What is ISO/IEC 20000?
For many years the IT Service Management world lobbied the need for a standard, one which would complement those already in existence for business processes. Although many service providers had invested in the adoption of a service management framework, such as ITIL, there was no real independent means where they could prove to be customer driven, be making continual service improvements and demonstrate integrated service management processes.
November 2000 saw the British Standards Institute (BSI) launch BS 15000. This introduced the concept of requirements for an IT Service Management quality management system in addition to the quality of separate IT Service Management processes. In December 2005, BS 15000 was replaced by ISO/IEC 20000. The first international standard for IT Service Management was published by the International Organisation for Standardization (ISO).
The standard initially comprised of two parts: ISO/IEC 20000-1, Specification of service management, a number of mandatory requirements which the service provider has to satisfy to achieve certification and ISO/IEC 20000-2, ‘Code of practice for service management,’ best practice recommendations and guidance on how to meet the requirements of the standard and achieve certification. Since 2000 we have seen the release of parts 3, 4 and 5. Part 3 is a Technical Report giving advice on scope definition, applicability and conformity assessment. Part 4 is a Technical Report which facilitates the development of a process assessment model. Part 5 is a Technical Report giving advice on the implementation plan for ISO/IEC 20000-1.
Certification to ISO/IEC 20000 follows the successful audit by one of the Registered Certification Bodies (RCB), an independent body. For those service provider organisations already working to one of the many service management frameworks, meeting the requirements of the standard shouldn’t involve that big an investment. For example, if you can demonstrate the following you’ll be meeting the ISO/IEC 20000-1 requirements for Incident Management.
Are all incident logged?
Is there a system in place for tracking, prioritising, escalating and formally closing incidents?
Are customers informed before the SLA target is missed?
Do Incident Management have access to known errors, problem resolutions and the CMDB?
Is there a process for dealing with major incidents?
The above points should be done in context of an overall IT Service Management system.
Senior management set policies, show commitment and review
Documents are controlled
Staff are competent, aware of their contribution and trained
There are continual improvement activities
Internal audits are scheduled and conducted
There is integrated service management
For those service provider organisations contemplating ISO/IEC 20000 certification it’s worth noting that you don’t have to be perfect and the scope doesn’t have to include all services to all customers.
However, you do have to meet all the requirements of the standard. The service management system does have to be fit for purpose, consistent and continual improvements must be embedded within the organisation.
Most of this you’ll already be doing.
ISO/IEC 20000 is the first standard for IT Service Management, promoting the adoption of an integrated approach to effectively deliver managed services to meet the business and customer requirements.
An assessment of your IT Service Management capabilities against the requirements of the ISO/IEC 20000 standard.