TUV Austria Bureau of Inspection & Certification (Pvt.) Ltd.

ISO 20000 : 2018 IT Service Management

ISO 20000-1:2018 IT Service Management System

ISO 20000-1:2018 is an international standard for IT service management. It specifies the service provider’s requirements to plan, establish, implement, operate, monitor, review, maintain, and improve the management system. The requirements include designing, transitioning, delivering, and improving services to fulfill agreed service requirements.

What is ISO 20000-1?

ISO 20000-1 is the standard that enables companies who deliver services to align them with a unique Service Management Standard. Typically used for IT services, This Standard can be applied to all services industries.

ISO 20000 IT Service Management

A Service Management Can

  • Create a Framework for implementing trusted ITIL standards.
  • Foster a consistent approach.
  • Ensure Efficiency of Services.

It is currently the 8th most popular ISO standard Globally, with over 5,300 companies adopting the standard.

ISO 20000-1:2018 can be used by

  • An organization seeking services from service providers and requiring assurance that they will fulfill their service requirements
  • An organization that requires a consistent approach by all its service providers, including those in a supply chain
  • A service provider that intends to demonstrate its capability for the design, transition, delivery, and improvement of services that fulfill service requirements
  • A service provider monitors, measures, and reviews its service management processes and services.
  • A service provider to improve the design, transition, delivery, and improvement of services through the effective implementation and operation of the SMS.

Foundation for ISO 20000-1:2018

This Service Management System standard provides a framework for best practices based on the principles of the Information Technology Infrastructure Laboratory and ISO 9001 requirements. Key focus areas include defining:

Service Strategy

  • Strategic analysis, planning, and positioning.

Service Design

  • Translates plans to design and specifications.

Service Delivery

  • Management of a service system throughout the production lifecycle.

Continual Service Improvement

  • Measures performance for maximum benefit.

1. Service Strategy

  • Transforming service management into a strategic asset.
  • Requirements are identified and agreed upon in this stage.
  • Precise understanding of what, who, how & processes.


  • Financial Management.
  • Service Portfolio Management.
  • Demand Management.

Roles & Responsibilities

  • Business relationship manager.
  • Product manager.
  • Sourcing Officer.

2. Service Design

  • Designing IT services to realize the strategy.
  • Service Solution produced with a design package.


  • Design 4p: People, Products, Processes, and Partners.
  • 5 Aspects of Service Design (Solutions, Tools, Architecture, Process, and Measurement).
  • Service design package.
  • Service Catalogue Management.
  • Service Level Management.
  • Capacity Management.
  • Availability Management.
  • Service Continuity Management.
  • Information Security Management.
  • Supplier Management.

Roles & Responsibilities

  • Service Design Manager.
  • IT Designer / Architect.
  • Service Catalogue Manager (20000).
  • Service Level Manager (20000, 27035).
  • Availability Manager (22301, 27001).
  • IT Service Continuity Manager (22301, 27031, 24762).
  • Capacity Manager (27001).
  • Security Manager (27001).
  • Supplier Manager (37500).

3. Service Transition

  • Developing capability for transitioning change.
  • Service is evaluated, tested, and validated – then goes live.


  • Understanding Services.
  • Establishing Policies.
  • Supporting Knowledge Transfer.
  • Anticipating and Managing Course Corrections.
  • Ensuring Service Transition Involvement Throughout.


  • Change Management.
  • Service Asset and Configuration Management.
  • Knowledge Management.
  • Transition Planning and Support.
  • Release and Deployment Management.
  • Service Validation and Testing.
  • Evaluation.

Roles & Responsibilities

  • No Separate Group is Envisaged.
  • Same People Involved in Multiple Stages.

4. Service Operation

  • Achieving Effectiveness to Deliver Customer Value.
  • The Working Environment.


  • Event Management.
  • Incident Management.
  • Request Fulfilment.
  • Access Management.
  • Problem Management.


  • Service Desk.
  • Technical Management.
  • Application Management.
  • IT Operations Management.

5. Continual Service Improvement

  • Maintaining Value for Customers.
  • Improving on Weakness or Failure – Mitigation.


  • Define What Should Be Measured.
  • Define What you can Measure.
  • Gather the Data.
  • Process the Data.
  • Analyze the Data.
  • Present and use the Information.
  • Implement “Corrective” Action.

What are the Benefits of ISO 20000-1:2018?

  • Improved efficiency, resulting in fewer mistakes.
  • Simplified and effective documentation.
  • Performance Improvement and an increase in bottom-line profit.
  • Integrate people, processes, and technology to support objectives.
  • Improved Competitiveness.
  • Put in place controls to maintain consistent levels of service.
  • The Acquisition of a symbol representing an International Quality Standard.

What is the ISO 20000-1:2018 Certification Process?

If your company is looking for a Certification in Information Technology (ITSM) system-based standard, you might be overwhelmed with figuring out where to start. To help with this, here is an overview of the steps that are needed to help you to make sure that nothing is missed during your implementation and preparations for Certification.

ISO 20000 Certification Process

1. Management Support

This is the most critical. Without the support of management, your implementation of ISO 20000 will almost certainly fail. Plan your sales pitch well to convince your management that this is a good idea.

