ISO 20000:2018

  1. Home
  2. ISO 20000:2018

ISO 20000:2018

What is ISO 20000?

ISO 20000 is the international standard for IT Service Management (ITSM), published by ISO (the International Organization for Standardization), and ICE (the International Electoral Commission). To become an international standard, ISO 20000 had to be agreed upon by a majority of member countries, which means it is accepted by a majority of countries worldwide.

 

The standard describes a set of management processes designed to help you deliver more effective IT services (both to those within your business and to your customers). ISO 20000 gives you the methodology and the framework to help you manage your ITSM, while allowing you to prove your company follows best practice. With the requirements of the standard you will achieve best practice, helping to improve your delivery of IT services. And ISO 20000 is applicable to any company size and any industry.

 

How is ISO 20000 different from ITIL?

The basic difference between ISO 20000 and ITIL is that ISO 20000 gives you the methodology and framework (providing you with the pieces with which to construct the ITSM jigsaw puzzle), while ITIL gives you the details (the best practices) on how to manage each and every IT process in your organization (i.e. how to put the jigsaw puzzle together).

A good way to think of it is that ISO 20000 says what you need to do, while ITIL tells you how to do it.

ISO 20000 does not work in complete isolation. It can be implemented independently from ITIL, but they do go very well together.

As opposed to a standard, ITIL is a practical framework of best practices that focuses on aligning your IT services with the wider needs of your business. As a company, you can’t become ITIL certified; you can only comply with the best practice guidelines.

ISO 20000 is based on the fundamental principles of ITIL, and is a standard that your company can certify against.

Individuals seeking excellence in ITSM and internationally recognized certification can become certified against ITIL and ISO 20000 (e.g. the foundation course discussed further below).

ISO 20000 certification for organizations is essentially the evidence that best practices have been implemented. ITIL is not required to gain certification in ISO 20000, but it is easier to achieve if you’re following an ITIL approach to IT service management.

 

WHY ISO 20000 IS IMPORTANT?

To understand the importance of ISO 20000, it’s vital to understand the relationship between IT and the overall success of your organization. You rely upon IT to help you achieve your organizational goals. It affects how you operate and how you communicate – it’s a fundamental element of how you do business.

You use IT to overcome your competitors, to reach larger audiences, to become more productive and more efficient. In myriad ways, IT is vital to improving revenues, reducing costs and enhancing your reputation.

So, it’s crucial that you get the most from your IT investments – meaning IT services must be well planned, designed, managed and delivered. Without high-quality IT service management, IT projects routinely fail or go over budget. Ongoing costs become hard to manage, and you often see businesses fail before achieving any return on their investment.

So, put simply, high-quality IT service management standards are fundamental to your success. And gaining the ISO 20000 standard is a way to ensure that quality.

WHAT DOES ISO 20000 ACTUALLY LOOK LIKE?

While consisting of eight parts, there are two that are most used for ISO 20000:

ISO 20000-1:2011 is the formal specification for IT Service Management. It clearly defines all the requirements you need to deliver managed IT services of an acceptable quality for your customers. It includes:

  • Service Management System requirements
  • Design and transition of new or changed services
  • Service delivery processes
  • Relationship processes
  • Resolution processes
  • Control processes

The second part: ISO 20000-2:2012 is the code of practice for IT service management; it is the guidance of the application of service management systems. In other words, it helps you interpret the requirements of the standard. It defines the best practice management processes, and is very useful if you’re preparing to be audited against ISO 20000 or planning service improvements.

It’s important to note your company can get certified against ISO 20000-1:2011, but not against ISO 20000-2:2012 (this is a code of practice only).

WHY IS ISO 20000 A GOOD IDEA FOR YOUR ORGANIZATION?

The benefits of ISO 20000 cannot be overstated; companies large and small have used this standard to great effect, discovering and securing tremendous cost and efficiency savings. Here are just a few of these benefits:

Improve your image and credibility – ISO 20000 is the only internationally recognized standard for IT service management. Its international adoption has been rapid in recent years, as organizations see it as a key differentiator in the marketplace. And, as a popular and proven standard, you can be sure of the efficacy and scalability of the processes.

Become more productive – Gain a competitive advantage through increased efficiency and effectiveness due to more reliable IT services. With everybody clear about who does what and when, you’ll reduce both the number of incidents and your ability to handle them.

