Business Case for ITSM

Being a leader in service management in the IT sector, HDI researched the use of service
management principles, practices, and tools. As a result, according to the 2018 HDI survey, three
important aspects of the business case of ITSM are highlighted even outside the IT.
Businesses Outside IT Adopting ITSM
HDI asked, "What business drivers are influencing the expansion of service management outside
IT?". Interestingly 77% say to improve customer experience. But, at the same time, the customer is
viewed as both internal and external users of the support and IT services.
Employee Satisfaction
HDI asked, "How has employee satisfaction changed since expanding service management outside
of IT?". 52% of the respondents note that employee satisfaction increased due to its implementation
even outside IT.
Productivity
HDI asked, "How has productivity changed since expanding service management outside of IT?".
Amazingly 75% of the respondents note that productivity increased due to its implementation even
outside IT.

International Standards and Frameworks on ITSM

There are different international standards, methodologies, and frameworks on different aspects of
ITSM. These standards and frameworks are bifurcated based on controls, processes & workflows,
and operational level tasks.

Control Processes & Workflows Operational Level Tasks

MOF (Microsoft Operation

ISO/IEC 27001 on information security ISO 20000 series on IT service Framework) is another framew
management system management on IT service management

ITIL (Information Technology

Infrastructure Library) is a
ISO/IEC 38500 on information framework on IT service Six Sigma Methodologies base
technology governance management its compatibility with ITIL

COBIT (Control Objectives for MOF (Microsoft Operation

Information and Related Technology) Framework) is another framework
for IT governance and management on IT service management N/A

Popular IT Service Management System Standards

Considering the precedent list of various standards on ITSM, the two popular standards and
frameworks are the ISO 20000 series and the ITIL framework.
 Difference Between ISO 20000 Series & ITIL Framework

ISO 20000 Series ITIL

ISO 20000 emphasizes the role of organizations in what ITIL explains how to do those things that need to be d
they need to do to have ITSM. for an ITSM.

ISO 20000 series are the set of international standards ITIL is a set of best practices that guide organizations
on ITSM. align IT services from the business needs perspective

ISO 20000 series focuses on having determined ITIL provides details on those processes and how to c
processes of the ITSM. on with those processes.

ISO 20000-1 is drafted based on the fundamental ITIL can be used to implement ISO 20000-1.
principles of ITIL, and companies can be certified Organizations can implement ISO 20000-1 independe
against it. ISO 20000-1 is one important standard in ISO However, it works fine with the ITIL approach of its
20000 series. implementation.

ISO/IEC 20000 Series & ISO/IEC 20000-1 Standard

ISO/IEC 20000-1 is an international standard published by ISO (the International Organization for
Standardization) and IEC (the International Electoral Commission) for IT Service Management
(ITSM). It helps in improving the delivery of IT services.

The standard has gone through revision twice; 2011 and 2018. Regardless of the size or type of IT
service industry, any company can benefit from ISO/IEC 20000 compliance. However, if the
business wishes to achieve certification, it must integrate some industry best practices in its
infrastructure.
Contents of the Series

The ISO/IEC 20000 standard series divides into 10 parts. ISO/IEC 20000-1 and ISO/IEC 20000-2
are the two most important parts. ISO/IEC 20000-4 and ISO/IEC 20000-9, since the 2018 update,
are no longer included as parts of the standard and are declared obsolete.
The ten parts of the ISO/IEC 20000 series are discussed on the next page.

ISO/IEC 20000-1:2018 – Requirements of Service Management

ISO/IEC 20000-1:2018 lists requirements for establishing, implementing, maintaining, and
continually improving the organization’s Service Management System (SMS).
Applicability of the Standard
Explanation of Basic Terms
The document provides planning, design, transition, delivery, and service improvement
requirements to achieve service requirements and gain real-world value. This document is
applicable for:

• Customers who want a particular service and want assurance regarding the quality of the
service.
• Customers who require the service providers, including those in a supply chain, provide a
consistent procedure to the service lifecycle.
• Organizations that want to show their capability to plan, design, transition, deliver and improve
services.
• Organizations that want to include monitor, measure, and review capabilities in their SMS and
services.
• Organizations that, through effective implementation and operation of an SMS, want to
improve their planning, design, transition, delivery, and improvement of services.
• Organizations or other parties that seek to perform compliance assessments
ISO/IEC 20000-2:2019 – Guidance on Application of Service Management Systems
Application of Service Management System

ISO/IEC 20000-2 standard guides on applying a Service Management System (SMS) based on
ISO/IEC 20000-1. ISO revised the document in 2019. The updates improve the clarity of the
guidelines. The revision has also aligned ISO/IEC 20000-2 with the updated ISO/IEC 20000-1.

ISO/IEC 20000-3:2019 – Guidance on Scope Definition & Applicability of ISO/IEC

20000-1
Scope
Scope Definition of an SMS
Guidance in Compliance Assessment
Examples

ISO/IEC 20000-3:2019 guides in defining the scope of SMS and application of requirements
included in ISO/IEC 20000-1. This document is of use to those planning the integration of SMS
along with consultants and assessors.

