems, continually adapting to changes in their environment
(see Figure 1). They face many forms of pressure including those from ever-changing
markets, political, social, economic and technological factors. In order to survive, organi-
zations need to constantly update their strategy and realign to meet the demands from
these complex challenges. They are in a state of constant flux, adapting to the external
changes and requirements. This may involve outsourcing arrangements. This International
Standard reflects the need to stay continuously aligned with the business and sourcing
strategy, building in the capability for change from the start of the outsourcing life cycle.
This is done not only by providing guidance in innovation, transformation and change,
but also by providing a joint outsourcing governance framework.
It is common for organizations to have a business strategy a
...