ISO IEC 20000

IT Service Management

What is ISO IEC 20000 certification?

ISO/IEC 20000 is the international standard specifically for IT Service Management. It describes an integrated set of management processes which form a service management system for the effective delivery of services to the business and its customers. ISO 20000 is a standard and code of practice; ITIL is a best practice framework. ... ISO 20000 has requirements for processes and management system; ITIL has guidance. The ISO 20000 organization structure has few mandatory roles; ITIL has a great number of roles, functions, processes and responsibilities described. ISO 20000 is the international standard that describes best practice for IT service management (ITSM). It helps organisations evaluate how effectively they deliver managed services, measure service levels and assess their performance. It is strongly linked to ITIL®️, the most common approach for IT service management

What are the benefits of ISO 20000?

• Competitiveness and credibility – implementing ISO 20000 is your way to improve your company’s reputation (because you’ve adopted an internationally recognized standard for IT service management), competitive edge (because of your ability to compete with much bigger, well-organized competitors), perception and image (an ISO certificate, generally, improves the way partners/suppliers and customers perceive the organization), and credibility (e.g., your customers will trust you when they see that your internal organization and processes are aligned with ISO 20000). • Compliance – by your implementation of an ISO standard, your customers know what they should expect; i.e., there are clear evaluation criteria (e.g., by implementing ISO 20000 they know what to expect from the Change Management or Incident Management process). Additionally, ISO 20000 takes care that legal or other regulations (e.g., security/ISO 27001) and their requirements are considered. • Customer satisfaction – is there anything better in business than a satisfied customer? Well, implementing ISO 20000 makes it much easier to control IT service delivery processes and fulfillment of SLA targets (through having defined and implemented incident and problem management processes with respective roles and their responsibilities, as well as having monitoring and measurement in place). That improves the efficiency of your service management team and organization – a fact that makes your management happy. • Productivity – let’s assume you are responsible for the whole IT service management team. Imagine a situation where everyone is clear about who does what and when, processes are defined, documented and in place, interfaces between them are clear… etc. Sounds great, doesn’t it? Well, ISO 20000 provides that agility. Big companies have already gained a lot of experience in IT service management, but smaller companies need an “instant” solution – they don’t have the time and resources to start from scratch. Further on, by having people and processes under control, it shouldn’t be hard to control (and optimize) your costs. Believe me, management will like that. • Benchmark and improvement – ISO 20000 is a recognized standard for IT service management. By having it implemented, you can compare your organizational setup, processes, and services with those of other organizations (particularly with those that have also implemented the standard). And, as with all other ISO standards, continual improvement is a cornerstone of the implementation and ensures that your Service Management System (SMS), and the IT services it supports, is regularly monitored, measured, and reviewed. That opens the possibility to be better day-by-day and helps your management get a clear picture about performance and efficiency. In real life, that means that you are able to respond to the changing business requirements, which are so commonplace in today’s dynamic business environment.

Organisations that implement ISO 20000 can:

Demonstrate reliability and high quality of service; Access key markets, as many public-sector organisations mandate that their IT service providers demonstrate compliance with ISO 20000; Assure clients that their service requirements will be fulfilled; Enforce a measurable level of effectiveness and a culture of continual improvement by enabling service providers to monitor, measure and review their service management processes and services; Reduce the costs of conformance to many regulations, including the Payment Card Industry Data Security Standard (PCI DSS) and Sarbanes–Oxley; Leverage ITIL practices to optimise resources and processes; and Access additional material on security management and managing suppliers and the business. Step 1: Create awareness Communicate the goals and benefits of the ISO 20000 certification and the approach for achieving ISO 20000 compliance. This step should include giving everyone in your organization at least a basic understanding of service management best practice. Step 2: Determine the ISO 20000 certification scope If you wish to limit the scope of your ISO 20000 certificate: Decide what parts of the organization, what services and/ or what locations shall be covered by the ISO 20000 certificate. Step 3: Conduct an initial ISO 20000 assessment Determine gaps between today’s situation and the standard's requirements; this can be done by an external advisor, or by way of a self-assessment. The result of this step is a detailed list of the ISO 20000 requirements where conformant and non-conformant areas are identified. For non-conformant areas the list includes the findings on what exactly the issues are and how they can be addressed. Step 4: Set up the ISO 20000 project Establish a project board. Choose a project manager and project staff. Determine the necessary resources, prepare a project plan and assign tasks. Choose an auditor and an experienced external advisor. Step 5: Prepare for the ISO 20000 certification audit Close the gaps identified during the initial ISO 20000 assessment. This is usually the most time-consuming part of an ISO 20000 initiative, because (depending on the level of compliance found during the initial assessment) a considerable number of service management processes may need to be modified or introduced. Defining processes to meet the ISO 20000 requirements can be a challenge, but we provide detailed process templates so you don't have to start from nothing. During preparation for the ISO 20000 audit, use a checklist to keep track of what requirements are already fulfilled and what related evidence (documents and records) is in place. This contains a pre-configured Excel table with all ISO 20000 requirements which you can use to monitor your progress towards ISO 20000 compliance. Step 6: Conduct the ISO 20000 certification audit The actual ISO 20000 audit must be carried out by an external auditor from a Registered Certification Body (RCB). Retain ISO 20000 certification After the initial certification, renewal of the ISO 20000 certificate is due every three years. Make sure you continue to adhere to the standard and put a strong emphasis on continual service and process improvement.