ISO 20000: Difference between revisions

From IT Process Wiki
No edit summary
 
(9 intermediate revisions by the same user not shown)
Line 1: Line 1:
<seo metakeywords="iso 20000 processes, iso 20000 requirements" metadescription="In contrast to the ITIL books, ISO 20000 does not offer specific advice on how to design your processes. It is rather a set of requirements which must ..." />
<itpmch><title>ISO 20000 | IT Process Wiki</title>
<meta name="keywords" content="iso 20000 processes, iso 20000 requirements" />
<meta name="description" content="In contrast to the ITIL books, ISO 20000 does not offer specific advice on how to design your processes. It is rather a set of requirements which must ..." />
</itpmch>
<imagemap>
<imagemap>
Image:ITIL-Wiki-de-es.jpg|DE - ES - ISO 20000 - ISO/IEC 20000 - ISO 20000 Requirements|100px
Image:ITIL-Wiki-de-es.jpg|right|DE - ES - ISO 20000 - ISO/IEC 20000 - ISO 20000 Requirements|163px
rect 0 0 50 30 [https://wiki.de.it-processmaps.com/index.php/ISO_20000 diese Seite auf Deutsch]
rect 81 0 114 36 [https://wiki.de.it-processmaps.com/index.php/ISO_20000 diese Seite auf Deutsch]
rect 50 0 100 30 [https://wiki.es.it-processmaps.com/index.php/ISO_20000 esta página en español]
rect 115 0 163 36 [https://wiki.es.it-processmaps.com/index.php/ISO_20000 esta página en español]
desc none
desc none
</imagemap>
</imagemap>
<br style="clear:both;"/>
<br style="clear:both;"/>


ITIL provides guidance on what should be done in order to offer users adequate IT Services to support their business processes. ITIL qualifications are available for individuals but until recently there was no way for an IT organization to prove that it is working along the ITIL recommendations.
ISO/IEC 20000 (often abbreviated to ISO 20000) is the internationally acknowledged standard for service management. It was developed in 2005 based on the earlier BS 15000, and subsequently revised in 2011 and 2018.


The ISO/IEC 20000:2005 standard (abbreviated to ISO 20000 in this wiki) was conceived to fill this gap. Initiated by the two organizations itSMF and BSI (British Standards Institution), it is modeled upon the principles of ITIL and allows IT organizations to have their IT Service Management certified.
The standard enables organizations to demonstrate reliability and commitment to a high quality of service. ISO 20000 has thus become a competitive differentiator for the delivery of services.


In contrast to the ITIL books, ISO 20000 does not offer specific advice on how to design your processes. It is rather a set of requirements which must be met in order to qualify for [https://en.it-processmaps.com/iso20000/faq-iso-20000-certification.html ISO 20000 certification].
<p>&nbsp;</p>


&#10132; In our [https://yasm.com/wiki/en/index.php/Main_Page YaSM Service Management Wiki] we provide a [https://yasm.com/wiki/en/index.php/ISO_20000 complete introduction to ISO 20000] (ISO/IEC 20000:2018), covering topics such as:
* [https://yasm.com/wiki/en/index.php/ISO_20000#What_are_the_benefits_of_ISO_20000.3F Benefits of ISO 20000]
* [https://yasm.com/wiki/en/index.php/FAQ:_ISO_20000_Certification FAQs about ISO 20000 certification]
* [https://yasm.com/wiki/en/index.php/ISO_20000_-_2018 Differences between the latest 2018 release of ISO 20000 and the earlier 2011 edition]
* [https://yasm.com/wiki/en/index.php/ISO_20000#ISO_20000_and_YaSM.2C_ITIL.2C_CMMI-SVC.2C_COBIT.2C_VeriSM.2C_SIAM.2C_.E2.80.A6 ISO 20000 and how it relates to ITIL and other service management frameworks]
* [https://yasm.com/wiki/en/index.php/ISO_20000_Project The YaSM service management model and how it supports your ISO 20000 project]


<p>&nbsp;</p>


== Central Requirements from ISO 20000 ==
== How ITIL and ISO 20000 are related ==
 
ISO 20000 promotes the “adoption of an integrated process approach to effectively deliver managed services to meet the business and customer requirements”.
 
