ISO 20000 : 2018 IT Service Management

ISO 20000: 2018 IT Service Management

ISO 20000: 2018 is an international standard for IT service management. It specifies requirements for the service provider to plan, establishes, implement, operate, monitor, review, maintains, and improve the management system. The requirements include the design, transition, delivery, and improvement of services to fulfill agreed service requirements.

What is ISO 20000-1

ISO 20000 is the standard that enables companies who deliver services to align them with a unique Service Management Standard. Typically used for IT services, This Standard can be applied to all services industries.

ISO 20000 : 2018
ISO 20000: 2018

A Service Management Can

  • Create a Framework for implementing trusted ITIL standards
  • Foster a consistent approach
  • Ensure Efficiency of Services

It is currently the 8th most popular ISO standard Globally with over 5,300 companies adopting the standard.

ISO 20000: 2018 can be used by:

  • An organization seeking services from service providers and requiring assurance that Will fulfill their service requirements
  • An organization that requires a consistent approach by all its service providers, including those in a supply chain
  • A service provider that intends to demonstrate its capability for the design, transition, delivery, and improvement of services that fulfill service requirements
  • A service provider to monitor, measure and review its service management processes and services
  • A service provider to improve the design, transition, delivery, and improvement of services through the effective implementation and operation of the SMS.

Foundation for ISO 20000-1: 2018

ISO 20000-1 is a Service Management System standard that provides a framework for best practices, based on the principles of Information Technology Infrastructure Laboratory and ISO 9001 requirements. Key focus areas include defining:

Service Strategy

  • Strategic analysis, planning, positioning

Service Design

  • Translates plans to design and specifications

Service Delivery

  • Management of a service system throughout the production lifecycle

Continual Service Improvement

  • Measures performance for maximum benefit.

Service Strategy

  • Transforming service management into a strategic asset
  • Requirements identified and agreed upon in this stage
  • Precise understanding of what, who, how & processes


  • Financial Management
  • Service Portfolio Management
  • Demand Management

Roles & Responsibilities

  • Business relationship manager
  • product manager
  • Sourcing Officer

Service Design

  • Designing IT services to realize the strategy
  • Service Solution produced with a design package


  • Design 4p: People, Products, Processes, and Partners
  • 5 Aspects of Service Design (Solutions, Tools, Architecture, Process, and Measurement)
  • Service design package
  • Service Catalogue Management
  • Service Level Management
  • Capacity Management
  • Availability Management
  • Service Continuity Management
  • Information Security Management
  • Supplier Management

Roles & Responsibilities

  • Service Design Manager
  • IT Designer / Architect
  • Service Catalogue Manager (20000)
  • Service Level Manager (20000, 27035)
  • Availability Manager (22301, 27001)
  • IT Service Continuity Manager (22301, 27031, 24762)
  • Capacity Manager (27001)
  • Security Manager (27001)
  • Supplier Manager (37500)

Service Transition

  • Developing capability for transitioning change
  • Service is evaluated, tested, and validated – then goes live


  • Understanding Services
  • Establishing Policies
  • Supporting Knowledge Transfer
  • Anticipating and Managing Course Corrections
  • Ensuring Service Transition Involvement Throughout.


  • Change Management
  • Service Asset and Configuration Management
  • Knowledge Management
  • Transition Planning and Support
  • Release and Deployment Management
  • Service Validation and Testing
  • Evaluation

Roles & Responsibilities

  • No Separate Group Envisaged
  • Same People Involved in Multiple Stages

Service Operation

  • Achieving Effectiveness to Deliver Customer Value
  • The Working Environment


  • Event Management
  • Incident Management
  • Request Fulfilment
  • Access Management
  • Problem Management


  • Service Desk
  • Technical Management
  • Application Management
  • IT Operations Management

Continual Service Improvement

  • Maintaining Value for Customers
  • Improving on Weakness or Failure – mitigation


  • Define What should be Measured
  • Define What you can Measure
  • Gather the Data
  • Process the Data
  • Analyze the Data
  • Present and use the Information
  • Implement “Corrective” Action.

What are the Benefits of ISO 20000-1: 2018

  • Improved efficiency, resulting in fewer mistakes
  • Simplified and effective documentation
  • Performance Improvement and an increase in bottom-line profit.
  • Integrate people, processes, and technology to support objectives
  • Improved Competitiveness
  • Put in place controls to maintain consistent levels of service
  • The Acquisition of a symbol representing an International Quality Standard.

ISO 20000-1: 2018 Certification Process

If your company is looking for an ISO 20000 Certification on information Technology (ITSM) system-based standard, you might be overwhelmed with figuring out where to start. To help with this, here is an overview of the steps that are needed to help you to make sure that nothing is missed during your implementation and preparations for Certification

Management Support

This is the most critical. Without the support of management, your implementation of ISO 20000 will almost certainly fail. Plan your sales pitch well to convince your management that ISO 20000 is a good idea.

Establish ISO 20000 Certification Project, Project Plan, and Resources

Determine the cut-off period by which you need to have ISO 20000 certification in place. This would enable reverse engineering of the project and the importance of the timelines including the early start-off date. Identify the project leader. Identify the products or services to be included in the scope of ISO 20000 certification. Do the costing. it includes implementation learning cost and certification fee.

Conduct ISO 20000 Awareness Training

This is required to gain A to Z of the fundamentals of ISO 20000. Need to cover all resources in the scope. This training is imparted in batches by specialists and industry experts. Evidence of Training records needs to be maintained for demonstration during ISO 20000 Certification Audit.

Identify the ISO 20000 Implementation Team

ISO 20000 implementation can no longer be tasked to a single person or group of few persons in the organization. The ISO 20000 standard is premised on RISK Based thinking, and risk management must be done at the hands of respective departments and functions, such that the head of the departments is the “Risk-Owners”. Therefore, the implementation team would include Heads of the departments, deputies, or other critical resources in each function, besides the central team.

