ISO 20000

Use the standards even if youre not interested in certification

Mark Thomas, Escoute Consulting, LLC
ISOThe Basics Originally developed by the British Standards Institution (BSI), ISO/IEC 20000 is an international standard that promotes an integrated process approach to delivering IT Services that meet business and customer requirements. It defines a Quality Management System (QMS) for IT Service Management. In 2000, the BSI developed the requirements for the delivery of IT services called BS 15000. In late 2005, the International Standards Organization (ISO) accepted BS 15000 as a new international standard called ISO/IEC 20000. The aim is to provide a common reference standard for any enterprise offering IT services and a common terminology. This standard promotes an integrated process that is closely aligned with the IT Infrastructure Library (ITIL) Service Support and Service Delivery phases and provides a yardstick for measuring an organizations ability to implement best practices as defined by ITIL. International standards can provide valuable guidelines that establishes organizational credibility. Organizations focused on these principles will benefit by utilizing this latest standard. The requirements are organized into two primary categories: Part 1, Specifications: ISO/IEC 20000:1, also known as the shalls Defines the requirements for a service provider to deliver managed services of an acceptable quality for its customers. Specifies a number of closely related service management processes Defines minimum / mandatory requirements Auditable, process based standard Part 2, Code of Practice: ISO/IEC 20000:2, also known as the shoulds Recommendations on how to meet the requirements in part 1 Not absolute requirements, but they support the shalls The standard requires evidence of the stated processes. This evidence should be in the form of Records and Documents. Records are evidence of activities (reports, minutes, etc.), and Documents are evidence of intention (plans, schedules, etc.). Importance of Continual Improvement A key aspect of ITIL, and therefore ISO 20000, is the concept of continual improvement based on W. Edwards Demings concept of Plan-Do-Check-Act. An important factor in maintaining this state is to conduct regular checks on the quality of IT Service Management. ISO 20000 provides a mechanism to determine how well an organization is continually improving. ISO 20000 defines and measures achievements as organizations grow in service maturity. Good for you? Achieving ISO 20000 certification can help companies gain a competitive edge over those companies that do not, but its not for everyone. Certification validates a commitment to IT Service Management best practices as witnessed by an independent, external evaluation using the formal standards that has been executed out by an approved audit organization. Certification will not, however be considered for products or services offered by consulting organizations. If youre trying to determine if its right for you, consider the following: 1) ISO 20000 is especially important where quality IT services are essential to business success, 2) ISO 20000 is key to organizations that provide managed IT services, 3) Organizations should consider ISO 20000 with

Escoute Consulting, LLC

12920 Metcalf Ave, Suite 170 Overland Park, KS 66213

www.escoute.com
1

Although ISO/IEC 20000 is not formally including the ITIL approach, it describes an integrated set of management processes that are aligned with and complementary to the process approach defined within ITIL. The individual ITIL books offer expanded information and guidance on the subjects addressed within the scope of ISO/IEC 20000. (itSMF ISO/IEC20000 Pocket Guide)
the documentation a valuable (and inexpensive) tool to assist in implementing Service Management processes based on ITIL guidelines. It is a standardized way to measure progress in becoming an ITIL based organization. Additionally, by using the requirements today, organizations can leverage their efforts if they decide to pursue ISO 20000 sometime in the future. Suggested Actions Like any other good improvement initiative, ISO 20000 is not a destination, its a journey. A journey in which IT strives to achieve world class service management practices based on real customer input and requirements. Whether or not an organization is seeking ISO 20000 certification, it should first and foremost establish a culture of continual improvement in ITSM and seek to understand the ITIL processes that are key to business success. The following are some steps to consider: Step One. Establish the right culture and get people on board. Step Two. Build the roadmap. Step Three. Become familiar with pertinent documentation. Step Four. Assess the current situation. Determine how the organization measures up to ISO 20000 standards. ISO 20000 Part 1 and Part 2. Step Five. Initiate an improvement program. Step Six. Seek certification (if desired) About Escoute Consulting Escoute Consulting provides premiere IT Service Management consulting services. We are not constrained by various vendor agreements and alliances - we are truly independent and objective. We are trained in the ITIL best practices framework and use ITIL as a guide to helping you solve your technical challenges.

respect to regulatory compliance (i.e. Sarbanes-Oxley, HIPAA), 4) future compliance audits may require standards certification because ISO 20000 deals specifically with the quality of IT Service Management, and 5) Certification may be required to conduct business with certain organizations (i.e. government agencies). Getting Certified Organizations can be assessed for conformance, and if the assessment is positive, they can be certified by Registered Certification Bodies (RCBs). These bodies are approved by the IT Service Management Forum (itSMF) and are licensed to use its logo. RCBs are in many countries worldwide, and are independent from consultant firms, whos role it is to provide advice in preparation for an independent audit by a RCB. Although service providers can claim to be compliant with the specifications, a formal audit and certification will be significantly more reliable. The general process for certification includes: application screening, planning and preparation, certification, and re-assessment. For Organizations Not Seeking Certification If youre not interested in achieving certification, it is wise to use the ISO 20000 checklist as a guide towards your continuous improvement initiatives. Consider

Mark Thomas is the President of Escoute Consulting, LLC and has over 16 years experience in leadership and technical positions in various industry and consulting organizations. Mark can be reached at mark@escoute.com.

Escoute Consulting, LLC

12920 Metcalf Ave, Suite 170 Overland Park, KS 66213

www.escoute.com
2