ISO 20000 does not prescribe that its requirements must be met by following the ITIL recommendations, so there are many possible ways to achieve compliance. Introducing ITIL, however, is the most widely used approach for obtaining an ISO 20000 certificate.


It is also important to prove that IT processes are documented, actively managed, and continually improved.
[[image:iso-20000.jpg|thumb|200px|right|alt=ISO 20000 requirements and ITIL 2011|link=https://wiki.en.it-processmaps.com/index.php/File:Iso-20000.jpg|Figure 1: ISO 20000]]
 
The basic principles behind ITIL and ISO 20000 are very much in line (see also: [http://www.best-management-practice.com/gempdf/ITIL_and_ISO_20000_March08.pdf "Alignment White Paper: ITIL V3 and ISO/IEC 20000"], Jenny Dugmore & Sharon Taylor, March 2008). The key differences are:
 
 
==The new Edition ISO/IEC 20000:2011==
A new version of ISO/IEC 20000 Part 1: Service management system requirements (abbreviated to ISO/IEC 20000-1:2011) was published in April 2011.
 
The authors of the new version describe the main differences to the earlier edition (ISO/IEC 20000-1:2005) as follows:
 
* Closer alignment to both ISO 9001 and ISO/IEC 27001
* Clarification of existing definitions and addition of new definitions
* Introduction of the term "Service Management System" (SMS) and aligning the standard with the concept of a SMS
* Clarification of the requirements for the governance of processes operated by other parties
* Addition of requirements for the design and transition of new or changed services
 
 
 
== How ITIL V3 and ISO 20000 are related ==
 
The basic principles behind ITIL V3 and ISO 20000 are very much in line (see also: [http://www.best-management-practice.com/gempdf/ITIL_and_ISO_20000_March08.pdf "Alignment White Paper: ITIL V3 and ISO/IEC 20000"], Jenny Dugmore & Sharon Taylor, March 2008). The key differences are:


* ITIL certifications are available for individuals only, whereas ISO 20000 is a certification scheme for organizations.
* ITIL certifications are available for individuals only, whereas ISO 20000 is a certification scheme for organizations.
Line 47: Line 35:
* When organizations say they are compliant to ITIL, very often this statement is not verifiable; a certification according to the ISO 20000 standard means there has been an objective assessment.
* When organizations say they are compliant to ITIL, very often this statement is not verifiable; a certification according to the ISO 20000 standard means there has been an objective assessment.


Frequently, a certification according to ISO 20000 is sought after introducing ITIL, because it allows an IT organization to actually prove that it is a customer-oriented, efficient and effective supplier of IT services. A certification can thus be used for marketing purposes, or to gain access to customers and markets which require their service suppliers to be ISO 20000 certified.
Frequently, an ISO 20000 certification is sought after introducing ITIL, because it allows an IT organization to actually prove that it is a customer-oriented, efficient and effective supplier of IT services. A certification can thus be used for marketing purposes, or to gain access to customers and markets which require their service suppliers to be ISO 20000 certified.


<p>&nbsp;</p>


==ISO 20000 Sections and related ITIL Processes==


==ISO 20000 Sections and related ITIL Processes==
ITIL was explicitly written to be aligned with ISO 20000, as the following table exemplifies: for every section in ISO/IEC 20000:2011, Part 1 (Mandatory Requirements) there are one or several related ITIL processes.


ITIL V3 was explicitly written to be aligned with ISO 20000, as the following table exemplifies: for every section in ISO/IEC 20000:2005, Part 1 (Mandatory Requirements) there are one or several related ITIL processes.
The following table summarizes in broad terms how the main ISO 20000 processes correspond to ITIL processes (ITIL 2011 main processes).  


