ISO 20000 Information Technology standard applies to all organisations involved in the management, including outsourcing, of their own IT systems and organisations providing IT service management services to their customers. Its focus is on delivering good and improving services to users.
Organisations' key operational processes often rely on IT, and changes within these processes require modifications to the IT systems – affecting hardware, software, communications and support.
Benefits of ISO 20000:
Frequently Asked Questions
Typically, organisations adopt ISO/IEC 20000-1 to determine whether their services are effective and how to improve them. ISO/IEC 20000-1 certification demonstrates the organisation's commitment to providing excellent service to current and potential clients.
The standard outlines requirements for service providers to plan, create, deploy, execute, track, analyse and enhance a service management system (SMS). ISO/IEC 20000-1 applies to companies of all sizes and industries.
Ultimately, you need high-quality ITSM standards to succeed. And ISO/IEC 20000-1 ensures quality.
Here are some other reasons why you should implement ISO/IEC 20000-1.
· Improved customer satisfaction: Your internal or external customers will receive better IT services, while your company is better protected.
· Enhanced reputation: ISO/IEC 20000-1 shows you are serious about IT service management. It assures clients that you follow best practices to provide quality service. It enables you to feel confident about your operations and promotes regular performance evaluations to ensure it works for your business, thereby delivering value to your stakeholders.
· Increased competitiveness in the market: ISO/IEC 20000-1 boosts the credibility and reputation of the company. It makes processes more efficient and gives you an edge over your competitors. Additionally, internal processes and business operations within the organisation will be more trustworthy to partners, suppliers and customers.
· Scope of the SMS
· Policy + objectives on service management
· Risk assessment + management for SMS
· Service management plan
· Policy on change management
· Policy on information security
· Service continuity plan
· Processes of SMS
· Service requirements
· Service Catalogue
· Service level agreement
· External supplier contract
· Internal supplier agreement
· Services/service components provided/operated by other parties
· Processes, or parts of processes, in SMS operated by other parties
· Customers/users/other interested parties of provided services
· Risks for information security, service availability and service continuity
· Procedure for classifying and identifying major incidents
· Procedure for continuing operations in case of major loss of service
· Procedure for normal working conditions restoration following disruptions of services
· Capacity requirements
· Design for new/changed services
· Service availability requirements/targets
The mandatory records include the following:
· Training, skills, experience and qualifications records
· Service availability monitoring results
· Configuration information
· Service complaints records
· Dispute records between the organisation and external suppliers
· Request for change
· Service requests
· Known errors
· Service continuity plan test results
· Information security incidents
· Monitoring and measurement results
· Internal audit program
· Internal audit results
· Management review results
· Corrective actions results
· Opportunities for improvement
You must submit certain mandatory documents to achieve the standard as a company. But more than simply documenting ITSM processes is required. Your daily business must incorporate all the activities described in your documentation to ensure certification. It is also crucial that you gain value. In the end, ISO/IEC 20000-1 will only be of use if your company can achieve the real-world benefits available through it.
To ensure successful project completion, your organisation must perform management reviews, and any necessary corrective action. Internal audits check your ITSM processes, exposing hidden weaknesses and problems. Through a management review, your management can gather all relevant information about ITSM and take appropriate action. You must correct any issues identified during the internal audit and management review and ensure their resolution.
The company then undergoes a documentation review and the main audit. The former is when the certification auditor reviews your ISO/IEC 20000-1 documentation. Meanwhile, the auditor will verify that both ISO/IEC 20000-1 and your documentation are followed in the main audit.
ISO/IEC 20000-1 certifications need to be reviewed every year following initial certification. Maintain compliance with the standard and focus on continuous improvement.
Relationship: Maintaining productive relationships with customers and vendors requires ongoing communication. Relationships are based on two processes: supplier management and business relationship management.
Resolution: IT services do not have 100% uptime, so processes must be defined to handle issues. Resolution processes include incident and problem management as well as request fulfilment.
Control: It is essential to define how IT assets will be configured, deployed and changed. Control processes include management processes on service assets and configuration, change, release & deployment.