FAQ: ISO 20000 Certification

From YaSM Service Management Wiki

auf Deutsch


Browse through these FAQs to find answers to common questions about ISO 20000 certifications and ISO/IEC 20000 audits. Tips for organizations that want to sustainably improve their service management processes and get certified to ISO/IEC 20000:2018.


What are the benefits of ISO 20000 certification?

The ISO 20000 certificate is proof that your organization has demonstrated its ability to

  • Be aware of customer needs and respond to these needs
  • Deliver services which meet defined quality levels
  • Make use of resources in an economical way.

As such, the ISO 20000 certificate and the corresponding logo are competitive advantages in the marketplace. Many organizations, for example in the public sector, even mandate ISO 20000 compliance as a condition for awarding contracts.

Working along ISO 20000 principles and service management best practice also offers internal benefits for your organization, because the standard is all about supporting clients with adequate services, while providing these services as efficiently as possible.

What's more, the decision to seek ISO 20000 certification sets a specific target for your organization and helps concentrate minds. An ISO 20000 certification initiative is thus a good way to kick-start the adoption of service management best practice and to make sure motivation stays high.

What is the audit process?

If your organization wishes to be formally certified against ISO 20000, you will need to be assessed by a Registered Certification Body (RCB). If you are able to demonstrate compliance with the requirements of ISO 20000-1 (part 1 of the standard, containing the mandatory requirements), the RCB will issue a certificate of conformance.

According to ISO 17021, the certification audit should be divided into two stages: Stage 1 audit and stage 2 audit.

  • During the stage 1 audit, your auditor will determine your organization's readiness for ISO 20000 certification. A key output from this stage is typically a list of identified non-conformities (areas where the standard's requirements are not fulfilled). The stage 1 audit report will thus help you with correcting any issues in preparation for the final stage 2 audit.
  • The stage 2 audit aims to assess compliance with the ISO 20000 requirements. If you complete the stage 2 audit successfully, your organization is certified against ISO 20000.

What is being audited?

The aim of the ISO 20000 certification audit is to verify if your organization fulfils the requirements of ISO/IEC 20000, Part 1: Service Management System Requirements.

So for each requirement, you need to state during the audit how it is fulfilled and provide relevant evidence.

Evidence is typically presented in the form of documented information. Your auditor will usually ask to see the following documents and verify if they are fit for purpose:

  • documented processes
  • service management policies
  • other documented information as required by ISO 20000

The auditor will also hold interviews with members of staff in your organization to check if

  • everyone is familiar with the processes
  • the documented processes are adhered to.

How do we prepare for the audit?

Unfortunately, ISO 20000 only sets out requirements that must be fulfilled, but it does not provide detailed guidance. Its authors recommend that organizations use "a combination of generally accepted frameworks and their own experience" in their effort to get aligned with ISO 20000.

So the classic approach to preparing an organization for the ISO 20000 audit is to take the advice from the popular service management frameworks and approaches such as ITIL®, CMMI-SVC®, COBIT®, VeriSM™, FitSM, SIAM™, etc. Wherever nonconformities with ISO 20000 are identified, organizations can use that guidance to adapt their processes or documentation, as needed.

The YaSM process model and the YaSM - ISO 20000 Bridge make this task a lot easier, because YaSM was developed with ISO 20000 in mind. For every ISO 20000 requirement, YaSM provides you with detailed guidance in the form of process and document templates that you can adapt to your needs.

How long does it take?

Obviously, the timescale and work effort for aligning an organization with the requirements of ISO 20000 will depend on the type and size of the organization, and also on where it starts from. For example, organizations that have previously been certified against other management standards such as ISO 9001 enjoy a clear advantage.

So there is no simple answer to the question how long it will take, but in our experience most organizations spend one year or two preparing for their certification audit.

What are the typical project steps leading to ISO 20000 certification?