<p>&nbsp;</p>


{| border="1" cellpadding="5" cellspacing="0" align="center"
{| border="1" cellpadding="5" cellspacing="0"
|-
! width="25%" colspan="2" style="background:#ffffdd;" | ISO 20000 Sections
! width="75%" colspan="2" style="background:#ffffbb;" | Related ITIL Processes
|-
! align="center" style="background:#ffffdd;" | Ch.
! align="center" style="background:#ffffdd;" | Title
! align="center" style="background:#ffffbb;" | Remark
|-
| '''3'''
| '''Requirements for a management system'''
| &nbsp;
|-
| 3.1
| Management responsibility
| Requirements are fulfilled by the ITIL process "[[Service Portfolio Management]]"
|-
| 3.2
| Documentation requirements
| Requirements are fulfilled by the ITIL process "[[Service Level Management]]"
|-
|-
| 3.3
! width="55%" colspan="2" style="background:#eaeaea;" | ISO 20000 Sections (ISO/IEC 20000:2011)
| Competence, awareness and training
! width="45%" colspan="2" style="background:#ffffbb;" | Related ITIL Processes (ITIL 2011)
| Requirements are fulfilled by the ITIL processes "[[Service Portfolio Management]]" and "[[Process Evaluation]]"
|-
|-
! align="center" style="background:#f8f8f8;" | Ch.
! align="center" style="background:#f8f8f8;" | Title
! align="center" style="background:#ffffdd;" | Remark
|- valign="top"
| '''4'''
| '''4'''
| '''Planning and implementing service management'''
| <span id="ISO-20000-requirement-4">'''Service management system general requirements'''</span>
| &nbsp;
|  
|-
* [[ISO 20000#ISO-20000-ITIL-note|''See note ['''1''']'']]
|- valign="top"
| 4.1
| 4.1
| Plan service management (Plan)
| Management responsibility
| Requirements are fulfilled by the ITIL processes "[[ITIL V3 Service Strategy|Service Strategy]]" and "[[ITIL V3 CSI - Continual Service Improvement|Continual Service Improvement]]"
|  
|-
* [[ITIL Strategy Management|Strategy Management for IT Services]] and various processes from [[ITIL CSI - Continual Service Improvement|Continual Service Improvement]]
|- valign="top"
| 4.2
| 4.2
| Implement service management and provide the services (Do)
| Governance of processes operated by other parties
| Requirements are fulfilled by the ITIL process "[[ITIL V3 Service Strategy|Service Strategy]]"
|  
|-
* [[Supplier Management]] and [[Service Level Management]]
|- valign="top"
| 4.3
| 4.3
| Monitoring, measuring and reviewing (Check)
| Documentation management
| Requirements are fulfilled by the ITIL process "[[Process Evaluation]]"
|  
|-
* Various [[ITIL Service Strategy|Service Strategy]], [[ITIL Service Design|Service Design]] and [[ITIL Service Transition|Service Transition]] processes
|- valign="top"
| 4.4
| 4.4
| Continual improvement (Act)
| Resource management
| Requirements are fulfilled by the ITIL process "[[ITIL V3 CSI - Continual Service Improvement|Continual Service Improvement]]"
|
|-
* [[ITIL Strategy Management|Strategy Management for IT Services]] and various processes from [[ITIL Service Design|Service Design]], [[ITIL Service Operation|Service Operation]] and [[ITIL CSI - Continual Service Improvement|Continual Service Improvement]]
|- valign="top"
| 4.5
| Establish and improve the SMS <br />
4.5.1 Define scope <br />
4.5.2 Plan the SMS (Plan) <br />
4.5.3 Implement and operate the SMS (Do) <br />
4.5.4 Monitor and review the SMS (Check) <br />
4.5.5 Maintain and improve the SMS (Act)
|  
* Various processes from [[ITIL Service Strategy|Service Strategy]], [[ITIL Service Design|Service Design]] and [[ITIL CSI - Continual Service Improvement|Continual Service Improvement]]
|- valign="top"
| '''5'''
| '''5'''
| '''Planning and Implementing New or Changed Services'''
| <span id="ISO-20000-requirement-5">'''Design and transition of new or changed services'''</span>
| Requirements are fulfilled by the ITIL processes "[[ITIL V3 Service Strategy|Service Strategy]]" and "[[Service Level Management]]"
|  
|-
* [[ISO 20000#ISO-20000-ITIL-note|''See note ['''1''']'']]
|- valign="top"
| 5.1
| General
|
* [[ITIL Design Coordination|Design Coordination]] and various [[ITIL Service Transition|Service Transition]] processes
|- valign="top"
| 5.2
| Plan new or changed services
|
* Various [[ITIL Service Strategy|Service Strategy]], [[ITIL Service Design|Service Design]] and [[ITIL Service Transition|Service Transition]] processes
|- valign="top"
| 5.3
| Design and development of new or changed services
|
* Various [[ITIL Service Design|Service Design]] and [[ITIL Service Transition|Service Transition]] processes
|- valign="top"
| 5.4
| Transition of new or changed Services
|
* Various [[ITIL Service Transition|Service Transition]] processes
|- valign="top"
| '''6'''
| '''6'''
| '''Service Delivery'''
| <span id="ISO-20000-requirement-6">'''Service delivery processes'''</span>
| &nbsp;
| &nbsp;
|-
|- valign="top"
| 6.1
| 6.1
| Service Level Management
| Service level management
| Requirements are fulfilled by the ITIL process "[[Service Level Management]]"
|  
|-
* [[Service Level Management]]
|- valign="top"
| 6.2
| 6.2
| Service Reporting
| Service reporting
| Requirements are fulfilled by the ITIL process "[[Service Level Management]]"
|  
|-
* [[Service Level Management]]
|- valign="top"
| 6.3
| 6.3
| Service Continuity and Availability Management
| Service continuity and availability management <br />
| Requirements are fulfilled by the ITIL processes "[[IT Service Continuity Management]]" and "[[Availability Management]]"
6.3.1 Service continuity and availability requirements <br />
|-
6.3.2 Service continuity and availability plans <br />
6.3.3 Service continuity and availability monitoring and testing
|  
* [[IT Service Continuity Management]] and [[Availability Management]]
|- valign="top"
| 6.4
| 6.4
| Budgeting and Accounting for IT Services
| Budgeting and accounting for IT Services
| Requirements are fulfilled by the ITIL process "[[Financial Management]]"
|  
(optional, i.e. non-obligatory component of the standard)
* [[Financial Management|Financial Management for IT Services]]
|-
|- valign="top"
| 6.5
| 6.5
| Capacity Management
| Capacity management
| Requirements are fulfilled by the ITIL process "[[Capacity Management]]"
|  
|-
* [[Capacity Management]]
|- valign="top"
| 6.6
| 6.6
| Information Security Management
| Information security management <br />
| Requirements are fulfilled by the ITIL process "[[IT Security Management|Information Security Management]]"
6.6.1 Information security policy <br />
|-
6.6.2 Information security controls <br />
6.6.3 Information security changes and incidents
|  
* [[IT Security Management|Information Security Management]]
|- valign="top"
| '''7'''
| '''7'''
| '''Relationship Processes'''
| '''Relationship processes'''
|  
|  
|-
|- valign="top"
| 7.1
| Business relationship management
|
* [[Business Relationship Management]]
|- valign="top"
| 7.2
| 7.2
| Business Relationship Management
| Requirements are fulfilled by various ITIL processes: "[[Service Portfolio Management]]", "[[Service Level Management]]" and "[[ITIL Processes#Continual Service Improvement|Continual Service Improvement]]"
|-
| 7.3
| Supplier Management
| Supplier Management
| Requirements are fulfilled by the ITIL process "[[Supplier Management]]"
|  
|-
* [[Supplier Management]]
|- valign="top"
| '''8'''
| '''8'''
| '''Resolution'''
| '''Resolution processes'''
|  
|  
|-
|- valign="top"
| 8.1
| Incident and service request management
|
* [[Incident Management]] and [[Request Fulfilment]]
|- valign="top"
| 8.2
| 8.2
| Incident Management
| Problem management
| Requirements are fulfilled by the ITIL process "[[Incident Management]]"
|  
|-
* [[Problem Management]]
| 8.3
|- valign="top"
| Problem Management
| Requirements are fulfilled by the ITIL process "[[Problem Management]]"
|-
| '''9'''
| '''9'''
| '''Control'''
| '''Control processes'''
|  
|  
|-
|- valign="top"
| 9.1
| 9.1
| Configuration Management
| Configuration management
| Requirements are fulfilled by the ITIL process "[[Service Asset and Configuration Management]]"
|  
|-
* [[Service Asset and Configuration Management]]
|- valign="top"
| 9.2
| 9.2
| Change Management
| Change management
| Requirements are fulfilled by the ITIL process "[[Change Management]]"
|  
|-
* [[Change Management]]
| '''10'''
|- valign="top"
| '''Release'''
| 9.3
| Release and deployment management
|  
|  
|-
* [[Release and Deployment Management]]
| 10.1
| Release Management
| Requirements are fulfilled by the ITIL process "[[Release and Deployment Management]]"
|}
|}


