Posted on

ISO 20000 Latest

What is ISO 20000?

ISO/IEC 20000, often referred to simply as ISO 20000, is the international IT Service Management standard that enables IT organisations (whether in-house, outsourced or external) to ensure that their IT service management processes are aligned both with the needs of the business and with international best practice.

ISO/IEC 20000 helps organisations benchmark how they deliver managed services, measure service levels, and assess their performance. It is broadly aligned with, and draws strongly on, ITIL.

Benefits of ISO 20000


ISO 20000 can assist your organisation in benchmarking its IT service management, improving its services, demonstrating an ability to meet customer requirements and creating a framework for an independent assessment.

Some of the most common benefits of ISO 20000 certification for service providers are that it:

1-Offers competitive differentiation by demonstrating reliability and high quality of service;
2-Gives access to key markets, as many organisations in the public sector mandate that their IT service providers demonstrate compliance with ISO/IEC 20000;
3-Provides assurance to clients that their service requirements will be fulfilled;
4-Enforces a measurable level of effectiveness and a culture of continual improvement by enabling service providers to monitor, measure and review their service management processes and services;
5-Drives down the costs of conformance to a multitude of regulations, including the PCI DSS and Sarbanes-Oxley;
helps leverage ITIL practices to optimise resources and processes.

What does ISO 20000 actually look like?

While consisting of eight parts, there are two that are most used for ISO 20000:

ISO 20000-1:2018 is the formal specification for IT Service Management. It clearly defines all the requirements you need to deliver managed IT services of an acceptable quality for your customers. It includes service management system (SMS) requirements in following areas:

1-Context of the organization
2-Leadership
3-Planning
4-Support of the service management system
5-Operation of the service management system
6-Performance evaluation
7-Improvement

The second part: ISO 20000-2:2019 is the code of practice for IT Service Management; it is the guidance for the application of service management systems. In other words, it helps you interpret the requirements of the standard. It defines the best practice management processes, and it is very useful if you’re preparing to be audited against ISO 20000 or planning service improvements.

It’s important to note that your company can get certified against ISO 20000-1:2018, but not against ISO 20000-2:2019 (this is a code of practice only).

ISO 20000

Why is ISO 20000 a good idea for your organization?


The benefits of ISO 20000 cannot be overstated; companies large and small have used this standard to great effect, discovering and securing tremendous cost and efficiency savings. Here are just a few of these benefits:

Improve your image and credibility – ISO 20000 is the only internationally recognized standard for IT Service Management. Its international adoption has been rapid in recent years, as organizations see it as a key differentiator in the marketplace. And, as a popular and proven standard, you can be sure of the efficacy and scalability of the processes.

Become more productive – Gain a competitive advantage through increased efficiency and effectiveness due to more reliable IT services. With everybody clear about who does what and when, you’ll reduce both the number of incidents and your ability to handle them.

Increased customer satisfaction – Whether it’s your internal or external customers, you’re able to deliver improved IT services that better meet their needs – while at the same time better protecting the company and its assets, shareholders, and directors.

Benchmark and improve – You can compare your organization’s processes and activities against the international standard for ITSM (you can then easily indentify and implement any necessary improvements). And, because an independent certification body audits your company, you (and anyone interacting with your organization) can be sure you’re meeting the required level of service.

Fully integrated processes – ISO 20000 helps you align IT services with the wider business strategy. You can ensure your company is focused on the IT Service Management solutions best suited to serving your customers and the needs of the business.

Reduce the cost of IT – Better understand and manage the cost of IT. Plan future financial costs with greater accuracy and clarity. With simpler processes and clear responsibilities, you can operate a leaner, more efficient service.

Create a culture of continual improvement – The business environment does not sit still, particularly in our age of digital and technological innovation. Ensuring your organization is always improving its processes in reaction to customer feedback is not just a nice-to-have – it’s essential for a company’s longevity. And this also extends to improvements identified internally, changing technology, and developing business norms.

Become more agile and change quickly – ISO 20000 creates a solid framework of best practice that helps support innovation. Change in your organization can be handled more adeptly and with greater speed, meaning you reduce internal and external risk levels and are more likely to meet your organizational objectives.

Gain a competitive advantage – Through more effective and efficient delivery of IT services, you can give your organization tangible advantages over your competitors. For example, you can reduce IT issues and respond to them faster, freeing up more of your time for strategic IT development in your organization.

What are the practical steps to becoming ISO 20000 certified?


If your organization wants to become certified, you need to be formally assessed by an accredited certification body. You will need to demonstrate the quality of your company’s IT processes against the ISO 20000-1 standard. Individuals, on the other hand, can become certified by passing exams (see below for further details).

There are certain mandatory documents that, as a company, you will have to complete in order to gain the standard.

But, merely creating ITSM process documentation is not enough (and will not solve your problems). To ensure certification, you have to integrate all the activities described in your documentation into your day-to-day business.

And, most importantly, you have to gain value. There is little point in creating the documentation and making all these changes if, in the end, your company has not realized the real-world value possible from ISO 20000. Otherwise, people within your organization will rightly question why you’re bothering.

Mandatory steps for finishing implementation and getting certified

After finishing all your documentation and implementing it, your organization also needs to perform these steps to ensure a successful completion of your project:

Internal audit â€“ The purpose of an internal audit is to check your ITSM processes. The goal is to find problems and weaknesses that would otherwise stay hidden.   

Management review â€“ A formal way for your management to take into account all the relevant facts about IT Service Management and make appropriate decisions.

Corrective actions â€“ Following the internal audit and management review, you need to correct any identified problems and document how they were resolved.

The company certification process is divided into two stages:

Stage One (documentation review) â€“ The certification auditor will check whether your documentation is compliant with ISO 20000.

Stage Two (main audit) â€“ Here, the auditor will check whether all your actual activities are compliant with both ISO 20000 and your own documentation.

So, how is ISO 20000 different from ITIL?

The basic difference between ISO 20000 and ITIL is that ISO 20000 gives you the methodology and framework (providing you with the pieces with which to construct the ITSM jigsaw puzzle), while ITIL gives you the details (the practices) on how to manage each and every IT process in your organization (i.e., how to put the jigsaw puzzle together).

A good way to think of it is that ISO 20000 says what you need to do, while ITIL tells you how to do it.

ISO 20000 does not work in complete isolation. It can be implemented independently from ITIL, but they do go very well together.

As opposed to a standard, ITIL is a practical framework of best practices that focuses on aligning your IT services with the wider needs of your business. As a company, you can’t become ITIL certified; you can only comply with the best practice guidelines.

ISO 20000 is based on the fundamental principles of ITIL, and is a standard that your company can certify against.

Individuals seeking excellence in ITSM and internationally recognized certification can become certified against ITIL and ISO 20000 (e.g., the foundation course discussed further below).

ISO 20000 certification for organizations is essentially the evidence that best practices have been implemented. ITIL is not required to gain certification in ISO 20000, but it is easier to achieve if you’re following an ITIL approach to IT Service Management.

Read More About SOC 2 Compliance

Buy From Amazon

Leave a Reply

Your email address will not be published. Required fields are marked *