Click main image to view in full screen.
Service Portfolio Management Policy (ISO/IEC 20000, ITIL) – Word DOCX
Word (DOCX) 7 Pages
BENEFITS OF THIS DOWNLOADABLE WORD DOCUMENT
- Audits become routine, not events. The policy hardcodes ISO/IEC 20000 alignment, evidence & records (SPM-T01…T20), retention rules, KPIs, and mandatory training--so you can prove conformity on demand.
- Crystal-clear governance in writing. A single, authoritative policy defines scope, decision rights, roles (SPO/SPMgr/SO/FIN/ARCH/CCM), and mandatory quality gates (G1–G4)--eliminating ambiguity and ensuring everyone follows the same rules.
- Risk controlled from the top. Enforced segregation of duties, "catalogue only by controlled change," 48-hour catalogue sync, freshness checks (≤30 days), and ECAB/CAB emergency paths with retrospective evidence cut change sprawl and comp
ITIL WORD DESCRIPTION
Product: Service Portfolio Management Policy [ISO/IEC 20000:2018, ITIL]
This product (Service Portfolio Management Policy [ISO/IEC 20000:2018, ITIL]) is a fully editable Word (DOCX) document, available for immediate download upon purchase. It's written to help you evidence alignment with ISO/IEC 20000-1:2018 (clauses 4–7, 8.1, 9, 10) and ITIL portfolio practice across Pipeline → Catalogue → Retired—right out of the box.
Looking for a ready-to-use policy that sets clear rules for how services enter, progress, and exit your portfolio—backed by quality gates, decision authority, and audit-ready records? This professionally authored template establishes a single "portfolio of record," enforces standardized criteria, and mandates traceable publish/retire actions, so every decision is fast, transparent, and provable.
Key Features
✔ ISO/IEC 20000 Alignment – Policy purpose, scope, controls, and evidence mapped to the SMS, covering planning, operation, performance evaluation, and improvement.
✔ Single Portfolio of Record – One authoritative register covering Pipeline → Live → Retired; supplier-run services must appear in the same record (shadow lists prohibited).
✔ Quality Gates (G1–G4) – G1: Approach approved; G2: Intake complete; G3: Assess & review; G4: Report/Audit/CI—each movement requires recorded evidence; emergency path via ECAB/CAB with 5-day retrospective documentation.
✔ Decision Traceability & Catalogue Sync – Every publish/retire action must link Review Minutes → Change/Release → Retirement/Comms; catalogue actions completed or scheduled within 48 hours of decision.
✔ Record Freshness Control – Live portfolio entries must be ≤30 days old or raised as exceptions with owner, due date, and escalation to the SPO if unresolved.
✔ Standardized Criteria – Uses approved Assessment Criteria & Weights (alignment, value, risk, cost of delay, effort/capacity), with transparent scoring, cited data sources, and sensitivity notes.
✔ Segregation of Duties & Assurance – Portfolio is operated by the SPMgr; internal audits are independent using a defined sampling minimum and CAR/CSI follow-through.
✔ Roles & Interfaces – Clear authority (SPO/SPMgr/SO/FIN/ARCH/CCM), change/release integration, supplier management linkage, and "catalogue only by controlled change."
✔ Evidence & Records Set – Minimum records (SPM-T01…T20) including Portfolio Register, Assessment/Screening, Review Minutes, Allocation Log, KPI Pack, Value Realisation, Retirement/Comms, CAR/CSI, Audit, and Management Review.
✔ Measures, Training & Retention – Policy-level KPIs (e.g., ≥95% decisions with full evidence; 100% catalogue updates via controlled change), mandatory training with pass/fail criteria, and defined retention (e.g., key records retained six years; quarterly restore tests).
Benefits
• Decide faster, prove compliance: gates, authority levels, and a complete decision trail turn reviews into swift, defensible outcomes—no scramble before audits.
• Eliminate shadow portfolios: one governed portfolio of record with enforced freshness, standardized criteria, and catalogue updates only via controlled change.
• Close the loop on improvement: KPI targets with reaction plans, independent audits, CAR/CSI, and Management Review keep conformance and performance moving up.
Who it's for
Service Portfolio Owners/Managers, CIO/IT leadership, Finance partners, Architects, Service Owners, Change/Catalogue Managers, and Compliance/Audit teams building an ISO/IEC 20000-aligned portfolio capability with ITIL practices.
Get a ready-to-use ISO/IEC 20000:2018 Service Portfolio Management Policy—ITIL-aligned, editable, and audit-ready—so you can govern investments, sync to the catalogue, and demonstrate control from day one.
Got a question about the product? Email us at support@flevy.com or ask the author directly by using the "Ask the Author a Question" form. If you cannot view the preview above this document description, go here to view the large preview instead.
TOPIC FAQ
What are the typical quality gates used in service portfolio management and what do they control?
Common portfolio quality gates establish decision milestones for service progression; the referenced policy defines G1–G4: G1 approves approach, G2 completes intake, G3 conducts assessment and review, and G4 covers reporting/audit/continual improvement with recorded evidence and an emergency ECAB/CAB path. G1–G4.How should I ensure catalogue updates occur after a publish or retire decision?
The policy requires every publish/retire action to link Review Minutes to Change/Release and Retirement/Comms, with catalogue actions completed or scheduled within 48 hours of the decision; Flevy's Service Portfolio Management Policy includes this linkage requirement and the 48-hour target. 48 hours.What minimum records should an organization keep to show portfolio control during audits?
A minimum evidence set is specified, including Portfolio Register, Assessment/Screening, Review Minutes, Allocation Log, KPI Pack, Value Realisation, Retirement/Comms, CAR/CSI, Audit, and Management Review, catalogued as SPM-T01…T20. SPM-T01…T20.How do organizations score and compare services for portfolio decisions?
Scoring uses approved Assessment Criteria and Weights—alignment, value, risk, cost of delay, and effort/capacity—with transparent scoring, cited data sources, and sensitivity notes; Flevy's Service Portfolio Management Policy documents the criteria and weighting approach for consistent scoring. Assessment Criteria & Weights.What governance measure helps prevent shadow or duplicate service lists?
Enforce a single authoritative portfolio of record that includes Pipeline → Live → Retired entries; supplier-run services must appear in the same register and shadow lists are explicitly prohibited to maintain one source of truth. Single portfolio of record.How can decision traceability be maintained for publish/retire actions?
Maintain linked artifacts for each action: Review Minutes → Change/Release → Retirement/Communications; require recorded evidence for gate movements and an emergency ECAB/CAB path with a 5-day retrospective documentation requirement. 5-day retrospective.Which roles should be defined to operate a service portfolio and who performs assurance?
Key authorities and interfaces include the Service Portfolio Owner (SPO), Service Portfolio Manager (SPMgr), Service Owner (SO), Finance (FIN), Architecture (ARCH), and Catalogue/Change Manager (CCM); the SPMgr operates the portfolio while internal audits are independent with defined sampling and CAR/CSI follow-through. SPO, SPMgr, SO, FIN, ARCH, CCM.How does a service portfolio policy map to ISO/IEC 20000 requirements for a management system?
A policy should map purpose, scope, controls, and required evidence to the Service Management System covering planning, operation, performance evaluation, and improvement; the provided template maps to ISO/IEC 20000-1:2018 clauses 4–7, 8.1, 9, and 10. Clauses 4–7, 8.1, 9, 10.Source: Best Practices in ITIL, ISO 20K Word: Service Portfolio Management Policy (ISO/IEC 20000, ITIL) Word (DOCX) Document, ITSM Consulting