ISO/IEC TR 20000-5:2013 – Model Implementation Plan for ISO/IEC 20000-1

Model Plan
ISO/IEC TR 20000-5:2013 guides in the integration of Service Management System (SMS) to
fulfill the requirements of ISO/IEC 20000-1:2011 through a model implementation plan. It is
primarily for service providers but can also prove useful in guiding service providers on how to
implement an SMS.

ISO/IEC TR 20000-7:2019 – Correlation of ISO/IEC 20000-1 to ISO 9001 & ISO/IEC

27001
Possible Combinations
Clauses
Annexes
ISO/IEC TR 20000-7:2019 guides the integration of a Service Management System (SMS) with
a Quality Management System and Information Security Management System (ISMS). An
organization may consider it:

• If they are looking to implement ISO/IEC 20000-1 after implementing ISO 9001, or vice versa.
• If they are looking to implement ISO/IEC 20000-1 after implementing ISO/IEC 27001, or vice
versa.
• If they are looking to implement ISO/IEC 20000-1 and ISO 9001 together or implement
ISO/IEC 27001 and ISO/IEC 20000-1 together.
• If they are looking to implement ISO/IEC 27001, ISO 9001, and ISO 20000-1 together.
• If they are looking to implement existing management systems based on the above standards.

Furthermore, an organization can also integrate management System Standards (MSS) alongside
an SMS, QMS, or ISMS.

ISO/IEC 20000-10 – Concepts & Vocabulary

ISO/IEC 20000-10:2018 includes the fundamental concepts of all ISO/IEC 20000 parts, how
ISO/IEC 20000-1 relates to other International Standards and Technical Reports and helps in
 identifying how different parts support ISO/IEC 20000-1:2018. In addition, terminologies used in all
parts of the ISO/IEC 20000 are also included in this document.
The applications of this document are:

 To provide an understanding of terms and definitions to organizations that aim to use all parts of
ISO/IEC 20000.

 To guide organizations looking to implement different parts of ISO/IEC 20000.

 To provide understanding to organizations that seek to implement ISO/IEC 20000 (all parts) with
other International Standards.

 To provide an understanding of ISO/IEC 20000 to auditors, practitioners, and other parties.

ISO/IEC TR 20000-11:2015 – Relationship Between ISO/IEC 20000-1 & ITIL Service

Management
How Can ISO/IEC TR 20000-11 Help?
ISO/IEC TR 20000-11:2015 is a Technical Report that aims to guide organizations and
individuals regarding the relationship between ISO/IEC 20000-1 and ITIL. It is beneficial for
those looking to implement ITIL with ISO/IEC 20000-1. It also includes:

• A service provider who wants guidance on ITIL application and is seeking or has already
gotten compliance with ISO/IEC 20000-1.
• A service provider that wishes to use already established ITIL to demonstrate compliance
requirements specified in ISO/IEC 20000-1.
• Auditors and assessors who seek to understand how ITIL can support the requirements
specified in ISO/IEC 20000-1.

ISO/IEC 20000:2018 vs ISO/IEC 20000:2011

The most relevant changes made in ISO/IEC 20000-1:2018 from ISO/IEC 20000:2011 are:
Important Changes - Part 1

• ISO 20000-1:2018 revision does not include preventative measures

• Continuity management, availability management, incident management, and service request
are all independent processes in ISO 20000:2018. ISO 20000:2011 had these processes merged
• ISO 20000:2018 does not reference the Plan-Do-Check-Act cycle. Businesses are free to
implement it if they want, but they might want to consider that it is not the only continual
improvement process. For instance, they can go for Plan-Do-Study-Act Cycle
• ISO 20000:2018 introduces a new term, “Asset.” An entity that has value for the organization
• The CMDB (Configuration management database) is not included in ISO 20000:2018, even
though it was an essential part of ISO 20000:2011.

What do these Changes mean for you?

For a start, ISO 20000:2018 is easier to understand compared to ISO 20000:2011, especially for
people working with ISO standards. Furthermore, the newer revision is easier to integrate with other
ISO standards in a business's infrastructure. Those seeking compliance with the standard can now
implement or discard PDCA of their own volition since ISO 20000:2018 does not require as many
documents as the older revision.

Finally, ISO 20000:2018 can prove to be an excellent quality improvement tool to obtain the best
customer satisfaction, even if it's not a unique option for managing services.

An Overview of Clauses in ISO 20000-1

In the modern era, more and more businesses are dependent on IT to provide services. Due to this,
it has become important to establish a Service Management System (SMS). There are various
standards and frameworks available to guide IT organizations inside businesses to implement an
SMS. ISO 20000:2018 is one such standard whose purpose is to guide organizations and provide
them with a set of requirements necessary to establish, implement, maintain, and continually
improve a Service Management System (SMS).

