Business relationship management

“Business relationship management” in ISO/IEC 20000-1 is not a soft-skills expectation. Auditors read Clause 8.3.1 as a requirement for repeatable customer governance that produces observable outputs: clear points of contact, consistent requirement agreement, regular performance reviews, and planned customer satisfaction measurement with follow-through. The fastest way to meet the requirement is to treat it like a control system, not a set of meetings.

For a Compliance Officer, CCO, or GRC lead, the practical goal is to make relationship management auditable without turning it into bureaucracy. That means: (1) defining who represents the customer and who represents you, (2) defining the moments where requirements and performance get formally reviewed, (3) capturing customer satisfaction in a consistent way, and (4) connecting dissatisfaction to corrective actions, service improvements, and (where needed) change control.

This page gives you a requirement-level playbook you can implement quickly, with steps, artifacts, audit questions, and common failure modes tied directly to ISO/IEC 20000-1:2018 Clause 8.3.1.

Regulatory text

ISO/IEC 20000-1:2018 Clause 8.3.1 states: “The organization shall establish and maintain a good relationship with customers, identify customer representatives responsible for agreeing on service requirements and reviewing service performance, and measure customer satisfaction at planned intervals.” ¹

Operator interpretation (what you must be able to prove):

• You have an intentional approach to customer relationship management, not ad hoc interactions.
• Each customer (or customer segment) has an identified representative empowered to (a) agree service requirements and (b) review service performance.
• Customer satisfaction is measured on a planned cadence, using a method you define.
• Outputs exist: minutes, actions, decisions, satisfaction results, and improvement actions tied to what customers said.

Plain-English interpretation of the requirement

You must run a documented customer governance process that answers four audit questions:

1. Who speaks for the customer? Name the customer representative(s) and confirm authority and scope.
2. How do you agree requirements? Show how requirements are captured, reviewed, approved, and updated.
3. How do you review performance? Show recurring performance reviews with metrics, issues, and actions.
4. How do you measure satisfaction? Show planned measurement and evidence that you act on results.

“Good relationship” is the only subjective phrase. Treat it as “structured engagement + responsiveness + feedback loop,” then document those elements so the requirement is testable.

Who it applies to (entity and operational context)

Applies to:

• Any organization delivering services that wants conformity with ISO/IEC 20000-1.
• Internal IT service providers serving business units (“customers” can be internal).
• External service providers serving paying customers.

Operationally, it lands on:

• Service Management (service owners, service delivery managers).
• Account/customer success management (if you have it).
• Support and incident/problem management (because relationship health often hinges on responsiveness).
• GRC/compliance (to define evidence expectations and audit readiness).

Scoping tip: If you have many customers, segment them. You can assign representatives and cadences by tier (strategic, standard) as long as the approach is planned and consistently applied.

What you actually need to do (step-by-step)

Step 1: Define the relationship management model (write it down)

Create a short “Business Relationship Management Procedure” that states:

• Objectives: requirement agreement, performance review, satisfaction measurement, issue escalation.
• Scope: which services/customers are included.
• Cadence: how often reviews and satisfaction measurement occur (your choice, but it must be planned).
• Inputs/outputs: SLAs, KPIs, reports, meeting minutes, action logs.

Keep it readable. Auditors penalize procedures nobody follows.

Step 2: Identify and record customer representatives

Build and maintain a Customer Representative Register with, at minimum:

• Customer name / business unit.
• Named representative(s).
• Role/title and contact details.
• Authority statement (what they can approve).
• Coverage (which services they represent).
• Your counterpart (service owner/service delivery manager).

If customers refuse to name a representative, document your escalation path and interim contact. What matters is that you can show you tried to establish accountable representation.

Step 3: Establish the “requirement agreement” workflow

Define how service requirements are agreed and updated. Minimum operational elements:

• Where requirements live (service catalog entry, SLA, statement of work, internal service charter).
• Approval points (customer rep approval + your service owner approval).
• Change triggers (new service, major incident trend, major change, renewal).
• Version control and effective dates.

Practical pattern: Use a single-page “Service Requirements Summary” per service/customer that references the detailed SLA and highlights: service hours, support channels, availability targets, key dependencies, and major exclusions.

Step 4: Run recurring service performance reviews with minutes and actions

Set a calendar rhythm for performance reviews ¹. Each review should produce:

• A standard performance report (SLA attainment, incidents, request volumes, major changes, known errors).
• Discussion of breaches and customer-impacting events.
• Agreed corrective actions with owners and due dates.
• Decision log for scope/requirement changes.

What auditors look for: evidence of review, not perfect KPIs. A bad month with strong governance is safer than good metrics with no proof of review.

Step 5: Measure customer satisfaction at planned intervals

Pick a satisfaction method you can sustain:

• Short survey (quant + free text) tied to services or support experiences.
• Periodic relationship survey by customer tier.
• Structured interviews with documented notes.

Define:

• Who sends it.
• Who analyzes results.
• How results are reported internally.
• What triggers action (themes, repeated complaints, critical feedback).

Make it auditable: Keep the survey instrument/version, distribution list, response capture, and results summary.

Step 6: Tie dissatisfaction to corrective action and improvement

Create a single intake path for relationship issues:

• Log relationship risks/issues in a tracker (could be your ITSM tool).
• Link issues to problem management, corrective actions, or service improvement plans.
• Track to closure and report back to customers.

This is where “good relationship” becomes real: customers see their feedback reflected in changes, and you retain proof.

Step 7: Monitor, report, and improve the process itself

At least annually (or aligned to your management review cycle), review:

• Coverage: are all in-scope customers assigned reps and receiving reviews?
• Effectiveness: recurring themes, unresolved actions, satisfaction trends.
• Process adherence: missing minutes, outdated registers, inconsistent reporting.

