ISO 20000 - 2018

From YaSM Wiki
Jump to: navigation, search

share this page on LinkedInshare this page on Twittershare this page
auf Deutsch


 

New edition of ISO 20000:2018. Important differences between ISO/IEC 20000:2018 and ISO/IEC 20000:2011.

A new edition of ISO 20000 was published on 15 September 2018. ISO/IEC 20000:2018 (Part 1) is a completely revised version of the international service management standard, ISO/IEC 20000:2011. With the update of the ISO 20000 standard, new requirements have been introduced (for example in the areas of service planning and delivery), some content has been removed (such as references to the "PDCA" methodology), and several clauses have been rephrased in the latest edition of ISO 20000 to be more generic.

 

ISO 20000 in brief

ISO/IEC 20000 is the international standard for service management, applicable to all service providers, regardless of type, size and nature of the services delivered.

Part 1 of ISO/IEC 20000 contains requirements for "establishing, implementing, maintaining and continually improving a service management system (SMS)". These are the mandatory requirements which must be fulfilled by organizations to be compliant with the ISO 20000 standard.

The standard was first published in 2005 and subsequently updated in 2011.

A third, completely revised version of the standard (referred to as ISO/IEC 20000:2018 Part 1) was released on 15 September 2018.

 

Transition from ISO 20000-1:2011 to the 2018 edition

Following the release of ISO 20000:2018, organizations will have to transition their certificates to the latest 2018 edition of the standard. The International Accreditation Forum (IAF) has set the following transition periods and rules:

  1. 30 September 2018: Organizations may choose to get certified against the 2018 edition from this date. Certifications against the 2011 edition are still acceptable.
  2. 31 March 2020: All new certifications and re-certifications must be to ISO 20000-1:2018 after this date.
  3. 29 September 2021: End of the transition period. All existing certificates must be transitioned to ISO 20000-1:2018 before this date. Certificates to the 2011 edition become invalid.

Please note: These transition periods and rules have been set by the International Accreditation Forum (IAF). National accreditation bodies may choose to set slightly different rules - please consult your auditor to find out the precise rules applicable to your organization.

 

Main differences in ISO 20000:2018

The main differences between ISO/IEC 20000:2018, Part 1 and the previous 2011 edition are as follows:

  1. A new high-level document structure has been introduced in line with other management system standards, making it easier for organizations to comply with several standards such as ISO 9001 (Quality Management) or ISO 27001 (Information Security Management).
  2. Terms and definitions have been revised to include terms specific to management system standards. A reference has been added to the terms and definitions given in ISO/IEC 20000-10.
  3. Clauses have been revised or added to take into account the growing trends in service management, such as commoditized services and the management of multiple service providers by a service integrator.
  4. Some detail has been removed to allow organizations more flexibility in fulfilling the requirements.
  5. An explicit requirement to "establish, implement, maintain and continually improve a service management system (SMS)" has been introduced.
  6. References to the "PDCA" ("Plan-Do-Check-Act") methodology have been deleted because many improvement methods can be used with management system standards.
  7. New requirements for context of the organization and actions to address risks and opportunities have been added.
  8. Requirements for documented information, resources, competence and awareness have been updated.
  9. Additional requirements for service planning, knowledge, asset management, demand management and service delivery have been inserted.
  10. Requirements for incident management and service request management have been separated out into two sets of requirements.

 

Differences in detail

The table below provides a detailed account of the changes between the latest edition of ISO 20000:2018, Part 1 and the previous 2011 version.[1]

 

Comparison: ISO 20000:2018 vs. ISO 2000:2011
ISO/IEC 20000:2018, part 1, section Changes to the previous 2011 edition (ISO/IEC 20000:2011-1)
Sections 1 - 3

The first three sections of ISO 20000:2018, Part 1 do not contain requirements which must be fulfilled. Section 1 outlines the standard's intended use and applicability. Section 2 lists normative references (no normative references are cited at this point in time). Section 3 contains terms and definitions.

