ISO 20000
<seo metakeywords="iso 20000 processes, iso 20000 requirements" metadescription="In contrast to the ITIL books, ISO 20000 does not offer specific advice on how to design your processes. It is rather a set of requirements which must ..." />
ITIL provides guidance on what should be done in order to offer users adequate IT Services to support their business processes. ITIL certifications are available for individuals but until recently there was no way for an IT organization to prove that it is working along the ITIL recommendations.
The ISO 20000 standard was conceived to fill this gap. Initiated by the two organizations itSMF and BSI (British Standard Institute), it is modeled upon the principles of ITIL and for the first time offers IT organizations the possibility to have their IT Service Management certified.
In contrast to the ITIL books, ISO 20000 does not offer specific advice on how to design your processes. It is rather a set of requirements which must be met in order to qualify for ISO 20000 certification.
Central Requirements from ISO 20000
The two central requirements of the ISO 20000 standard (ISO/IEC 20000:2005) are as follows:
- Use of a management approach according to the ISO management standard ISO 9001:2000, based upon the principles of Business Process Management and aimed at continuous quality improvement
- Alignment of the IT processes with the requirements of the ISO 20000 standard, which broadly corresponds to ITIL Best Practice
Introducing ITIL is therefore a prerequisite for obtaining an ISO 20000 certificate, but not sufficient: It is equally important to prove that IT processes are documented, actively managed, and continually improved; a high-quality process documentation is at the centre of any certification project.
How ITIL V3 and ISO 20000 are Related
The basic principles behind ITIL V3 and ISO 20000 are very much in line (see also: "Alignment White Paper: ITIL V3 and ISO/IEC 20000", Jenny Dugmore & Sharon Taylor, March 2008). The key differences are:
- ITIL certifications are available for individuals only, whereas ISO 20000 is a certification scheme for organizations
- ITIL is a rather detailed collection of best practices, while ISO 20000 is an international standard that sets out Service Management requirements for IT organizations
- when organizations say they are compliant to ITIL, very often this statement is not verifiable; a certification according to the ISO 20000 standard means there has been an objective assessment
Frequently, a certification according to ISO 20000 is sought after introducing ITIL, because it allows an IT organization to actually prove that it is a customer-oriented, efficient and effective supplier of IT services. A certification can thus be used for marketing purposes, or to gain access to customers and markets which require their service suppliers to be ISO 20000 certified.
ISO 20000 Requirements in Relation to ITIL V3 Processes
The following table summarizes the requirements set out in ISO 20000 and how they are fulfilled by ITIL V3 processes:
| ISO 20000 Requirements | Related ITIL V3 Processes | ||
|---|---|---|---|
| Ch. | Title | Remark | |
| 5 | Planning and Implementing New or Changed Services | Requirements are fulfilled by the ITIL processes “Service Strategy” and "Service Level Management" | |
| 6 | Service Delivery | ||
| 6.1 | Service Level Management | Requirements are fulfilled by the ITIL process "Service Level Management" | |
| 6.2 | Service Reporting | Requirements are fulfilled by the ITIL process "Service Level Management" | |
| 6.3 | Service Continuity and Availability Management | Requirements are fulfilled by the ITIL processes "IT Service Continuity Management" and "Availability Management" | |
| 6.4 | Budgeting and Accounting for IT Services | Requirements are fulfilled by the ITIL process "Financial Management"
(optional, i.e. non-obligatory component of the standard) | |
| 6.5 | Capacity Management | Requirements are fulfilled by the ITIL process "Capacity Management" | |
| 6.6 | Information Security Management | Requirements are fulfilled by the ITIL process "IT Security Management" | |
| 7 | Relationship Processes | ||
| 7.2 | Business Relationship Management | Requirements are fulfilled by various ITIL processes: “Service Portfolio Management”, „Service Level Management”; and “Continual Service Improvement” | |
| 7.3 | Supplier Management | Requirements are fulfilled by the ITIL process "Supplier Management" | |
| 8 | Resolution | ||
| 8.2 | Incident Management | Requirements are fulfilled by the ITIL process "Incident Management" | |
| 8.3 | Problem Management | Requirements are fulfilled by the ITIL process "Problem Management" | |
| 9 | Control | ||
| 9.1 | Configuration Management | Requirements are fulfilled by the ITIL process "Service Asset and Configuration Management" | |
| 9.2 | Change Management | Requirements are fulfilled by the ITIL process "Change Management" | |
| 10 | Release | ||
| 10.1 | Release Management | Requirements are fulfilled by the ITIL process "Release and Deployment Management" | |