The two most important parts of the ISO 20000 standard are ISO 20000-1 and ISO 20000-2. This
course will focus only on ISO 20000-1 part. ISO 20000-1 is revised in September 2018. The 2018
update includes some changes to update it with the rapidly evolving challenges in delivering IT
Service Management (ITSM).
 ISO 20000-1:2018 – Structure & Requirements (Continued on next page)
The newer ISO 20000-1:2018 is more easily integrate with other ISO standards, such as ISO 27001,
due to its High-level Structure (HLS). The requirements of the Service Management System are
more coherently detailed in HLS. There are now seven operational processes: complete lifecycle
service development, deployment, delivery, and support. Additionally, ISO 20000-1:2018 provides
strategic plans for interactions with suppliers and customers. Furthermore, ISO 20000-1:2018 does
not define its components' terms and vocabulary, nor does it specify the requirements for the SMS
structure.
The clauses of HLS Framework for ISO 20000-1:2018 include:

 Context of organization

 Leadership

 Planning

 Support for the SMS

 Operation of the SMS

 Performance evaluation

Structure of Standard
Adaptation as per organizations' needs
Requirements are mandatory

The HLS framework does not provide an unchangeable authority level or naming convention and
can be adapted to suit the business's operational needs. As such, businesses are free to merge two
clauses of the HLS framework if it's appropriate.

Context of the Organization (Clause - 4)

ISO 20000-1:2018 Clause 4 includes the requirements for establishing, implementing, maintaining,
and continually improving a Service Management System (SMS). Specifying the objectives and
scope of the SMS is given special priority in the Context of the Organization clause. Furthermore,
businesses looking to implement an SMS are encouraged to understand the role of all internal and
external factors and stakeholders and their potential impact on the organization and capability to
achieve business objectives.

A clear understanding of this clause is crucial for properly implementing a Service Management
System.

Leadership (Clause - 5)

One of the business world's biggest problems is the disconnect between IT implementation and
people making top executive decisions. This problem can also affect any organization's SMS.
Dedication and active engagement by an organization's top management are crucial for the proper
implementation of ISO 20000:2018. The leadership must understand that quality delivery services
require necessary policies, processes, people, tools, and technologies. Clause 5 also provides
specific requirements for top management to establish and communicate their service delivery
policy. Furthermore, this clause also requires that the leadership communicates roles,
responsibilities, and authorities related to the SMS across the organization to ensure that delivery
services are properly supported.

Compliance with this clause requires complete commitment from the organization's leadership.
Planning (Clause - 6)

IT has become an increasingly valuable source of value for organizations. Therefore, organizations
must plan for an SMS. Organizations should look to maximize opportunities and support risk
management during the planning phase. This clause defines the activities and processes necessary
to accomplish service management objectives. Firms should integrate the objectives of SMS at all
appropriate levels of the organization during the planning phase.

Support of the Service Management System (Clause - 7)

Organizations with an effective Service Management System realize that multiple organizational
sectors provide an essential contribution to support the SMS. Clause 7 stresses the importance of
these supporting organizational sectors. Critical areas such as resource availability, knowledge
management, internal/external communications, documented information, and employee
competence are requirements in this clause.

Operation of the Service Management System (Clause - 8)

Clause 8 requires organizations to effectively and efficiently implement the activities and processes
necessary for the SMS operation. Furthermore, this clause covers the entire operational service
lifecycle, such as acquisition, planning and control, service design, service assurance, and
retirement, among other stuff.

Performance Evaluation (Clause - 9)

Improvement (Clause - 10)
Compliance with the New ISO 20000-1

The requirements in Clause 9 state that the organization monitor, measure, analyze, and evaluate
the system to determine the performance of the Service Management System. An industry best
practice is to conduct internal and external audits of the organization’s SMS. Furthermore, this
clause provides specific details mandatory for an auditing strategy and regular internal audits.
Additionally, the management must make informed decisions to support the SMS by reporting and
reviewing the quantitative and qualitative data obtained from audits.

Clause 10 specifies requirements for nonconformity, corrective action, and continual improvement. If
the organization encounters nonconformities, this clause provides the required corrective activities.
These activities are required to demonstrate support for the continual improvement philosophy.
 ISO 20000-1:2018 is a welcome update to the ISO 20000-1 standard. The changes made in the
newer revision have made sure that compliance with ISO 20000-1 is a less daunting task.
Furthermore, these changes have made transitioning from ISO 20000-1:2011 to ISO 20000:2018
much simpler. Additionally, the number of mandatory documents is also reduced. It is a massive
help to those aiming to implement and comply with the standard

• Compliance with the standard also allows businesses to be better prepared for modern challenges,
such as commoditization, increasing and evolving consumer demands, and getting more value from
their service resources. ISO 20000-1 is more than worthy of the effort to comply with the standard.

Lesson Summary

 ISO/IEC 20000 is an international standard published by ISO (the International Organization for
Standardization) and ICE (the International Electoral Commission) for IT Service Management
(ITSM). It helps in improving the delivery of IT services.

 The ISO/IEC 20000 standard series divides into 10 parts. ISO/IEC 20000-1 and ISO/IEC 20000-2
are the two most important parts. ISO/IEC 20000-4 and ISO/IEC 20000-9, since the 2018 update,
are no longer included as parts of the standard and are declared obsolete.

