CALL US 1-888-553-2256
CountryCountry

ITIL & ISO 20000 Blog

Hugh Shepherd

Overview of ISO 20000:2018 structure and requirements

The ISO 20000:2018 standard provides organizations with a set of requirements for establishing, implementing, maintaining and continually improving a service management system (SMS).

Organizations can utilize the guidance in this standard as a framework on how to effectively manage a SMS. In September 2018, ISO 20000-1:2018 (Service Management System Requirements) and ISO 20000-10:2018 (Concepts and Vocabulary) were updated to address the evolving needs and challenges in the delivery of IT service management. In this article, learn more about the updated ISO 20000 requirements and structure.

To learn more details about the ISO 20000:2018 revision, see the Infographic: ISO 20000:2011 vs. ISO 20000:2018 revision – What has changed.

New ISO 20000 structure

blogpost-banner-20000-consultants-en

The updated version of ISO 20000-1:2018 has been restructured into the High-level Structure (HLS) to better align / integrate with other ISO management system standards, such as the Information Security Management System (ISMS) contained in ISO 27001. For more information about an ISO 27001 ISMS, read this article: What is an Information Security Management System (ISMS) according to ISO 27001?

HLS details the requirements of service management processes. The operational processes are grouped into seven subsections that cover the entire lifecycle of the service creation, delivery, and support, as well as interactions with customers and suppliers – both internal and external.

However, ISO 20000-1:2018 does not include requirements for the structure of the SMS or for the terms used for its components. The figure below shows the core components of the HLS, which includes the SMS and the clauses contained in ISO 20000-1:2018. This illustration of the HLS should not be considered as a set-in-stone structural hierarchy, authority levels, or naming convention. Rather, the HLS should be considered as a framework that can be adjusted to suit the operational needs of the organization. For example, there may be overlap of SMS support and operation processes within your organization, so it may make sense to combine these two areas. Nevertheless, regardless of how the HLS is organized, none of the requirements of the standard can be ignored, because all clauses are mandatory for compliance.

ISO 20000:2018 requirements and structure

Furthermore, none of the clauses from ISO 20000:2011 have been deleted from the 2018 version. Clauses have only been modified and renamed in ISO 20000:2018 where deemed necessary. The following sections contain details on the updated clauses.

Clause 4: Context of the organization

The context of the organization clause of ISO 20000:2018 states the requirements necessary to establish, implement, maintain, and continually improve a service management system (SMS). Defining the scope and objectives of the SMS is highly emphasized in clause 4. Additionally, the clause stresses the importance of gaining an understanding of both internal and external factors and the role of interested parties (i.e., stakeholders), in addition to their requirements that may potentially impact an organization and its ability to achieve its objectives. In order to implement an effective SMS, clearly understanding these key points is crucial to success.

Clause 5: Leadership

Successful implementation of ISO 20000:2018 requires active engagement and commitment by an organization’s leadership. Proper commitment by the top management includes ensuring that the necessary policies, processes, people, tools, and technologies are in place to deliver quality services to the business. This clause includes specific requirements for top management to establish and communicate service management policy. Additionally, top management is also required to ensure that organizational roles, responsibilities, and authorities related to the SMS are communicated throughout the organization to support efficient delivery of services.

Clause 6: Planning

Planning for a SMS plays a critical role for an organization. Effective planning supports both risk management and the ability to seize opportunities. Planning clearly defines the actions required to achieve the organization’s service management objectives. When conducting planning for a SMS, service management-related objectives should be established at all relevant levels of the organization.

Clause 7: Support of the service management system

Clause 7 requirements emphasize the importance of the roles that multiple organizational areas play in supporting the effectiveness of the service management system. Requirements take a holistic approach that covers critical areas such as availability of resources, employee competence, situational awareness, internal / external communications, documented information, and knowledge management for proper support of the SMS.

Clause 8: Operation of the service management system

The goal of the requirements in clause 8 is to ensure that the activities necessary for the operation of the SMS are conducted in an effective and efficient manner. Operations requirements in this clause cover all stages of the operational service lifecycle, such as planning and control, service design, and service assurance, among other areas. It should also be noted that this clause is “closest” to the processes required in the 2011 revision of the standard.

Clause 9: Performance evaluation

Clause 9 requires an organization to assess the performance of the SMS through monitoring, measurement, analysis, and evaluation of the system. It is suggested managerial good practice to have both external and internal audits done on your organization’s SMS. But there are specific requirements in this clause for establishing an audit program and conducting internal audits at regular intervals. Furthermore, the quantitative and qualitative data obtained from audits should be reported and reviewed by management in order to support informed decision making on the SMS.

Clause 10: Improvement

Included in clause 10 are requirements regarding nonconformity, corrective action, and continual improvement. The requirements in this clause specify the corrective actions to take when nonconformities are encountered by the organization. These actions support the continual improvement philosophy of effective service management.

Revision alleviated the implementation and compliance process

Even though transitioning your organization to ISO 20000:2018 may initially seem like a daunting task, the revisions made to the standard should make this less challenging. Several changes, such as allowing organizations more freedom on how to meet requirements and reducing the number of mandatory documents, make the standard less restrictive. Overall, these changes should reduce the level of effort required for implementation and compliance. Furthermore, the standard is better suited for the modern world, by taking into account growing trends impacting service management, such as commoditization of services (e.g., cloud services), the need to manage multiple suppliers / vendors for service integration, and increasing customer demands for service providers to add value. Challenging or not, it is well worth the effort to implement the standard, so that your organization can be better positioned to deliver services in today’s digital economy.

To learn which benefits the revised ISO 20000 brings, download this free white paper: How can ISO 20000 help your business grow?


About the author:

Hugh Shepherd is a freelance consultant currently living in Kathmandu, Nepal. He has over 20 years of professional experience spanning the military, telecommunications, information technology, cable television, and management consulting industries. He holds a master’s degree in Technology Management and an MBA. Over the course of his career, he has earned certifications and/or gained expertise in IT service management (ITIL, ISO 20000), telecom business processes (TM Forum), enterprise architecture (TOGAF), and cybersecurity (CISSP, Security+, ISO 27001). Previously, Hugh has worked on various ICT projects in Washington, DC; New York City; Chicago, IL; Dallas, TX; and numerous other cities across the United States. While in Nepal, he has done pro bono advisory work in cybersecurity and business strategy for several small local businesses.

If you enjoyed this article, subscribe for updates

Improve your knowledge with our free resources on ISO 20000 and ITIL standards.

You may unsubscribe at any time.

For more information on what personal data we collect, why we need it, what we do with it, how long we keep it, and what are your rights, see this Privacy Notice.

Leave a Reply

Your email address will not be published. Required fields are marked *

OUR CLIENTS

OUR PARTNERS

  • Advisera is Exemplar Global Certified TPECS Provider for the IS, QM, EM, TL and AU Competency Units.
  • ITIL® is a registered trade mark of AXELOS Limited. Used under licence of AXELOS Limited. All rights reserved.
  • DNV GL Business Assurance is one of the leading providers of accredited management systems certification.