ISO 20000:2018 IT Service Management System
ISO 20000:2018 is an international standard for IT service management. It specifies the service provider’s requirements to plan, establish, implement, operate, monitor, review, maintain, and improve the management system. The requirements include the design, transition, delivery, and improvement of services to fulfill agreed service requirements.
What is ISO 20000-1?
ISO 20000-1 is the standard that enables companies who deliver services to align them with a unique Service Management Standard. Typically used for IT services, This Standard can be applied to all services industries.
A Service Management Can
- Create a Framework for implementing trusted ITIL standards.
- Foster a consistent approach.
- Ensure Efficiency of Services.
It is currently the 8th most popular ISO standard Globally with over 5,300 companies adopting the standard.
ISO 20000:2018 can be used by
- An organization seeking services from service providers and requiring assurance that they will fulfill their service requirements
- An organization that requires a consistent approach by all its service providers, including those in a supply chain
- A service provider that intends to demonstrate its capability for the design, transition, delivery, and improvement of services that fulfil service requirements
- A service provider to monitor, measure and review its service management processes and services
- A service provider to improve the design, transition, delivery, and improvement of services through the effective implementation and operation of the SMS.
Foundation for ISO 20000-1:2018
This Standard is a Service Management System standard that provides a framework for best practices, based on the principles of Information Technology Infrastructure Laboratory and ISO 9001 requirements. Key focus areas include defining:
- Strategic analysis, planning, positioning.
- Translates plans to design and specifications.
- Management of a service system throughout the production lifecycle.
Continual Service Improvement
- Measures performance for maximum benefit.
1. Service Strategy
- Transforming service management into a strategic asset.
- Requirements are identified and agreed upon in this stage.
- Precise understanding of what, who, how & processes.
- Financial Management.
- Service Portfolio Management.
- Demand Management.
Roles & Responsibilities
- Business relationship manager.
- product manager.
- Sourcing Officer.
2. Service Design
- Designing IT services to realize the strategy.
- Service Solution produced with a design package.
- Design 4p: People, Products, Processes, and Partners.
- 5 Aspects of Service Design (Solutions, Tools, Architecture, Process, and Measurement).
- Service design package.
- Service Catalogue Management.
- Service Level Management.
- Capacity Management.
- Availability Management.
- Service Continuity Management.
- Information Security Management.
- Supplier Management.
Roles & Responsibilities
- Service Design Manager.
- IT Designer / Architect.
- Service Catalogue Manager (20000).
- Service Level Manager (20000, 27035).
- Availability Manager (22301, 27001).
- IT Service Continuity Manager (22301, 27031, 24762).
- Capacity Manager (27001).
- Security Manager (27001).
- Supplier Manager (37500).
3. Service Transition
- Developing capability for transitioning change.
- Service is evaluated, tested, and validated – then goes live.
- Understanding Services.
- Establishing Policies.
- Supporting Knowledge Transfer.
- Anticipating and Managing Course Corrections.
- Ensuring Service Transition Involvement Throughout.
- Change Management.
- Service Asset and Configuration Management.
- Knowledge Management.
- Transition Planning and Support.
- Release and Deployment Management.
- Service Validation and Testing.
Roles & Responsibilities
- No Separate Group is Envisaged.
- Same People Involved in Multiple Stages.
4. Service Operation
- Achieving Effectiveness to Deliver Customer Value.
- The Working Environment.
- Event Management.
- Incident Management.
- Request Fulfilment.
- Access Management.
- Problem Management.
- Service Desk.
- Technical Management.
- Application Management.
- IT Operations Management.
5. Continual Service Improvement
- Maintaining Value for Customers.
- Improving on Weakness or Failure – mitigation.
- Define What should be Measured.
- Define What you can Measure.
- Gather the Data.
- Process the Data.
- Analyze the Data.
- Present and use the Information.
- Implement “Corrective” Action.
What are the Benefits of ISO 20000-1:2018?
- Improved efficiency, resulting in fewer mistakes.
- Simplified and effective documentation.
- Performance Improvement and an increase in bottom-line profit.
- Integrate people, processes, and technology to support objectives.
- Improved Competitiveness.
- Put in place controls to maintain consistent levels of service.
- The Acquisition of a symbol representing an International Quality Standard.
What is ISO 20000-1:2018 Certification Process?
If your company is looking for a Certification in information Technology (ITSM) system-based standard, you might be overwhelmed with figuring out where to start. To help with this, here is an overview of the steps that are needed to help you to make sure that nothing is missed during your implementation and preparations for Certification.
1. Management Support
This is the most critical. Without the support of management, your implementation of ISO 20000 will almost certainly fail. Plan your sales pitch well to convince your management that this is a good idea.
2. Establish ISO 20000 Certification Project, Project Plan, and Resources
Determine the cut-off period by which you need to have certification in place. This would enable reverse engineering of the project and the importance of the timelines, including the early start-off date. Identify the project leader. Identify the products or services to be included in the scope of this certification. Do the costing. It provides implementation learning costs and certification fees.
3. Conduct ISO 20000 Awareness Training
This is required to gain an A to Z in the fundamentals of ITSM. We need to cover all resources in the scope. This training is imparted in batches by specialists and industry experts. Evidence of Training records needs to be maintained for demonstration during Certification Audit.
4. Identify the ISO 20000 Implementation Team
Implementation can no longer be tasked to a single person or group of few persons in the organization. This standard is premised on RISK Based thinking, and risk management must be done at the hands of respective departments and functions, such that the head of the departments is the “Risk-Owners.”
