ISO 20000

What is

The ISO 20000 standard promotes the use of an integrated model to IT Service Management processes.
These processes are basically those documented in ITIL in the Service Support and Service Delivery section.
ISO/IEC 20000 sets mandatory requirements to handle IT services in general, but does not go into specific details for different types of service providers.
ISO/IEC 20000 is divided into the following parts:
  • ISO/IEC 20000-1 “Informatione tecnology – service mamagement – service management system requirement”. It is the specification that defines the requirements ("shall / must") of an organization wishing to deliver IT services managed to an acceptable quality level for their customers and be able to become certified.
  • ISO/IEC 20000-2 “Informatione tecnology – service mamagement –code of practice”. Describes the best practices for IT service management processes presented in ISO 20000-1. It contains guidelines and suggestions that should be applied by organizations and is particularly useful for organizations wishing to be prepared to be certified against ISO 20000 or planning service improvements. Includes the same sections as 'Part 1' with the exception of the requirements for a management system as no requirement is imposed by 'Part 2'.
  • ISO/IEC 20000-3 "Information technology - Service management - Guidance on scope definition and applicability of ISO/IEC 20000-1"
  • ISO/IEC TR 20000-4 “Informatione tecnology – service mamagement – Process reference model”
  • ISO/IEC TR 20000-5 “Informatione tecnology – service mamagement – Exemplar implementation plan"
  • ISO/IEC TR 20000-10 "Information technology - Service management - Concepts and terminology"
There are also "ad hoc" guidelines for implementing an IT Service Management System integrated with other management systems:
  • ISO/IEC TR 90006 "Information technology - Guidelines for the application of ISO 9001:2008 to IT service management and its integration with ISO/IEC 20000-1:2011"
  • ISO/IEC 27013 "Information technology - Security techniques - Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1"
CSQA is accredited by ACCREDIA.
CSQA can issue internationally recognized certifications through IQNet, being a member of CISQ.

Key points

The ISO/IEC 20000 standard pays attention to the following processes:
  • Incident Management
  • Problem Management
  • Configuration Management
  • Change Management
  • Release Management
  • Service Level Management
  • Budgeting and Accounting for IT Services
  • Capacity Management
  • Service Continuity and Availability Management
  • Service Reporting,
  • Information Security Reporting
  • Business Relationship Management
  • Supplier Management


The standard provides a framework that can link IT businesses and people involved with business, customers, and users.
Benefits of ISO/IEC 20000 certification include:
  • The organization can demonstrate that it has adopted the appropriate controls and procedures to provide systematically quality and cost-effective IT services.
  • External service providers can use certification as a qualifying element to gain new customers, as it increasingly becomes a contractual requirement.
  • Provide greater opportunities to improve efficiency, reliability and consistency of IT services that affect costs and service.
  • Certification audits allow to regularly evaluate service management processes, thus helping to maintain and improve effectiveness.
  • The certification process can reduce the number of suppliers’ audits and thus the costs.
  • The standard is a tool to formally declare compliance with ITIL (Information Technology Infrastructure Library) best practices.