ITIL & ISO 20000 Blog

Hugh Shepherd

12 steps in the transition from ISO 20000 2011 to 2018 revision

Now that ISO 20000:2018 has been released, the next logical step is how to make the transition from the previous version.

The new version of ISO 20000:2018 adopts the HLS (High Level Structure). This structure is now common to all new ISO standards, thus enabling better interaction between other integrated management systems. Nevertheless, the changes to the new version of the standard are easier to interpret and less rigid than the 2011 version, so this is a good thing for organizations making the transition. Furthermore, with guidance that is simpler to understand, new implementations should be easier as well.

For more about what is new in the latest revision, see the Infographic: ISO 20000:2011 vs. ISO 20000:2018 revision – What has changed.

Timing

blogpost-banner-itil-en

As previously mentioned, with the release of ISO 20000:2018 organizations will need to start planning a transition of their certification to the current version of the standard. Per the guidance provided by the British Standards Institution (BSI), organizations currently ISO 20000:2011 certified will have three years to transition to ISO 20000:2018. All ISO/IEC 20000-1:2011 certifications will no longer be valid after September 29, 2021.

Transition steps

Listed below are my suggested implementation steps for a successful transition to ISO 20000:2018.

1) Establish a transition project team. Emphasis on planning continues to be a part of the updated version of ISO 20000. Even though the creation of a project is not mandatory, it’s highly recommended. If utilized, an implementation project plan can play a critical part to the success of the transition. Remember, while planning your transition to ISO 20000:2018, ensure that you’re aligned to updated requirements related to leadership, risk, and context of the organization.

2) Review the scope of the SMS. In this phase, ensure the scope of the SMS is clearly defined and activities associated to the SMS operations are documented and available. For this step, the scope review should verify that the requirements, services delivered, and external/internal issues impacting the SMS are still relevant to current operations of the organization.

3) Reconfirm support of leadership. The updated standard emphasizes the importance of leadership involvement for the success of an organization’s service management system (SMS). Even though the SMS will already be implemented, reconfirming leadership commitment to the SMS and ensuring their engagement during transition can play a crucial role in the success of this initiative.

4) Define context and interested parties. Included in the context of the organization (clause 4), are requirements to list all stakeholders (the persons and companies that can influence your SMS or can be influenced by it), and their requirements (clause 4.2). This process should also help you identify the factors that can have a positive or negative impact on their SMS requirements i.e. context of the organization (clause 4.1). Stakeholders and context should be identified, reassessed and understood before proceeding with your transition. If you already listed all the statutory, regulatory and contractual requirements according to old Clause 4, then you have partially completed this task.

5) Conduct a gap assessment. Again, this is not mandatory, however it is highly recommended. The transition to 2018 is a perfect opportunity for the organization to identify strengths and weaknesses with their current SMS. This capabilities analysis provides insight on the maturity level of existing processes and helps in targeting areas that need more attention during the transition.

6) Assess risks and opportunities. A new requirement regarding actions to address risks and opportunities related to the SMS (Clause 6.1) is now included in 2018. After conducting your risks and opportunities assessment, plans should be developed to address your findings.

7) Plan the communication in a systematic way. Update the process you will use to communicate with both internal and external stakeholders. Also, determine the frequency of communications to ensure stakeholders are up to date on transition progress.

8) Ensure alignment of SMS objectives with the company’s strategy. New top management requirements for ISO 20000:2018 emphasize the alignment of service management policy and objectives with the strategic direction of the organization.

9) Planning to achieve objectives. Once alignment of SMS objectives with the company’s strategy has been verified, and new opportunities identified, planning to achieve these objectives should be done (clause 6.2.2). When developing a plan of action to meet your objectives, you should determine the required tasks, resources, responsibilities/owners, timeline, and an evaluation plan for measuring results.

10) Review and update procedures and processes. Documentation requirements in 2018 have been reduced. Terms like “document control” and “records management” have been replaced with “documented information.” Transitioning to the new version of the standard is an opportunity to determine which procedures and processes are in need of an update and/or are still identified as a requirement for compliance with ISO 20000:2018.

11) Conduct training and awareness programs. In the 2018 version, there are updates related to resources, competence and awareness. To properly support the SMS, trained and competent employees, appropriate infrastructure, and documented knowledge assets related to the SMS should be available.

12) Measurement and reporting. Monitoring and measurement requirements should already be addressed by your company. Nevertheless, this is a critical area to the success of an organization’s SMS. To stay compliant with this requirement, organizations should verify what is currently being monitored and measured on the performance of their SMS, and that services are still aligned to their service management objectives. Transition to 2018 is the perfect opportunity to adjust accordingly, where needed. Additionally, during transition, organizations should determine which reporting requirements are still valid for compliance to 2018 revision.

12 steps in the transition from ISO 20000 2011 to 2018 revision

For more about the requirements in new version, see the article ISO 20000:2018 Requirements and Structure.

The right way to prove continuous quality improvement

These are my suggested transition steps. With three years to make the transition to 2018, I think these steps are very achievable.  Furthermore, I recommend performing these steps (or similar steps) at planned intervals as determined necessary by leadership, in order to promote and prove effective service delivery and continuous quality improvement.

Learn how the revised ISO 20000 can benefit your company in this free white paper: How can ISO 20000 help your business grow?


About the author:

Hugh Shepherd is a freelance consultant currently living in Kathmandu, Nepal. He has over 20 years of professional experience spanning the military, telecommunications, information technology, cable television, and management consulting industries. He holds a master’s degree in Technology Management and an MBA. Over the course of his career, he has earned certifications and/or gained expertise in IT service management (ITIL, ISO 20000), telecom business processes (TM Forum), enterprise architecture (TOGAF), and cybersecurity (CISSP, Security+, ISO 27001). Previously, Hugh has worked on various ICT projects in Washington, DC; New York City; Chicago, IL; Dallas, TX; and numerous other cities across the United States. While in Nepal, he has done pro bono advisory work in cybersecurity and business strategy for several small local businesses.

If you enjoyed this article, subscribe for updates

Improve your knowledge with our free resources on ISO 20000 and ITIL standards.

You may unsubscribe at any time.

For more information on what personal data we collect, why we need it, what we do with it, how long we keep it, and what are your rights, see this Privacy Notice.

OUR CLIENTS

OUR PARTNERS

  • Advisera is Exemplar Global Certified TPECS Provider for the IS, QM, EM, TL and AU Competency Units.
  • ITIL® is a registered trade mark of AXELOS Limited. Used under licence of AXELOS Limited. All rights reserved.
  • DNV GL Business Assurance is one of the leading providers of accredited management systems certification.