ISO/IEC 20000 explained

ISO/IEC 20000 is the international standard for IT service management. It was developed in 2005 by ISO/IEC JTC1/SC7 and revised in 2011 and 2018.[1] It was originally based on the earlier BS 15000 that was developed by BSI Group.[2]

ISO/IEC 20000, like its BS 15000 predecessor, was originally developed to reflect best practice guidance contained within the ITIL framework, although it equally supports other IT service management frameworks and approaches including Microsoft Operations Framework and components of ISACA's COBIT framework. The differentiation between ISO/IEC 20000 and BS 15000 has been addressed by Jenny Dugmore.[3] [4]

The standard was first published in December 2005. In June 2011, the ISO/IEC 20000-1:2005 was updated to ISO/IEC 20000-1:2011. In February 2012, ISO/IEC 20000-2:2005 was updated to ISO/IEC 20000-2:2012.

ISO 20000-1 has been revised by ISO/IEC JTC 1/SC 40 IT Service Management and IT Governance. The revision was released in July 2018. From that point certified entities enter a three-year transition period to update to the new version of ISO 20000-1, ISO/IEC 20000-1:2018 – Information technology — Service management — Part 1: Service management system requirements.

Parts

ISO/IEC 20000-1: Service management

Formally: ISO/IEC 20000-1:2018 ('part 1') specifies requirements for "establishing, implementing, maintaining and continually improving a service management system. An SMS supports the management of the service lifecycle, including the planning, design, transition, delivery and improvement of services, which meet agreed requirements and deliver value for customers, users and the organization delivering the services.". The 2018 version (ISO/IEC 20000-1:2018) comprises ten sections, following the high-level structure from Annex SL of the Consolidated ISO/IEC Directives, Part 1:

  1. Scope
  2. Normative references
  3. Terms and definitions
  4. Context of the organization
  5. Leadership
  6. Planning
  7. Support of the Service Management System
  8. Operation of the Service Management System
  9. Performance Evaluation
  10. Improvement

ISO/IEC 20000-2: Guidance on the application of service management systems

ISO/IEC 20000-2:2019 provides guidance on the application of service management systems (SMS) based on the requirements in ISO/IEC 20000-1:2018.

ISO/IEC 20000-3: Guidance on scope definition and applicability of ISO/IEC 20000-1

ISO/IEC 20000-3:2019 provides guidance on scope definition, applicability and demonstration of conformance for service providers aiming to meet the requirements of ISO/IEC 20000-1, or for service providers who are planning service improvements and intending to use ISO/IEC 20000 as a business goal. It supplements the advice in ISO/IEC 20000-2, which provides generic guidelines for implementing an SMS in accordance with ISO/IEC 20000-1.

[Withdrawn] ISO/IEC 20000-4: Process assessment model

ISO/IEC TR 20000-4:2010 has been withdrawn. A set of new documents providing a Process Reference Model (PRM) and a Process Assessment Model (PAM) based on ISO/IEC 20000-1:2018 has been developed by ISO/IEC JTC1/SC7 as ISO/IEC 33054 (PRM) and ISO/IEC 33074 (PAM).

ISO/IEC 20000-5: Implementation guidance for ISO/IEC 20000-1

ISO/IEC TR 20000-5:2022 provides guidance to service providers on how to implement an SMS based on ISO/IEC 20000-1.

ISO/IEC 20000-6 Requirements for bodies providing audit and certification of service management systems

ISO/IEC 20000-6:2017 provides requirements for auditing bodies for the assessment of conformance to ISO/IEC 20000-1.

[Withdrawn] ISO/IEC 20000-7: Guidance on the Integration and Correlation of ISO/IEC 20000-1:2018 to ISO 9001:2015 and ISO/IEC 27001:2013

ISO/IEC TR 20000-7:2019 provides guidance on the integrated implementation of a Service Management System based on ISO/IEC 20000-1:2018 with a Quality Management System based on ISO 9001:2015 and/or an Information Security Management System based on ISO/IEC 27001:2013.

