Get FREE 12-month access to the AI-Powered Knowledge Base worth $450
with your ISO 27001 toolkit purchase
Limited-time offer – ends June 27, 2024

Infographic: ISO 20000:2011 vs. ISO 20000:2018 revision – What has changed

A lot of companies that have implemented ISO 20000 are worried about the new changes to this standard. But, at the same time, a lot of people were waiting for a new version, because it was the last ISO standard to be aligned with Annex SL (the same structure that all ISO standards are now based on: ISO 9001, ISO 14001, ISO 27001, ISO 22301, etc.). The ISO 20000:2011 standard will be withdrawn in September 2021, so basically you have only two years to adapt. In this article, you’ll find an infographic with the main changes and differences between ISO 20000:2011 and ISO 20000:2018.

Important: ISO 20000 really is composed of various parts, but this article is only about part 1 of the ISO 20000-1:2018 standard, which defines the requirements for a service management system.

ISO 20000 version 2018 vs. 2011: Main changes [Infographic]

By the way, other parts of this standard are ISO 20000-2, ISO 20000-3, etc. For more information about all parts of this standard, visit the official site of the ISO.

Changes regarding the processes

Basically, in ISO 20000:2011, there are four sections where you can see all the processes:

  • 6 Service delivery processes
  • 7 Relationship processes
  • 8 Resolution processes
  • 9 Control processes

While in ISO 20000:2018, all the processes are included in the same section: “8 Operation.”

Six new specific groups for the processes in ISO 20000:2018

As I have mentioned previously, in the ISO 20000:2018 revision, all processes are included in the same section: “8 Operation,” and this section has six groups:

    • 8.1 Operational planning and control
    • 8.2 Service portfolio
      • 8.2.1 Service delivery
      • 8.2.2 Plan the services
      • 8.2.3 Control of parties involved in the service lifecycle
      • 8.2.4 Service catalogue management
      • 8.2.5 Asset management
      • 8.2.6 Configuration management
    • 8.3 Relationship and agreement
      • 8.3.1 General
      • 8.3.2 Business relationship management
      • 8.3.3 Service level management
      • 8.3.4 Supplier management
    • 8.4 Supply and demand
      • 8.4.1 Budgeting and accounting for services
      • 8.4.2 Demand management
      • 8.4.3 Capacity management
    • 8.5 Service design, build and transition
      • 8.5.1 Change management
      • 8.5.2 Service design and transition
      • 8.5.3 Release and deployment management
    • 8.6 Resolution and fulfillment
      • 8.6.1 Incident management
      • 8.6.2 Service request management
      • 8.6.3 Problem management
    • 8.7 Service assurance
      • 8.7.1 Service availability management
      • 8.7.2 Service continuity management
      • 8.7.3 Information security management

Main differences

Regarding the content of each version of ISO 20000, there are also a lot of changes, and the most relevant, from my point of view, are the following:

  • The Plan-Do-Check-Act cycle is not referenced in the ISO 20000:2018 revision, although you can continue using this model, but considering that it is not a unique one for the continual improvement (for example, ITIL has its own, and, by the way, ITIL will also publish its new version 4 during 2019).
  • Preventive actions have been withdrawn.
  • The CMDB, which is a very important point in the ISO 20000:2011 revision, is not used in the new ISO 20000:2018.
  • In the new ISO 20000:2018, processes about continuity management and availability management are independent. The same goes for the incident management and the service request (in the ISO 20000:2011, these processes are merged).
  • In the new ISO 20000, the number of mandatory documents is reduced. By the way, a “mandatory document” means that a document with information is needed. For example, in the ISO 20000-1 standard, a mandatory document is the SMS scope, which means that we need a document with information about the SMS scope.
  • The process about service reports is modified completely: In the new ISO 20000:2018, it is not a process, but it is a point in the section “9 Evaluation,” and doesn’t define the information that needs to be included in the reports.
  • The concept of the service catalogue now is included as an independent point in a new section called “8.2 Service portfolio,” including other points related to the portfolio concept.
  • The section about “Design and development of new or changed services” now is redefined, and includes a point for the change management, for the transition and design services and the delivery management.
  • The new concept of “asset” is included, which basically is an element, thing, or entity that has value for the organization.
  • ISO 20000:2011 has the section “4.2 Governance of processes operated by other parties,” while ISO 20000:2018 has the section “8.2.3 Control of parties involved in the service lifecycle.”

Positive changes in your organization

Finally, for people working with ISO standards, the new ISO 20000:2018 is easier to understand, and also is easier to integrate with other ISO standards. Furthermore, you can decide to work with the PDCA, or not, but anyway, you can have a reduced number of documents for the same thing: managing your services.

For sure, the new ISO 20000 is not a unique option for the management of services, but it can give you useful tools in the form of processes to improve the quality of your services, obtaining the best customer satisfaction.

To learn more about benefits of ISO 20000:2018 implementation for companies, see this free white paper: How can ISO 20000 help your business grow?

Advisera Antonio Jose Segovia
Antonio Jose Segovia
Antonio Jose Segovia is an IT Engineer, and he has many professional certifications in the IT sector. He is also ISO 27001 IRCA and Lead Auditor qualified by BUREAU VERITAS in ISO 27001, ISO 20000, ISO 22301, ISO 27018, GDPR, and TISAX, as well as being an expert in information security, an ethical hacker, and a university professor in an online Master of Information Security program. With more than 10 years of experience in the IT sector, he has visited companies of all kinds in Spain, Portugal, Italy, France, United Kingdom, USA, Chile, Peru, and Costa Rica.