What is ISO 20000?

Learn why ISO 20000 can benefit your organization

What is ISO 20000? - 20000Academy
What is ISO 20000? - 20000Academy

Are you looking for a simple answer to the question: “What is ISO 20000?”

Well, you’re not alone. Here is an overview guide so you can learn why ISO 20000 creates benefits across your organization. You’ll also discover what the ISO 20000 requirements are, and the practical steps you need to take to get certified.

Your simple introduction to the basics of ISO 20000

ISO 20000 is the international standard for IT Service Management (ITSM), published by ISO (the International Organization for Standardization), and ICE (the International Electoral Commission). To become an international standard, ISO 20000 had to be agreed upon by a majority of member countries, which means it is accepted by a majority of countries worldwide.

The standard describes a set of management processes designed to help you deliver more effective IT services (both to those within your business and to your customers). ISO 20000 gives you the methodology and the framework to help you manage your ITSM, while allowing you to prove that your company follows best practices; in turn, these best practices will help to improve your delievery of IT services. And ISO 20000 is applicable to any company size and any industry.

So, how is ISO 20000 different from ITIL?

The basic difference between ISO 20000 and ITIL is that ISO 20000 gives you the methodology and framework (providing you with the pieces with which to construct the ITSM jigsaw puzzle), while ITIL gives you the details (the practices) on how to manage each and every IT process in your organization (i.e., how to put the jigsaw puzzle together).

A good way to think of it is that ISO 20000 says what you need to do, while ITIL tells you how to do it.

ISO 20000 does not work in complete isolation. It can be implemented independently from ITIL, but they do go very well together.

As opposed to a standard, ITIL is a practical framework of best practices that focuses on aligning your IT services with the wider needs of your business. As a company, you can’t become ITIL certified; you can only comply with the best practice guidelines.

ISO 20000 is based on the fundamental principles of ITIL, and is a standard that your company can certify against.

Individuals seeking excellence in ITSM and internationally recognized certification can become certified against ITIL and ISO 20000 (e.g., the foundation course discussed further below).

ISO 20000 certification for organizations is essentially the evidence that best practices have been implemented. ITIL is not required to gain certification in ISO 20000, but it is easier to achieve if you’re following an ITIL approach to IT Service Management. To learn more, read our white paper: ITIL vs ISO 20000.

Getting to the heart of why ISO 20000 is important

To understand the importance of ISO 20000, it’s vital to understand the relationship between IT and the overall success of your organization. You rely on IT to help you achieve your organizational goals. It affects how you operate and how you communicate – it’s a fundamental element of how you do business.

You use IT to overcome your competitors, to reach larger audiences, and to become more productive and more efficient. In myriad ways, IT is vital to improving revenues, reducing costs, and enhancing your reputation.

So, it’s crucial that you get the most from your IT investments – meaning IT services must be well planned, designed, managed, and delivered. Without high-quality IT Service Management, IT projects routinely fail or go over budget. Ongoing costs become hard to manage, and you often see businesses fail before achieving any return on their investment.

So, put simply, high-quality IT Service Management standards are fundamental to your success. And following the ISO 20000 standard is a way to ensure that quality.

What does ISO 20000 actually look like?

While consisting of eight parts, there are two that are most used for ISO 20000:

ISO 20000-1:2018 is the formal specification for IT Service Management. It clearly defines all the requirements you need to deliver managed IT services of an acceptable quality for your customers. It includes service management system (SMS) requirements in following areas:

  • Context of the organization
  • Leadership
  • Planning
  • Support of the service management system
  • Operation of the service management system
  • Performance evaluation
  • Improvement

The second part: ISO 20000-2:2019 is the code of practice for IT Service Management; it is the guidance for the application of service management systems. In other words, it helps you interpret the requirements of the standard. It defines the best practice management processes, and it is very useful if you’re preparing to be audited against ISO 20000 or planning service improvements.

It’s important to note that your company can get certified against ISO 20000-1:2018, but not against ISO 20000-2:2019 (this is a code of practice only).

So, what are the benefits of ISO 20000?

Why is ISO 20000 a good idea for your organization?

The benefits of ISO 20000 cannot be overstated; companies large and small have used this standard to great effect, discovering and securing tremendous cost and efficiency savings. Here are just a few of these benefits:

Improve your image and credibility  ISO 20000 is the only internationally recognized standard for IT Service Management. Its international adoption has been rapid in recent years, as organizations see it as a key differentiator in the marketplace. And, as a popular and proven standard, you can be sure of the efficacy and scalability of the processes.

Become more productive – Gain a competitive advantage through increased efficiency and effectiveness due to more reliable IT services. With everybody clear about who does what and when, you’ll reduce both the number of incidents and your ability to handle them.

Increased customer satisfaction – Whether it’s your internal or external customers, you’re able to deliver improved IT services that better meet their needs – while at the same time better protecting the company and its assets, shareholders, and directors.

