Overview
The SMS scope definition establishes the boundary of your service management system — which services, processes, locations, and organizational units fall within the certification perimeter. Per Clause 4.5.1, a well-defined scope is essential because it determines what the auditor will assess and ensures that all in-scope services are managed under a consistent set of processes.
Getting the scope right early prevents two common problems: scoping too broadly (which increases cost, complexity, and audit effort) and scoping too narrowly (which may exclude services that auditors expect to see, or leave out critical dependencies). The skill reads your organization profile to understand the full landscape, then guides you through a structured scoping exercise covering services, all 13 SMS process areas, organizational units, and technology.
For a step-by-step walkthrough, see the ISO 20000 SMS workspace tutorial .
What It Covers
- Services in scope — business services, supporting services, and third-party services within the SMS boundary
- Process scope — which of the 13 SMS process areas (Clauses 5-9) apply, with justification for any exclusions
- Organizational scope — departments, teams, and locations that operate within the SMS
- Technology scope — ITSM tools, monitoring systems, and service delivery platforms
- Exclusions — what is out of scope and the documented justification for each exclusion
- Interfaces — where in-scope services interact with out-of-scope services, external parties, or shared infrastructure
Example Conversation
You: We need to define the SMS scope for our ISO 20000 certification. We loaded the organization profile already.
Agent: I’ve read your organization profile. Apex IT Services is a Type II MSP with four locations and services including managed hosting, network management, helpdesk, and cloud migration. Let me walk through each scope dimension.
First, which services should be in scope? Based on your profile, the candidates are:
- Managed Hosting — server and infrastructure hosting for clients
- Network Management — WAN/LAN monitoring and management
- Helpdesk / Service Desk — first and second-line support
- Cloud Migration — project-based migration services
Should all four be in scope, or would you like to start with a subset?
You: Let’s include managed hosting, network management, and helpdesk. Cloud migration is project-based and we’d rather add it in a later certification cycle.
Agent: Understood. I’ll include those three and document cloud migration as an exclusion with the justification that it is project-based, not a recurring managed service. Now, what supporting services underpin these? For example: monitoring infrastructure, backup services, DNS management.
You: Our Nagios monitoring platform, the backup service running on Veeam, and our DNS management service.
Agent: Good. Now let me check the 13 SMS process areas. All Clause 4-9 requirements apply by default per ISO 20000 — you cannot exclude a process area without strong justification. For your three services, all 13 process areas are relevant. The only area that might have limited applicability is Clause 6.4 (Budgeting and Accounting) if you handle IT financials outside the SMS.
You: Finance manages budgets separately, but we do track costs per service for client billing. Let’s keep it in scope.
Agent: All 13 process areas are in scope. Now for organizational scope — which locations are included?
You: Manchester HQ and Birmingham Operations are in scope. The London data centers are in scope for infrastructure but not staffed for service management activities.
Agent: I’ll include all four locations, noting that London DC1 and DC2 are infrastructure-only. Let me also capture the interfaces — where do in-scope services interact with out-of-scope items?
You: Cloud migration projects sometimes hand off infrastructure to the managed hosting team. And we use AWS as a third-party provider for some client workloads.
Agent: I’ve documented both interfaces. Let me run the
scope_completeness_checker…Result: PASS. All required sections present: 6 services in scope (3 business, 3 supporting), all 13 process areas accounted for, 4 locations, 1 exclusion with justification, and 2 interfaces documented.
Sample Output Excerpt
The skill produces both a formal scope statement document and a structured JSON file. Here is a representative excerpt from the JSON.
{
"scope_statement": "The SMS covers the delivery and support of managed hosting, network management, and helpdesk services provided by Apex IT Services Ltd from Manchester, Birmingham, and London data center locations.",
"services_in_scope": [
{ "id": "SVC-001", "name": "Managed Hosting", "type": "business", "description": "Server and infrastructure hosting for external clients" },
{ "id": "SVC-002", "name": "Network Management", "type": "business", "description": "WAN/LAN monitoring and management for client sites" },
{ "id": "SVC-003", "name": "Service Desk", "type": "business", "description": "First and second-line IT support for client end users" },
{ "id": "SVC-004", "name": "Monitoring Platform", "type": "supporting", "description": "Nagios-based infrastructure and service monitoring" },
{ "id": "SVC-005", "name": "Backup Service", "type": "supporting", "description": "Veeam-based backup and recovery for client environments" },
{ "id": "SVC-006", "name": "DNS Management", "type": "supporting", "description": "DNS hosting and resolution for client domains" }
],
"processes_in_scope": [
{ "clause": "5", "area": "Design and transition", "status": "in_scope" },
{ "clause": "6.1", "area": "Service level management", "status": "in_scope" },
{ "clause": "6.2", "area": "Service reporting", "status": "in_scope" },
{ "clause": "8.1", "area": "Incident and service request management", "status": "in_scope" },
{ "clause": "9.2", "area": "Change management", "status": "in_scope" }
],
"exclusions": [
{
"item": "Cloud Migration Services",
"justification": "Project-based service, not a recurring managed service. Will be included in a future certification cycle.",
"interface_with_scope": "Project handoffs to managed hosting team are documented as an interface."
}
],
"interfaces": [
{ "name": "Cloud migration handoff", "description": "Cloud migration projects hand off completed infrastructure to the managed hosting team", "direction": "inbound" },
{ "name": "AWS cloud provider", "description": "AWS provides IaaS for client workloads managed by the hosting team", "direction": "external" }
]
}
Extension Tools
scope_completeness_checker
Validates the SMS scope JSON for all required sections per Clause 4.5.1:
| Check | What It Does |
|---|---|
| Services in scope | At least one service must be defined with id, name, and type |
| Process coverage | All 13 SMS process areas (Clauses 5-9) must be accounted for — either in scope or explicitly excluded with justification |
| Organizational scope | Locations and departments within the SMS boundary must be documented |
| Exclusions | Every exclusion must have a documented justification |
| Interfaces | Interactions between in-scope and out-of-scope services must be documented |
The checker validates against the full list of 13 process areas: Clause 5 (Design and transition), 6.1-6.6 (Service delivery), 7.1-7.2 (Relationship), 8.1-8.2 (Resolution), and 9.1-9.3 (Control). Any process area not explicitly listed as in scope or excluded is flagged as an error.
Getting Started
Run the ISO 20000 Organization Profile skill first — the scope definition reads your organization profile to understand locations, departments, and services. Then activate ISO 20000 SMS Scope Definition and the agent will guide you through scoping each dimension.
Have this information ready:
- Which customer-facing and supporting services you want to certify
- Which locations and teams deliver those services
- Any services or areas you want to exclude from the initial certification scope
- How in-scope services interact with out-of-scope services or external providers
The completed scope feeds directly into the service catalog, gap assessment, and service management plan, and defines the boundary that auditors will assess during certification.