FAQ: ISO 20000 Certification

This page offers answers to a number of common questions related to ISO 20000 certifications and ISO 20000 audits.

On this page:

What are the benefits of an ISO 20000 certification?

An ISO 20000 certificate is proof that your organization has demonstrated its ability to

As such, the ISO 20000 certificate and the corresponding logo are increasingly a competitive advantage in the market: Many clients even demand ISO 20000 compliance as a condition for awarding contracts to service providers.

Of course, working along ISO 20000 (and ITIL®) principles also offers internal benefits for the organization, because the standard is all about supporting the business side with adequate IT services, while providing those services as efficiently as possible.

The decision to go for an ISO 20000 certificate sets a specific target for your organization and helps to concentrate minds. An ISO 20000 certification initiative is, in other words, a good way to kick-start the adoption of ITIL best practice and to make sure motivation stays high.

What do we need to change?

What exactly do we have to do to become ISO 20000 compliant?

Unfortunately, the standard ISO/IEC 20000:2011 itself only sets out a number of requirements which must be fulfilled in order to qualify for an ISO 20000 certification. So there is no short answer to the question "What needs to change?".

As a result, there is often a problem at the start of an ISO 20000 certification initiative:

It is not clear what the future (ISO 20000 compliant) state of your organization should be like, making it hard to determine what you should aim for and how much change is needed.

However, since ITIL and ISO 20000 are closely aligned, it is possible to turn to ITIL for advice.

Make ITIL best practice instantly available for your ISO 20000 project

ITIL knowledge is available in the form of books, but the ITIL Process Map, together with the ITIL - ISO 20000 Bridge provides you with a better alternative:

Our ISO 20000 compliant ITIL process model presents the ITIL contents as a complete set of process flowcharts ("Process Templates") and checklists ("Document Templates").

The ITIL - ISO 20000 Bridge tells you what ITIL processes and documents should be in place to meet a certain ISO 20000:2011 requirement. For every one of the standard’s 147 single requirements, you can navigate directly to the relevant process diagrams and document templates.

This means you get specific suggestions on how the requirements can be fulfilled - the ideal way to quickly understand what exactly it means for your organization to become ISO 20000 compliant.

We do not mean to say, however, that you must implement all processes to the letter. The reference processes should be seen as one possible approach to implementing ISO 20000, and it is acceptable to use the original processes as a starting point and adapt them to your organization's needs - as long as you stay in line with the ISO 20000 requirements.

What is being verified during the ISO 20000 certification audit?

The aim of the ISO20000 certification audit is to check if your organization fulfils the ISO 20000 requirements. In particular, the mandatory requirements of 'ISO/IEC 20000:2011, Part 1: Service Management System Requirements' must be fulfilled.

Broadly speaking, the ISO 20000 audit relates to the following aspects of your organization:

Documentation of the ISO 20000 processes

Adequately documented processes are a prerequisite for managing and continually improving your processes. This is why an ISO 20000 audit typically starts with the examination of the process documentation:

Familiarity with the ISO 20000 processes

The ISO 20000 auditor will usually hold interviews with your staff to check if everyone is familiar with the processes:

Adherence to the ISO 20000 processes

If the ISO 20000 processes are executed as documented, there are traces in the form of documents and records (for example, the Incident Management process is producing Incident Records).

This is why the ISO 20000 audit will include an examination of evidence related to the ISO 20000 processes:

What are the typical project steps leading to ISO 20000 certification?

Typical steps leading to ISO 20000 certification.
Create awareness

Communicate the goals and benefits of the ISO 20000 certification and the approach for achieving ISO 20000 compliance. This step should include giving everyone in your organization at least a basic understanding of ITIL.

Determine the ISO 20000 certification scope

If you want to limit the scope of your ISO 20000 certificate: Decide what parts of the organization, what services and/ or what locations shall be covered by the ISO 20000 certificate.

Conduct an initial ISO 20000 assessment

Determine gaps between today’s situation and the standard's requirements; this can be done by an external advisor, but there is also an "IT Service Management Self Assessment Workbook" published by BSI.

The result of this step is a detailed list of the ISO 20000 requirements where conformant and non-conformant areas are identified. For non-conformant areas the list includes the findings on what exactly the shortcomings are and how they can be addressed.

Set up the ISO 20000 project

Establish a project board. Choose a project manager and project staff. Determine the necessary resources, prepare a project plan and assign tasks. Choose an auditor and an experienced external advisor.

Prepare for the ISO 20000 certification audit

Close the gaps identified during the initial ISO 20000 assessment - this is usually the most time-consuming part of an ISO 20000 certification initiative, because (depending on the level of compliance found during the initial assessment) a considerable number of processes may need to be modified or introduced.

During preparation for the ISO 20000 audit, an inventory of requirements, documents and records helps to keep track of what requirements are already fulfilled and what related evidence (documents and records) is in place.

To help you with this task, the ITIL - ISO 20000 Bridge contains a pre-configured inventory which you can use to monitor your progress towards ISO 20000 compliance.

Conduct the ISO 20000 certification audit

The actual ISO 20000 audit must be carried out by an external auditor from a Registered Certification Body (RCB, an organisation which has permission to operate under the itSMF ISO/IEC 20000 Certification Scheme).

Retain ISO 20000 certification

After the initial certification, a renewal of the ISO 20000 certificate is due every three years, with intermittent assessments every 6 to 12 months.

Make sure you continue to adhere to the standard and put a strong emphasis on continual service and process improvement.

Are there typical pitfalls in an ISO 20000 project?

No management support

Management must understand and communicate why the service provider is seeking certification, and visibly endorse the initiative.

Too little involvement of staff

The advantages of best practice should be explained to everyone in your organization, and all members of staff should be involved as closely as possible during the design of the new ISO 20000 compliant processes.

If staff are able to contribute their views and experiences during the ISO 20000 project, this greatly enhances acceptance of the new processes - and ensures long-term success.

Insufficient resources for the ISO 20000 project

Management commitment must be backed up by the provision of sufficient resources for the certification program. This includes making sure that staff assigned to the project are freed from some of their day-to-day tasks.

Resources and further reading

Related pages