<p>&nbsp;</p>
<p>&nbsp;</p>
<span id="ISO-20000-ITIL-note">'''Note''':</span>
ITIL focuses on the life cycle of services, but offers less guidance on establishing and operating the Service Management System (SMS) itself. As a consequence, it is at times not straightforward to map the ITIL guidance and (especially) [[ISO 20000#ISO-20000-requirement-4|Section 4]] and [[ISO 20000#ISO-20000-requirement-5|Section 5]] of ISO 20000, but various ITIL processes together can typically be used to fulfill the requirements.
<p>&nbsp;</p>
==Documentation==
The original ISO 20000 documents can be ordered from the ''publisher's web site'': [http://www.iso.org/iso/iso_catalogue/catalogue_ics/catalogue_detail_ics.htm?csnumber=51986 ISO International Organization for Standardization]
<p>&nbsp;</p>
<html>By:&#160;&#160;Andrea Kempter&#160;<a rel="author" href="https://www.linkedin.com/in/andreakempter"><img style="margin:0px 0px 0px 0px;" src="/images/bookmarking/linkedin.png" width="16" height="16" title="By: Andrea Kempter | Profile on LinkedIn" alt="Author: Andrea Kempter, IT Process Maps GbR" /></a>&#160;&#160;and&#160;&#160;Stefan Kempter&#160;<a href="https://www.linkedin.com/in/stefankempter"><img style="margin:0px 0px 0px 0px;" src="/images/bookmarking/linkedin.png" width="16" height="16" title="By: Stefan Kempter | Profile on LinkedIn" alt="Contributor: Stefan Kempter, IT Process Maps GbR" /></a>, IT Process Maps.</html>
<p>&nbsp;</p>
<small>
<html>
<p><span itemprop="breadcrumb" itemscope itemtype="http://schema.org/BreadcrumbList">
<span itemprop="itemListElement" itemscope itemtype="http://schema.org/ListItem">
<a itemprop="item" href="https://wiki.en.it-processmaps.com/index.php/ISO_20000#How_ITIL_and_ISO_20000_are_related" > <span itemprop="name">ITIL and ISO 20000</span></a><meta itemprop="position" content="1" /></span> ›
<span itemprop="itemListElement" itemscope itemtype="http://schema.org/ListItem">
<a itemprop="item" href="https://wiki.en.it-processmaps.com/index.php/ISO_20000#ISO-20000-requirement-4" > <span itemprop="name">SMS general requirements</span></a><meta itemprop="position" content="2" /></span> ›
<span itemprop="itemListElement" itemscope itemtype="http://schema.org/ListItem">
<a itemprop="item" href="https://wiki.en.it-processmaps.com/index.php/ISO_20000#ISO-20000-requirement-5" > <span itemprop="name">Design and transition</span></a><meta itemprop="position" content="3" /></span> ›
<span itemprop="itemListElement" itemscope itemtype="http://schema.org/ListItem">
<a itemprop="item" href="https://wiki.en.it-processmaps.com/index.php/ISO_20000#ISO-20000-requirement-6" > <span itemprop="name">Service delivery processes</span></a><meta itemprop="position" content="4" /></span>
</span></p>
</html>
</small>


<!-- This page is assigned to the following categories: -->
<!-- This page is assigned to the following categories: -->
[[Category:ISO/IEC 20000|!]]
[[Category:ISO/IEC 20000|!]]
<!-- --- -->
<!-- --- -->

Latest revision as of 10:50, 30 March 2019

DE - ES - ISO 20000 - ISO/IEC 20000 - ISO 20000 Requirementsdiese Seite auf Deutschesta página en español
DE - ES - ISO 20000 - ISO/IEC 20000 - ISO 20000 Requirements


ISO/IEC 20000 (often abbreviated to ISO 20000) is the internationally acknowledged standard for service management. It was developed in 2005 based on the earlier BS 15000, and subsequently revised in 2011 and 2018.

