ITIL and ISO 20000

ISO 20000 does not offer specific advice on how to design your processes. It is rather a set of requirements which must be met in order to qualify for certification.

This is where ITIL comes into play: ITIL® (especially version 3) is strongly aligned with ISO 20000 and offers a rather detailed collection of best practices. As a result, ITIL is a very good basis for developing ISO 20000 compliant processes.

On this page:

What is ISO 20000?

ITIL provides guidance on what should be done in order to offer the clients of an IT organization adequate IT Services to support their business needs. ITIL qualifications are available for individuals but until recently there was no way for an IT organization to prove that it is working along the ITIL recommendations.

The ISO 20000 standard was conceived to fill this gap. Initiated by the two organizations itSMF and BSI (British Standards Institution), it is modeled upon the principles of ITIL, and for the first time offers IT organizations the possibility to become certified.

Organizations seeking to become certified against ISO 20000 must fulfill certain requirements, as outlined in ISO/IEC 20000:2011, Part 1: Service Management System Requirements - these are the mandatory requirements which must be fulfilled by organizations in order to be compliant with the standard.

There is also a second part of the standard (ISO/IEC 20000:2012, Part 2: Guidance on the application of service management systems, in ISO 20000:2005 referred to as "Code of practice"), which contains suggestions for organizations who want to become certified. The guidelines of the second part are not strictly mandatory.

The third part (ISO/IEC TR 20000:2012, Part 3: Guidance on scope definition and applicability of ISO/IEC 20000-1) provides guidance on scope definition, applicability and demonstration of conformity. ISO/IEC TR 20000-3 supplements the advice in ISO/IEC 20000-2.

Two additional parts of the standard provide guidelines which are not strictly mandatory:

The new edition ISO/IEC 20000:2011

A new version of ISO/IEC 20000 Part 1: Service management system requirements (abbreviated to ISO/IEC 20000-1:2011) was published in April 2011.

The authors of the new version describe the main differences to the earlier edition (ISO/IEC 20000-1:2005) as follows:

The new version contains considerably more text than the previous one, but it does not provide detailed indications of what was added or changed. Overall, our impression is that many clarifications have found their way into the new edition, and that it has not necessarily become more difficult to achieve ISO 20000 certification.

Central requirements of ISO 20000

ISO 20000 promotes the "adoption of an integrated process approach to effectively deliver managed services to meet the business and customer requirements".

ISO 20000 does not prescribe that its requirements must be met by following the ITIL recommendations, so there are many possible ways to achieve compliance. Introducing ITIL, however, is the most widely used approach for obtaining an ISO 20000 certificate.

It is also important to prove that IT processes are documented, actively managed, and continually improved.

ITIL as a foundation for ISO 20000

Comparison between ITIL and ISO 20000

One reason for creating ITIL V3 was to achieve better alignment with the ISO 20000 standard. The principle of continual improvement has found its way into the ITIL books, and the processes of ITIL V3 2007/ ITIL 2011 and ISO 20000 are very much in line (for example, there is an Information Security Management process in ITIL V3, as required by ISO 20000).

As a result, ITIL offers a broad range of best practice recommendations which are the perfect basis for developing ISO 20000 compliant processes for your organization - the implementation of ITIL is the best available route towards ISO 20000 certification.

Save time and money with ISO 20000 compliant reference processes

Our ITIL Reference Model - the ITIL Process Map - makes the ITIL knowledge instantly available for your ISO 20000 project.

ITIL ISO 20000:2011

The reference model contains easy to understand, fully adabtable process and document templates in popular formats like Microsoft Visio, Excel and Word. The ITIL - ISO 20000 Bridge links every single ISO 20000 requirement to one or several of these templates.

With these tools, designing and documenting ISO 20000 compliant processes boils down to modifying the professionally laid out templates of our reference model, and you get better results more quickly.

How much does ISO 20000 cost?

What's the overall cost of achieving ISO 20000 certification?

Unfortunately, this question is hard to answer.

The formal ISO 20000 audit itself is usually a very small proportion of the total cost that your organization will incur. In most cases, closing the gaps to become ISO 20000 compliant is by far the biggest part of a certification project.

As a result, the total cost heavily depends on

Once the certificate is awarded it will be valid for an initial period of three years. This means that regular re-certification audits and intermittent ISO 20000 assessments are required, so there are also ongoing costs to be considered.

Can expenses for external consultants be avoided? Should we seek external support?

External support will be necessary at least for the ISO 20000 certification audit, as the audit can only be performed by a Registered Certification Body.

In most cases it is also advisable to seek the help of an experienced consultant, who will know what typically attracts the attention of auditors. So while we would not recommend attempting an ISO 200000 certification without external expertise, the point here is to keep consulting expenditures as low as possible.

The ITIL Process Map was designed with this in mind, as it enables you to acquire a large amount of ITIL and ISO 20000 knowledge before deciding where external help is needed.

Resources and further reading

Related pages