Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice


When you request to download our free implementation guide, we use your name, company name (which is optional) and your email address to email you a link to download the requested document. We may also email you after your download in order to follow up on your interest in our products and services. We will do this based on our legitimate interest in marketing to prospects for our products and services. Your name and email address are stored on our website which is hosted with Digital Ocean. Your personal data is stored for one year after you requested your download, after which it is deleted.

Reveal Menu

What is ISO20000?

The ISO/IEC 20000 international standard for Information Technology Service Management (ITSM) part one (referred to here as simply “ISO20000”) was originally published by ISO in 2005 and is based upon the earlier British standard BS15000. Revised in 2018, ISO20000 part one specifies the requirements that your Service Management System (SMS) will need to meet for your organization to become certified to the standard.

The requirements in ISO20000 part one is supplemented by guidance contained in part two. Even though it isn’t a requirement for certification, part two is well worth reading as it fills in some of the gaps in understanding how the requirements in part one should be met and gives more clues about what the auditor may be looking for.

How can implementing ISO20000 benefit an organization?

There are great benefits to organizations becoming certified to the ISO20000 standard. Once certified, you can add the standard logo to your marketing to improve customer perception. Additionally, the planning that goes with complying to the standard can help reduce business risk and the ISO20000 supports service management framework, such as ITIL.

What is a Service Management System?

When looking at IT service management the emphasis is usually on the delivery of IT services and the processes used to support them. And it’s right that this should be the focus; it is, after all, the main deliverable of the whole ITSM idea.

The ISO20000 standard proposes that we don’t just need a set of processes; we need a Service Management System or SMS. The function of the SMS is to wrap itself around the processes (such as incident, change and configuration management) and ensure among other things that:

  1. There is ongoing management commitment to the provision of quality IT services.
  2. Everyone understands what we’re trying to achieve and what their role is.
  3. The IT services continue to meet the business needs.
  4. We have a good idea of what the current threats to the continuity and security of our services are.
  5. Everybody knows about the policies, processes and procedures and how to use them.
  6. We update the processes and associated documentation when things change around it.
  7. We measure how well we’re doing.
  8. The effectiveness of service delivery gets better over time.

What does the ISO20000 standard consist of?

The ISO20000 standard consists of a number of major headings which will be common across other standards and which are:

  1. Scope
  2. Normative references
  3. Terms and definitions
  4. Context of the organization
  5. Leadership
  6. Planning
  7. Support
  8. Operation
  9. Performance evaluation
  10. Improvement

As with many of the ISO standards, sections 1-3 are for reference and don’t cover the requirements that are in sections 4-10. Section 0 is the introduction. The requirements of sections 4-10 are mandatory and if they are not being met, then a nonconformity will be raised by the auditor and the organization will need to address it to gain or keep their certification to the standard.

Becoming certified

It’s important to note that there’s no obligation to go for certification to ISO20000 and many organizations choose to simply use the standard as a set of good practice principles to guide them along the way to managing their IT services effectively. However, if you are able to do so as an organization, we believe it is best practise to become certified as this validates your compliance.

The steps to certification are similar of all the ISO standards, and involve:

  1. Implementing procedures and methods as requirements of the standard.
  2. Perform an internal audit to highlight any nonconformities before the external audit. We advise an internal audit to be completed by an independent third-party auditor or an impartial qualified auditor within your organisation.
  3. The final external audit to achieve certification by an accredited Registered Certification Body (RCB).

How can CertiKit help?

Written by an ITIL Expert and qualified ISO/IEC 20000 manager, auditor and consultant, our ISO20000 Toolkit includes all the policies, IT service management processes and procedures you need to align your service provision with best practice and meet the requirements of the ISO20000:2018 standard.

Download a free sample document to start your compliance journey.

Over 3000 businesses have purchased our toolkits


Complete set of docs, removes loads of boring work, good structure, easy buy in to approach

TSP Projects

View all Testimonials