# ISO 20000 Gap Assessment > Assess current service management maturity against all ISO/IEC 20000-1:2011 requirements (Clauses 4-9). Evaluates 15 clause areas on a 0-5 maturity scale, documents gaps with remediation actions, and produces a prioritized remediation roadmap. Gap assessment validator ensures all clause areas are covered and findings are complete. Tags: ISO 20000, SMS, Gap Assessment, Audit, IT Service Management ## Example Prompts - Run a gap assessment against ISO 20000 for our organization - Assess our current maturity level for ISO 20000 service management processes - Create a remediation roadmap from our ISO 20000 gap assessment findings - Evaluate our readiness for ISO 20000 certification URL: https://rakenne.app/skills/iso20000-gap-assessment/index.md Try this skill: https://rakenne.app/a/?skill=iso20000-gap-assessment ## Overview The gap assessment evaluates your organization's current service management practices against all ISO/IEC 20000-1:2011 requirements across Clauses 4 through 9. It rates each of the 15 clause areas on a 0-5 maturity scale, documents specific gaps with remediation actions, and produces a prioritized roadmap that tells you exactly what needs to change before certification. This is the skill that turns abstract standard requirements into a concrete action plan. By loading your organization profile (for current maturity context) and SMS scope (for the certification boundary), the assessment is tailored to your specific situation rather than a generic checklist. The output feeds directly into the service management plan, where remediation actions become implementation tasks with owners, timelines, and resource allocations. For a step-by-step walkthrough, see the [**ISO 20000 SMS workspace tutorial**](/learn/tutorials/iso20000-sms-workspace-guide/). ### What It Covers - **15 clause areas** — SMS general requirements (Clause 4), design and transition (5), service delivery (6.1-6.6), relationship processes (7.1-7.2), resolution processes (8.1-8.2), and control processes (9.1-9.3) - **Maturity scoring** — each area rated 0 (nonexistent) through 5 (optimized) with evidence-based justification - **Gap findings** — specific gaps documented with clause reference, description, remediation action, priority, and effort estimate - **Remediation roadmap** — gaps organized into phased implementation: foundation, service delivery, resolution and control, then design and transition ## Example Conversation > **You:** We need to run a gap assessment for our ISO 20000 certification. The organization profile, SMS scope, and service catalog are already in place. > > **Agent:** I've loaded your prerequisites. Apex IT Services has 6 services in scope across 4 locations, with all 13 process areas in scope. Your profile indicates ITIL v3 informal adoption with mature incident and change management but ad-hoc problem and capacity management. Let me walk through each clause area. > > Starting with **Clause 4 — SMS General Requirements**. Do you have a documented SMS policy, management commitment statement, and defined roles and responsibilities? > > **You:** We have an informal IT policy document but nothing specific to service management. Roles are assigned verbally but not documented. Sarah Chen is the SMS manager but her responsibilities aren't formally defined anywhere. > > **Agent:** I'll rate Clause 4 at **maturity level 1 (Ad-hoc)** — there is awareness and some role assignment, but no formal documentation or governance structure. The gaps are: (1) no SMS policy document, (2) roles and responsibilities not formally documented, (3) no management review process. > > Now **Clause 6.1 — Service Level Management**. Do you have formal SLAs with your clients? How do you monitor and report on SLA performance? > > **You:** We have SLAs in our contracts with all three major clients. We track uptime and response times in Jira, but the reporting is manual — someone pulls the numbers into a spreadsheet each month. > > **Agent:** That's **maturity level 2 (Repeatable)** — SLAs exist and are tracked, but the process isn't fully formalized with automated reporting. Gaps: (1) no automated SLA monitoring dashboard, (2) no formal SLA review process with customers. > > Moving to **Clause 8.2 — Problem Management**. You mentioned this is mostly ad-hoc. > > **You:** Correct. When we see repeated incidents we investigate, but there's no formal problem management process. No known error database, no proactive problem identification. > > **Agent:** I'll rate that at **maturity level 1 (Ad-hoc)**. Gaps: (1) no documented problem management process, (2) no known error database, (3) no proactive problem identification. This is a critical gap since the standard requires a formal process. > > *[The agent continues through all 15 clause areas...]* > > I've completed the assessment. Let me run the `gap_assessment_validator`... > > **Result:** PASS. All 15 clause areas assessed. 47 findings documented — 8 critical, 15 high, 18 medium, 6 low. Average maturity: 1.8. Remediation roadmap organized into 4 phases targeting Stage 1 readiness in 6 months. > > Your strongest areas are incident management (3) and change management (3). The most critical gaps are in SMS governance (Clause 4), problem management (8.2), and configuration management (9.1). ## Sample Output Excerpt The skill produces a full gap assessment report and a structured JSON file. Here is a representative excerpt from the JSON showing the clause assessments and findings. --- ```json { "assessment_summary": { "organization": "Apex IT Services Ltd", "assessment_date": "2026-03-15", "average_maturity": 1.8, "total_findings": 47, "by_priority": { "critical": 8, "high": 15, "medium": 18, "low": 6 } }, "clause_assessments": [ { "clause": "4", "area": "SMS General Requirements", "current_maturity": 1, "target_maturity": 3, "summary": "Informal IT policy exists but no SMS-specific policy, governance, or documentation framework." }, { "clause": "6.1", "area": "Service Level Management", "current_maturity": 2, "target_maturity": 3, "summary": "SLAs defined in contracts and tracked in Jira but reporting is manual with no formal review process." }, { "clause": "8.1", "area": "Incident and Service Request Management", "current_maturity": 3, "target_maturity": 3, "summary": "Formal incident process in Jira Service Management. Categorization, prioritization, and escalation defined." } ], "findings": [ { "clause": "4", "area": "SMS General Requirements", "gap_description": "No documented SMS policy or management commitment statement", "remediation_action": "Draft and approve SMS policy aligned with ISO 20000 Clause 4.1 requirements", "priority": "critical", "effort_estimate": "1 week" }, { "clause": "8.2", "area": "Problem Management", "gap_description": "No formal problem management process or known error database", "remediation_action": "Design problem management process with root cause analysis workflow, implement known error database in Jira", "priority": "critical", "effort_estimate": "3 weeks" }, { "clause": "9.1", "area": "Configuration Management", "gap_description": "CMDB maintained in spreadsheets with no formal CI identification or baseline control", "remediation_action": "Implement CMDB in ITSM tool with CI types, relationships, and baseline snapshots", "priority": "high", "effort_estimate": "4 weeks" } ], "remediation_roadmap": { "phase_1_foundation": { "timeline": "Months 1-2", "focus": "Clause 4 — governance, policy, documentation framework, roles" }, "phase_2_service_delivery": { "timeline": "Months 2-4", "focus": "Clauses 6, 7 — SLM, reporting, continuity, supplier management" }, "phase_3_resolution_control": { "timeline": "Months 3-5", "focus": "Clauses 8, 9 — problem management, CMDB, change, release" }, "phase_4_design_transition": { "timeline": "Months 4-6", "focus": "Clause 5 — design and transition of new/changed services" } } } ``` ## Extension Tools ### `gap_assessment_validator` Validates the gap assessment JSON for completeness against all ISO/IEC 20000-1:2011 requirements: | Check | What It Does | |-------|-------------| | **Clause coverage** | All 15 clause areas (Clauses 4-9) must be assessed | | **Maturity scores** | Scores must be integers between 0 and 5 | | **Remediation actions** | Every gap finding must have a remediation action documented | | **Priority values** | Priority must be one of: critical, high, medium, low | | **Minimum findings** | At least one finding must be present in the assessment | The validator checks for the complete list of required clause areas: Clause 4 (SMS general), 5 (Design and transition), 6.1-6.6 (Service delivery), 7.1-7.2 (Relationship), 8.1-8.2 (Resolution), and 9.1-9.3 (Control). Missing clause areas are flagged as errors. ## Getting Started Run the *Organization Profile* and *SMS Scope* skills first — the gap assessment reads both to understand your current maturity baseline and which services and processes are in scope. Then activate *ISO 20000 Gap Assessment* and the agent will walk through each of the 15 clause areas. Have this information ready: - Current state of your service management processes (formal, informal, or nonexistent) - Existing documentation: policies, procedures, process descriptions, SLAs - ITSM tooling capabilities (what your tools support vs. what you actually use) - Known pain points or areas where you expect gaps The completed assessment produces a prioritized remediation roadmap that feeds directly into the service management plan, turning gap findings into implementation tasks with timelines and owners. --- Back to [Skill Library](https://rakenne.app/skills/index.md)