 Contents of the Series

1. ISO/IEC 20000-1:2018 – Requirements of Service Management
2. ISO/IEC 20000-2:2019 – Guidance on Application of Service Management Systems
3. ISO/IEC 20000-3:2019 – Guidance on Scope Definition & Applicability of ISO/IEC 20000-1
4. ISO/IEC TR 20000-5:2013 – Exemplar Implementation Plan for ISO/IEC 20000-1
5. ISO/IEC 20000-6:2017 – Requirements for Bodies Providing Audit & Certification of Service
Management Systems
6. ISO/IEC TR 20000-7:2019 – Guidance on the Integration & Correlation of ISO/IEC 20000-1:2018
to ISO 9001:2015 & ISO/IEC 27001:2013
7. ISO/IEC 20000-10:2018 – Concepts & Vocabulary
8. ISO/IEC TR 20000-11:2015 – Guidance on the Relationship Between ISO/IEC 20000-1:2011 &
Service Management Frameworks: ITIL
9. ISO/IEC TR 20000-12:2016 – Guidance on the Relationship Between ISO/IEC 20000-1:2011 &
Service Management Frameworks: CMMI-SVC.

 Service Management Service (SMS)

- Every organization wants to organize itself as efficiently as possible. Unfortunately, it may take a
long time to introduce efficiency measures as it is a lengthy and laborious task to organize the
organization’s internal processes. This is where a Service Management System helps out by
providing solutions through the use of technology
 - An SMS takes into account all processes and activities that the service encounters throughout its
lifecycle
- Service Provider: Selects, creates, deploys, operates, and maintains the service
- Service Customer: A consumer of services provided by the service provider.

 Roles in an ITSM include

- There are many roles in the IT service delivery pipeline. It usually starts with consumer demand
for a particular service
- The service provider needs to establish Key Performance Indicators (KPIs). Communicate these
indicators to the business and make recommendations for service improvements and changes after
assessing KPIs.

 Important ITSM Processes include

- Asset Management
- Project Management.

 Benefits of IT Service Management System include

- No Risks when making IT Changes
- Increase in Self-Service Productivity
- Improvements in Service & Customer Experience.

 ISO/IEC 20000:2018: Main Changes in the Latest Version

The most relevant changes made in ISO/IEC 20000-1:2018 from ISO/IEC 20000:2011:
- The CMDB is not included in ISO 20000:2018, even though it was a significant part of ISO
20000:2011
- ISO 20000:2018 includes a service catalog as an independent point, i.e., “8.2 – Service Portfolio”,
which also includes other points related to the concept.

 How Does the Change Effect?

- ISO 20000:2018 is easier to understand compared to ISO 20000:2011
- New version is easier to integrate with other ISO standards in a business’s infrastructure.

 ISO 20000-1:2018 – Structure & Requirements

- The newer ISO 20000-1:2018 is more easily integrate with other ISO standards, such as ISO
27001, due to its High-level Structure (HLS)
- ISO 20000-1:2018 provides strategic plans for interactions with suppliers and customers
- The HLS framework does not provide an unchangeable authority level or naming convention and
can be adapted to suit the operational needs of the business
- Businesses are free to organize the HLS clauses, but none of the requirements of the standard
 can be ignored, as demonstrating all clauses is mandatory to demonstrate compliance
- The clauses of the HLS Framework for ISO 20000-1:2018 include
* Context of the Organization (Clause - 4)
* Support of the Service Management System (Clause - 7)
* Improvement (Clause - 10).

Clause - 4 - Context of the Organization

Clause 4 specifies the requirements to set up the context of the IT service management system. It
guides organizations to stabilize their strategic objectives and SMS by providing an opportunity to
determine all relevant internal and external issues. Furthermore, one of its requirements is to
determine all interested parties' expectations, such as customers, workers, and suppliers, relevant to
the SMS.
Additionally, this clause provides a solid foundation for the Annex SL Standards

Understanding the Organization and its Context (Clause - 4.1)

The goal of the requirements of Clause 4.1 is that organizations must demonstrate that they have
identified all internal and external issues that are appropriate to the organization’s purpose and can
potentially affect business objectives and outcomes.

Several approaches can be useful for this clause, from structured analysis tools
including PESTLE (Political, Economic, Social, Technological, Legal, Environmental) analysis
and SWOT (Strengths, Weaknesses, Opportunities, and Threats) analysis to simpler “what if”
questions, depending on the complexity or scale of the operations.

Organizations have to give considerations to:

• All internal and external issues that are appropriate for the objectives of the organization
• How the organization monitors internal and external issues and how it is affected by changes to the
problems.

Understanding the Needs & Expectations of Interested Parties (Clause - 4.2)

The goal of the requirements of Clause 4.2 is that organizations must demonstrate the ability to
determine, monitor, and review all interested parties that are relevant to the SMS and its
requirements.
Organizations have to give considerations to:
• Determining the expectations and requirements of customers and users that depend on the service
• Secondary interested parties, such as regulatory bodies and suppliers that are relevant to the SMS
• The requirements and expectations that are already or in the future could turn into legal, regulatory,
or contractual requirements.