Typical project steps leading to ISO 20000 certification. - 1. Create awareness, 2. Determine the ISO 20000 certification scope, 3. Conduct an initial ISO 20000 assessment, 4. Set up the project, 4. Prepare for the certification audit, 5. Conduct the ISO 20000 audit. Retain ISO 20000 certification.
Fig. 1: 6 steps to ISO 20000 certification

How to become ISO 20000 certified? Let's break it down into six steps.


Step 1: Create awareness

Communicate the goals and benefits of the ISO 20000 certification and the approach for achieving ISO 20000 compliance. This step should include giving everyone in your organization at least a basic understanding of service management best practice.

Step 2: Determine the ISO 20000 certification scope

If you wish to limit the scope of your ISO 20000 certificate: Decide what parts of the organization, what services and/ or what locations shall be covered by the ISO 20000 certificate.

Step 3: Conduct an initial ISO 20000 assessment

Determine gaps between today’s situation and the standard's requirements; this can be done by an external advisor, or by way of a self-assessment.

The YaSM model provides a complete set of ISO 20000 compliant processes as a benchmark for your assessment.

The result of this step is a detailed list of the ISO 20000 requirements where conformant and non-conformant areas are identified. For non-conformant areas the list includes the findings on what exactly the issues are and how they can be addressed.

Step 4: Set up the ISO 20000 project

Establish a project board. Choose a project manager and project staff.

Determine the necessary resources, prepare a project plan and assign tasks. Choose an auditor and an experienced external advisor.

Step 5: Prepare for the ISO 20000 certification audit

Close the gaps identified during the initial ISO 20000 assessment.

This is usually the most time-consuming part of an ISO 20000 initiative, because (depending on the level of compliance found during the initial assessment) a considerable number of service management processes may need to be modified or introduced.

Defining processes to meet the ISO 20000 requirements can be a challenge, but with the YaSM process model we provide detailed process templates so you don't have to start from nothing.

During preparation for the ISO 20000 audit, use a checklist to keep track of what requirements are already fulfilled and what related evidence (documents and records) is in place.

To help you with this, the YaSM - ISO 20000 Bridge contains a pre-configured Excel table with all ISO 20000 requirements which you can use to monitor your progress towards ISO 20000 compliance.

Step 6: Conduct the ISO 20000 certification audit

The actual ISO 20000 audit must be carried out by an external auditor from a Registered Certification Body (RCB).

Retain ISO 20000 certification

After the initial certification, renewal of the ISO 20000 certificate is due every three years. Make sure you continue to adhere to the standard and put a strong emphasis on continual service and process improvement.

Are there typical pitfalls in an ISO 20000 project?

These are the most critical pitfalls in ISO 20000 projects organizations should avoid.

1. No management support
Management must understand and communicate why the organization seeks certification, and visibly endorse the initiative.
2. Too little involvement of staff
The advantages of best practice should be explained to everyone in your organization, and all members of staff should be involved as closely as possible during the design of the new ISO 20000 compliant processes.
If staff are able to contribute their views and experiences during the ISO 20000 project, this greatly enhances acceptance of the new processes - and ensures long-term success.
3. Insufficient resources for the ISO 20000 project
Management commitment must be backed up by the provision of sufficient resources for the certification program. This includes making sure that staff assigned to the project are freed from some of their day-to-day tasks.
4. No external support
If you plan to get certified against ISO 20000 for the first time, it pays to seek the help of an external advisor.
Many requirements are, to a certain extent, open for interpretation, and an experienced consultant can tell you what's of importance to your auditor. He or she can thus direct your efforts in the right direction. Your goal should be to be well prepared for the audit - without overshooting the mark.

More about ISO 20000

Notes and references

Is based on: The YaSM - ISO 20000 Bridge.

By:  Stefan Kempter Author: Stefan Kempter, IT Process Maps GbR  and  Andrea Kempter Contributor: Andrea Kempter, IT Process Maps GbR, IT Process Maps.


Benefits  › The audit process  › What is being audited?  › 6 steps to ISO 20000 certification