Benchmark and improve – You can compare your organization’s processes and activities against the international standard for ITSM (you can then easily indentify and implement any necessary improvements). And, because an independent certification body audits your company, you (and anyone interacting with your organization) can be sure you’re meeting the required level of service.

Fully integrated processes  ISO 20000 helps you align IT services with the wider business strategy. You can ensure your company is focused on the IT Service Management solutions best suited to serving your customers and the needs of the business.

Reduce the cost of IT – Better understand and manage the cost of IT. Plan future financial costs with greater accuracy and clarity. With simpler processes and clear responsibilities, you can operate a leaner, more efficient service.

Create a culture of continual improvement – The business environment does not sit still, particularly in our age of digital and technological innovation. Ensuring your organization is always improving its processes in reaction to customer feedback is not just a nice-to-have – it’s essential for a company’s longevity. And this also extends to improvements identified internally, changing technology, and developing business norms.

Become more agile and change quickly  ISO 20000 creates a solid framework of best practice that helps support innovation. Change in your organization can be handled more adeptly and with greater speed, meaning you reduce internal and external risk levels and are more likely to meet your organizational objectives.

Gain a competitive advantage – Through more effective and efficient delivery of IT services, you can give your organization tangible advantages over your competitors. For example, you can reduce IT issues and respond to them faster, freeing up more of your time for strategic IT development in your organization.

What are the practical steps to becoming ISO 20000 certified?

If your organization wants to become certified, you need to be formally assessed by an accredited certification body. You will need to demonstrate the quality of your company’s IT processes against the ISO 20000-1 standard. Individuals, on the other hand, can become certified by passing exams (see below for further details).

There are certain mandatory documents that, as a company, you will have to complete in order to gain the standard. Click here for a downloadable list of those documents.

But, merely creating ITSM process documentation is not enough (and will not solve your problems). To ensure certification, you have to integrate all the activities described in your documentation into your day-to-day business.

And, most importantly, you have to gain value. There is little point in creating the documentation and making all these changes if, in the end, your company has not realized the real-world value possible from ISO 20000. Otherwise, people within your organization will rightly question why you’re bothering.

Mandatory steps for finishing implementation and getting certified

After finishing all your documentation and implementing it, your organization also needs to perform these steps to ensure a successful completion of your project:

Internal audit – The purpose of an internal audit is to check your ITSM processes. The goal is to find problems and weaknesses that would otherwise stay hidden.    

Management review – A formal way for your management to take into account all the relevant facts about IT Service Management and make appropriate decisions.

Corrective actions  Following the internal audit and management review, you need to correct any identified problems and document how they were resolved.

The company certification process is divided into two stages:

Stage One (documentation review) – The certification auditor will check whether your documentation is compliant with ISO 20000.

Stage Two (main audit) – Here, the auditor will check whether all your actual activities are compliant with both ISO 20000 and your own documentation.

How do you get ISO 20000 if you’re an individual?

As an individual, you can get certified in ISO 20000 if you pass, for example, the ISO 20000 Lead Auditor Course or the ISO 20000 Lead Implementer Course. Many employers are keen to support this training, as qualified ISO 20000 practitioners are a great way to help an organization implement ISO 20000 (as well as being a valuable transferrable skill to include on a resume).

There is a range of course options for individuals to choose from:

ISO 20000 Foundation Certificate – If you’re less familiar with ISO 20000, this is the course for you. You will gain an understanding of the content and requirements of the standard. And, you will be better able to assess the relevance of ISO 20000 to the specific IT Service Management activities within your organization.

ISO 20000 Lead Auditor Course – This is a very useful course for professionals implementing ISO 20000, because it gives you an excellent overview of the standard and provides in-depth explanations of what the certification auditors will ask for at the certification audit. Therefore, it is useful for auditors and implementers. It lasts for five days and finishes with a written exam.

ISO 20000 Lead Implementer Course – This course is similar to the Lead Auditor Course, except it focuses on implementation techniques rather than auditing ones. So, if certification is not your concern, this course may be more suitable.

ISO 20000 Internal Auditor Course – This course is a “light” version of the Lead Auditor Course, lasting about two or three days. With this condensed course, you would be unable to pursue a career as an auditor in a certification body. But, if you want a systematic introduction to ISO 20000, or if you plan to be the internal auditor in your company, this course is perfect for you.

There are a number of accredited training organizations around the world where you can gain individual qualifications in ISO 20000.

To learn more about ISO 20000 implementation, please visit our learning center. You’ll find a host of helpful resources, including free ISO 20000 downloads.

Advisera Branimir Valentic
Branimir Valentic
Branimir is an expert in IT service management (consultancy, training and tools), IT governance (training and consulting), project management and consultancy in IT and telecommunication. He holds the following certificates: ITIL Expert, ISO 20000, ISMS Lead Auditor and PRINCE2.