An Overview of ISO 20000

ISO 20000 is an International Standard for ITSM (Information Technology Service Management), published by ISO (International Organisation for Standardisation) and the International Electrotechnical Commission (IEC). It was revised in 2011 and 2018. Originally based on the earlier BS 15000 developed by BSI Group, ISO/IEC 20000 reflects best practice guidance contained within the ITIL Framework. It also supports other IT Service Management frameworks and approaches, including the Microsoft Operations Framework and components of ISACA's COBIT framework. To become an International Standard, ISO 20000 was agreed upon by a majority of member nations, ensuring global acceptance.

ISO 20000 Certification helps IT departments align their ITSM framework processes with global best practices and business requirements. This certification enables organisations to benchmark how they measure service levels, deliver accurate services, and assess their performance on a globally recognised scale.

Importance of ISO 20000 Certification

• It helps organisations improve performance and generate revenue.
• It provides guidance on conducting a gap analysis and helps organisations plan for implementing improvements.
• It assists in defining continuous policies and objectives for ongoing service management.
• It advises on defining applicability and scope.
• ISO 20000 Certification explains the use of tools and technology to support the implementation and improvement of a service management system.
• This certification aids organisations in understanding, evaluating, creating, and applying a proper service management plan, including the objectives and policies for service management.

Sections of ISO 20000

ISO 20000 Certification consists of various sections. Management must be familiar with these sections to ensure their organisations achieve ISO 20000

Certification. The sections include:

Design & Generation of New and Altered Services

This section contains the following subsections:

• Developing and designing new or changed services
• General considerations for planning new or changed services
• Transitioning new or changed services

Resolution Management

This section covers:

• Problem management
• Incident and service request management
• 
  

General Requirements of the Service Management System (SMS)

• Improving & establishing the Service Management System
• Documentation
• Resource Management
• Scope
• Plan Service Management System
• Implement & operate Service Management System
• Reviewing the Service Management System
• Improving & maintaining the Service Management System
• Governing & processes operated by other parties

Control Processes

• Configuration management
• Deploying the management
• Change management

Service Delivery Processes

• Continuity of service
• Availability of testing
• Availability of management
• Service management
• Budgeting & accounting for IT management services
• Information security changes & incidents
• Service level reporting

Relationship Processes

• Supplier management
• Business relationship management

Benefits of ISO 20000 Certification

Following are some benefits of ISO 20000 Certification:

• Reduce IT Costs: Better manage and understand the cost of IT, and plan future financial costs with greater accuracy and clarity. With simpler processes and clear responsibilities, you can operate a leaner, more efficient service.

• Gain a Competitive Advantage: Through more efficient delivery of IT services, you can provide your company or organisation with tangible advantages over competitors. For example, you can reduce IT issues and respond to them quickly, freeing up more time for strategic IT (Information Technology) development in your organisation.

• Increased Customer Satisfaction: Whether for external or internal customers, you can deliver improved IT services that better meet their needs while simultaneously safeguarding the company’s assets, directors, and shareholders.

• Fully Integrated Processes: ISO 20000 helps align IT services with an extensive business strategy. You can ensure that your company is focused on IT Service Management solutions best suited to serving your customers and fulfilling business needs.

• Create a Culture of Continual Improvement: In the ever-evolving digital and technological landscape, it’s crucial for a company to continually improve its processes in response to customer feedback. This improvement culture extends to changes identified internally, evolving technology, and adjusting business norms, all of which are essential for a company's longevity.

Mandatory Records & Documents Required by ISO 20000:2018

Following are some essential documents you need to arrange to be compliant with ISO 20000:

• Scope of SMS
• Service Management Plan
• Service Continuity Plan
• Processes of the organisation’s Service Management System
• Service Requirements
• Contract with external suppliers
• Service components operated or provided by other parties
• Release acceptance criteria
• Procedure for managing and categorising a major incident
• Procedure for restoring working conditions after service disruption
• Capacity requirements
• Risk assessment and management for the Service Management System
• Service management objectives and policy
• Change management policy
• Service catalogue(s)
• Processes or parts of processes in the organisation's Service Management System operated by other parties
• Risk for service continuity, availability, and information security
• Procedure for continuing operations in the event of a major loss of service
• Design of new or altered services
• Service availability requirements and targets
• Users, customers, and other interested parties of the services provided
• Service level agreement(s)
• Information security policy

Following are some mandatory records:

• Results of service availability monitoring
• Request for change
• Configuration details
• Records of skills, experience, qualifications, and training
• Service requests
• Problems
• Known errors
• Information security incidents
• Internal audit programs
• Results of corrective actions
• Results of the management review
• Records of any disputes between the organisation and external suppliers
• Incidents
• Records of any service complaints
• Test results of service continuity plan(s)
• Results of internal audits
• Opportunities for improvement
• Monitoring and measurement results

Procedure to Get ISO 20000 Certification

Management of any organisation needs to follow specific steps to obtain ISO 20000 certification. Following are the steps:

1. Creating Awareness: All the benefits of ISO 20000 Certification need to be communicated to the employees. There should be a clear understanding of the approach toward achieving this Certification. For that, everyone needs to be given a basic understanding of service management best practices.

2. Determining the Scope of Certification: In this step, it is vital to decide which type of certification and service management practices are applicable.

3. Conducting an Initial Assessment: The gaps between the standard's requirements and the current situation need to be identified. A self-assessment is the best way to determine these gaps. A complete set of ISO 20000-compliant processes can be used as a benchmark for the assessment. A list of requirements needs to be prepared, highlighting both conforming and non-conforming areas. For the non-conforming areas, the list should include the issues and how they can be addressed.

4. Preparing for the Audit: This is the step to bridge the gaps identified during the initial assessment. This step is time-consuming, and several service management processes may need to be corrected or introduced. Management often finds it challenging to define processes that meet the requirements. It is a good idea to maintain a checklist while preparing for the audit. The checklist helps track the requirements that have been fulfilled and ensures that the related records are in place.

5. Conducting the Audit: It is the responsibility of an external auditor from the Registered Certification Body to conduct the audits.

6. Retaining the ISO 20000 Certification: After an organisation gets certified, it is essential to renew the certificate every three years.

ISO 20000 Implementation

The Service Management System (SMS) that conforms to ISO 20000 follows the Plan-Do-Check-Act cycle:

• Plan:

  • Develop the processes for risk management
  • Establish the scope of service management
  • Develop methods for improving, managing, and auditing service quality
  • Determine the necessary processes
  • Determine resources and timescale
  • Define roles and responsibilities
  • Define the objectives of service management

• Do:

  • Manage resources and budget
  • Select, motivate, and train the staff
  • Create paperwork and monitor procedures, plans, and policies for different processes
  • Treat and mitigate risks

• Check:

  • Review the management plan
  • Review whether the SMS is compliant with this certification
  • Create an audit program

How can Fastzeal Help You in Complying with ISO 20000?

Fastzeal offers tools that can help in the implementation & operation of service management processes as mandated by ISO20000:2018. These tools efficiently fulfil the requirements for compliance by integrating the mandated processes in the organisation’s operations & generating records as evidence of compliance.