[Withdrawn] ISO/IEC 20000-9: Guidance on the application of ISO/IEC 20000-1 to cloud services

ISO/IEC TR 20000-9:2015 provided guidance on the use of ISO/IEC 20000‑1:2011 for service providers delivering cloud services.

ISO/IEC 20000-10: Concepts and vocabulary

ISO/IEC TR 20000-10:2018 describes the core concepts of ISO/IEC 20000, identifying how the different parts support ISO/IEC 20000‑1:2018 as well as the relationships between ISO/IEC 20000 and other International Standards and Technical Reports. This part of ISO/IEC 20000 also explains the terminology used in the ISO/IEC 20000 series, so that organizations and individuals can interpret the concepts correctly.

ISO/IEC 20000-11: Guidance on the relationship between ISO/IEC 20000-1 and service management frameworks: ITIL

ISO/IEC TS 20000-11:2021 is a Technical Specification that provides guidance on the relationship between ISO/IEC 20000-1:2011 and a commonly used service management framework, ITIL 4.

ISO/IEC 20000-14: Guidance on the relationship between ISO/IEC 20000-1 and service management frameworks: Service Integration and Management

This document discusses the relationships between ISO/IEC 20000-1 and Service Integration and Management (SIAM).

ISO/IEC 20000-15: Guidance on the application of Agile and DevOps principles in a service management system

ISO/IEC 20000-15:2024 provides guidance on the use of Agile and DevOps principles in a service management system.

[Under Development] ISO/IEC 20000-16: Guidance on sustainability within a service management system based on ISO/IEC 20000-1

Projected publication in 2024.

[Under Development] ISO/IEC 20000-17: Scenarios for the practical application of ISO/IEC 20000-1

Projected publication in 2024.

Certifications and qualification schemes

As with most ISO standards, organizations and individuals seek training towards establishing knowledge and excellence in applying the standard. The certification scheme targets organizations, while the qualification scheme targets individuals.

Qualification of individuals is offered by URS, APMG-International, EXIN, PECB, Loyalist Certification Services, TÜV SÜD Akademie, PEOPLECERT, and IRCA.The EXIN, Loyalist and TÜV SÜD program is in fact a qualification in IT Service Management based on ISO/IEC 20000 and includes a Foundation level and several role based certificates: professionals in Align, Deliver, Control and Support, Associate, (Executive) Consultant/Manager and Auditor.The APMG qualifications are focused on getting an organization certified and presume knowledge of IT Service Management is already available. The APMG qualifications are conducted at the Foundation, Practitioner and Auditor level.IRCA and other organizations involved in the certification of auditors have developed their own auditor training and certification for ISO/IEC 20000 auditors.

In terms of certification, there are leading certification bodies around the world, for instance, BSI in UK, Quality Austria in Austria, JQA in Japan, KFQ in Korea and SAI Global in Australia, Asia and Americas.

The importance of certification to ISO/IEC 20000 is not correlated by global adoption. ISO collects the number of certificates issued from the different certification bodies and publishes the results annually in The ISO Survey of Management System Standard Certifications. The 2020 survey reports that 7846 (5461 in China) certificates were issued for ISO/IEC 20000.[5]

Academic resources

See also

Notes

Notes and References

  1. http://www.iso.org/iso/iso_catalogue/catalogue_ics/catalogue_detail_ics.htm?csnumber=70636 ISO/IEC 20000-1:2018 Service Management System (SMS) Standard
  2. http://www.bsigroup.com/en/About-BSI/News-Room/BSI-Fast-Facts2/ BSI Group Fast Facts
  3. Book: Dugmore, Jenny. Achieving ISO/IEC 20000 - The Differences Between BS 15000 and ISO/IEC 20000. BSI Group. 2006. 0-580-47348-1. 124.
  4. Dugmore. Jenny. BS 15000 to ISO/IEC 20000 What difference does it make?. ITNOW. 48. 3. 30. 2006. 10.1093/combul/bwl017.
  5. Web site: ISO. Survey. 2020 ISO Certification Survey. 2020. 2022-09-15. 1.