ISO-20000 and What it Means to YouMore and more, companies will be looking for this certification before doing business with you, writes ITSM Watch columnist Hank Marquis of itSM Solutions.
Since ITIL offers no method of certifying an organization, how can companies know they are producing quality IT services and obtaining sound value for money spent?
|Other Articles by Hank Marquis|
|Seven Steps to Improved Incident Handling
CFIA in 4 Easy Pieces
6 Steps to Service Outage Analysis
You Dont Need Every Part of ITIL
The British Standards Institute (BSI) created British Standard BS-15000 as an audit standard, and while it wasnt an international standard, it did deliver specifications for managing IT, implementing the ITIL, and it established audit criteria and corporate-level certification. Although used primarily in the U.K., BS-15000 had some traction elsewhere in the world.
But following in the path of ISO-9000, the BSI submitted BS-15000 to the ISO, and in December of 2005, the ISO-released it as ISO-20000. Now, for the first time, IT has its own dedicated international standard for auditing and certifying conformance to best practice.
Setting the Mark
ISO-20000 is an international industry standard like ISO-9000, and like ISO-9000, ISO-20000 offers organizational certification. Since ISO-20000 is so closely aligned with ITIL, IT now has a complete package: The existing ITIL certifications qualify personnel and ISO-20000 documents organizational conformance and enables auditing.
ITIL and ISO-20000 work together. Everyone knows that ITIL is descriptive and not prescriptive, that is, ITIL says what to do, not how to do it. Think of ISO-20000 as setting mark and defining the standards for which the ITIL processes should aim.
This natural alignment between the ITIL and ISO-20000 removes one of the toughest problems IT managers face todaygaining management commitment. ISO-20000 not only provides the means to certify IT organizational quality compliance, but it also will help accelerate ITIL adoption.
With ISO-20000, it will now be far easier to gain mind share among senior management, which is a key requirement for those desiring to implement ITIL best practices.
Most senior managers know the benefits associated with obtaining ISO-9000 certification: more access to contracts, wider customer base, competitive advantage, and improved product/service quality, etc.
Other benefits of ISO-20000 include higher IT service quality, increased customer satisfaction, improved user productivity, and reduced costs.
Under the Hood
ISO-20000 is really two specifications, ISO/IEC 20000-1:2005 and ISO/IEC 20000-2:2005, I will refer to them as ISO-20000-1 and 20000-2, respectively.
ISO-20000-1 is the specification for ITIL Service Management. It defines the processes and provides assessment criteria and recommendations for those responsible for IT service management. Organizational certification uses this section.
ISO-20000-2 documents a code of practice that explains how manage IT with regard to ISO-20000-1 audits.
While ISO-20000 is aligned with the ITIL it also includes much more than ITIL Service Delivery and Service Support. ISO-20000 includes sections on managing suppliers and the business, as well as Security Management.
Grouping Security Management (previously its own ITIL book) with Service Delivery is an interesting spin, and may also foretell the changes planned for ITIL v.3, due late in 2006 and early 2007.