ISO/IEC 20000


ISO/IEC 20000 is a standard concerning IT service management, enabling IT organizations to ensure that the processes they execute and services they provide align with the needs of all interested parties and adhere to the best practices in the field.

The standard was developed by the ISO JTC 1/SC 7 technical committee and evolved from the BS15000 standard, which has since been withdrawn.

 

Primarily, the standard aids organizations in gaining insight into the quality of services they deliver, specifying all processes, and forming a picture of what should be improved to enhance service quality. When discussing the implementation of the ISO 20000 standard, it primarily refers to fulfilling the requirements outlined in ISO/IEC 20000-1, while other documents within this standard serve as guidelines for meeting these requirements more effectively and efficiently.

The ISO/IEC 20000 standard consists of several documents addressing various aspects of IT service management:

ISO/IEC 20000-1 (Part 1: Service management system requirements) provides a closer description of the Service Management System (SMS). It encompasses all requirements an organization should fulfill for planning, establishing, implementing, operating, monitoring, reviewing, maintaining, and improving the Service Management System. The standard contains a total of 256 requirements divided into 6 groups concerning design, change, delivery, and improvement of services.

ISO/IEC 20000-2 (Part 2: Guidance on the application of service management systems) contains guidance for implementing the SMS based on the requirements described in ISO 20000-1. It includes examples and suggestions for system application, enabling organizations to interpret and apply ISO 20000-1 requirements more credibly.

ISO/IEC TR 20000-3 (Part 3: Guidance on scope definition and applicability of ISO/IEC 20000-1) pertains to defining the scope and applicability of the ISO/IEC 20000-1 standard within a particular organization. It complements the ISO 20000-2 document, providing general insights that can assist organizations operating under this standard or those interested in adopting the ISO 20000-1 standard.

ISO/IEC TR 20000-4 (Part 4: Process reference model) provides a detailed description and facilitates the application of the process assessment model outlined in ISO/IEC 15504. This model is a logical representation of service management process elements that can be implemented at a basic level. It describes all processes at an abstract level, including SMS processes described in the ISO 20000-1 standard, in terms of their basic purpose and output elements.

ISO/IEC TR 20000-5 (Part 5: Exemplar implementation plan for ISO/IEC 20000-1) offers an implementation plan example, providing detailed instructions on applying the SMS to meet the requirements outlined in ISO 20000-1. It covers advice on planning and implementing improvements in a systematic manner, describing a three-phase approach used during SMS implementation.

 

Relationship with other standards:

The standard can be linked to various standards describing general management systems. The similarity between ISO 20000-1 and ISO 9001 (Quality management systems - Requirements) lies in both standards being based on the PDCA (Plan-Do-Check-Act) cycle and containing similar elements (management responsibility, document management, resource management, measurement, analysis, and improvement). ISO 9001 serves as an excellent foundation for implementing the ISO 20000 standard.

ISO 20000-1 can also be related to the ISO 27001 standard (Information technology - Security techniques - Information security management systems - Requirements), which has a broader scope. However, the main influence of ISO 27001 on ISO 20000-1 is seen in clause 6.6 - Information security management, providing a broader perspective on implementing information security systems within an organization.

Given its focus on information technology, the ISO 20000-1 standard can also be related to the CMMI standard. Some areas of the ISO 20000-1 standard are covered by the CMMI standard at maturity levels 2 and partially at level 3. Therefore, organizations implementing the ISO 20000-1 standard can be considered to have reached Maturity Level 2 according to the CMMI standard.

Benefits of implementing the ISO 20000 standard:

The ISO 20000 standard assists organizations in assessing and improving the level of IT services and demonstrating the organization's ability to meet all necessary user requirements. Concrete benefits of implementing this standard include:

  • Alignment of IT services with business objectives,
  • Establishment of a framework for improving service quality,
  • Benchmarking against industry best practices in IT services,
  • Reduction of risks and costs associated with IT services,
  • Creation of necessary hierarchy and culture within the organization,
  • Creation of a competitive advantage through the promotion of stable and cost-effective services,
  • Establishment of a stable framework that encourages automation in service management.

 

For more details, you can visit the official ISO page on ISO/IEC 20000.