ISO/IEC 20000 IT Service Management is an international standard that sets the requirements for an information technology service management system (ITSMS). It describes a number of management processes designed to help organizations deliver more effective IT services to those within the organization and to customers.
This standard was developed in 2005 by ISO/IEC JTC/SC/ and it was revised in 2011. Its main objective is to reflect best practice guidance contained within the ITIL (Information Technology Infrastructure Library) framework; however, it also supports other IT service management frameworks and approaches such as Microsoft Operations Framework and components of ISACAs COBIT framework. This standard was created to replace BS 15000 and provide an internationally recognized management system services information technology standard. It includes much of the content of BS 15000, but the material was reorganized to align and harmonize with other international standards.
This standard adopts a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving the management system of IT services. ISO 20000 uses a comprehensive approach to IT service management and defines a set of processes needed to deliver effective service. It considers basic processes related to configuration management and change management, to processes related to incident and problem management.
ISO 20000 comprises two parts: a specification for IT Service Management (ISO 20000-1) and a code of practice for service management (ISO 20000-2). The standard can be used by any organization, large or small, in any sector; however, it is particularly applicable to internal IT service providers such as Information Technology departments, external IT service providers and even outsourced organizations.
The standard has many benefits for those organizations that decide to implement it, such as:
- The standard reduces risks by offering reliable support of professional information technology (internal or outsourced), when and where it is needed.
- It helps to put any unfavorable IT situation under immediate control and lessens their potential damage.
- It enhances employee productivity and reliability of information technology.
- Its implementation provides motivation to the organization and it can demonstrate employees, stakeholders and customers the reliability and quality of information technology services.
- Adopts an integrated process to the delivery of IT services.
- Reduces response times and interruptions to IT service.
Certification to this standard is voluntary; an organization may decide to seek certification or not. Those organizations that successfully obtain it can benefit by having a recognized high level IT service that meet best practices.
ISO 20000 can also be integrated with ISO 27000 Information technology — Security techniques — Information security management systems — Overview and vocabulary.