What is ISO/IEC 20000-1?
This international standard specifies requirements for a service management system (SMS). The standard includes requirements for planning, design, transition, delivery and improvement of services to meet service requirements, whilst delivering value.
An organization can outsource some requirements to other parties. However, the organization is still accountable. An organization cannot claim conformity to this standard if other parties are used to provide or operate all services or processes within the SMS.
The standard was originally published in 2005 and was subsequently updated in 2011. The 2018 version of ISO/IEC 20000-1 was issued on 9/15/2018. The International Accreditation Forum has mandated a three-year transition period for organizations certified to the 2011 version of the standard. Certificates to the ISO/IEC 20000-1:2011 version of the standard will no longer be valid as of 9/30/2021.
As of 3/30/2020, all audits – whether initial, surveillance or recertification – must be to the 2018 version of the standard.
The main differences between the 2011 and 2018 version of the standard are as follows:
- The 2018 version incorporates the high-level documentation structure to mirror other management system standards, making it easier for organizations to integrate other standards such as ISO 9001 or ISO/IEC 27001.
- The 2018 version includes the revision/addition of clauses to take into account the current trajectory in service management, including commoditized services and the management of multiple service providers by the organization.
- The 2018 version includes a requirement to establish, implement, maintain and continually improve a SMS. Accordingly, references to the PDCA methodology have been removed. Services management objectives have to be established at all levels of the organization. Like 9001, senior leadership is expected to play a significant role.
- The 2018 version has requirements for context of the organization (internal/external issues impacting the organization, interested party analysis) and risk analysis, including seeking out opportunities for improvement.
- The 2018 version has fewer explicit call-outs for documented procedures. There are requirements for documented information.
- Requirements have been added in the areas of service planning, knowledge, asset management, demand management, and service delivery.
- Service availability management and service continuity management have been separated into two sets of requirements.
PJR is encouraging all clients to transition at recertification, if their certificate cycle coincides with transition deadlines.