What Is ISO/IEC 20000?
ISO/IEC 20000 is an international standard and consists of a number of requirements that an organisation can be formally audited against to show that it is proficiently operating its service delivery to a pre-determined ‘standard’. Its full title is ISO/IEC 20000 Information Technology – Service management, sometimes just for brevity called ISO 20000 (or ISO20K).
Whilst organisations that operate service management can be assessed against ITIL®, this is a best practice framework that allows an organisation to be selective about which elements they do, and there is no minimum number of processes that must be performed, or indeed which parts of a process need to be performed – whereas ISO/IEC 20000 specifies a set of processes and an over-arching management framework (known as a service management system) that must be effectively performed and managed, and evidence shown of that.
There are a number of parts to ISO/IEC 20000, but it is Part 1 (Service management system requirements) that specifies the mandatory aspects that any organisation must perform (and show evidence of) in order to achieve certification.
ISO/IEC 20000-1:2018 HAS BEEN LAUNCHED
Saturday 15thSeptember 2018 saw the launch of the latest iteration of the international standard ISO/IEC 20000-1 Information technology – Service management, Part 1: Service management system requirements.
Part 1 is supported by a number of other parts within the ISO/IEC 20000 series, but it is this part that organisations are certified against. It features a set of mandatory requirements that an organisation must comply with if they are to be officially certified as being compliant with the Standard.
Last published in 2011, the 2018 version sees numerous changes that in some cases expands on previous content, whereas some other requirements have been simplified (with certain elements moved to Part 2 as guidance), and new requirements have been added.
For those familiar with the previous edition, some of the key changes are as follows:
- The supporting management framework for the service management system (SMS) has been restructured and expanded, and now has the following key elements:
- Context of the organisation
- Support of the SMS
- All processes are now under a heading of Operation of the SMS
- The 2011 process of Service continuity and availability management has been split into Service availability management and Service continuity management
- The 2011 process of Incident and service request management has been split into Incident management and Service request management
- New requirements have been added that focus on areas such as Service catalogue management and Asset management
- Design and transition of new or changed services is no longer titled as such, with certain elements moved elsewhere within the Operation of the SMS structure so that it better aligns to the lifecycle of a service
It should be noted that much of the content remains the same, or with minor revisions. Many of the 2011 processes, whilst they remain, have been simplified in respect of the mandatory requirements that an organisation needs to show evidence of. A good example of this is Capacity management, where previously a capacity plan needed to be maintained and a specific list of contents for this plan was also defined. The 2018 revision now states that the organisation needs to plan capacity. This change in emphasis is important as it is less prescriptive and gives an organisation more freedom in how they go about demonstrating to an auditor their capacity planning activities.
As previously mentioned, the ISO/IEC 20000 series is made up of a number of separate parts. Part 1 deals with Concepts and vocabulary, and the latest version is also due to be published in September 2018. Part 2 (Guidance on the application of service management systems) and Part 3 (Guidance on scope definition and applicability of ISO/IEC 20000-1) are currently part-way through their revision cycle and updated versions will be published in 2019. Other parts within the series will be also be updated in due course.
Non-IT organisations should also be aware be that whilst this Standard has ‘information technology’ in the title, it can be applied to any organisation that delivers services, IT or otherwise.
Fox IT is represented on the UK committee for ISO/IEC 20000 (coordinated by BSI) and has been actively involved in the update to Part 1 and the other associated parts. Please contact us if you want to know more details, or indeed if you want your organisation assessed to see if you meet the latest set of Part 1 requirements.
For information on how Fox IT can assist on your path to certification , click here.