Determining the Scope of the Service Management System (Clause - 4.3)

• This clause requires organizations to review Clause 4.1 (Context of the Organization) and Clause
4.2 (Context of Interested Parties). The organization must determine the limitations of the scope and
the application of the system, which may include specific functions or the complete organization
• The scope is required to include the services relevant to the scope and the organization delivering
and supporting those services
• The Service Management System scope also specifies the services relevant to the scope
• No individual names are required in the scope if a service catalog, which may contain the list of
customers, is provided
• Furthermore, the scope must comply with the APMG ISO/IEC 2000 Certification Scheme
requirements.

Service Management System & its Processes (Clause - 4.4)

Clause 4.4 specifies the requirements to establish, implement, maintain, and continually improve the
service management system (SMS). Adopting a process-based approach is essential for compliance
with this clause. Every organization has a unique approach to this clause, but documentation
processes can provide support.

Organizations have to give considerations to:

• Processes, process sequence, and interactions included in the process-based system
• Managing the processes through appropriate methods
• Providing relevant resources to support processes
• Determining the opportunities created and the risks of each process
• Allocating relevant process authorities.

Leadership (Clause - 5)
Clause 5 specifies the requirements that apply to the top management of the organization. This
clause expects active participation and commitment from the organization's leadership to deliver
quality services and achieve the objectives of SMS and the organization.
Leadership & Commitment (Clause - 5.1)
The organization must create or determine many items to comply with this clause:
 Leadership Requirements - Part 1
• Develop, implement, and maintain a service management strategy
• When making decisions regarding the SMS and services, assign appropriate levels of authority
• The organization must ensure that the resources needs are in place
• The organization must have an appropriate level of control over other parties committed to the
service lifecycle
• The organization must communicate the importance of service management, accomplish service
management objectives, comply with SMS requirements, and provide real-world value
• The SMS must be integrated by the organization within the business process infrastructure.

Leadership Requirements - Part 2

• The definition of the term ‘value’ is included in clause 3.2.29, ‘importance, benefit or usefulness.’
• The organizations must improve the effectiveness of the SMS and services by guiding and
supporting personnel
• The organization must ensure that other management roles are supported
• The organization must secure the intended results and outcomes of the SMS
• The organization must support continual improvement.

Policy (Clause - 5.2)

This clause requires organizations to establish a service management policy. It has similarities with
other Annex SL policy requirements. This clause also includes two sub-clauses.
The service management policy must be maintained as Documented Information.
The responsibilities of the organization’s leadership according to this clause are:

Policy Requirements - Part 1

• Establishing a service management policy that is appropriate to the objectives of the organization
• Establishing a service management policy whose objectives are provided through a framework
• Documented information on the service management policy is available
• The service management policy is committed to continual improvement.

Policy Requirements - Part 2

• The service management policy is available to appropriate interested parties
• Communicate the service management policy throughout the organization
 • The service management policy is committed to satisfying applicable requirements
• The organization must consider the last review/amendment and any changes done on the policy to
meet the requirements of Clause - 5.2.

Organizational Roles, Responsibilities, & Authorities (Clause - 5.3)

The Change

This clause requires organizations to assign responsibilities and authorities. The ISO 20000:2018
Clause 5.3 generally replaces the ISO 20000:2011 Clause 4.1.4 Management Representative.
One other key difference between the two revisions is that the newer clause does not require a
specific staff member.

Requirements for Roles, Responsibilities and Authorities

To comply with this clause:

• Ensure that the SMS complies with the standard by assigning responsibilities and authorities
• Ensure that reporting regarding the SMS performance is carried out by assigning responsibilities
and authorities.

Planning (Clause - 6)
For proper implementation of an SMS, it is crucial that the organization plans for it. Planning for an
SMS also includes supporting risk management and capitalizing on opportunities. The planning
phase requires the organization to consider the whole organizational infrastructure and specify the
actions necessary for service management objectives.
Actions to Address Risks & Opportunities (Clause - 6.1)
The goal of the requirements of Clause 6.1 is similar to other Annex SL standards, but there are a
few more requirements:

 The organization must demonstrate the commitment to accomplish the intended outcomes of the
SMS

 The organization must demonstrate the commitment to accomplish continual improvement

 The organization must have the ability to reduce, prevent, and eliminate undesired effects.

Important Sub-clauses of Clause - 6

Risks and Opportunities Identification (Clause - 6.1.1)
Clause - 6.1.1 requires organizations to identify the risks and opportunities by taking into
consideration the issues included in Clause - 4.1 and the requirements included in Clause - 4.2 to
address the following:

• The organization must demonstrate the commitment to accomplish the intended outcomes of
the SMS
• The organization must demonstrate the commitment to accomplish continual improvement
• The organization must have the ability to reduce, prevent, and eliminate undesired effects.

Impact of Risk and Opportunities on Service Delivery with Acceptance Criteria (Clause - 6.1.2)

Clause - 6.1.2 requires the organization to:

• Determine the risks associated with the organization

• Determine the risks associated with not fulfilling service requirements
• Determine the risk associated with involving other parties in the service lifecycle
• Determine how risks and opportunities impact customers
• Determine the risk acceptance criteria of the organization
• Determine how the organization approaches risk management.

The requirements of this sub-clause classify as documented information.