Therefore, the implementation team would include Heads of the departments, deputies, or other critical resources in each function, besides the central unit.
5. Conduct Implementation Training
This training is imparted by a ‘specialist and industry expert’ to the implementation team identified by the organization. The Implementation training is workshop-style, covering practical implementation cases of your organization and its processes. This would last up to 7 days.
6. Define Context, Scope, and Policy
Defining the context, scope, and policy of your ITSM will help ensure you know the limits of what needs to be done so that you do not include areas of business that might not affect your system. The essential tool to define the scope is the dependency matrix which will be the first document you will need to create for the ITSM.
7. Define Risk Assessment & Risk Treatment
Risk Assessment and Risk Treatment is the backbone of ISO 22000 Implementation. ITSM objectives help to conduct a dipstick check of the performance levels Documentation will include the mandatory procedures defined by the ITSM Standard and any other processes and procedures required by your company to ensure consistent and adequate results concerning ITSM.
The key is to represent all processes in your company and look at how they interact with your organization. It is in these interactions that problems occur. The extent of documentation depends on the organization’s size, the complexity of the processes, and the competence of the people.
8. Implement ISO 20000 Processes and Procedures
Often, these processes will already be in place at your company and must be adequately documented to ensure consistent results. Of course, not all functions need to be documented procedures, but it is essential to decide which ones need to be done to provide compliant products and services.
9. Conduct Internal Auditor Training
This Standard requires the organization to train a team of internal auditors who regularly perform cross audits on one another. Therefore, internal Audits need to be competent. In addition, the organization shall need a specialist industry expert to impart Internal Auditor Training to evidence the same.
10. Conduct Internal Audits
Before the Lead Auditors of Certification body visit to audit your system, ISO 20000 mandates that you audit each process internally. This will give you a chance to make sure that the methods are going as you had planned. You will also have an opportunity to implement the necessary corrective actions to fix any problems that you find.
11. Closure activities and Corrective Action Plan
This is the step where you find the root cause of any problems encountered during your measurements, internal audits and management review, deviations from the established processes, customer concerns, and take action to correct the root cause. This is the critical step toward continual improvement.
12. Conduct Management Reviews
Just as it is essential that management supports the implementation of ITSM. It is also vital that they are fully involved in the maintenance of the ITSM. Top leadership needs to review specific data from the activities of the ITSM to ensure that the processes have adequate resources to be effective and improve.
13. Gap Analysis
Specialist industry experts do this to help organizations in gap analysis so that gaps identified during pre-assessment/ gap analysis are plugged before the organization Proceeds for Certification Audit. This is a crucial step to raising the confidence level of the auditees.
14. Choose a Certification Body
This can be a crucial step in determining how effective your implementation is. This Certification body is the company that will ultimately audit your ITSM and decide if it is compliant with ISO 20000 Requirements and whether it is effective and improving.
15. Certification Audit-Stage 1
This is a review of your Documentation by the certification body auditors to verify that, on paper, you have addressed all the requirements of this standard.
The Auditors will issue a report outlining where you comply and where there are problems, and you will have a chance to implement any corrective actions to address the issues. This may take place during the time frame defined for the initial operation of the ITSM.
16. Certification Audit-Stage 2
This is the leading audit when the certification body auditors will review the records you have accumulated by operating your ITSM processes, including your records of internal audits, management review, and corrective actions.
From this review, which will take several days, they will issue a report detailing their findings and whether they have found your ITSM to be effective and in compliance with the ISO 20000 requirements. The auditors will also make a recommendation for Certification if you meet all requirements. However, if you have any major non-conformances, then you will need to take corrective action for those problems before Certification can be recommended.
17. Time to Plan
A good plan will help a lot when implementing ITSM Standard and working toward Certification, so do take the time to plan and know what resources you need- this will save your time and resources later on.
In Addition, to ISO 20000:2018 audits we also offer a range of complimentary services:
- ISO Certifications
- ISO 9001:2015 QMS
- ISO 14001:2015 EMS
- ISO 45001:2018 OHSMS
- ISO 50001:2018 EnMS
- ISO 27001:2018 ISMS
- Halal Certification
- ISO 22000:2018 FSMS
- (FSSC) 22000 V5
- HACCP Food Safety Management System
- ISO 21001:2018 EOMS
- ISO 29990:2010 LSMS
- ISO 20121:2012 ESMS
- ISO 22301:2019 BCMS
- ISO 37001:2016 ABMS
- ISO 28000:2007 SCMS
- ISO 13485:2016 MDSM
- ISO 39001:2012 RTSMS
- ISO 31000:2018 Risk Management – Guidelines
- ISO 3834 – Quality Requirements for Fusion Welding of Metallic Materials
- ISO 22716 – GMP
- “Covid-Shield” Certification
- GlobalG.A.P. Certification
- IFS Certification Services
- Process improvement solutions
What is ISO 20000-1?
It specifies requirements for implementing an Information Technology Service Management System.
What are the Requirements to Implement this standard?
- ITIL – Information Technology Infrastructure Library.
- ITIL is designed with ISO 20000 in mind -they complement each other well.
What are the Key Features of ISO 20000 Audit?
- IT Service Compliance.
- Business Improvements / System Improvements.
- IT Service Documentation.
- Detect and Prevent Fraud.
- Better Planning and Budgeting.
What is the Main Difference Between the 2011 and 2018 Standards?
- There is a requirement for Knowledge.
- Incidents and Service Requests are separated out.
- There is a focus on Demand Management.
- Aligned to the Service Lifecycle.
Would you mind sending an Enquiry so we can assist you in getting certified?