ISO 20000:2011-IT Services Management
ISO/IEC 20000 is the first international standard for IT service management. It was developed in 2005, by ISO/IEC JTC1/SC7 and revised in 2011. It is based on and intended to supersede the earlier BS 15000 that was developed by BSI Group.
ISO/IEC 20000, like its BS 15000 predecessor, was originally developed to reflect best practice guidance contained within the ITIL (Information Technology Infrastructure Library) framework (reference needed), although it equally supports other IT service management frameworks and approaches including Microsoft Operations Framework and components of ISACA's COBIT framework. The differentiation between ISO/IEC 20000 and BS 15000 has been addressed by Jenny Dugmore.
The standard was first published in December 2005. In June 2011, the ISO/IEC 20000-1:2005 was updated to ISO/IEC 20000-1:2011. In February 2012, ISO/IEC 20000-2:2005 was updated to ISO/IEC 20000-2:2012.
ISO 20000-1 is currently undergoing revision by ISO, specifically ISO/IEC JTC 1/SC 40 IT Service Management and IT Governance. The proposed revision is currently in the DIS stage (40.60) as of the end of December 2017, when voting on the proposed revision was closed. Ratification of the new standard, which will be realigned to the new ISO Directive 1, Annex SL management system structure, is expect to be formally released in the summer of 2018. At that point certified entities will enter a three year transition period to update to the new version of ISO 20000-1.
20000-1: Service management system requirements
Formally: ISO/IEC 20000-1:2011 ('part 1') includes "the design, transition, delivery and improvement of services that fulfill service requirements and provide value for both the customer and the service provider. This part of ISO/IEC 20000 requires an integrated process approach when the service provider plans, establishes, implements, operates, monitors, reviews, maintains and improves a service management system (SMS).". The 2011 version (ISO/IEC 20000-1:2011) comprises nine sections:
- Normative references
- Terms and definitions
- Service management system general requirements
- Design and transition of new or changed services
- Service delivery processes
- Relationship processes
- Resolution processes
- Control processes
20000-2: Guidance on the application of service management systems
ISO/IEC 20000-2:2012 provides guidance on the application of service management systems (SMS) based on the requirements in ISO/IEC 20000-1:2011.
20000-3: Service providers
ISO/IEC TR 20000-3:2012 provides guidance on scope definition, applicability and demonstration of conformance for service providers aiming to meet the requirements of ISO/IEC 20000-1, or for service providers who are planning service improvements and intending to use ISO/IEC 20000 as a business goal. It supplements the advice in ISO/IEC 20000-2, which provides generic guidelines for implementing an SMS in accordance with ISO/IEC 20000-1.
20000-4: Process assessment model
ISO/IEC TR 20000-4:2010 is intended to facilitate the development of a process assessment model according to ISO/IEC 15504 process assessment principles. ISO/IEC 15504-1 describes the concepts and terminology used for process assessment. ISO/IEC 15504-2 describes the requirements for the conduct of an assessment and a measurement scale for assessing process capability.
20000-5: Exemplar implementation plan for ISO/IEC 20000-1
ISO/IEC TR 20000-5:2013 service providers on how to best achieve the requirements of ISO/IEC 20000-1.
[Withdrawn] 20000-9: Guidance on the application of ISO/IEC 20000-1 to cloud services
ISO/IEC TR 20000-9:2015 provides guidance on the use of ISO/IEC 20000 1:2011 for service providers delivering cloud services.
20000-10: Concepts and terminology
ISO/IEC TR 20000-10:2015 describes the core concepts of ISO/IEC 20000, identifying how the different parts support ISO/IEC 20000 1:2011 as well as the relationships between ISO/IEC 20000 and other International Standards and Technical Reports. This part of ISO/IEC 20000 also explains the terminology used in ISO/IEC 20000, so that organisations and individuals can interpret the concepts correctly.
20000-11: Guidance on the relationship between ISO/IEC 20000-1:2011 and service management frameworks: ITIL®
ISO/IEC TR 20000-11:2015 is a Technical Report that provides guidance on the relationship between ISO/IEC 20000-1:2011 and a commonly used service management framework, ITIL.
20000-12: Guidance on the relationship between ISO/IEC 20000-1:2011 and service management frameworks: CMMI-SVC
ISO/IEC TR 20000-12:2016:
Information technology -- Service management -- Part 12: Guidance on the relationship between ISO/IEC 20000-1:2011 and service management frameworks: CMMI-SVC
ISO/IEC TR 20000-12:2016 provides guidance on the relationship between ISO/IEC 20000 1:2011 and CMMI-SVC V1.3 (through Maturity Level 3). Service providers can refer to this guidance as a cross-reference between the two documents to help them to plan and implement an SMS. An organization employing the practices in the indicated CMMI-SVC process areas can conform to many of the associated ISO/IEC 20000 1 requirements.
The guidance in Clause 4 describes how CMMI-SVC can support the demonstration of conformity to ISO/IEC 20000 1:2011. A description of the purpose and content of both publications in 4.1 and 4.2 is followed by Clause 5, which relates process areas in CMMI-SVC to clauses in ISO/IEC 20000 1:2011. The tables in Annexes A and B relate terms, clauses, and paragraphs in ISO/IEC 20000 1:2011 to CMMI-SVC. Table B.1 is a simplified summary of the correlation seen in Table 3 for those readers who want an overview. The tables indicate those aspects of ISO/IEC 20000 1:2011 and CMMI-SVC that represent the greatest link between the two sets of documents, from the perspective of a service provider.
ISO/IEC TR 20000-12:2016 can be used by any organization or person who wishes to understand how CMMI-SVC can be used with ISO/IEC 20000 1:2011, including the following:
a) a service provider that intends to demonstrate conformity to the requirements of ISO/IEC 20000 1:2011 and is seeking guidance on the use of CMMI-SVC to establish and maintain the SMS and the services;
b) a service provider that has demonstrated conformity to the requirements of ISO/IEC 20000 1:2011 and is seeking guidance on ways to use CMMI-SVC to improve the SMS and the services;
c) a service provider that already uses CMMI-SVC and is seeking guidance on how CMMI-SVC can be used to support efforts to demonstrate conformity to the requirements specified in ISO/IEC 20000 1:2011;
d) an appraiser or assessor who wishes to understand the use of CMMI-SVC as support for the requirements specified in ISO/IEC 20000 1:2011.
ISO/IEC TR 20000-12:2016 can also be used with the other parts of the ISO/IEC 20000 series.
The certification process includes following major steps. For further details kindly see procedure for certification system in the download section.
Client submits the application form to KBS (Application for Certification).
- Review of Application by KBS
KBS reviews the application to check if the requisite services can be provided and
accordingly prepares the quotation/ estimate and the contract (Certification audit
- Audit planning
Once the contract is signed, KBS makes the audit programme and inform the client.
Initial certification includes two stages assessment. Recertification includes
only one stage. The assessment is carried out by the team at the sites against the
applicable criteria. The report is provided to client identifying the compliancelevel
- Verification of Non-conformities
Client submits the implemented or proposed action based on the classification
of non-conformity. KBS reviews the actions.
- Certification Decision
KBS takes certification decision based on the report submitted by the audit team.
If decision is in favour of grant of certification, a Certificate is Issued to the
- Surveillance assessment
Surveillance assessment are held as per the periodicity defined and agreed.
First surveillance within 12 months from the date of the stage 2 audit. Certificate
is maintained based on the outcome of the surveillance audit and compliance with
First Surveillance within 12 months from the date of certification decision date.
Before expiry of the certificate, recertification is planned and conducted.