Plan to Address Risk (Clause - 6.1.3)

The requirements of Clause - 6.1.3 include:

• The organization’s plan to address risks

• The organization’s plan to implement risk management activities
• The organization’s plan to assess performance.

Service Management Objectives & Planning to Achieve them (Clause - 6.2)

Clause - 6.2 includes two sub-clauses:
Clause - 6.2.1)

• Establish objectives that are in line with policies

• Establish assessable objectives
• Establish objectives according to requirements
• The organization must monitor its objectives
 • The organization must communicate its objectives
• The organization must appropriately update its objectives.

The requirements of this sub-clause classify as documented information.

Clause - 6.2.2)

The requirements of Clause - 6.2.2 are:

• Determine the organization’s future activities

• Determine the resources available
• Determine the ITSM responsibilities
• Determine the completion time required to establish the ITSM.

Plan the Service Management System (Clause - 6.3)

Clause 6.3 requires the organization to establish a Service Management Plan that includes or
contains a reference to:

 A list of all services covered by the SMS

 The identified limitations of the SMS

 Obligations set by the SMS

 All authorities and responsibilities for the SMS

 The resources provided for the SMS

 How other parties approach the SMS

 The technology implemented in the SMS

 The process established to measure, audit, report, and improve the performance of the SMS.

Support Functions of the Service Management System (Clause - 7)

Effective SMS requires multiple organizational areas to support its functions. Therefore, a holistic
approach to covering critical areas throughout the service lifecycle can help properly establish and
maintain the SMS.
 Clause - 7.1
Resources

Clause - 7.1 requires organizations to:

• Determine and supply appropriate human resources

• Determine and supply appropriate technical resources
• Determine and supply appropriate information resources
• Determine and supply appropriate financial resources.

Clause - 7.2
Competence

Clause - 7.2 requires organizations to:

• Determine the required competence level of the staff

• Assess the competence of the staff
• Assess the performance of the staff.

The requirements of this sub-clause classify as documented information.

Clause - 7.3
Awareness

• The organization must ensure that the staff is aware of the SMS policy
• The organization must ensure that the staff is aware of the objectives
• The organization must ensure that the staff is aware of the services associated with their job
positions
• The organization must ensure that the staff is aware of their contributions to the SMS
• The organization must ensure that the staff is aware of the consequences of not complying with
SMS policies.
 Clause - 7.4
Communication

Clause - 7.4 requires the organization to:

• Determine what to communicate on internal and external channels

• Determine with whom to communicate on internal and external channels
• Determine the internal and external channels of communication
• Determine who is responsible for internal and external channels.

Clause - 7.6
Knowledge

Clause - 7.6 requires the organization to:

• Determine all relevant knowledge regarding the Service Management System

• Maintain all relevant knowledge regarding the Service Management System.

Operational of the Service Management System (Clause - 8)

Clause 8 of ISO 20000:2018 requires organizations to demonstrate that the activities and processes
needed for the Service Management System are performed efficiently. This clause covers the entire
operational requirements of each service throughout its complete process lifecycles. Furthermore,
this clause is very similar to the processes required in ISO 20000:2011.
Operational Planning & Control (Clause - 8.1)

Consider this clause to be the main operational section of the standard and associate it with
supplying services. This requirement specified in this clause is that the organization must plan,
implement, and control operational processes.

Clause - 9 – Performance Evaluation

Clause - 9 of ISO 20000:2018 requires an organization to establish auditing and evaluation
processes to assess the performance of the organization’s SMS. It specifies requirements to carry
out the performance evaluation to ensure that the organization achieves its SMS objectives.
 Clause - 9.1
Monitoring, Measuring, Analysis, & Evaluation

This clause requires the organization to identify appropriate methods of monitoring, measuring,
analyzing, and evaluating the Service Management System. All data regarding this must be
treated as documented information.

Clause - 9.2
Internal Audit

This clause requires the establishment and implementation of an auditing strategy. The organization
must carry out audits at regular, planned intervals.

Clause - 9.3
Management Review

This clause requires that the organization holds management reviews at regular, planned
intervals. All data regarding this must be treated as documented information.

Clause - 9.4
Service Reporting

This clause requires the organization to produce necessary reports regarding its Service
Management System.

Improvement (Clause - 10)

Clause 10 of ISO 20000:2018 specifies requirements for nonconformity, corrective action, and
continual improvement.
Non-conformance & Corrective Action (Clause - 10.1)

The requirements specified in this clause are linked to Clause - 8.6.

An organization needs to take action on identified non-conformances related to service elements.

The organization needs to study if only they should correct and contain the nonconformance or
take corrective action to uproot the underlying causes.
The fundamental concepts of ISO 20000-1 are based on the ISO 9001, which is the Quality
Management System standard. Therefore, learners are advised to take Alison's course on ISO
9001:2015 - Quality Management System (QMS) to understand the common fundamental
concepts in their details.

Continual Improvement
(Clause - 10.2)

The requirements specified in this clause are covered in other clauses on objectives, SLA’s, and
measures. Furthermore, the organization must treat this as documented information.