Increased customer satisfaction – Whether it’s your internal or external customers, you’re able to deliver improved IT services that better meet their needs – while at the same time better protecting the company, its assets, shareholders and directors.

Benchmark and improve – You can compare your organization’s processes and activities against the international standard for ITSM (you can then easily identify and implement any necessary improvements). And, because an independent certification body audits your company, you (and anyone interacting with your organization) can be sure you’re meeting the required level.

Fully integrated processes – ISO 20000 helps you align IT services with the wider business strategy. You can ensure your company is focused on the IT service management solutions best suited to serving your customers and the needs of the business.

Reduce the cost of IT – Better understand and manage the cost of IT. Plan future financial costs with greater accuracy and clarity. With simpler processes and clear responsibilities, you can operate a leaner, more efficient service.

Create a culture of continual improvement – the business environment does not sit still, particularly in our age of digital and technological innovation.

Ensuring your organization is always improving processes in reaction to customer feedback is not just a nice-to-have; it’s essential for a company’s longevity. And this also extends to improvements identified internally, changing technology and developing business norms.

Become more agile and change quickly – ISO 20000 creates the solid framework of best practice that helps support innovation. Change in your organization can be handled more adeptly and with greater speed, meaning you reduce internal and external risk levels and are more likely to meet your organizational objectives.

Gain a competitive advantage – Through more effective and efficient delivery of IT services, you can give your organization tangible advantages over your competitors. For example, you can reduce IT issues and respond to them faster, freeing up more of your time for strategic IT development in your organization.

WHAT ARE THE PRACTICAL STEPS TO BECOMING ISO 20000 CERTIFIED?

If your organization wants to become certified, you need to be formally assessed by an accredited certification body. You will need to demonstrate the quality of your company’s IT processes against the ISO 20000-1 standard. Individuals, on the other hand, can become certified by passing exams (see below for further details).

There are certain mandatory documents that, as a company, you will have to complete in order to gain the standard.

But, merely creating ITSM process documentation is not enough (and will not solve your problems). To ensure certification, you have to integrate all the activities described in your documentation into your day-to-day business.

And, most importantly, you have to gain value. There is little point in creating the documentation and making all these changes if, at the end, your company has not realized the real-world value possible from ISO 20000. Otherwise, people within your organization will rightly question why you’re bothering.

MANDATORY STEPS FOR FINISHING IMPLEMENTATION AND GETTING CERTIFIED

After finishing all your documentation and implementing it, your organization also needs to perform these steps to ensure a successful completion of your project:

Internal audit – The purpose of an internal audit is to check your ITSM processes. The goal is to find problems and weaknesses that would otherwise stay hidden.  

Management review – A formal way for your management to take into account all the relevant facts about IT service management and make appropriate decisions.

Corrective actions – Following the internal audit and management review, you need to correct any identified problems and document how they were resolved.

The company certification process is divided into two stages:

Stage One (documentation review) – The certification auditor will check whether your documentation is compliant with ISO 20000.

Stage Two (main audit) – Here the auditor will check whether all your actual activities are compliant with both ISO 20000 and your own documentation.

HOW DO YOU GET ISO 20000 IF YOU’RE AN INDIVIDUAL?

If you are an individual, you can get certified in ISO 20000 if you pass, for example, the ISO 20000 Lead Auditor Course or ISO 20000 Lead Implementer Course. Many employers are keen to support this training, as qualified ISO 20000 practitioners are a great way to help an organization implement ISO 20000 (as well as being a valuable transferrable skill to include on a resume).

There is a range of course options for individuals to choose from:

ISO 20000 Foundation Certificate – If you’re less familiar with ISO 20000, this is the course for you. You will gain an understanding of the content and requirements of the standard. And, you will be more able to assess the relevance of ISO 20000 to the specific IT service management activities within your organization.

ISO 20000 Lead Auditor Course – This is a very useful course for professionals implementing ISO 20000, because it gives you an excellent overview of the standard and provides in-depth explanations of what the certification auditors will ask for at the certification audit. Therefore, it is useful for auditors and implementers. It lasts for five days and finishes with a written exam.

ISO 20000 Lead Implementer Course – This course is similar to the lead auditor course, except it focuses on implementation techniques rather than auditing ones. So, if certification is not your concern, this course may be more suitable.

ISO 20000 Internal Auditor Course – This course is a “light” version of the Lead Auditor Course, lasting about two or three days. With this condensed course, you would be unable to pursue a career as an auditor in a certification body. But, if you want a systematic introduction to ISO 20000 or you plan to be the internal auditor in your company, this course is perfect for you.