The standard enables organizations to demonstrate reliability and commitment to a high quality of service. ISO 20000 has thus become a competitive differentiator for the delivery of services.

 

➔ In our YaSM Service Management Wiki we provide a complete introduction to ISO 20000 (ISO/IEC 20000:2018), covering topics such as:

 

How ITIL and ISO 20000 are related

ISO 20000 requirements and ITIL 2011
Figure 1: ISO 20000

The basic principles behind ITIL and ISO 20000 are very much in line (see also: "Alignment White Paper: ITIL V3 and ISO/IEC 20000", Jenny Dugmore & Sharon Taylor, March 2008). The key differences are:

  • ITIL certifications are available for individuals only, whereas ISO 20000 is a certification scheme for organizations.
  • ITIL is a rather detailed collection of best practices, while ISO 20000 is an international standard that sets out Service Management requirements for IT organizations.
  • When organizations say they are compliant to ITIL, very often this statement is not verifiable; a certification according to the ISO 20000 standard means there has been an objective assessment.

Frequently, an ISO 20000 certification is sought after introducing ITIL, because it allows an IT organization to actually prove that it is a customer-oriented, efficient and effective supplier of IT services. A certification can thus be used for marketing purposes, or to gain access to customers and markets which require their service suppliers to be ISO 20000 certified.

 

ISO 20000 Sections and related ITIL Processes

ITIL was explicitly written to be aligned with ISO 20000, as the following table exemplifies: for every section in ISO/IEC 20000:2011, Part 1 (Mandatory Requirements) there are one or several related ITIL processes.

The following table summarizes in broad terms how the main ISO 20000 processes correspond to ITIL processes (ITIL 2011 main processes).

 

ISO 20000 Sections (ISO/IEC 20000:2011) Related ITIL Processes (ITIL 2011)
Ch. Title Remark
4 Service management system general requirements
4.1 Management responsibility
4.2 Governance of processes operated by other parties
4.3 Documentation management
4.4 Resource management
4.5 Establish and improve the SMS

4.5.1 Define scope
4.5.2 Plan the SMS (Plan)
4.5.3 Implement and operate the SMS (Do)
4.5.4 Monitor and review the SMS (Check)
4.5.5 Maintain and improve the SMS (Act)

5 Design and transition of new or changed services
5.1 General
5.2 Plan new or changed services
5.3 Design and development of new or changed services
5.4 Transition of new or changed Services
6 Service delivery processes  
6.1 Service level management
6.2 Service reporting
6.3 Service continuity and availability management

6.3.1 Service continuity and availability requirements
6.3.2 Service continuity and availability plans
6.3.3 Service continuity and availability monitoring and testing

6.4 Budgeting and accounting for IT Services
6.5 Capacity management
6.6 Information security management

6.6.1 Information security policy
6.6.2 Information security controls
6.6.3 Information security changes and incidents

7 Relationship processes
7.1 Business relationship management
7.2 Supplier Management
8 Resolution processes
8.1 Incident and service request management
8.2 Problem management
9 Control processes
9.1 Configuration management
9.2 Change management
9.3 Release and deployment management

 

Note:

ITIL focuses on the life cycle of services, but offers less guidance on establishing and operating the Service Management System (SMS) itself. As a consequence, it is at times not straightforward to map the ITIL guidance and (especially) Section 4 and Section 5 of ISO 20000, but various ITIL processes together can typically be used to fulfill the requirements.

 

Documentation

The original ISO 20000 documents can be ordered from the publisher's web site: ISO International Organization for Standardization

 

By:  Andrea Kempter   and  Stefan Kempter Contributor: Stefan Kempter, IT Process Maps GbR, IT Process Maps.

 

ITIL and ISO 20000 › SMS general requirements › Design and transition › Service delivery processes

Retrieved from "https://wiki.en.it-processmaps.com/index.php?title=ISO_20000&oldid=9134"