Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice


When you submit an enquiry via our website, we use the personal data you supply to respond to your query, including providing you with any requested information about our products and services. We may also email you several times after your enquiry in order to follow up on your interest and ensure that we have answered your it to your satisfaction. We will do this based on our legitimate interest in providing accurate information prior to a sale. Your enquiry is stored and processed as an email which is hosted by Microsoft within the European Economic Area (EEA). We keep enquiry emails for two years, after which they are securely archived and kept for seven years, when we delete them.

Reveal Menu

Ten Tips for Implementing ISO20000

ISO20000 is the international standard for implementing an IT Service Management System. First revised in 2011, and then recently in 2018, ISO20000 specifies the requirements that your Service Management System will need to meet in order for your organization to become certified to the standard.

At CertiKit, we know how daunting complying to standards can be if you’re not in the know, which is why we’ve put together these ten tips from our expert consultants, to help make your compliance journey as seamless as possible.

1. Consider your scope carefully

This is probably the biggest single source of confusion around the ISO20000 standard. You will often hear that an organization “has ISO20000”. What is not usually mentioned is exactly what they have it for, leading to the often incorrect assumption that it must be for everything.

You can choose the scope of your certification by service, by geography or by business area. The smaller the scope, generally the less work involved so you can adjust your scope according to how quickly you want to be certified. A single service to a single customer at a single location is perfectly acceptable and scoping small will allow you to learn the lessons early and apply them when you gradually widen the scope post-certification.

2. Choosing the right business area

Leading on from your scoping, make life easy for yourself and choose a business area that is already friendly to the IT service provider and open to participating in the various activities you will need to start doing such as SLA negotiation, reporting and service review meetings. You will learn lessons in the early days and possibly make some mistakes, so it’s best to do this in a positive and co-operative environment.

3. Get your auditor to do the gap analysis

Your external auditor for certification isn’t allowed to do consultancy, but they can do reviews to tell you how far they think you are from achieving the standard. You can complete a gap analysis yourself, but the advantage of getting the auditor to do it is that a) you will get his/her interpretation of the requirements and b) he/she will get to know you, both of which help when the certification audit day comes along.

Talk to your chosen auditor to see if they offer this service.

4. Do the minimum required at first

As we said, the point here is to get certified and to do that, you need to meet all the requirements in Part 1 of the standard. But no more. Yes, there are benefits of going into more details, but we’d recommend leaving those until after certification. They can be completed during continual service improvement and will represent great evidence at your first surveillance audit a year later.

Don’t try to perfect one area before moving on to the next; once you have met the standard, move on. There are some areas of the standard that require meetings and reviews to happen “at planned intervals”. Resist the temptation to make them too often as they can be quite time-consuming. In many cases annual reviews meet the standard without taking on too much work.

5. Get the right people involved in the right areas early on

It’s been said many times before that the best people to achieve change are the people that actually do the job. Make sure everyone has a copy of the sections of the standard that are relevant to their job and they understand what is required of them and by when. Get them involved in the process definition workshops and delegate as much of the work as possible in their area to them. The biggest challenge here being they have the day job too, so be aware of this when setting deadlines.

6. Use your existing service desk tool if you can

If you decide to swap out your existing service desk system for something else, be completely sure that it’s necessary. Nothing delays certification quite like a lengthy software implementation (and they always take longer than you think). If your current tool simply doesn’t provide the functionality then you may be forced to, but often this perception is down to a lack of understanding of the tool rather than a lack of modules. Invest in a training course or a day out to read the manuals and become fully familiar with the software before deciding on a new tool.

7. Use additional tools in key areas

We’ve already suggested keeping your current service desk system, but there are some other areas in which the right tool will save time and address the key parts of a process easily. The best example is probably a network monitoring tool which will not only tell you if something goes down but will also collect your availability stats to report on your performance and capacity data too. This tool isn’t a big investment in set-up time, or financially.

8. Use a pre-written template document set

ISO standards rely on evidence as part of the certification process. As part of your preparations you will need to create a significant number of policies, processes and procedures, and if you do this from scratch it will take a long time. The CertiKit ISO20000 toolkit will save you a lot of time and effort, whilst guiding you through the process without having to re-invent the wheel.

9. Don’t get hung up on qualifications

Implementing ISO20000 does not require individuals to have specific qualifications for the organisation to be certified. Instead of certifying certain team members, it may be better to provide in-house courses focussed on job roles, or training/workshop events where teaching is mixed with process definition. This will ensure all relevant parties are on-board and have the right knowledge.

10. Use consultants in a focussed way

If implementing ISO20000 is all new to you, and you’re not using a toolkit, you may need some outside help. Pick and choose the points at which you use consultants carefully. Your aim should be to maximise the benefit you get from each consultancy day and keep them busy from the time they arrive to the time they leave. If you get to a point where you’re not sure what to do next or how to do it, that’s when a consultant can be useful.

Implementing ISO20000 has the potential to raise the standard of IT service management worldwide, but only if it is considered useful and attainable. We hope these ten tips will go a little way to helping you to comply to the standard quickly and effectively.

More ISO20000 Resources

CertiKit is a provider of ISO toolkits, consultancy and internal auditing services, and has helped more than 4000 organizations worldwide with their compliance.

For more guidance on implementing the ISO20000:2018 standard, we’ve put together a list of our best free resources including sample documents, blogs and downloadable documents.

Free ISO20000 Resources

We’ve helped more than 4000 businesses with their compliance


The toolkit was perfect in delivering the correct process to our business, preventing thousands spent on consultants delivering the same toolkit. It also played a massive part in speeding up our compliance in GDPR.

G3 Comms Limited

View all Testimonials