Knowledge Base

What is ISO/IEC 20000?

The First International Standard for IT Service Management

ISO/IEC 20000 is a standard for a quality management system which "…promotes the adoption of an integrated process approach to effectively deliver managed services to meet the business and customer requirements."

ISO/IEC 20000 is the first international standard for IT Service Management (ITSM) and was published on the 15th December 2005 and revised as 2011 edition. ISO/IEC 20000 was based on BS15000 which it supersedes.

ISO/IEC 20000 consists of the following key documents, under the general title Information technology - service management:

ISO/IEC 20000-1:2011 Part 1: Specification
Part 1 defines the requirements for a service provider to deliver managed services of an acceptable quality for its customers
ISO/IEC 20000-2: 2005 Part 2: Code of practice
Part 2 provides guidance and recommendations on how to meet the requirements in Part 1.

Service providers wishing to achieve ISO/ IEC 20000 would need to satisfy the requirements of Part 1 fully. For this reason, Part 1 uses the terminology 'shall' which can be interpreted as being mandatory.

Part 2 of the standard, the code of practice, describes the best practices for service management within the scope of ISO/IEC 20000 Part 1, and provides advice and guidance as to how Part 1 can be implemented. Part 2 uses the terminology 'should' which can be interpreted as a guideline or recommendation as there may be other valid ways of achieving the requirements of Part 1.

Other supporting documentation is available to provide guidance on scoping, process models and implementation planning.
ISO / IEC 20000 is aligned with the IT Infrastructure Library (ITIL®), and the individual ITIL publications can be used as a source of expanded best practice for meeting the requirements of the standard.

Use of ISO/IEC 20000

ISO/IEC 20000 is the world's first ITSM process standard that provides the industry with a standard that can be used for auditing and assessing internal and external suppliers across the supply chain.
Overall the standard promotes:

  • Adoption of a co-ordinated, integrated process approach:
    • To effectively deliver managed services to meet the business and customer requirements
    • To deliver ongoing control and greater efficiency
  • To deliver opportunities for continual improvement
  • People to be well organised and co-ordinated
    • Appropriate tools To ensure that the processes are effective and efficient

Figure 1, illustrates a circle of continual improvements in the quality of IT services delivered. Additionally the diagram emphasises reduced long term costs in the development and delivery of IT services, reduced risk of not being able to meet business objectives, better communication between IT and the business, greater productivity and best use of skills and experience, the ability to absorb a high rate of change, and lastly IT staff are provided with best practice guidance.
 vicious vs virtuous circle
Reasons for an organisation to introduce ISO/IEC 20000 to the business

There are many types of organisations that have or are working towards ISO/IEC 20000:

  • Organisations operating within national boundaries
  • Organisations operating across countries under central control
    • Parent country culture predominates
  • Organisations operating across countries on an associate basis
    • Local culture flourishes and is exploited
  • Truly international organisations
    • Short term collaboration
    • Long term partnerships

Drivers for organisations:

External service providers

  • ISO/IEC 20000 is becoming a basic bid requirement especially for IT Service Providers, in the same way as ISO 9000 in the past
  • Gives confidence to customers in selecting an external service provider that is ISO/IEC 20000 certified
  • Provides a competitive edge

Internal service providers:

  • Enforces process compliance by turning the "shoulds" into "shalls" so that all the benefits of best practice ITSM will be gained
  • Significant milestone for an IT department demonstrating professionalism that has been independently certified

Generic drivers for all:

  • Hard evidence that the Quality of ITSM is taken seriously
  • Supports the business to operate more effectively
  • Enforces a method of review and assessment linked to continual improvement

Staff morale boosted by working in a controlled environment

Why do organisations require ISO/IEC 20000?

  • Business and customers are more dependent on IT services and are more demanding
  • ITSM represents the lifecycle stage that consumes approximately 80% of the total IT spend
  • Increased momentum for establishment of industry IT service delivery norms
  • Need for improved consistency in quality of service with significant milestones for an IT Department
  • Framework for measuring and improving
  • Easier inter-changeability of staff and service providers
  • Business change handled better, faster and cheaper
  • Demonstrate compliancy, contractual and regulatory
  • Globalisation - consistency at point of delivery to achieve quality of service
  • Services aligned with the business needs
  • Promote innovation, productivity and competitive advantage
  • A method of review and assessment linked to continual improvement

ISO/IEC 20000 Overall Framework

Figure 2, illustrates how various best practices work together to help as service providers achieve   ISO / IEC 20000.

Best Practices And Standards Working Together
 The requirements contained within the ISO / IEC 20000 standard itself are illustrated in Figure 3.

The Big Picture

Overall Management System; to provide a management system, including policies and a framework to enable the effective management and implementation of all IT services

Service Level Management; to define, agree, record and manage levels of service

Service Continuity and Availability Management; to ensure that agreed obligations to customers can be met in all circumstances from normal through to major loss of service

Service Reporting; to produce timely, agreed, reliable, accurate reports for informed decision making and effective communication

Budgeting and Accounting for IT services; to budget and account for the cost of service provision where charging is used it is recommended that the mechanisms are fully understood by all parties

Capacity Management; to ensure that the organisation has, at all times sufficient capacity to meet current and future agreed demands of the business

Information Security; to manage information security effectively within all service activities

Business Relationship Management; to establish and maintain a good relationship between the service provider and customer, based on understanding customer and their business drivers

Supplier Management; to manage the service provider(s) to ensure the provision of seamless quality services

Incident Management; to restore normal service as soon as possible in order to minimise business disruption

Problem Management; to identify and manage the underlying cause of service incidents whilst minimising disruption to customers

Configuration Management; to define and control the components of the service and infrastructure and maintain accurate configuration information

Change Management; to ensure that all changes are assessed, approved, implemented and reviewed in a controlled manner

Release Management; to deliver, distribute and track one or more changes into the live environment