Certification of The Standard

ISO 20000 is an international standard published by ISO (the International Organization for
Standardization) and ICE (the International Electoral Commission) for IT Service Management
(ITSM). It helps in improving the delivery of IT services.
Steps to Becoming ISO 20000 Certified
Certification Introduction for Companies & Individuals

To achieve ISO 20000 certification, the organization needs to be formally assessed by an

accredited certification body and demonstrate the quality of your company’s IT processes against
the ISO 20000-1 standard.

For an individual, an exam is sufficient to prove that you have some knowledge, and this
certification such as this is valid. However, for working as an auditor, you need to have an
accredited lead auditor course and exam based on ISO 20000.

Other Steps for Certification of a Company

The steps to ensure successful completion of the project after getting documentation and
implementation done are:
Internal Audit

The purpose of an internal audit is to find weaknesses and vulnerabilities in the ITSM processes
that may not be immediately apparent.
 Management Review

Establish a formal management review to make appropriate decisions by taking all relevant facts
about IT management into account.

Corrective Actions

Correct and document any identified problems following an internal audit or management review.

Certification Process
The certification process itself is divided into two steps:

Documentation Review: It is also known as Stage 1 audit. The certification auditor makes sure that
the company’s documentation is compliant with ISO 20000-1
Certification Audit: It is also known as Stage 2 audit. The certification auditor will ensure that actual
activities are integrated and compliant with the company’s documentation and ISO 20000-1.

Certification for Individuals

Individuals may get certified by sitting in and passing a certification exam. It is a great skill to include
in the resume, and many employees support this training to help implement ISO 20000.
An individual may choose from the following range of courses:
ISO 20000 Foundation Certificate
This course is for beginners of ISO 20000 and provides an understanding of this standard's
content and requirements.

The course on Alison, such as this course, is more in-depth than any ISO 20000 Foundation
course. It somewhere in between ISO 20000 Foundation course and other advanced level
courses. It means if you complete and got certificates on two of Alison's courses on ISO
Management System Audit Techniques and Best Practices and ISO 20000 - IT Service
Management System (ITSM); you are qualified both for ISO 20000 Foundation course and
ISO 20000 Internal Auditor Course.

ISO 20000 Lead Auditor Course

This course is for auditors and implementers of ISO 20000. It provides an excellent overview and
provides detailed explanations of the questions asked by the certification auditors.
 ISO 20000 Lead Implementer Course

This course is similar to the Lead Auditor Course but emphasizes implementation procedures more
than auditing ones.

ISO 20000 Internal Auditor Course

This course is a condensed version of the Lead Auditor course and is perfect for individuals who
seek to pursue a career as an internal auditor for a business. Individuals with only this course are
unable to get jobs as auditors in a certification body.

Complete Alison's course ISO Management System Audit Techniques and Best Practices to
have ISO 20000 Internal Auditor Course.

ISO 20000-1 & ITIL

Introduction to ITIL

ITIL is a best practice framework that guides organizations providing IT services to align their
IT activities with business needs cost-effectively. However, unlike many other standards, ITIL
does not provide a list of "must-have" standards within it. Therefore, there is no way to guarantee
that the framework's implementation is done in the best way possible. Furthermore, no
certification bodies provide certification to organizations for this standard due to no mandatory
requirements.

ITIL is still widely adopted and a great framework as it reduces operational costs, improves user
satisfaction, increases the quality of services, and improves conformity level.

Introduction to ISO 20000-1

ISO 20000-1 is a part of the ISO 20000 series, an international standard for IT Service Management
published by ISO (the International Organization for Standardization) and ICE (the International
Electoral Commission). Therefore, demonstration of ISO 20000-1 methodology and framework is
necessary to get the compliance certificate from accredited certification bodies.

ISO 20000 specifies clear requirements to prove compliance. These requirements allow a business
to benchmark its implementation and allow accredited external assessors to validate the standard's
implementation.
 Differences Between ISO 20000 & ITIL
Proper implementation is necessary to make ISO 20000 and ITIL compatible with each other. Both
standards are process-oriented and explained clearly and coherently. But there are a number of key
differences between both of them. These differences are as follows:

 ITIL is a best practice framework that focuses on providing practical processes to align IT services
with business needs.; ISO 20000 is a rigid standard that provides a code of practice

 ITIL has no certification bodies that award compliance certificates to organizations; Organizations
that demonstrate compliance with ISO 20000 can receive certification from accredited bodies

 ITIL guides IT Service Management; ISO 20000 has precise requirements specified for management
systems and processes

 ITIL contents include five lifecycle stages, almost thirty-seven processes, and a large number of
roles; ISO 20000 does not specify explicit lifecycles for any of its thirteen processes

 ITIL includes many roles, responsibilities, processes, and functions that organizations are at
complete liberty to implement or discard; ISO 20000 specifies few mandatory roles in its structure

 ITIL has no mandatory documentation required but explains key documents; ISO 20000 compliance
requires a set of necessary documents

ISO 20000 & ITIL - Combination

ITIL and ISO 20000 work great when paired together. ISO 20000 informs what industry best
practices organizations need to implement, and ITIL guides organizations on implementing the best
practices. If your organization is seeking ISO 20000 compliance, IT Service Management's ITIL
approach can make compliance demonstrations easier.

