IT service management - ISO 20000
Published in December 2005, ISO/IEC 20000 is the first worldwide standard specifically aimed at IT service management. It was developed in response to the need to set processes and procedures in place to minimize the risk to businesses posed by a technical breakdown of an organization’s IT system. Robert Maddison looks at the implications that the standard will have on the future delivery of IT services.
IT service management
Information technology service management (ITSM) is an integrated process-based approach aligning the delivery of IT services with the needs of an enterprise. The approach aims to emphasize the benefits to the end users. ITSM is a quantum leap forward, surpassing previous attempts to manage IT services as separate and distinct individual activities. The new approach now focuses on the delivery of end-to-end services using best practice process models.
The ISO 20000:2005 series of standards describe this integrated set of management processes for the effective delivery of IT services to the business and its customers. The long-awaited publication of the standard on 15 December 2005 represents a major step forward in the international recognition and development of ITSM certification.
The emergence of ISO 20000:2005 is expected to cause a significant increase in interest among organizations that wish to implement an ITSM and have this certified against the requirements of the new standard. This interest is expected to grow internationally and build on the already well-established certification provided by 19 registered certification bodies operating under the auspices of the Information Technology Service Management Forum (itSMF) ISO/IEC 20000 certification scheme.
The ISO/IEC 20000 series
The ISO/IEC 20000 series represents a widely recognized basis for evaluating IT service management processes. The series is aligned with and complements the process approach defined within ITIL (the IT infrastructure library). It is afforded greater credibility as it has been developed in conjunction with the itSMF, an independent and internationally recognized forum for IT service management professionals worldwide.
This relationship can be displayed diagrammatically:
The ISO/IEC 20000 series defines a comprehensive and closely-related set of service management processes and comprises two parts:
- ISO 20000-1 is the ‘specification for service management’; it specifies a range of specific processes and is the basis of certification
- ISO 20000-2 is the ‘code of practice for service management’; it describes best practices and the requirements of part one. The code of practice will be of particular use to organizations preparing to be audited against ISO/IEC 20000 or planning service improvements
Organizations may use both parts to help them develop service management tools, and products and systems that support best practice service management. It is important to keep in mind that it is virtually impossible to audit effectively against ISO/IEC 20000:2005 part one without having a comprehensive knowledge and understanding of the corresponding ISO/IEC 20000:2005 part two. This standard establishes guidelines and general principles and a code of practice for ITSM.
ISO 20000 is based upon an original set of documents, BS 15000-1/2, which were published by BSI in 2002 and 2003 respectively. BS 15000-1 came from the harmonization of a previous version with other international standards that had already adopted the standard plan, do, check, act (PDCA) approach. ISO 20000-1:2005 part one also makes use of the PDCA cycle and uses a process approach to emphasize the importance of:
- understanding and meeting requirements
- the need to consider processes in terms of added value
- obtaining results of process performance and effectiveness
- continual improvement based on objective measurement
The structure of the ISO/IEC 20000-1 part one standard which is used for certification purposes is as follows:
- scope
- terms and definitions
- requirements for a management system
- planning and implementing service management
- planning and implementing new or changed services
- service delivery process (six sub processes)
- relationship processes (two sub processes)
- resolution processes (two sub processes)
- control processes (two sub processes)
- release process (one sub process)
The portal for ITSM, ISO 20000 central, has identified that the implementation of ISO 20000 can bring with it many benefits and advantages including the:
- alignment of IT services with business strategy
- creation of a formal framework for service improvement projects currently in progress
- provision of a benchmark comparison with best practices
- creation of a competitive advantage through promotion of consistent and cost-effective services
- creation of a forward-looking culture, due to required ownership and responsibility at all levels
- support for the 'interchanging' of service providers and staff through the creation of inter-enterprise operational processes
- reduction of risk and hence reduction of cost in terms of external service receipt
- facilitation of major organizational changes through the creation of a consistent approach
- enhancement of reputation and perception
- fundamental shift to proactive as opposed to reactive processes
- improved inter-departmental relationships via better definition of responsibility and goals
- creation of a robust framework for resource training and for service management automation
Will it work?
The big question is: will accredited certification to this new standard be accepted by the market? We know that the food safety standard, ISO 22000, has not been embraced by the major players in the food industry, partly because they have their own established (if diverse) standards, and partly because they question the ability of the conformity assessment industry to deliver a credible and consistent certification service globally. We also know that the automotive industry has shunned the standard conformity assessment industry to set up its own control system for similar reasons. So what of ISO 20000?
Historically, certification to BS 15000 (the precursor to the international version) was controlled by the itSMF. As the key stakeholder group of ITSM providers and users, the itSMF was well placed to ensure that the certification process delivered what users want. However, with the international standard itSMF may lack a mechanism for global control of certification and is now faced with pilot accreditation schemes being operated by a number of accreditation bodies around the world: UKAS and the Japan Information Processing Development Corporation are both understood to be operating such pilot schemes.
This means less control for itSMF and potentially less input into conformity assessment from this group of stakeholders. Of course, the International Accreditation Forum (IAF) has a part to play in ensuring that accredited certification to this new standard is controlled and consistent globally from the start. We wait and see…
The IT infrastructure library® (ITIL®) is the most widely accepted approach to ITSM in the world. ITIL provides a cohesive set of best practice, drawn from the public and private sectors internationally. It is supported by a comprehensive qualifications scheme, accredited training organizations, and implementation and assessment tools. The best practice processes promoted in ITIL support and are supported by the British Standards Institution’s standard.
The Information Technology Service Management Forum (itSMF) is a global, independent, not-for-profit organization dedicated to ITSM. itSMF is wholly owned and principally run by its membership. It consists of a growing number of national chapters, each with a large degree of autonomy but adhering to a common code of conduct.
ITIL ® is a Registered Trade Mark, and a Registered Community Trade Mark of the Office of Government Commerce, and is Registered in the U.S. Patent and Trademark Office.
IT Infrastructure Library ® is a Registered Trade Mark of the Central Computer and Telecommunications Agency which is now part of the Office of Government Commerce.
- IT service management and
ISO 20000 - Auditing electronic-based
management systems - ISO 27001 the story so far
- How to audit a patch process
- Internal auditing
- The Q&A
- Management systems survey
What effect do you think ISO 20000 will have? Have your say right now by contributing to the discussion on IT service management in the IRCA discussion forum.