ISO 20000

ISO 20000 Information Technology standard applies to all organisations involved in the management, including outsourcing, of their own IT systems and organisations providing IT service management services to their customers. Its focus is on delivering good and improving services to users. 

Organisations' key operational processes often rely on IT, and changes within these processes require modifications to the IT systems – affecting hardware, software, communications and support.

Benefits of ISO 20000:

Manufacturing Icon
Higher customer satisfaction
Page Icon
Improved chance of winning contracts
Services Icon
Lower the risk of product/service problems
Processes Icon
Streamlined business processes
Graph Icon
Increased consistency in business practices

Frequently Asked Questions

1What Is ISO/IEC 20000-1?
The ISO/IEC 20000-1 standard describes the best practices for IT service management (ITSM). It assists organisations in evaluating their managed service delivery, measuring the quality of their service and benchmarking their performance.

Typically, organisations adopt ISO/IEC 20000-1 to determine whether their services are effective and how to improve them. ISO/IEC 20000-1 certification demonstrates the organisation's commitment to providing excellent service to current and potential clients.

The standard outlines requirements for service providers to plan, create, deploy, execute, track, analyse and enhance a service management system (SMS). ISO/IEC 20000-1 applies to companies of all sizes and industries.
2What Is Covered by ISO/IEC 20000-1?
ISO/IEC 20000-1 ties together all facets of IT service management. This encompasses everything from conceptualising and developing to implementing and evaluating information technology services. It also provides organisations with a means to align their IT activities with their business objectives.
3Why Implement ISO/IEC 20000-1?
IT investments need to be maximised, meaning IT services must be carefully planned, developed and implemented. IT projects run the risk of failure or exceeding budgets without good ITSM.

Ultimately, you need high-quality ITSM standards to succeed. And ISO/IEC 20000-1 ensures quality.

Here are some other reasons why you should implement ISO/IEC 20000-1.

· Improved customer satisfaction: Your internal or external customers will receive better IT services, while your company is better protected.

· Enhanced reputation: ISO/IEC 20000-1 shows you are serious about IT service management. It assures clients that you follow best practices to provide quality service. It enables you to feel confident about your operations and promotes regular performance evaluations to ensure it works for your business, thereby delivering value to your stakeholders.

· Increased competitiveness in the market: ISO/IEC 20000-1 boosts the credibility and reputation of the company. It makes processes more efficient and gives you an edge over your competitors. Additionally, internal processes and business operations within the organisation will be more trustworthy to partners, suppliers and customers.
4What Are ISO/IEC 20000-1 Mandatory Documents?
You need to produce the following documents to comply with ISO/IEC 20000-1:

· Scope of the SMS

· Policy + objectives on service management

· Risk assessment + management for SMS

· Service management plan

· Policy on change management

· Policy on information security

· Service continuity plan

· Processes of SMS

· Service requirements

· Service Catalogue

· Service level agreement

· External supplier contract

· Internal supplier agreement

· Services/service components provided/operated by other parties

· Processes, or parts of processes, in SMS operated by other parties

· Customers/users/other interested parties of provided services

· Risks for information security, service availability and service continuity

· Procedure for classifying and identifying major incidents

· Procedure for continuing operations in case of major loss of service

· Procedure for normal working conditions restoration following disruptions of services

· Capacity requirements

· Design for new/changed services

· Service availability requirements/targets

The mandatory records include the following:

· Training, skills, experience and qualifications records

· Service availability monitoring results

· Configuration information

· Service complaints records

· Dispute records between the organisation and external suppliers

· Request for change

· Incidents

· Service requests

· Problems

· Known errors

· Service continuity plan test results

· Information security incidents

· Monitoring and measurement results

· Internal audit program

· Internal audit results

· Management review results

· Corrective actions results

· Opportunities for improvement
5How to Get ISO/IEC 20000-1 Certification?
A certification body must formally assess your organisation before becoming ISO/IEC 20000-1 certified. To demonstrate compliance with ISO/IEC 20000-1, you must demonstrate the quality of your organisation's IT processes.

You must submit certain mandatory documents to achieve the standard as a company. But more than simply documenting ITSM processes is required. Your daily business must incorporate all the activities described in your documentation to ensure certification. It is also crucial that you gain value. In the end, ISO/IEC 20000-1 will only be of use if your company can achieve the real-world benefits available through it.

To ensure successful project completion, your organisation must perform management reviews, and any necessary corrective action. Internal audits check your ITSM processes, exposing hidden weaknesses and problems. Through a management review, your management can gather all relevant information about ITSM and take appropriate action. You must correct any issues identified during the internal audit and management review and ensure their resolution.

The company then undergoes a documentation review and the main audit. The former is when the certification auditor reviews your ISO/IEC 20000-1 documentation. Meanwhile, the auditor will verify that both ISO/IEC 20000-1 and your documentation are followed in the main audit.

ISO/IEC 20000-1 certifications need to be reviewed every year following initial certification. Maintain compliance with the standard and focus on continuous improvement.
6What Is the ISO/IEC 20000-1 Processes List?
Service delivery: This pertains to management processes on service levels, IT service continuity, availability, capacity, and financial and information security.

Relationship: Maintaining productive relationships with customers and vendors requires ongoing communication. Relationships are based on two processes: supplier management and business relationship management.

Resolution: IT services do not have 100% uptime, so processes must be defined to handle issues. Resolution processes include incident and problem management as well as request fulfilment.

Control: It is essential to define how IT assets will be configured, deployed and changed. Control processes include management processes on service assets and configuration, change, release & deployment.
7How Do ISO 9001 and ISO/IEC 20000-1 Differ?
ISO 9001 is a global standard that emphasises the importance of quality management for companies that provide goods or services to the public. However, ISO/IEC 20000-1 addresses more specifically the service management aspect of a provider's system and focuses more specifically on how the system provides services to its customers.
8How Do ISO 27001 and ISO/IEC 20000-1 Differ?
Both ISO 27001 and ISO/IEC 20000-1 follow a specific approach, the clear difference between the two would be the foundation on which the standard is based. ISO 27001 is risk management (and has risk management as its core) whereas ISO/IEC 20000-1 is service based.