The ISO/IEC 20000 international standard for Information Technology Service Management (ITSM) part one (referred to here as simply “ISO20000”) was originally published by ISO in 2005 and is based upon the earlier British standard BS15000. Revised in 2018, ISO20000 part one specifies the requirements that your Service Management System (SMS) will need to meet for your organization to become certified to the standard.
The requirements in ISO20000 part one is supplemented by guidance contained in part two. Even though it isn’t a requirement for certification, part two is well worth reading as it fills in some of the gaps in understanding how the requirements in part one should be met and gives more clues about what the auditor may be looking for.
There are great benefits to organizations becoming certified to the ISO20000 standard. Once certified, you can add the standard logo to your marketing to improve customer perception. Additionally, the planning that goes with complying to the standard can help reduce business risk and the ISO20000 supports service management framework, such as ITIL.
Other benefits include:
When looking at IT service management the emphasis is usually on the delivery of IT services and the processes used to support them. And it’s right that this should be the focus; it is, after all, the main deliverable of the whole ITSM idea.
The ISO20000 standard proposes that we don’t just need a set of processes; we need a Service Management System or SMS. The function of the SMS is to wrap itself around the processes (such as incident, change and configuration management) and ensure among other things that:
The ISO20000 standard consists of a number of major headings which are common across other standards:
As with many of the ISO standards, sections 1-3 are for reference and don’t cover the requirements that are in sections 4-10. Section 0 is the introduction. The requirements of sections 4-10 are mandatory and if they are not being met, then a nonconformity will be raised by the auditor and the organization will need to address it to gain or keep their certification to the standard.
It’s important to note that there’s no obligation to go for certification to ISO20000 and many organizations choose to simply use the standard as a set of good practice principles to guide them along the way to managing their IT services effectively. However, if you are able to do so as an organization, it is best practise to become certified as this confirms your compliance.
The steps to certification are similar of all the ISO standards, and involve:
Once certified, you will then have an annual surveillance audit to confirm your compliance, and then every three years there will be a re-certification audit, which is when you will be re-issued certification.
Written by an ITIL Expert and qualified ISO/IEC 20000 manager, auditor and consultant, our ISO20000 Toolkit includes all the policies, IT service management processes and procedures you need to align your service provision with best practice and meet the requirements of the ISO20000:2018 standard. With more than 130 documents, unlimited email support and document reviews, you can meet the requirements of standard simply and effectively.
You can find out more information about embedding an IT Service Management System by downloading our implementation guide using the form below: