An Overview of ISO 20000
ISO 20000 is an International Standard for ITSM (Information Technology Service Management), published by ISO (International Organisation for Standardisation) and International Electoral Commission (ICE) and revised in 2011 & 2018. It was primarily based on the earlier BS 15000 that BSI Group developed. ISO/IEC 20000, like its BS 150000 predecessor, was originally introduced to reflect best practice guidance contained within the ITIL Framework, although it equally supports other IT Service Management Frameworks & approaches, including Microsoft Operations Framework & components of ISACA's COBIT framework. To become an International Standard, ISO 20000 had to be agreed upon by a majority of member nations, which means it is accepted by a majority of countries globally.
ISO 20000 Certification Standard aids the IT Departments ensure their ITSM Framework processes are aligned with global best practices & business requirements. This Certification helps the organisations benchmark how they measure service levels, deliver accurate services & assess their performance on a globally recognised scale.
Importance of ISO 20000 Certification
- This Certification help and advice organisations to improve performance and generate revenue;
- It teaches them to evaluate a gap analysis and it also helps people to make a plan for implementing the improvements;
- It helps assess & advise organisations regarding the implementation of continuous policies & objectives;
- It also advises & explains the definition of applicability & scope;
- ISO 20000 Certification explains the use of tools & technology to support a service management system’s implementation & improvement. The technology also guides people to achieve this Certification;
- This Certification aids people in understanding, evaluating, create & apply a proper service management plan. The plan should comprise the service management objectives & policies.
Sections of ISO 20000
This Certification has various sections. The management needs to be familiar with the various sections so that their organisations get ISO 20000 Certification. The sections are as follows:
- Design & Generation of the New and Altered Services: Following are the subsections of this section:
- Developing & designing the new or changed services;
- Planning new or changed services;
- Transitioning the new or changed services.
- Resolution Management:
- Problem management;
- Incident & service request management.
- General Requirements of the Service Management System (SMS):
- Improving & establishing the Service Management System;
- Resource Management;
- Plan Service Management System;
- Implement & operate Service Management System;
- Reviewing the Service Management System;
- Improving & maintaining the Service Management System;
- Governing & processes operated by other parties;
- Control Processes:
- Configuration management;
- Deploying the management;
- Change management.
- Service Delivery Processes:
- Continuity of service;
- Availability of testing;
- Availability of management;
- Service management;
- Budgeting & accounting for IT management services;
- Information security changes & incidents;
- Service level reporting.
- Relationship Processes:
- Supplier management;
- Business relationship management.
Benefits of ISO 20000 Certification
Following are some benefits of ISO 20000 Certification:
- Reduce the IT Cost: Better manage & understand the cost of IT, and plan future financial costs with greater accuracy & clarity. With simpler processes & clear responsibilities, you can operate a leaner, more efficient service.
- Gain a Competitive Advantage: Through more efficient delivery of IT services, you can give your company or organisation tangible advantages over your competitors. For e.g., you can lessen IT issues and respond to them quickly, freeing up more of your time for strategic IT (Information Technology) development in your organisation.
- Increased Customer Satisfaction: Whether it is your external or internal customers, you are able to deliver improved IT (Information Technology) services that better meet their needs; while at the same time better safeguarding the company & its assets, directors, and shareholders.
- Fully Integrated Processes: ISO 20000 aids you align IT Services with an extensive business strategy. You can make sure that your company is focused on the IT Service Management solutions best suited to serving your customers & the needs of the business.
- Create a Culture of Continual Improvement: The business environment doesn't sit still, mainly in the current era of digital & technological innovation. Ensuring your organisation is always improving its processes in reaction to customers' feedback is not just a nice to have; it is vital for a company's permanency. This also extends to improvements identified internally, altering technology and developing business norms.
