A Beginner's Guide to ISO 20000

ISO 20000 certification tells the world that your IT department meets rigorous guidelines for service design, delivery, and continual improvement. The Blueprint explores ISO 20000 and its benefits.

Updated August 7, 2020

We live in a digital world, and your business's information technology (IT) department must provide the best services possible to satisfy customers, enhance partner and supplier relationships, and contribute to the bottom line.

International Organization for Standardization (ISO) 20000 provides the methods to improve your IT service management (ITSM) operations. We'll go over its benefits and processes below to show how its implementation through IT management software can benefit your business.

Overview: What is ISO 20000?

ISO 20000 is a technical standard that specifies the requirements for an IT service provider to plan, establish, implement, operate, monitor, review, maintain, and improve a service management system (SMS). This standard provides a uniform high-level structure, terms, and definitions for SMS certification.

ISO 20000 uses plan-do-check-act (PDCA) methodology for your SMS and its processes.

Each plan, do, check, and act area is shown as one-quarter of a pie diagram.

PDCA is a recursive, continual improvement process.

ISO 20000 certification provides external validation that a company's SMS processes meet the requirements for standardization and quality assurance.

ISO 20000 vs. ITIL: What's the difference?

As you begin the ISO 20000 certification process, it’s important you understand its relationship to Information Technology Infrastructure Library (ITIL) principles. The ITIL framework is also concerned with ITSM activities, and the ITIL foundation better integrates them with overall business processes and objectives.

Key distinctions include:

  • ISO 20000 is a technical standard; ITIL methodology is a best practices framework.
  • ISO 20000 certifies companies and individuals; ITIL certifies individuals.
  • ISO 20000 has formal requirements for ITSMs and SMSes; ITIL offers guidance, which companies can follow as much or little as they prefer.

ITIL and ISO 20000 have no formal connection, but their methodologies are complementary: ITIL identifies suggested goals, and ISO 20000 defines formal processes to meet those goals.

ITIL is like a job description that describes the recommended education level, experience, and skills set for a position. ISO 20000 describes the hiring process: how to conduct skills tests, interview questions to ask, and the scoring matrix to identify the best candidate.

How your business can benefit from ISO 20000

The ISO 20000 certification process is rigorous and should not be undertaken lightly. This certification's benefits impact your bottom line by demonstrating your company's externally validated processes for quality control, efficiency, and continual improvement.

1. Reduced costs

ISO 20000 provides an in-depth understanding of IT costs, how to manage costs, and achieve greater efficiencies. It helps decrease the number of IT incidents and events while increasing your ability to resolve them.

Costs of regulatory compliance with Sarbanes-Oxley (SOX), ISO 27001, and the Payment Card Industry Data Security Standard (PCI DSS) are reduced, too.

2. Increased competitiveness

Access new markets because more public sector agencies, including the U.S. Air Force and UK National Health Service, require ISO 20000 certification to award government contracts.

An ISO certificate also improves partner, supplier, and customer perceptions of your business due to your demonstrated commitment to quality processes and services.

3. Enhanced customer service

Your IT department and its customers will be on the same page because ISO 20000 dictates that each service has a service agreement: the defined service, the metrics for measuring performance, and the remedies and/or penalties if service levels are not met.

Less IT downtime, more efficient processes, and better IT help desk skills will also increase your customer satisfaction (CSAT) scores.

The 4 ISO 20000 processes

ISO 20000 has four ITSM-related process groups:

  • Service delivery
  • Relationships
  • Resolutions
  • Controls

These four interrelated groups are in the overall SMS schema and its "design and transition of new or changed services" sub-category.

A diagram showing the progression of a customer service requirement leading to the formulation of new or changed services which are then delivered to the customer.

The ISO 20000 SMS framework defines management and process areas to ensure high quality and continually improving services.

The ISO 20000 SMS framework creates a uniform, transparent system for responding to customer service requests and delivering subsequent services. Top-level SMS definitions of management and process elements include:

  • Management responsibility
  • Control of third-party processes
  • Documentation management
  • Resource management
  • PDCA continual improvement processes

In the sub-category design and transition of new or changed services, the four SMS process groups — service delivery, relationships, resolutions, and controls — further delineate the requested service, its implementation, and delivery.

1. Service delivery processes

The breadth of information included for each service area provides a granular overview of the new service. The six service delivery processes are:

  • Service level management: Service definition and agreement type, such as client service level agreement (SLA), internal supplier operational level agreement (OLA), or external provider support agreement (SA)
  • Service reporting: Predefined, prescheduled reports with detailed information about service status
  • Service continuity and availability management: Predetermined disaster recovery and continuity plans
  • Service budgeting and accounting: Actual cost of assets, equipment, and personnel versus projected cost
  • Capacity management: Required resources to provide the service, including equipment, people, and other assets
  • Information security management: Defined security policies, controls, and incident reporting procedures

2. Relationship processes

Ongoing communication with customers and vendors is vital to maintain productive relationships. The two relationship processes are:

  • Business relationship management: Periodic service agreement reviews and discussions with customers
  • Supplier management: Periodic contract reviews with suppliers and the defined supplier approval process

3. Resolution processes

No IT service has 100% uptime, so you must define the processes to deal with issues as they occur. The two resolution processes are:

  • Incident and service request management: Resolution of individual incidents and service requests
  • Problem management: Resolution of problems arising from recurring, related incidents

4. Control processes

The configuration and deployment of IT assets and processes to change them must be defined. The three control processes are:

  • Configuration management: Approved setup and baselines for identified hardware and service elements in the Configuration Management Database (CMDB)
  • Release and deployment management: Plans for hardware and software deliveries, including dates, frequency, and delivery methods
  • Change management: Request for change (RFC) workflow

How ISO 20000 compares to other ITIL processes

ISO 20000 has 13 processes in four groups, and ITIL has four versions, each of which builds upon earlier iterations, with dozens of interrelated and overlapping processes. These two methodologies are independent of each other, but they are complementary, so some ITIL processes align with ISO 20000.

ISO 20000 process groups and related ITIL processes include:

  • Service delivery: Service level management, IT service continuity management, availability management, capacity management, financial management for IT services, and information security management
  • Relationship: Business relationship management and supplier management
  • Resolution: Incident management, request fulfillment, and problem management
  • Control: Service asset and configuration management, change management, and release and deployment management

The key distinction to remember about ISO 20000 and ITIL practices is that the latter is a collection of best practices, and the former details the processes to implement those practices.

Take a bold step with ISO 20000 certification

A handshake is the classic symbol of closing a business deal. The devil is in the details, though, so implement ISO 20000 to define your IT services and agreements. Your company will also achieve operational efficiencies, increase its prestige, and access new markets.

LOTS TO CONSIDER, LET US HELP

Get The Blueprint’s latest recommendations by signing up to our free newsletter.

The Motley Fool has a Disclosure Policy. The Author and/or The Motley Fool may have an interest in companies mentioned.