Get FREE 12-month access to the AI-Powered Knowledge Base worth $450
with your ISO 27001 toolkit purchase
Limited-time offer – ends June 27, 2024

8 crucial activities to maintain the ISO 20000-based SMS after the certification audit

It would be wrong to claim that implementing an ISO 20000-based Service Management System (SMS) is an easy job. Quite the contrary – it could be quite a complex project. But, implementing the SMS is (a kind of) one-time job, but that’s not the end of the story.

What you need to be aware of is that, after the certification audit confirms that your SMS is compliant with the ISO 20000 standard, maintaining the SMS requires various activities. The efficiency of the SMS (i.e., “the return on your SMS investment”) depends on those activities, and that puts significant importance on them.

What to do?

So, your SMS is compliant with the standard’s requirements, but the following activities will ensure that the SMS adds value to your business and that the SMS maintains compliance with the standard:

1) Run the SMS – Sure, the fact that you need to run, i.e., operate the SMS is nothing new, but I have seen many companies that have implemented ISO 20000 return to old habits. Once you implement the SMS, procedures are documented and implemented, roles and responsibilities are defined, and all necessary records are generated. So, stick to those rules on a daily basis and in all activities.

2) Measure/monitor – Besides the fact that the standard requires that you perform the measurements, many operational activities and obligations towards your customers require regular measurements and continuous monitoring. Take the Service Level Agreement (SLA) signed with the customer as an example. Usually, service availability or service capacity parameters are defined in such an agreement, or time to resolve incidents. So, in order to avoid penalties (if defined in the agreement) – you need to have measurements and do the monitoring. Additionally, measurement is one of the foundations for improvement.

3) Manage suppliers – Almost never will you be able to do everything by yourself. Meaning, a supplier (or third party) is needed. But, don’t forget that their performance is (usually) visible to your customers. And, you have the responsibility for it (in the eyes of your customers). So, it’s in your best interest to keep your suppliers under control (and the ISO 20000 standard requires you to do that).

4) Maintain customer satisfaction – The primary aim of the ISO 20000 implementation (and, I’m sure, of your business) is to keep your customers satisfied. So, you need to know how you are doing. Luckily, there are many opportunities, within the scope of the SMS, to do just that:

  • Performing customer satisfaction surveys
  • Getting inputs through Business Relationship and Service Level Management (they are directly involved with your customers)
  • Reacting actively to customer complaints (or compliments)
  • Use incidents (if you are using a tool to support the process) to get users’ feedback

5) Improve – Generally, everything can be (or be done) better. The same goes for your SMS and its performance. The above-mentioned monitoring and measurement provides you with one of the inputs. Customer feedback (it doesn’t necessarily need to be a complaint or compliment) is also a good input to trigger improvement initiatives. Your own people (remember, they are constantly in touch with your services and customers) are also an excellent source. Documentation, processes, tools, etc. are also subject to improvement.

6) Internal audit – Besides it being required by the standard, the internal audit will tell you where you are. If performed objectively, it could be of great help to tell you what is not compliant with the standard’s requirements, or what is compliant but could be done better.

7) Perform Management Review – This is one of the most important activities. This activity involves your top management and requires thorough preparation. But, once you get them in a meeting, that’s where major decisions will be made, like approving the budget or changes in the scope of the SMS.

8) Training and awareness – By implementing the SMS, you introduced new (or changed existing) processes and roles. According to those changes, and in order to keep the SMS functional, your people need to be trained. Once you train them, you need to continually communicate with them about the performance of the SMS and fulfilling the targets. It’s important for the people involved in the SMS to be aware of the purpose of the SMS, its performance, and their own roles. In this way, you’ll “get them on board.”

It is important to emphasize that the above-mentioned activities will ensure that the information and records needed for the next audit are available, and make the SMS Manager’s life easier. Trying to do all of this, i.e., ensure all necessary records, improve the SMS, update the documentation, make people aware of the SMS … just a few days or weeks before the next audit generates questionable results and (in my opinion) is a waste of the resources invested in the SMS.

The purpose

So, the certification audit is done and the auditors are gone. But, they will come back, again and again. Surveillance audits can be stressful, but there is a lot you can do to make your life easier. The above-mentioned points are not only needed to prepare for next audit, but also to make your SMS functional end efficient. The next audit results will confirm that; but, even more importantly – your customers will, too. And who needs better motivation than that?

Use this free Project checklist for ISO 20000 implementation to manage your ISO 20000 implementation.

Advisera Branimir Valentic
Branimir Valentic
Branimir is an expert in IT service management (consultancy, training and tools), IT governance (training and consulting), project management and consultancy in IT and telecommunication. He holds the following certificates: ITIL Expert, ISO 20000, ISMS Lead Auditor and PRINCE2.