Conduct ISO 20000 Implementation Training

This training is imparted by a ‘specialist and industry expert’ to the implementation team identified by the organization. The ISO 20000 Implementation training is conducted in workshop style covering implementation practical cases of your organization and its processes. This would last up to 7 days.

Define Context, Scope, and Policy

Defining the context, scope, and policy of your ITSM will help to ensure you know the limits of what needs to be done so that you do not include areas of business that might not have an effect on your system. The key tool to define the scope is the dependency matrix which will be the first document you will need to create for the ITSM.

Define Risk Assessment & Risk Treatment

Risk Assessment and Risk Treatment is the backbone of ISO 22000 Implementation. ITSM objectives help to conduct a dipstick check of the performance levels to Documentation will include the mandatory procedures defined by the ISO 20000 Standard, but also any additional processes and procedures required by your company to ensure consistent and adequate results with respect to ITSM. the key is to define all processes in your company and look at how they interact with your organization. it is in these interactions that problems occur. The extent of documentation depends on the size of the organization, complexity of the processes, and competence of the people.

Implement ISO 20000 Processes and Procedures

Often, these processes will already be in place at your company and will just need to be adequately documented to ensure consistent results. Not all processes need to be documented procedures, but it is important to decide which ones need to be, in order to ensure compliant products and services.

Conduct ISO 20000 Internal Auditor Training

ISO 20000 Standard requires the organization to train a team of internal auditors who would perform cross audits on one another on regular basis. Internal Audits need to be competent. To evidence the same, the organization shall need a specialist industry expert to impart ISO 20000 Internal Auditor Training.

Conduct ISO 20000 Internal Audits

Before the Lead Auditors of Certification body visit to audit your system, ISO 20000 mandates that you audit each process internally. This will give you a chance to make sure that the processes are doing as you had planned. You will also have a chance to implement the necessary corrective actions to fix any problems that you find.

Closure activities and Corrective Action Plan

This is the step where you find the root cause of any problems found during your measurements, internal audits and management review, deviations from the established processes, customer concerns and take action to correct the root cause. This is the key step toward continual improvement, which is the main focus of having an ISO 20000.

Conduct ISO 20000 Management Reviews

Just as it is important that management supports the implementation of ISO 20000, It is also important that they are fully involved in the maintenance of the ITSM. Top management needs to review specific data from the activities of the ITSM in order to ensure that the processes have adequate resources to be effective and improve.

ISO 20000 Gap Analysis

This is done by specialist industry experts, to help organizations in gap analysis, so that gaps identified during pre-assessment/ gap analysis are plugged before the organization Proceeds for Certification Audit. This is a very important step to raise the confidence level of the auditees.

Choose a Certification Body

This can be a very important step in determining how effective your implementation is. This Certification body is the company that will ultimately come into audit your ITSM and decides if it is compliant with ISO 20000 Requirements, as well as whether it is effective and improving.

ISO 20000 Certification Audit-Stage 1

This is a review of your documentation by the certification body auditors to verify that, on paper, you have addressed all the necessary requirements of the ISO 20000 standard. The Auditors will issue a report outlining where you comply and where, there are problems, and you will have a chance to implement any corrective actions to address the problems. This may take place during the time frame defined for the initial operation of the ITSM.

ISO 20000 Certification Audit-Stage 2

This is the main audit when the certification body auditors will review the records you have accumulated by operating your ITSM processes, including your records of internal audits, management review, and corrective actions. From this review, which will take several days, they will issue a report detailing their findings and whether they have found your ITSM to be effective and in compliance with the ISO 20000 requirements. The auditors will also make a recommendation for certification if you meet all requirements. if you have any major non-conformances, then you will need to take corrective action for those problems before certification can be recommended.

Time to Plan ISO 20000

A good plan will help a lot when implementing ISO 20000 and work toward certification, so do take the time to plan and know what resources you need- this will save your time and resources later on.

Why Choose TUV Austria Bureau of Inspection & Certification For Implementing ISO 20000 Requirements

Some of the leading international accreditation bodies have awarded TUV Austria Bureau of Inspection & Certification with the accreditation to offer certification to a vast range of industry sectors. For certification services, TUV Austria BIC is the preferred brand across multiple industry sectors.

Local Regulatory authorities like The Pakistan National Accreditation Council (PNAC)The Pakistan Engineering Council (PEC) also recognizes TUV Austria Bureau of Inspection & Certification as a leading certification and inspection body in Pakistan. TUV Austria BIC has earned global respect instead of its approach and service quality through its highly trained and experienced Consultants. Our professional auditors work with clients to guarantee that the requirements are successfully maintained and continuously improved to be up to customers’ expectations and the law.

In Addition, to ISO 20000: 2018 audits we also offer a range of complimentary services:


What is ISO 20000-1?

ISO 20000-1 specifies requirements for implementing an Information Technology Service Management System.

What are the Requirements to Implement ISO 20000?

  • ITIL – Information Technology Infrastructure Library
  • ITIL is designed with ISSO 20000 in mind -they complement each other well.

What are the Key Features of ISO 20000 Audit?

Key Features of ISO 20000 audit:

  • IT Service Compliance
  • Business Improvements / System Improvements
  • Credibility
  • IT Service Documentation
  • Detect and Prevent Fraud
  • Better Planning and Budgeting

What is the Main Difference Between the 2011 and 2018 Standards?

  • There is a requirement on Knowledge
  • Incidents and Service Requests are separated out
  • There is a focus on Demand Management
  • Aligned to the Service Lifecycle.

Would you mind sending an Enquiry so we can assist you in getting certified?

Send Enquiry