 

FAQ

ISO/IEC 20000 is the international ITSM (IT service management) standard. It enables IT departments to ensure that their ITSM processes are aligned with the business’s needs and international best practices. The ISO 20000 standard helps organisations benchmark how they deliver managed services, measure service levels, and assess their performance. It is broadly aligned with and draws strongly.
IT service management -- often referred to as ITSM -- is simply how IT teams manage the end-to-end delivery of IT services to customers. This includes all the processes and activities to design, create, deliver, and support IT services. The core concept of ITSM is the belief that IT should be delivered as a service. A typical ITSM scenario could involve asking for new hardware like a laptop. You would submit your request through a portal, filling out a ticket with all relevant information, and kicking off a repeatable workflow. Then, the ticket would land in the IT team’s queue, where incoming requests are sorted and addressed according to importance
An ISO certificate is valid for 3 years, during which time surveillance visits are conducted. That is, after the first certification audit, in the next 2 years the company will have to face further audits
1. Gain Competitiveness in the Market 2. Compliance with International Standard 3. Enhance Customer Satisfaction 4. Achieve Improved Business Productivity 5. Benchmark and Improvement
• An organization that is a reliable supplier for all its service providers, customers, and other stakeholders • Service providers for demonstrating the IT System capabilities to the clients and suppliers for executing high-end-IT projects • IT Service Provider intending to measure and review the service management procedures and system operations • Businesses in the IT sector targeting to enhance IT Service Quality and increase productivity and save cost • Businesses for demonstrating their IT System compliance and Quality Standards to clients for participating in high-value project tenders • ISO 20000:2018 Certification is ideal for IT Consultants, IT Service Engineers, and any IT related professional who want to upgrade their skills. • IT professional is responsible for implementing ISO 20000:2018 Certification and Informational Technology Management System within the organization.
1. Standardized and thus more effective and cost-efficient processes. 2. Cost transparency to expose potential savings. 3. Improved services through proven processes and methods. 4. Proof of the performance and quality of your processes and services. 5. Higher customer satisfaction. 6. Increased productivity in the core business and optimal use of resources. 7. Simplified communication via uniformed terms.
• Scope of the Service Management System (SMS) (clause 4.3) • Service management policy and objectives (clauses 5.2 and 6.2) • Risk assessment and management for the SMS (clause 6.1.2) • Service management plan (clause 6.3) • Change management policy (clauses 7.5.4 d and 8.5.1.1) • Information security policy (clauses 7.5.4 d and 8.7.3.1) • Service continuity plan(s) (clauses 7.5.4 d and 8.7.2) • Processes of the organization’s SMS (clause 7.5.4 e) • Service requirements (clauses 7.5.4 f, 8.2.2, and 8.3.3) • Service catalogue(s) (clauses 7.5.4 g and 8.2.4) • Service level agreement(s) (clauses 7.5.4 h and 8.3.3) • Contract(s) with external suppliers (clauses 7.5.4 i and 8.3.4.1) • Agreements with internal supplier(s) or customers acting as a supplier (clauses 7.5.4 j and 8.3.4.2) • Services that are provided or operated by other parties (clause 8.2.3.1a) • Service components that are provided or operated by other parties (clause 8.2.3.1b) • Processes, or parts of processes, in the organization’s SMS that are operated by other parties (clause 8.2.3.1c) • Customers, users and other interested parties of the services provided (clause 8.3.2) • Release acceptance criteria (clause 8.5.3) • Risks for service availability, service continuity and information security (clauses 8.7.1, 8.7.2, and 8.7.3.2) • Procedure for classifying and managing a major incident (clause 8.6.1) • Procedure for continuing operations in the event of a major loss of service (clause 8.7.2 b) • Procedure for restoring normal working conditions after service disruption (clause 8.7.2 e) • Capacity requirements (clause 8.4.3) • Design of new or changed services (clause 8.5.2.2) • Service availability requirements and targets (clause 8.7.1)
1. Create awareness 2. Determine the ISO 20000 certification scope 3. Conduct an initial ISO 20000 assessment 4. Set up the ISO 20000 project 5. Prepare for the ISO 20000 certification audit 6. Conduct the ISO 20000 certification audit

ISO Certification List

Download Brochures

Quick Contact