ISO/IEC 20000-1 - IT services

Give your IT services the right organisational framework. ISO/IEC 20000-1 supports you in this. With your service management system (SMS) and its certification, you show your customers that you will be a reliable partner in the long term.

Table of contents

Summary

ISOIEC 20000-1 is the international standard used worldwide for the certification of an IT service management system. It is based on the British standard BS 15000. The 'sister standard' ISO 20000-2 'Code of Practice' describes best practices in IT service management and refers to ITIL (IT Infrastructure Library), a very comprehensive collection of best practices.

Due to the large scope of ITIL, most companies, usually data centres, have reservations about introducing it. This concern is unjustified, as small organisations in particular, such as corporate IT departments or small service providers, can benefit from these best practices. The problem is usually that these organisations have to make the effort to identify and extract the best practices for them. However, there are now guidelines that aim to support smaller organisations in particular.

Caution: ISO/IEC 20000-1 certification should not be confused with the ITIL personal certifications (ITIL Foundation, ITIL Practitioner, etc.), of which several thousand have already been carried out in Switzerland.

Development

ISO/IEC 20000-1:2005 was adopted almost unchanged from the British Standard BS 15000. This was first published in 2000, as some data centres wanted to have their management systems, which were based on ITIL best practices, certified by an independent body.

The ISO/IEC 20000-1:2011 version is still valid until September 2021. Initial certifications and re-certifications must be carried out in accordance with the 2018 version from 1 April 2020.

The current version ISO/IEC 20000-1:2018 was published in September 2018.

The SN ISO/IEC 20000-1:2021 version is identical in content to ISO/IEC 20000-1:2018.

ISO/IEC 20000-1:2018 is currently under review (Stage: 90.60). Standards are reviewed every 5 years and transferred to a new version if necessary.

Organisations with existing certificates have until September 2021 to make the switch.

ISO/IEC 20000-1:2018 can be combined very well with:

  • ISO 9001:2015 - Quality management
  • ISO/IEC 27001:2022 - Information security management
  • ISO 22301:2019 - Business continuity management

Changes from ISO 20000-1:2011 to ISO 20000-1:2018: Document

Utilisation

As an application or Internet service provider or data centre manager, you should ask yourself the following questions:

  • Do I actually know how many of our customers' "cries for help" go unheard?
  • Have we agreed with our customers what service they need, e.g. "24/7 round-the-clock service" or "service during office hours"?
  • Do we use our customers' problems to sustainably improve our service?
  • Are we really prepared for a total failure of our systems?
  • Do I know exactly when we will reach the limits of our capacity?
  • Am I sure that we will never run into problems when changes are made to our infrastructure?
  • Can I guarantee our customers with a clear conscience that their data is always secure in terms of confidentiality, availability and invulnerability?
  • Do our employees often work under a lot of stress and for longer than normal?

The best practices of ITIL will help you:

  • Organise your service desk so that all calls for help are received and all customers can be helped quickly.
  • make transparent agreements with your customers about your services;
  • problems, improve your service in the long term and turn a complaining customer into an enthusiastic one;
  • inform your customers quickly and up to date in the event of a system failure and retain their trust;
  • avoid a slump in your service performance through proactive resource management;
  • to ensure safe operation even if the infrastructure changes;
  • protect your customers' data with regard to confidentiality, integrity and availability;
  • keep the workload of your employees at a reasonable level through efficient IT service management.

Show your customers and partners. Your IT service management system with the best practices according to ITIL (IT Infrastructure Library) can be audited and certified according to ISO/IEC 20000-1 by the Swiss Safety Center as an independent body. This shows your customers that you operate a professional service management system in the long term and do everything you can to be a reliable long-term partner.

What you need to know

Requirements

The requirements for IT service management are formulated in ISO 20000-1:2005. They are based on the processes and functions of the IT Infrastructure Library ITIL V2. All elements of the standard must be fulfilled for certification. ITIL V3, which has now been published with the extended process landscape, has not yet had any impact on ISO 20000.

Tools

The IT section of the Swiss Association for Quality SAQ has developed a guide 'ITIL for SMEs'. It is intended as a guide for smaller organisations to use the best practices from ITIL V2 and set up a self-contained IT service management system that can be finally certified. The Swiss Safety Center has been heavily involved in the development of this guide.  It can be obtained from the Swiss Safety Center Shop under Certification/Checklists.

Useful information

Some interesting articles from trade journals:

From user to service customer, M&Q 6/2007

ITIL also for SMEs, IT-Security 2/2008

 

Interesting links:

ITSMF IT Service Management Forum is the international association and 'sponsor' of ITIL activities.

www.itsmf.ch is the Swiss national organisation

www.swissict.ch is an industry association of the IT and telecommunication

Checklist

An audit checklist for ISO 20000-1 can be obtained free of charge from the Swiss Safety Center-Shop under Certification/Checklists.

There you will also find numerous other checklists and brochures on other standards, many of which are free of charge.

Education

There are numerous providers of ITIL training.

All employees of an IT service provider should complete at least one foundation training course with a final certificate.

The Swiss Safety Center does not offer ITIL training itself, but conducts examinations for TÜV SÜD in Switzerland.

Certification process

The certification process is practically identical to that of ISO 9001, ISO 14001, etc. .

FAQ

ITIL is far too complicated for my IT organisation with 20 employees! Can I even implement it?

ITIL is first and foremost a collection of best practices that are applicable to both large and small IT service providers - internal and external. You can obtain a guide on how small organisations can implement ITIL processes and functions efficiently from the Swiss Safety Center Shop.

 

Do all ITIL V2 processes have to be implemented in order to be certified according to ISO 20000?

Yes, all processes must be implemented. The extent to which they need to be elaborated depends on the type of services, their complexity and criticality.  

 

Can an IT service management system that was set up in accordance with ITIL V3 also be certified in accordance with ISO 20000?

Yes, because ITIL V3 covers all the requirements of ISO 20000-1. 

Would you like to find out more?