PDCA, ISO 20000-1 and ITIL

Although Plan-Do-Check-Act (PDCA) is not referenced in the standard, however, a relationship can
be expressed based on PDCA and can be correlated with ITIL.

PDCA ISO 20000-1 ITIL

Clause 4 – Context of the

organization
Clause 5 – Leadership Service strategy
Clause 6 – Planning Service design
Plan Clause 7 – Support
 Service transition
Do Clause 8 – Operation Service operation

Clause 9 – Performance Continual service

Check evaluation improvement

Clause 10 – Continual
Act improvement Continual service

Requirements of ISO 20000-1, ITIL Area and ITIL Process Relationship

ISO 20000-1 ITIL Area ITIL Proces

0 Introduction N/A N/A

1 Scope N/A N/A

2 Normative references N/A N/A

3 Terms and definitions N/A N/A

4 Context of the organization

4.1 Understanding the organization and its context
4.2 Understanding the needs and expectations of interested parties
4.3 Determining the scope of the service management system
4.4 Service management system

Requirements of ISO 20000-1, ITIL Area and ITIL Process Relationship

ISO 20000-1 ITIL Area ITIL Proce

5 Leadership Service Strategy N/A

5.1 Leadership and commitment Service Strategy N/A

5.2 Policy Service Strategy N/A

5.2.1 Establishing the service management policy

5.2.2 Communicating the service management policy Service Strategy N/A

5.3 Organizational roles, responsibilities and authorities Service Strategy N/A

6 Planning Service Strategy N/A

 6.1 Actions to address risks and opportunities Service Strategy N/A

6.2 Service management objectives and planning to achieve them

Lesson Summary

 Clause - 4 - Context of the Organization

Specifies the requirements to set up the context of the IT service management system.
- ISO 20000-1:2018 Clause - 4.1 – Understanding the Organization and its Context
- ISO 20000-1:2018 Clause 4.2 – Understanding the Needs & Expectations of Interested Parties
- ISO 20000-1:2018 Clause - 4.3 – Determining the Scope of the Service Management System
- ISO 20000-1:2018 Clause - 4.4 – Service Management System & its Processes.

 Clause - 5 – Leadership
Specifies the requirements that apply to the top management of the organization.
- ISO 20000-1:2018 Clause - 5.1 – Leadership & Commitment
- ISO 20000-1:2018 Clause - 5.2 – Policy
- ISO 20000-1:2018 Clause - 5.3 – Organizational roles, Responsibilities, & Authorities.

 Clause - 6 – Planning
For proper implementation of an SMS, it is crucial that the organization plans for it.
- ISO 20000:2018 Clause - 6.1 – Actions to Address Risks & Opportunities. Includes three sub-
clauses
- ISO 20000:2018 Clause - 6.2 – Service Management Objectives & Planning to Achieve them.
Includes two sub-clauses
- ISO 20000:2018 Clause - 6.3 – Plan the Service Management System.

 Clause - 7 – Support of the Service Management System

Effective SMS requires multiple organizational areas to support its functions.

- Clause - 7.1 – Resources
- Clause - 7.2 – Competence
- Clause - 7.6 – Knowledge. Includes four sub-clauses.

 Clause - 8 – Operational of the Service Management System

It requires organizations to demonstrate that the activities and processes needed for the Service
Management System are performed efficiently.
- Clause - 8.1 – Operational Planning & Control
 - Clause - 8.5 – Service design, Build & Transition. Includes three sub-clauses
- Clause - 8.7 – Service Assurance. Includes three sub-clauses.

 Clause - 9 – Performance Evaluation

Requires an organization to establish auditing and evaluation processes to assess the performance
of the organization’s SMS.
- Clause - 9.1 – Monitoring, Measuring, Analysis, & Evaluation
- Clause - 9.4 – Service Reporting.

 Clause - 10 – Improvement
Specifies requirements for nonconformity, corrective action, and continual improvement.
- Clause - 10.1 – Non-conformances & Corrective Action
- Clause - 10.2 – Continual Improvement.

 Steps to Becoming ISO 20000 Certified

- The company must complete certain mandatory ITSM documents
- The organization must show that it has gained real-world value possible from ISO 20000.

 Steps for Finishing Implementation

- Internal Audit
- Management Review
- Corrective Actions
- Certification Process: two sub-steps, * Documentation Review and * Main Audit.

 Certification for Individuals Include

- ISO 20000 Foundation Certificate
- ISO 20000 Internal Auditor Course.

 ISO 20000-1 & ITIL

- ITIL is a best practice framework that guides organizations providing IT services to align their IT
activities with business needs in a cost-effective way
- ISO 20000-1 is a part of the ISO 20000 series, an international standard for IT Service
Management, that is published by ISO and ICE
- ITIL is a best practice framework that focuses on providing practical processes to align IT services
with business needs.; ISO 20000 is a rigid standard that provides a code of practice
- ISO 20000 informs what industry best practices organizations need to implement, and ITIL guides
organizations on how to implement the best practices.