If you use Daydream or a similar GRC system, map artifacts (register, meeting minutes, satisfaction results, action logs) directly to Clause 8.3.1 so evidence is always export-ready for audits.

Required evidence and artifacts to retain

Use this as your audit evidence checklist for business relationship management:

Artifact	Minimum content	Common owner
Business Relationship Management Procedure	scope, roles, cadence, outputs	Service Management / GRC
Customer Representative Register	named reps, authority, services covered	Service Delivery / Account Mgmt
Service requirements documentation	SLA/service charter/SOW + approvals + versions	Service Owner
Performance review calendar	planned schedule by customer/tier	Service Delivery
Performance review pack	KPIs, incidents, breaches, change summary	Service Owner
Meeting minutes + decision log	attendees, discussion, decisions, actions	Service Delivery
Action tracker	owner, due date, status, closure evidence	Service Delivery / Problem Mgmt
Customer satisfaction method and results	survey/interview template, results summary, trends	BRM/CSM
Improvement records	SIP items, corrective actions linked to feedback	Continual Improvement

Retention period is not specified in Clause 8.3.1. Align to your organization’s document retention standard and ensure artifacts remain available across the audit cycle.

Common exam/audit questions and hangups

Expect these, and pre-build the evidence:

1. “Show me who the customer representative is for Service X.”
   Hangup: register exists but is outdated or missing authority scope.

2. “How are service requirements agreed, and where is approval documented?”
   Hangup: requirements exist, but approvals are informal (email only) and not retained in a controlled location.

3. “Show the last performance review and actions taken.”
   Hangup: meetings occurred, but there are no minutes, or actions are not tracked to closure.

4. “What is your planned interval for measuring satisfaction, and show results.”
   Hangup: surveys are sporadic, or results are collected but not analyzed or acted on.

5. “How do you know relationship management is working?”
   Hangup: no internal reporting, no trend analysis, no management visibility.

Frequent implementation mistakes (and how to avoid them)

• Mistake: Treating BRM as a single annual survey.
  Fix: pair satisfaction measurement with performance reviews and an action mechanism so feedback drives change.

• Mistake: No named customer representative, only a shared inbox.
  Fix: require a named role per customer; document interim contacts and escalation if the customer won’t assign one.

• Mistake: Performance reviews happen, but outputs are not controlled records.
  Fix: standardize a template for agenda, minutes, and action log; store in a controlled repository tied to the service.

• Mistake: Requirements drift from reality.
  Fix: add a formal “requirements confirmation” step during renewals, major changes, and after significant incidents.

• Mistake: Over-segmentation creates gaps.
  Fix: segment customers, but enforce minimum controls for all tiers (rep + planned satisfaction measurement + periodic performance review).

Enforcement context and risk implications

No public enforcement cases were provided for this requirement in the supplied sources. Practically, the risk is audit nonconformity and downstream service risk: unclear requirements create SLA disputes, dissatisfaction escalations, and inconsistent service delivery. The control also reduces third-party friction where your customers treat you as a critical service provider and expect structured governance.

Practical 30/60/90-day execution plan

First phase (immediate)

• Name an accountable owner for business relationship management.
• Draft the BRM procedure (one to two pages).
• Create the Customer Representative Register and populate it for your highest-impact customers/services.
• Standardize templates: requirements summary, performance review agenda/minutes, satisfaction survey.

Second phase (near-term)

• Run performance reviews for priority customers using the standard pack and templates.
• Launch the first planned satisfaction measurement cycle and produce a results memo with themes.
• Stand up the action tracker and link actions to problem management or improvement items.
• Centralize evidence storage and ensure version control for requirements.

Third phase (operationalize and scale)

• Expand coverage to all in-scope customers/services based on segmentation.
• Add management reporting: open actions, recurring themes, satisfaction trend narrative.
• Test audit readiness: sample a customer and produce an evidence bundle in one pull (rep, requirements approval, last review minutes, satisfaction results, action closures).
• Refine cadence and templates based on what teams can sustain.

Frequently Asked Questions

Do “customers” include internal business units for an internal IT organization?

Yes, ISO/IEC 20000-1 uses “customers” to mean the recipients of services. Internal service providers should treat business units as customers and apply the same representative, review, and satisfaction practices. ¹

What counts as a “planned interval” for measuring customer satisfaction?

The standard requires that intervals are planned, not ad hoc. Define the cadence in your procedure and show it on a calendar or schedule, then retain the results each time the measurement occurs. ¹

Can we use incident closure surveys as our satisfaction measurement?

Yes, if it is planned, consistently executed, and you can aggregate results into trends and actions. Pair it with periodic relationship-level feedback so you capture more than ticket experience. ¹

What if a customer won’t nominate a representative with authority to agree requirements?

Document your request, record the interim contact, and define an escalation route (commercial owner, executive sponsor, contract owner). Auditors typically accept constraints outside your control when you show a consistent approach and documented follow-up. ¹

How detailed do performance review minutes need to be?

Enough to show who attended, what was reviewed, what decisions were made, and what actions were assigned and closed. The goal is traceability from performance data to customer-facing outcomes. ¹

We have many small customers. Do we need one-on-one reviews for each?

You can segment customers and run scaled governance (group reviews, standardized reporting) as long as you still identify customer representatives, agree requirements, and measure satisfaction on a planned basis for the segment. Document the segmentation logic and minimum controls. ¹

Footnotes

1. ISO/IEC 20000-1:2018 Information technology — Service management