ISO 20000-1:2018 CERTIFICATION – IT SERVICE MANAGEMENT SYSTEM

ISO/IEC 20000 is the 

🔵➤ first international standard for IT Service Management (ITSM). It was developed to replace the earlier British standard 

🔴➤  BS 15000, and outlines an integrated set of management processes to ensure the effective delivery of IT services to businesses and their customers. The standard supports major ITSM frameworks like 

🟣➤  ITIL (Information Technology Infrastructure Library) and 

🟠➤  Microsoft Operations Framework (MOF). It was first published in December 2005, with a revised edition released in April 2011.

ISO/IEC 20000 consists of two parts:
🟡➤ Part 1 (ISO/IEC 20000-1) specifies formal requirements and promotes an integrated process approach to delivering managed services that meet business and customer needs. 

It includes nine sections:
-Scope, 

-Normative References, 

-Terms & Definitions, 

-Service Management System Requirements, 

-Design and Transition of New or Changed Services, 

-Service Delivery Processes, 

-Relationship Processes, 

-Resolution Processes, and 

- Control Processes.
 

🟤➤ Part 2 (ISO/IEC 20000-2) is a code of practice that offers best practice guidance for implementing the processes in Part 1. Unlike Part 1, it does not impose mandatory requirements, but helps organizations understand how to implement service management effectively.

🔴➤ The importance of ISO/IEC 20000 continues to grow because IT is central to modern business operations, yet many IT services fail to align with customer expectations. Certification demonstrates that an organization has strong controls and structured processes to deliver reliable, cost-effective IT services.

🟣➤  Key benefits include:
● Alignment of IT services with business needs,
● Competitive advantage for certified external service providers,
● Improved ability to manage external service providers,
● Greater efficiency, reliability, and service consistency,
● Continual improvement through regular audits,
● Reduction in supplier audits and associated costs, and
● Full compatibility with the ITIL framework.

Part 1

ISO (International Organization for Standardization) and IEC (International Electrotechnical Commission) form a specialized global system for international standardization.

National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established for specific technical fields.

ISO and IEC technical committees collaborate on areas of mutual interest through joint technical committees, such as ISO/IEC JTC 1 for information technology standards.

International Standards are drafted according to ISO/IEC Directives,

 Part 2

Draft International Standards are circulated to national bodies for voting; publication requires at least 75% approval from the voting members.

Some elements of standards may be subject to patent rights, but ISO and IEC do not identify or take responsibility for such rights.

ISO/IEC 20000-1 was prepared by Joint Technical Committee ISO/IEC JTC 1, Subcommittee SC 7: Software and Systems Engineering.

The second edition (2011) replaces the first edition (2005) and includes major technical revisions such as:

• Closer alignment with ISO 9001 (Quality Management)

• Closer alignment with ISO/IEC 27001 (Information Security Management)

• Updated terminology reflecting international usage

• Addition of new definitions, updates to existing ones, and removal of outdated terms

• Introduction of the term “Service Management System (SMS)”

• Combining Clauses 3 and 4 into a single clause for SMS requirements

• Clarification on governance of processes run by external parties

• Clarification on scope definition for the SMS

• Emphasis on applying the PDCA (Plan-Do-Check-Act) methodology across the SMS and service management processes

• New requirements for design and transition of new or changed services

• The ISO/IEC 20000 series includes :

  • Part 1: Service Management System Requirements

  • Part 2: Guidance on Application of Service Management Systems (technical revision of 20000-2:2005)

  • Part 3: Guidance on Scope Definition and Applicability (Technical Report)

  • Part 4: Process Reference Model (Technical Report)

  • Part 5: Exemplar Implementation Plan (Technical Report)

  • Future Part 8: Process Assessment Model for Service Management (planned)

→The requirements in this part of ISO/IEC 20000 include the design, transition, delivery and improvement of services that fulfil service requirements and provide value for both the customer and the service provider. 

→This part of ISO/IEC 20000 requires an integrated process approach when the service provider plans, establishes,

→Implements, operates, monitors, reviews. maintains and improves a service management system (SMS).

→Co-ordinated integration and implementation of an SMS provides ongoing control and opportunities for continual improvement, greater effectiveness and efficiency. 

→The operation of processes as specified in this part of ISO/IEC 20000 requires personnel to be well organized and co-ordinated. Appropriate tools can be use to enable the processes to be effective and efficient.

→The most effective service providers consider the impact on the SMS through all stages of the service lifecycle,from strategy through design, transition and operation, including continual improvement.

→This part of ISO/IEC 20000 requires the application of the methodology known as "Plan-Do-Check-Act"(POCA) to all parts of the SMS and the services. The PDCA methodology, as applied in this part of

ISO/IEC 20000, can be briefly described as follows.

-Plan: establishing, documenting and agreeing the SMS. The SMS includes the policies, objectives, plans and

processes to fulfil the service requirements.

-Do: implementing and operating the SMS for design, transition, delivery and improvement of the services.

-Check: monitoring, measuring and reviewing the SMS and the services against the policies, objectives, plans end service requirements and reporting the results.

-Act: taking actions to continually improve performance or the SMS and the services.

→When used within an SMS, the following are the most important aspects of an integrated process approach and the PDCA methodology.

a) understanding the service requirements to achieve customer satisfaction;

b) establishing the policy and objectives for service management:

c) designing and delivering services based on the SMS that add value for the customer;

d) monitoring, measuring and reviewing performance of the SMS and the services;

e) continually improving the SMS and the services based on objective measurements.

→Figure 1 illustrates how the PDCA methodology can be applied to the SMS, including the service management processes specified in Clauses 5 to 9, and the services. Each element of the PDCA methodology is a vital part or a successful implementation of an SMS. The improvement process used in this part of ISO/IEC 20000 is based on the PDCA methodology. 

→This part of ISO/IEC enables a service provider to integrate its SMS with other management systems in the service provider's organization. The adoption of an integrated process approach and the PDCA

methodology enables the service provider to align or fully integrate multiple management system standards.

→For example, an SMS can be integrated with a quality management system based on ISO 9001 or an

information security management system based on ISO/IEC 27001.

→ISO/IEC 20000 is intentionally independent of specific guidance. The service provider can use a combination of generally accepted guidance and its own experience.

→Users of an International Standard are responsible for its correct application. An International Standard does not purport to include all necessary statutory and regulatory requirements and contractual obligations of the service provider. Conformity to an International Standard does not of itself confer immunity from statutory and regulatory requirements.