2. Establish ISO 20000 Certification Project, Project Plan, and Resources

Determine the cut-off period by which you need to have certification in place. This would enable reverse engineering of the project and the importance of the timelines, including the early start-off date. Identify the project leader. Identify the products or services to be included in the scope of this certification. Do the costing. It provides implementation learning costs and certification fees.

3. Conduct ISO 20000 Awareness Training

This is required to gain an A to Z in the fundamentals of ITSM. We need to cover all resources in the scope. This training is imparted in batches by specialists and industry experts. Evidence of Training records needs to be maintained for demonstration during Certification Audit.

4. Identify the ISO 20000 Implementation Team

Implementation can no longer be tasked to a single person or group of few persons in the organization. This standard is premised on RISK Based thinking, and risk management must be done at the hands of respective departments and functions, such that the head of the departments is the “Risk-Owners.”

Therefore, the implementation team would include Heads of the departments, deputies, or other critical resources besides the central unit in each function.

5. Conduct Implementation Training

This training is imparted by a ‘specialist and industry expert’ to the implementation team identified by the organization. The Implementation training is workshop-style, covering practical implementation cases of your organization and its processes. This would last up to 7 days.

6. Define Context, Scope, and Policy

Defining the context, scope, and policy of your ITSM will help ensure you know the limits of what needs to be done so that you do not include areas of business that might not affect your system. The essential tool to define the scope is the dependency matrix which will be the first document you will need to create for the ITSM.

7. Define Risk Assessment & Risk Treatment

Risk Assessment and Risk Treatment is the backbone of ISO 22000 Implementation. ITSM objectives help to conduct a dipstick check of the performance levels Documentation will include the mandatory procedures defined by the ITSM Standard and any other processes and procedures required by your company to ensure consistent and adequate results concerning ITSM.

The key is to represent all processes in your company and look at how they interact with your organization. It is in these interactions that problems occur. The extent of documentation depends on the organization’s size, the processes’ complexity, and the people’s competence.

8. Implement ISO 20000 Processes and Procedures

Often, these processes will already be in place at your company and must be adequately documented to ensure consistent results. Of course, not all functions need to be documented procedures, but deciding which ones need to be done to provide compliant products and services is essential.

9. Conduct Internal Auditor Training

This Standard requires the organization to train a team of internal auditors who regularly perform cross audits on one another. Therefore, internal Audits need to be competent. In addition, the organization shall need a specialist industry expert to impart Internal Auditor Training to evidence the same.

10. Conduct Internal Audits

Before the Lead Auditors of the Certification body visit to audit your system, ISO 20000 mandates that you audit each process internally. This will allow you to ensure that the methods are going as you had planned. You will also be able to implement the necessary corrective actions to fix any problems you find.

11. Closure activities and Corrective Action Plan

This is the step where you find the root cause of any problems encountered during your measurements, internal audits and management review, deviations from the established processes, and customer concerns, and take action to correct the root cause. This is the critical step toward continual improvement.

12. Conduct Management Reviews

Just as management must support the implementation of ITSM. It is also vital that they are fully involved in the maintenance of the ITSM. Top leadership needs to review specific data from the activities of the ITSM to ensure that the processes have adequate resources to be effective and improve.

13. Gap Analysis

Specialist industry experts do this to help organizations in gap analysis so that gaps identified during pre-assessment/ gap analysis are plugged before the organization Proceeds for Certification Audit. This is a crucial step to raising the confidence level of the auditees.

14. Choose a Certification Body

This can be a crucial step in determining how effective your implementation is. This Certification body is the company that will ultimately audit your ITSM and decides if it is compliant with ISO 20000 Requirements and whether it is effective and improving.

15. Certification Audit-Stage 1

This is a review of your Documentation by the certification body auditors to verify that, on paper, you have addressed all the requirements of this standard.

The Auditors will issue a report outlining where you comply and where there are problems, and you will have a chance to implement any corrective actions to address the issues. This may occur during the time frame defined for the initial operation of the ITSM.

16. Certification Audit-Stage 2

This is the leading audit when the certification body auditors will review the records you have accumulated by operating your ITSM processes, including your records of internal audits, management review, and corrective actions.

From this review, which will take several days, they will issue a report detailing their findings and whether your ITSM is effective and in compliance with the ISO 20000 requirements. The auditors will also recommend Certification if you meet all requirements. However, if you have any major non-conformances, you will need to take corrective action before Certification can be recommended.

17. Time to Plan

A good plan will help a lot when implementing ITSM Standard and working toward Certification, so do take the time to plan and know what resources you need- this will save your time and resources later on.

In Addition, to ISO 20000:2018 audits TUV Austria BIC. also offer a range of complimentary services:


What is ISO 20000-1?

It specifies requirements for implementing an Information Technology Service Management System.

What are the Requirements to Implement this standard?

  • ITIL – Information Technology Infrastructure Library.
  • ITIL is designed with ISO 20000 in mind -they complement each other well.

What are the Key Features of ISO 20000 Audit?

Key Features

  • IT Service Compliance.
  • Business Improvements / System Improvements.
  • Credibility.
  • IT Service Documentation.
  • Detect and Prevent Fraud.
  • Better Planning and Budgeting.

What is the Main Difference Between the 2011 and 2018 Standards?

  • There is a requirement for Knowledge.
  • Incidents and Service Requests are separated out.
  • There is a focus on Demand Management.
  • Aligned to the Service Lifecycle.

Would you mind sending an Enquiry so we can assist you in getting certified?

Send Enquiry