4 Context of the organization
  • This new section includes requirements from various sections of the previous 2011 edition.
  • The requirements in this section of ISO 20000:2018 have been revised and are now more generic and broader in scope, referring to
    • any internal and external factors affecting the organization and its ability to achieve the intended outcomes
    • any interested parties and their requirements
  • An explicit requirement to "establish, implement, maintain and continually improve a service management system (SMS)" has been introduced.
5 Leadership
  • Requirements regarding leadership have been updated with a stronger emphasis on
    • delivering value to customers
    • control of other parties involved in the service lifecycle
    • integrating SMS requirements into the organization's processes
    • assigning and communicating responsibilities
    • continual improvement
6 Planning
  • Aspects to be considered when planning for the SMS are now specified in more detail.
  • A requirement has been added that service management objectives be established at all relevant levels.
  • An explicit statement clarifies that planning is not only about managing risk, but also about seizing opportunities.
  • Requirements regarding the management of risk are now described in more detail.
7 Support of the service management system
  • A new clause has been added, demanding that staff be aware of their contribution to the effectiveness of the SMS and the provision of services.
  • Aspects to be considered for internal and external communications are now described in more detail.
  • ISO 20000:2018 now refers to "documented information". The distinction between documents and records has been removed.
  • Documented information shall now include appropriate identification and description, be stored in suitable format and be subject to review and approval.
  • Clarification has been added regarding the objectives of document control: Documented information shall be available and suitable for use, as well as adequately protected.
  • Documented information shall now include contracts with external suppliers and agreements with internal suppliers. External documents are now required to be controlled.
  • New requirements for knowledge management have been added.
8 Operation of the service management system
8.1 Operational planning and control
  • A requirement has been added to control changes to the SMS, review the consequences of unintended changes and take corrective action if necessary.
  • There is now a specific requirement in ISO 20000:2018 to integrate services and processes that are provided or operated by internal or external parties. In addition, a requirement has been included to coordinate activities with third parties involved in the service lifecycle.
8.2 Service portfolio
  • There is now a requirement to determine criticality of services, as well as duplication between services.
  • Requirements relating to third parties are more generic in ISO 20000:2018, stating that accountability must be retained regardless of which party is involved in performing activities to support the service lifecycle.
  • A new clause has been inserted to clarify that external parties may provide or operate processes, services or service components.
  • The required contents of the service catalogue are now specified in more detail.
  • A new, explicit requirement has been added that services are to be classified as CIs.
  • ISO 20000:2018 now refers to "configuration information", references to the CMDB have been dropped.
  • A requirement has been introduced that configuration information is to be recorded to a level of detail appropriate to the criticality and type of services.
8.3 Relationship and agreement
  • It has been clarified that suppliers may provide or operate services, service components or (parts of) processes.
  • The requirements regarding contracts with external suppliers have been re-phrased to be more generic, stipulating that contracts shall specify requirements and define contractual obligations and other responsibilities.
8.4 Supply and demand
  • There is now a revised, more generic requirement that demands budgeting and accounting for services.
  • Service demand shall be managed, but the specific requirement to "create, implement and maintain a capacity plan" has been dropped.
  • The requirements for capacity management are now more generic. The list of specific factors influencing service capacity has been deleted.
8.5 Service design, build and transition
  • Clarification has been added that assessing new or changed services is in the scope of change management.
  • A list of potential impacts has been introduced that are to be considered when assessing changes.
  • ISO 20000:2018 now refers to "configuration information", references to the CMDB have been dropped.
  • There are now more detailed requirements for the transferal of services to other parties.
  • It has been clarified that CIs affected by new or changed services are to be managed through configuration management.
8.6 Resolution and fulfilment
  • Requirements for incident management and service request management have been separated out into two sets of requirements.
  • The requirement for a documented procedure to manage incidents has been dropped.
  • There is now an explicit requirement to record actions taken to resolve incidents, problems and service requests.
8.7 Service assurance
  • Service availability management and service continuity management have been separated out into two sets of requirements.
  • Service availability requirements shall be documented, but the specific requirement to create availability plans has been removed.
  • Information security requirements are now more generic, referring to the ISO/IEC 27000 family of standards for more detailed requirements.
  • There is now a specific requirement to assess security risks at planned intervals.
  • An explicit requirement has been introduced to control information security risks related to external organizations.
  • A requirement has been added detailing the procedure to be used for dealing with security incidents.
9 Performance evaluation
  • Requirements regarding monitoring and measurement are now more detailed.
  • Clarification has been added that the management review shall include consideration of measured performance and effectiveness of the SMS and the services.
  • The requirements for reporting are now more generic (specific aspects to be covered in the reports have been removed).
10 Improvement
  • New, generic requirements have been added to this section of ISO 20000:2018 regarding nonconformity and corrective action (the 2011 version of ISO 200000 included similar stipulations in various other sections).
  • The requirements now specifically demand that evaluation criteria be aligned with the service management objectives.
  • A documented procedure for improvement is no longer a specific requirement.

 

 

References and Links

  • [ISO, 2011] International Organization for Standardization: ISO/IEC 20000-1:2011, Information technology - Service management - Part 1: Service management system requirements. - Geneva, Switzerland, April 2011.
  • [ISO, 2018] International Organization for Standardization: ISO/IEC 20000-1:2018, Information technology - Service management - Part 1: Service management system requirements. - Geneva, Switzerland, September 2018.
  • [APMG, 2017] ISO/IEC 20000 - Update Following International Standards Meeting. - APMG-Blog of December 04, 2017. Retrieved May 02, 2018.

 

Learn more about the ISO20000 standard in the following sections:

 

Notes

[1] ISO/IEC 20000:2018 is a completely revised version of the previous edition. Therefore, it is not possible to provide a simple and complete list of the changes. The information provided here should be seen as our best effort to explain how ISO 20000 has changed.

Is based on: The YaSM - ISO 20000 Bridge.

By:  Stefan Kempter   and  Andrea Kempter Contributor: Andrea Kempter, IT Process Maps GbR, IT Process Maps.

 

ISO 20000 in brief Transition rules Main differences in ISO 20000:2018 Differences in detail