ISO/IEC 20000 (abbreviated to ISO 20000) is the internationally acknowledged standard for service management. It sets out 'requirements for establishing, implementing, maintaining and continually improving a service management system (SMS)' . ISO 20000 enables organizations to demonstrate that their processes are aligned with international best practice. ISO 20000 certification thus offers competitive differentiation and provides assurance to clients that their requirements will be met.
All requirements are 'generic and are intended to be applicable to all organizations, regardless of the organization’s type or size, or the nature of the services delivered'.
Why ISO 20000? 5 main benefits
The benefits of ISO 20000 include:
- Credibility and competitive advantage:
ISO 20000 is proof that your organization has demonstrated reliability and high quality of service.
- Access to markets:
Many organizations, for example in the public sector, mandate ISO 20000 compliance as a condition for awarding contracts.
- Higher productivity:
ISO 20000 is all about following service management best practice. Compliance with ISO 20000 thus ensures your organization is able to deliver services efficiently and effectively.
- Independent assessment:
The certification audit provides an opportunity to benchmark your organization against the internationally recognized standard for service management.
- Continual improvement:
Conformity with ISO 20000 means your organization has robust processes in place for continual improvement - which is essential for any business to be successful in the longer term.
Certification and audit
If your organization wishes to be formally certified against ISO 20000, you will need to be assessed by a Registered Certification Body (RCB). If you are able to demonstrate compliance with the requirements of ISO 20000-1 (part 1 of the standard, containing the mandatory requirements), the RCB will issue a certificate of conformance.
According to ISO 17021 , the certification audit should be divided into two stages:
Stage 1 audit
- During the stage 1 audit, your auditor will determine your organization's readiness for ISO 20000 certification.
- A key output from this stage is typically a list of identified non-conformities (areas where the standard's requirements are not fulfilled).
- The stage 1 audit report will thus help you with correcting any issues in preparation for the final stage 2 audit.
Stage 2 audit
- The stage 2 audit aims to assess compliance with the ISO 20000 requirements.
- If you complete the stage 2 audit successfully, your organization is certified against ISO 20000.
ISO 20000 and YaSM, ITIL, CMMI-SVC, COBIT, VeriSM, SIAM, …
ISO 20000 outlines requirements for a service management system but does not offer specific advice on how to fulfill these requirements (the authors say it is 'intentionally independent of specific guidance'). One could say that ISO 20000 tells you what to do but not how to do it.
The standard, however, has its roots in established service management frameworks and especially ITIL, and its authors recommend that organizations use 'a combination of generally accepted frameworks and their own experience' in their effort to get aligned with ISO 20000.
So the popular service management frameworks and approaches such as ITIL®, CMMI-SVC®, COBIT®, VeriSM™, SIAM™, etc. provide the specific guidance that is missing in ISO 20000.
In particular, these frameworks describe various practices and processes that are in line with the ISO 20000 requirements. Adopting these practices and processes is thus the classic, time-tested way of getting prepared for ISO 20000.
As for the YaSM process model, it is even better aligned with ISO 20000 than the service management frameworks, because YaSM was built from the ground up with ISO 20000 in mind. This makes YaSM a very good choice if you look for specific guidance on how to fulfill the ISO 20000 requirements.
- For details, please check out our cross-reference between YaSM and ISO 20000.
The YaSM - ISO 20000 Bridge
As you prepare for the certification audit, you need to consider every single ISO 20000 requirement and think about how it can be fulfilled. In practice, this will often mean introducing new or improved processes as described in the service management frameworks (see above). You may also have to create additional documentation demanded by the standard, for instance a service management policy.
In our experience, this task is a lot easier if you can start with templates - as we provide them with the YaSM process model.
What is more, we have created a specific product called the 'YaSM - ISO 20000 Bridge':
The Bridge contains the complete list of ISO 20000 requirements and explains, for each requirement, which process and document templates are applicable.
- Video: "Introduction to the YaSM - ISO 20000 Bridge" (6:03 min.)
History of ISO 20000
The origins of service management best practice date back to the 1980s when the Central Computing and Telecommunications Agency (CCTA), a government agency in Great Britain, started a project to achieve better quality and decrease costs of the IT services procured by the British government. This lead to the publication of guidelines for IT service management which over the years evolved into the 'IT Infrastructure Library' ITIL.
At first, ITIL qualifications were available for individuals, but soon organizations began to ask for a certification scheme that would allow them to demonstrate compliance with best practice. So in 20000 BSI, the British Standards Institution, published the standard BS 15000 based on the key principles described in ITIL.
Organizations in the UK and worldwide adopted this standard, and in 2005, with some moderate changes, it was released as the ISO/IEC 20000 standard. Revisions were completed in 2011 and 2018, to ensure continued alignment with the evolving service management frameworks and approaches.
Today ISO 20000 is the internationally acknowledged standard for service management:
- Part 1 of the standard contains the mandatory requirements.
- Further parts have been added over the years with additional guidance, such as 'Part 2: Guidance on the application of service management systems', and
- 'Part 3: Guidance on scope definition and applicability of ISO/IEC 20000-1.'
The current 2018 edition of ISO 20000
A new edition of ISO 20000 was published on 15 September 2018. ISO/IEC 20000:2018 (Part 1)  is a completely revised version of the earlier international service management standard, ISO/IEC 20000:2011.
With this update of the standard, a new structure has been introduced for ISO 20000 in line with other ISO management system standards such as ISO 9001.
New requirements have been added (for example in the areas of service planning and delivery), some content has been removed (such as references to the "PDCA" methodology), and several clauses have been rephrased to be more generic.
Learn more about the ISO20000 standard in the following sections:
- FAQ: ISO 20000 certification
- How YaSM service management relates to ISO 20000
- Use cases: How the YaSM model supports your ISO 20000 project
- The YaSM - ISO 20000 Bridge (product page)
Notes and references
 ISO/IEC 20000-1:2018. Information technology - Service management - Part 1: Service management system requirements. International Organization for Standardization ISO, 2018. Retrieved September 17, 2018.
 The ISO 17021 standard defines the requirements for bodies that audit and certify management systems. Details: ISO/IEC 17021-1:2015. Conformity assessment - Requirements for bodies providing audit and certification of management systems - Part 1: Requirements. International Organization for Standardization ISO, 2015. Retrieved July 07, 2018.
Is based on: The YaSM - ISO 20000 Bridge.
By: Stefan Kempter and Andrea Kempter , IT Process Maps.
Why ISO 20000? 5 main benefits › Certification and audit › ISO 20000 and ITIL, CMMI-SVC ... › The YaSM - ISO 20000 Bridge