ISO 20000 is the only internationally accepted standard for ITSM, and it has seen significant adoption since it was first introduced in 2005. In fact, a 2020 survey shows more than a 40% increase in certifications globally.
The fact that it has a remarkable ability to work with other ITSM frameworks is one of the main reasons for its widespread adoption. So, here we’ll explore its capabilities, benefits, as well as the extent of the ISO 20000 certification.
Read on to learn more about the ISO 20000 standard.
What is ISO 20000?
ISO 20000 is a global standard for information technology service management. ISO (International Organization for Standardization) and IEC (International Electrotechnical Commission) developed the standard and released it in 2005. Later revisions came in 2011 and 2018.
The standard has different sections, with ISO 20000-1 describing the requirements for establishing and running a service management system. The rest of the areas are concerned with best practices for IT service management.
While ISO/IEC owns the standard and is responsible for updating it, it does not offer certifications to organizations. Organizations wishing to get certified must work with certifying organizations for this.
What does ISO 20000 actually look like?
The ISO 20000 implementation defines how different IT services are planned, designed, managed, and delivered to the clients. It ensures that the IT processes are aligned with internationally recognized best practices as well as the business goals of the organization.
ISO 20000 defines how IT services are delivered for the client and the service provider. It describes established processes for designing services and the information the service provider has to manage.
Similarly, the standard has well-defined requirements for every aspect of ITSM, from service level reporting, configuration management, and change management to incident management and problem management.
This means that IT service delivery will be consistent throughout the lifecycle. The standard also ensures that the organization utilizes its resources effectively, that employees can be their most productive selves, and that there is a clear organizational and decision-making structure.
ISO 20000 vs. ITIL
But while ITIL is a best practice framework, ISO 20000 is a standard for ITSM. The former is mainly for organizations to deliver high-quality services to their clients and reach their business goals, while ISO 20000 is more of an assurance to the clients about the organization’s business process.
So, ITIL is a framework that organizations may adopt for organizing their ITSM while getting an ISO certification for the benefit of clients (even though adopting the standards does confer benefits to the service provider as well).
Another difference is that ITIL is a set of guidelines for organizations to deliver value to their clients. ITIL does not dictate that the organization must follow every aspect of the framework; practitioners can choose the relevant parts of their organization and ignore the rest. But with ISO 20000, organizations must conform to all the requirements to remain certified.
And of course, organizations can get certified with ISO 20000 but not for ITIL. Individuals can get certified as ITIL practitioners, but since organizations have no certification, there’s no way to verify an organization’s claims if they say they’re ITIL compliant.
There are a lot of overlaps between ISO 20000 and ITIL processes. For instance, you can map many of the ISO 20000 sections to ITIL processes. And if you’re following ITIL, you will have an easier time for ISO 20000 certification since ITIL is compatible with ISO 20000 accreditation.
The benefits of ISO 20000
The main benefit of ISO 20000 is that it instills confidence in your business processes. While there are many ITSM frameworks like COBIT or ITIL, ISO 20000 is the only globally accepted standard for IT service management. Many organizations have made ISO 20000 certification mandatory.
Implementing this standard opens your organization to a new pool of potential clients.
Standardizing your business processes through ISO also means that your organization will have better workflows, and your employees can become more productive. Everyone knows their roles and responsibilities and can easily find all the information and tools they need to perform them.
The ISO standard also makes your organization up-to-date with the latest best practices and approaches suitable for the changing IT environment and client requirements.
All these benefits come with a cost since the newest iteration of the ISO standards is undergoing continuous changes and improvements. Combine this with the fact that organizations must undergo audits and renew their certification every three years. Your organization has enough motivation to constantly improve and adapt to new practices and stay ahead of the industry.
How to get ISO 20000 certified
The initial ISO certification process can happen in as little as a month or up to 6 or 8 months. The process is pretty straightforward and helps if you have an ISO expert in your organization. If not, you may need the assistance of an ISO consultant.
- As with any ITSM initiative, the first step to getting an ISO 20000 certification is to get buy-in from the executive team. You’ll also have to raise awareness among the employees about what the certification means, what’s expected of them, and how it will benefit them.
- Once you have decided to go ahead, you’ll have to conduct an assessment. You’ll have to evaluate and identify how much of your processes are compliant with the ISO standards and conduct a gap analysis.
- As the next step, you need to plan how you’ll be making changes to close this gap. It may be a good idea to get a team of champions from different departments for this and carry it out as a project.
- The next step is to get an external auditor to conduct the evaluation. If they find all of your processes to be according to ISO standards, you’ll be ISO certified. You’ll have annual audits to remain certified for three years, and after that, you’ll have to get recertified.
ISO 20000 is the internationally accepted standard for ITSM. In practice, it looks like a set of requirements for planning, designing, managing, and delivering IT services.
And even though there’s a lot of overlap between ITIL and this framework, their main difference is that this one is not a set of guidelines but a standard, which means that you’ll need to adhere to all the requirements to be certified.
But the upside is that the certification grants your organization credibility. At the same time, it opens the door to a pool of potential clients who require an ISO 20000 certification from their vendors.
At last, if you are interested in getting an ISO 20000 certification, don’t forget the following:
- First, you must have your organization on board with it, so make sure they understand its relevance.
- Then, you’ll have to conduct a gap analysis and work towards closing this gap of non-conformity between the ISO requirements and your existing processes.
- And finally, if the auditor grants you the certification, you’ll need annual audits and be recertified every three years.
Frequently Asked Questions
What is covered by ISO 20000?
ISO 20000 covers all aspects of IT service management, from planning and designing to delivering and monitoring IT services. ISO 20000 presents a continuous improvement model and enables organizations to align their IT activities with the business's goals.
How long does it take to get ISO 20000 certified?
Most of the time is spent preparing the organization and making it compliant with the ISO 20000 requirements rather than in the audit itself. Depending on the organization's size, it can take anywhere from a month to a year. But then again, many factors come in, varying a lot from organization to organization.
What purpose can the ISO IEC 20000 standard serve?
The ISO/IEC 2000 creates a global standard for IT service delivery. The standard assures potential clients about the quality of services delivered by the organization and, at the same time, helps the organization optimize its IT processes.