Overview of ISO Standard 20000
ISO 20000 was the world's first standard for IT service, IT service management and information technology user support. ISO standard 20000 is derived from British Standard BS 15000 and but replaces it as the industry standard worldwide.
Details of ISO Standard 20000-1
Documents refer to any information that is formally controlled and released, including formal procedures on how to perform IT service tasks.
ISO standard 20000-1 requires service providers to document procedures for every process from user account creation to server restarts. Procedures must be reviewed and approved before use by service providers. Process documentation must be located in a commonly accessible location that all service providers can access.
ISO 20000-1 contains a standard set of IT service terminology. Incidents are break / fix requests. Problems are the cause of one or more incidents. Service requests are typical support requests in which nothing is specifically wrong, such as a request for a new software installation or computer upgrade. A configuration item (CI) is any infrastructure item that is tracked by asset management. CI include diverse IT items such as computers, monitors, laptops, PDAs, smart phones or servers.
ISO 20000-1 requires service providers to enter service level agreements with their internal and external customers. Service level agreements (SLA) are a written contract defining the services a service provider will perform (in scope) and will not perform (out of scope). The SLA also defines the expected service level to be provided such as response time to severe incidents or percentage of tickets completed in a specific time frame.
Service level management (SLM) involves managers reviewing performance according to service level agreements. Since SLAs can differ between customers or type of product, an SLM can involve reviewing multiple SLAs.
Relationship of ISO 20000 to Other IT Standards
ISO 20000-1 is followed by several other standards that give guidance on how to implement or interpret ISO 20000-1.
ISO standard 20000-2 provides guidance on practices IT service providers can follow to meet ISO standard 20000-1. ISO standard 20000 part 2 also tells auditors how to verify that an IT service provider meets the standards of ISO 20000-1. ISO standard 20000-2 is an optional set of guidelines to meet ISO standard 20000-1.
ISO standard 20000-3 gives guidance on when ISO standard 20000-1 applies. For example, it explains how service providers can define the scope of service they must supply and which types of support are out of scope and thus do not count against their service level agreement or performance metrics.
ISO standard 20000-4 outlines a recommended process reference model based on ISO/IEC standard 15504. ISO standard 20000-4 simply requires a model of the purpose of the service provider's processes and intended outcomes. ISO standard 20000-5 gives guidance on how to achieve ISO 20000 service management system qualification and how to make process improvements to a qualified SMS and remain ISO 20000 qualified. ISO standard 20000-5 is optional for those seeking ISO 20000 certification.
ISO 20000 draws its eight quality management principles from ISO 9000. The ITIL (Information Technology Infrastructure Library) is a set of recommended practices for IT service providers. The ISO 20000 standard is compatible with the ITIL version 3 framework.
Organizations that meet ISO 20000-1 for IT service do not necessarily meet the IT security standards outlined in ISO 27001 and ISO 27002. Companies that meet the IT security standards ISO 27001 and ISO 27002 may not have a fully fleshed IT service management system in accordance with ISO 20000-1.