ISO20000 – An introduction

History
ISO 200001 has a long pedigree being underpinned by ITIL service management best
practices. The first version was a British Standard, BS15000, published in 2000. Following an
early adopters’ trial, various recommendations for improvement were made and the standard
was updated in 2002. This was then fast tracked to become an international standard,
ISO20000 which was published in 2005.

The first certification scheme for organisations to be certified was launched in November
2003 by the ITSMF (IT Service Management Forum) and is entirely in line with the ISO9000
certification scheme. External auditors must be approved by ITSMF and are known as
Registered Certification Bodies (RCBs) who are listed on the ISO20000 web site,
www.isoiec20000certification.com.

Framework
The framework of service management guidance is represented below. Although the
framework shows the most commonly used best practice framework of ITIL, it is not
mandatory to implement ITIL best practice in order to satisfy the requirements of the
standard. Use of other frameworks such as eTOM will be equally valid.

Individual qualifications
In addition to corporate certifications, there are several qualifications available for individuals.
These are:

1
ISO20000 is the commonly used abbreviation for the International Standard for IT Service
Management whose full title is ISO/IEC 20000.
• ITSMF - ISO20000 consultant certificate aimed at those who will consultant, either
internally or externally, or manage an ISO20000 programme
• ITSMF - ISO20000 auditor qualification is aimed at internal and external auditors who
will be auditing against ISO20000
• EXIN – Service Quality Management Foundation aimed at individuals working in an
ISO20000 organisation
• EXIN – Service Quality Management Advanced aimed at consultants or managers
• ISEB – ISO20000 Essentials course to be released early 2008

Scope of the standard

The standard requires an IT Service provider, either internal or external, to satisfy
requirements for all processes as shown in the process model below. The processes cover
the ITIL processes and bring in additional areas to provide a complete view of IT Service
Management. There can be no processes excluded for certification.

The scope does allow for some of the processes to be outsourced as long as management
control can be shown over those outsourced processes.

The standard aligns with ISO9001 in the Management System requirements and the Plan-
Do-Check-Act cycle in Planning and Implementing Service Management. Indeed those
companies with ISO9001 certification should already find that they satisfy some of the
requirements of ISO20000. ISO20000 can be achieved either in conjunction with ISO9001 or
stand alone.

ISO20000 also links with ISO27001. The requirements for information security management
within ISO20000 are a sub set of those in ISO27001. Those companies already certified to
ISO27001 level for the same scope should have already satisfied all the information security
requirements in ISO20000.

The standard can be attained for varying scopes within a service provider:
• All or some IT Services e.g. financial services, supply chain services
• All or some Technology e.g. application management, infrastructure management,
desktop support

2
• All or some customers e.g. one specified customer or all customers
• All or some locations e.g. one location or all locations

Why achieve ISO20000

There are various drivers for wanting to gain ISO20000:
• An independent certification offers an industry recognised benchmark of quality
• The certification proves that the provider can offer best practice in service
management and service delivery
• More importantly, the certificate ensures that an organisation gains all the benefits of
utilising best practice in service management. Many companies claim to implement
ITIL best practice but these are often selective implementations which are not
independently checked. With ISO20000 as with any other standard, the use of best
practice will be assessed annually ensuring that all the benefits often promised are
truly gained. These benefits will cover improved quality of service, cost savings,
reduced risk and continuous improvement
• Even if the service provider does not go for formal certification, the 13 pages of
mandatory requirements in the standard provide a focus for what to do to implement
best practice service management. This can then be supplemented with the use of
ITIL or other frameworks for the detail of how to implement each process
• For many external service providers, the benefits are in demonstrating a competitive
edge or in being able to respond to proposal requests that demand ISO20000
certification

Future of the standard

The standard is already being updated by the International Standards Committee responsible
for service management. This committee has representatives from many countries including
Spain. The standard will remain stable for some years which is important in the marketplace.
The next update is likely to be published in 2009 or 2010. Updates will cover:
• Removal of ambiguity from some wording
• Improvement and updating of some requirements based on feedback
• Some alignment to ITIL3.

Further Information
There are various publications available to support the standard including:
• ISO/IEC 20000 - part 1 and part 2
• ISO/IEC 20000 Self assessment workbook - BSI publication (www.bsi-global.com)
• A Manager's guide to service management - BSI publication
• Achieving ISO/IEC 20000 series - BSI publications
• ISO/IEC 20000 pocket guide - ITSMF publication

The web site also points to useful information about auditors and certified companies:
www.isoiec20000certification.com

Lynda Cooper
Co-author of BS15000 and ISO20000
Principal UK Expert to the International Standards Committee on Service Management
lynda.cooper@bcs.org

3
4