Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice

X

When you submit an enquiry via our website, we use the personal data you supply to respond to your query, including providing you with any requested information about our products and services. We may also email you several times after your enquiry in order to follow up on your interest and ensure that we have answered your it to your satisfaction. We will do this based on our legitimate interest in providing accurate information prior to a sale. Your enquiry is stored and processed as an email which is hosted by Microsoft within the European Economic Area (EEA). We keep enquiry emails for two years, after which they are securely archived and kept for seven years, when we delete them.

Reveal Menu

What is ISO20000?

This guide provides an overview of the ISO20000 standard and what is involved when implementing an IT Service Management System (ITSMS).

We have also put together a list of some of our free resources available to assist your ITSMS implementation further, including downloadable guides, sample documents and a host of blogs.

Free ISO20000 Resources Links:


What is ISO20000?

The ISO/IEC 20000 international standard for Information Technology Service Management (ITSM) part one (referred to here as simply “ISO20000”) was originally published by ISO in 2005 and is based upon the earlier British standard BS15000. Revised in 2018, ISO20000 part one specifies the requirements that your Service Management System (SMS) will need to meet for your organization to become certified to the standard.

The requirements in ISO20000 part one is supplemented by guidance contained in part two. Even though it isn’t a requirement for certification, part two is well worth reading as it fills in some of the gaps in understanding how the requirements in part one should be met and gives more clues about what the auditor may be looking for.

How can implementing ISO20000 benefit an organization?

There are great benefits to organizations becoming certified to the ISO20000 standard. Once certified, you can add the standard logo to your marketing to improve customer perception. Additionally, the planning that goes with complying to the standard can help reduce business risk and the ISO20000 supports service management framework, such as ITIL.

Other benefits include:

  • Complying to ISO20000 can highlight areas for improvement, and allows your organization to continually improve its service.
  • It can give your organization a competitive advantage, especially when tendering for public sector contracts.
  • As with all ISO standards, it displays a culture of continual improvement that can have a positive impact across the whole organization.

What is a Service Management System?

When looking at IT service management the emphasis is usually on the delivery of IT services and the processes used to support them. And it’s right that this should be the focus; it is, after all, the main deliverable of the whole ITSM idea.

The ISO20000 standard proposes that we don’t just need a set of processes; we need a Service Management System or SMS. The function of the SMS is to wrap itself around the processes (such as incident, change and configuration management) and ensure among other things that:

  1. There is ongoing management commitment to the provision of quality IT services.
  2. Everyone understands what we’re trying to achieve and what their role is.
  3. The IT services continue to meet the business needs.
  4. We have a good idea of what the current threats to the continuity and security of our services are.
  5. Everybody knows about the policies, processes and procedures and how to use them.
  6. We update the processes and associated documentation when things change around it.
  7. We measure how well we’re doing.
  8. The effectiveness of service delivery gets better over time.

What does the ISO20000 standard consist of?

The ISO20000 standard consists of a number of major headings which are common across other standards:

  1. Scope
  2. Normative references
  3. Terms and definitions
  4. Context of the organization
  5. Leadership
  6. Planning
  7. Support
  8. Operation
  9. Performance evaluation
  10. Improvement

As with many of the ISO standards, sections 1-3 are for reference and don’t cover the requirements that are in sections 4-10. Section 0 is the introduction. The requirements of sections 4-10 are mandatory and if they are not being met, then a nonconformity will be raised by the auditor and the organization will need to address it to gain or keep their certification to the standard.

Becoming certified

It’s important to note that there’s no obligation to go for certification to ISO20000 and many organizations choose to simply use the standard as a set of good practice principles to guide them along the way to managing their IT services effectively. However, if you are able to do so as an organization, it is best practise to become certified as this confirms your compliance.

The steps to certification are similar of all the ISO standards, and involve:

  1. Implementing procedures and methods as requirements of the standard.
  2. Perform an internal audit to highlight any nonconformities before the external audit. We advise an internal audit to be completed by an independent third-party auditor or an impartial qualified auditor within your organisation.
  3. The final external audit to achieve certification is by an accredited Registered Certification Body (RCB). This is in two stages. Stage one is basically a review of how ready you are for the main event, the stage two certification audit. You may pick up a few pointers for improvement (known as nonconformities) at stage two but, if these aren’t too serious, your organization will become certified and can advertise the fact to anyone with an interest.

Once certified, you will then have an annual surveillance audit to confirm your compliance, and then every three years there will be a re-certification audit, which is when you will be re-issued certification.

How can CertiKit help?

Written by an ITIL Expert and qualified ISO/IEC 20000 manager, auditor and consultant, our ISO20000 Toolkit includes all the policies, IT service management processes and procedures you need to align your service provision with best practice and meet the requirements of the ISO20000:2018 standard. With more than 130 documents, unlimited email support and document reviews, you can meet the requirements of standard simply and effectively.

We’ve helped more than 4000 businesses with their compliance

Testimonials

Compared to competing toolkits, your ISO27001 document structure was very good. The provided "Introduction" of each was useful (I have moved those out of the core documents and into a more comprehensive manual) for the general audience vs security staff. The inclusion of references to 27017 and 27018 were appreciated. You provided more "ISMS-C" oriented artefacts than competitors.

Trusted By Design Inc.
Canada

View all Testimonials