Mandatory Records & Documents Required by ISO 20000:2018
Following are some essential documents you need to arrange if you want to be compliant with ISO 20000:
- Scope of SMS;
- Service Management Plan;
- Service Continuity Plan;
- Processes of the Organisation’s Service Management System;
- Service Requirements;
- Contract with the external supplier;
- Services components that are operated or provided by other parties;
- Release acceptance criteria;
- Procedure for managing & categorising a major incident;
- Procedure for restoring working conditions after service disruption;
- Capacity requirements;
- Risk assessment & management for the Service Management System;
- Service management objectives & policy;
- Change management policy;
- Processes of the organisation’s Service Management System;
- Service catalogue(s);
- Processes or parts of processes in the organisation's Service Management System that are operated by other parties;
- Risk for service continuity, availability and information security;
- Procedure for continuing operations in the event of a big loss of service;
- Design of new or altered services;
- Service availability requirements & targets;
- Users, customers & other interested parties of the services provided;
- Service level agreement(s);
- Information security policy;
Following are some mandatory records:
- Results of service availability monitoring;
- Request for change;
- Configuration details;
- Records of skills, experience, qualifications, and training;
- Service requests;
- Known errors;
- Information security incidents;
- Internal audit programs;
- Results of corrective actions;
- Results of the management review;
- Records of any disputes between the organisation & external suppliers;
- Records of any service complaints;
- Test results of service continuity plan(s);
- Result of internal audits;
- Opportunities for improvement;
- Monitoring & measurement results.
Procedure to get ISO 20000 Certification
Management of any organisation needs to follow specific steps to obtain ISO 20000 certification. Following are the steps:
Step 1: Creating Awareness: All the benefits of an ISO 20000 Certification need to be communicated to the employees. There should be a clear understanding of the approach toward achieving this Certification. For that, everyone needs to be given a basic understanding of service management's best practices.
Step 2: Determining the Scope of Certification: In this step, it is vital to decide which type of Certification of service management's best practices.
Step 3: Conducting an Initial Assessment: The gaps between a standard's requirements & the current situation need to be identified. Self-assessment is the best way to know the gaps. A complete set of ISO 20000 compliant processes may be used as the assessment benchmark. A list of requirements needs to be prepared, where the conforming & non-conforming should be addressed. In the instance of the non-conforming areas, the list comprises correct details of what the issue is & how it can be addressed.
Step 4: Preparing for the Audit: This is the right step to bridge the gaps that had been identified at the time of the initial assessment.
- This step is the most time-consuming and in this step, several service management processes may need to be corrected or introduced;
- The management of several organisations has complained that defining processes to meet the requirements is an enormously challenging task. It's a perfect idea to maintain a checklist while preparing for an audit;
- The checklist is vital for tracking the requirements that have been fulfilled. It also aids us to check what related records are in place for it;
Step 5: Conducting the Audit: It’s the responsibility of an external auditor from the Registered Certification Body to conduct the audits.
Step 6: Retaining the ISO 20000 Certification Audit: After an organisation gets certified, it is vital to renew the certificate every three years.
ISO 20000 Implementation
The Service Management System (SMS) that conforms to the ISO 20000 follows the Plan-Do-Check cycle:
- Develops the processes for risk management;
- Establishes the scope of service management;
- Develops the methods for improving, managing & auditing service quality;
- Determines the necessary processes;
- Determines resources & timescale;
- Defines the roles & responsibilities;
- Defines the objectives of service management;
- Manages resources & budget;
- Selects motivates & trains the staff;
- Creates documentation & monitors procedures, plans & policies for different processes;
- Treats & mitigates risks.
- The management plan is reviewed;
- Whether the SMS is compliant with this Certification is reviewed;
- An audit program is created. The practitioner training course includes a special session on internal audits.
How can Corpbiz help you in complying with ISO 20000?
Corpbiz offers tools that can help in the implementation & operation of service management processes as mandated by ISO20000:2018. These tools efficiently fulfil the requirements for compliance by integrating the mandated processes in the organisation’s operations & generating records as evidence of compliance.
Frequently Asked Questions
It provides a measurable quality standard for the SMS (Service Management System). It also specifies & described the necessary minimum requirements for processes that an organisation must establish in order to provide & manage services of defined quality.
The objective of this Certification is to align IT services with the current & future needs of the business & its customers. To improve the quality of the IT services delivered.
Requirements of ISO 20000 standard:
- Management commitment;
- Process management, and so on.
This Certification is suitable for all companies seeking to improve their services processes. In other terms, companies from quality-critical industries & organisations that require proof of their quality-assured service processes can benefit most from this Certification.
ISO 9001 is focused on Quality Management and ISO 20000 is focused on Service Management. ISO-9001 is generic and aimed at any organisation providing products/services. Whereas, ISO-20000 is specifically targeted at the services part of a providers system and the more specific focus points to address service management.
No, basically every company can be certified as per ISO 20000.
ISO 20000 is a standard & code of practice; ITIL is a best practice framework. ISO 20000 awards organisations with Certification and ITIL doesn't.