ISO/IEC 20000-1 IT Service Management System. Part 1 – Service Management System Requirements

Create a benchmark for delivering managed services in an increasingly competitive and complex digital landscape.

What is ISO/IEC 20000-1 and who is it for?

ISO/IEC 20000 is the international management system standard for IT service management. ISO/IEC 20000-1 is intended for IT and business service organisations of all sizes and industries who provide IT or technology-reliant services to their customers. Part 1 of the standard (ISO/IEC 20000-1) provides best practise on applying a service management system (SMS). Originally developed to reflect ITIL (Information Technology Infrastructure Library) best practise, the standard is being adopted increasingly by organisations whose services and operations rely on technology.

The ISO/IEC 20000-1 standard provides a framework for organisations to implement a service management system (SMS) that brings clarity to their operations and makes navigating these complexities easier, all while creating competitive advantage.

The standard is jointly published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It was first published in 2005 (and based on BS 15000, the first major standard for IT service management).

What are the benefits of ISO/IEC 20000-1 certification?

The holistic approach required by the ISO/IEC 20000-1 standard gives organisations greater visibility and control of their operations. This can aid in the identification and management of risk and in driving the continual improvement required to deliver world-class IT Service Management (ITSM) processes.

Among the benefits organisations who are certified to ISO/IEC 20000-1 can expect are:

Improved efficiency and streamlining of operations
Delivery of consistently high levels of customer service
Increased customer and stakeholder trust
Greater governance and accountability
Increased resilience and ability to adapt to and comply with the regulatory requirements of different markets.

ISO/IEC 20000-1 can bring a competitive advantage for any organisation that depends heavily on IT systems to manage its operations and customer data. It is especially beneficial for those operating in the spheres of finance, healthcare, telecoms and transport.

What are the requirements of ISO/IEC 20000-1?

The latest version of ISO/IEC 20000-1 was published in 2018 (known as ISO/IEC 20000-1:2018). It is formed of 10 high-level sections, known as clauses. These clauses, which are common to other management system standards, provide the framework for creating a robust SMS.

Organisations must demonstrate they have met the requirements of each clause before they can be awarded certification. It is up to the organisation to decide the most appropriate method to do this –the standard is not prescriptive in this regard.

Among the requirements to be met are an understanding of the context of the organisation, including understanding the needs of internal and external stakeholders; planning - to achieve objectives and actions, and to ensure alignment of policy and objectives with the strategic direction of the organisation; and actions to address risks and opportunities.

To ensure certification success, and the continual improvement of service management required by ISO/IEC 20000-1, the ongoing support of leadership at the highest level is required.

What are the steps to obtaining ISO/IEC 20000-1 certification?

When you’ve decided that ISO/IEC 20000-1 certification is right for your organisation, the first step is to buy a copy of the standard direct from ISO or from an independent certification organisation such as NSF. There are then five steps to follow:

1
Read and understand the standard
This can help to solidify your knowledge and determine how you will implement it within your organisation. A copy can be purchased from ISO.
2
Take action
This is the stage when you put the framework in place. Before you begin, we recommend performing a gap assessment to help ascertain the state of readiness in your organisation.
3
Choose a certification body
Once you’re confident that you meet all the requirements of ISO/IEC 20000-1, you’ll need to select an accredited, independent third-party Certification Body such as NSF to audit your organisation against the standard. How long the audit takes will depend on various factors, including the number of employees and the complexity of your organisation. Those responsible for the ISO/IEC 20000-1 management system in your organisation must be available when the audit takes place.
4
Receive audit recommendation
Once the audit is completed, the auditor will make a recommendation for certification. Any minor nonconformities identified will need to be addressed within a specified time period and evidence of the work done to rectify them submitted to the certification body. Should any major nonconformities be identified, it is likely that another audit will be required.
5
Certification is granted
Once all requirements are confirmed to have been met, certification can be granted. Earning ISO/IEC 20000-1 certification is a significant step and it’s important to ensure that you maximise the opportunities available to inform stakeholders of the achievement, whether that’s through internal communication channels, PR activity, on social media, on your website or via any other channel through which you communicate with stakeholders.

ISO/IEC 2000-1 certification is intended to promote continual improvement and follows a three-year certification cycle. In years one and two of the cycle, there will be the initial certification followed by surveillance audits to ensure continued compliance with the requirements of the standard. In the third and final year of the cycle, a recertification audit will be conducted. If successful, certification will be granted for another three years.

Why choose NSF for ISO/IEC 20000-1 certification?

As an ANSI National Accreditation Board (ANAB) accredited third-party certification body, NSF issues thousands of certificates. Our lead auditors have many years of direct experience in management systems and can apply relevant industry knowledge. Their expertise can help you deliver the quality service your stakeholders expect.

We work hard to provide outstanding customer service and take pride in the high scores we receive in our client satisfaction survey.

Transfer your certification

Whether you are looking for a new Certification Body or wanting to consolidate multiple management systems, NSF is here for you.

What is an Integrated Management System?

ISO/IEC 20000-1 follows the same structure as for other management system standards, such as ISO/IEC 27001 or ISO 9001. This structure is known as Annex SL. The benefit of this consistent structure is that management systems can be more closely aligned and integrated. This can help deliver efficiencies in an organisation when integrating two or more management system standards. NSF is well placed to support organisations to do this. Contact us for more information about the benefits of an integrated management system.