ISO-20000 and What it Means to You

The IT Infrastructure Library (ITIL) is not a standard and thus there exists no auditing criteria for verifying the ITIL conformance (or non-conformance) by an organization. Existing ITIL certifications are personal—they do not reflect the conformance of an organization either.

Since ITIL offers no method of certifying an organization, how can companies know they are producing quality IT services and obtaining sound value for money spent?

For many years, the choice was either ISO-9000 or BS-15000. ISO-9000 is a collection of quality management standards from the International Organization for Standardization, or ISO. Originally developed for manufacturing, about one third of ISO-9000 users are not manufactures, but rather service-sector companies, including IT shops. ISO-9000 derived from prior work done by the British Standards Institution. The ISO-standardized the British Standard into ISO-9000.

Other Articles by Hank Marquis

Seven Steps to Improved Incident Handling CFIA in 4 Easy Pieces 6 Steps to Service Outage Analysis You Don’t Need Every Part of ITIL FREE Tech Newsletters CIO Update Instant Messaging Planet HTML CodeGuru Update Enterprise Networking Planet Practically Networked HTML Enterprise Storage Forum Text Enterprise Storage Forum HTML Optically Networked HTML Intranet Journal Update Datamation IT Management Careers Datamation IT Management Update Developer.com Update Gamelan Java Update Goodies to Go java-script Weekly HTML JARS Java Update OpenSource Update SysOpt Tech Notes Grid Computing Planet HTML E-Security Planet Text E-Security Planet HTML Virtual Dr. Text

The British Standards Institute (BSI) created British Standard BS-15000 as an audit standard, and while it wasn’t an international standard, it did deliver specifications for managing IT, implementing the ITIL, and it established audit criteria and corporate-level certification. Although used primarily in the U.K., BS-15000 had some traction elsewhere in the world.

But following in the path of ISO-9000, the BSI submitted BS-15000 to the ISO, and in December of 2005, the ISO-released it as ISO-20000. Now, for the first time, IT has its own dedicated international standard for auditing and certifying conformance to best practice.

Setting the Mark

ISO-20000 is an international industry standard like ISO-9000, and like ISO-9000, ISO-20000 offers organizational certification. Since ISO-20000 is so closely aligned with ITIL, IT now has a complete package: The existing ITIL certifications qualify personnel and ISO-20000 documents organizational conformance and enables auditing.

ITIL and ISO-20000 work together. Everyone knows that ITIL is descriptive and not prescriptive, that is, ITIL says what to do, not how to do it. Think of ISO-20000 as setting mark and defining the standards for which the ITIL processes should aim.

This natural alignment between the ITIL and ISO-20000 removes one of the toughest problems IT managers face today—gaining management commitment. ISO-20000 not only provides the means to certify IT organizational quality compliance, but it also will help accelerate ITIL adoption.

With ISO-20000, it will now be far easier to gain mind share among senior management, which is a key requirement for those desiring to implement ITIL best practices.

Most senior managers know the benefits associated with obtaining ISO-9000 certification: more access to contracts, wider customer base, competitive advantage, and improved product/service quality, etc.

Other benefits of ISO-20000 include higher IT service quality, increased customer satisfaction, improved user productivity, and reduced costs.

Under the Hood

ISO-20000 is really two specifications, ISO/IEC 20000-1:2005 and ISO/IEC 20000-2:2005, I will refer to them as ISO-20000-1 and 20000-2, respectively.

ISO-20000-1 is the specification for ITIL Service Management. It defines the processes and provides assessment criteria and recommendations for those responsible for IT service management. Organizational certification uses this section.

ISO-20000-2 documents a “code of practice” that explains how manage IT with regard to ISO-20000-1 audits.

While ISO-20000 is aligned with the ITIL it also includes much more than ITIL Service Delivery and Service Support. ISO-20000 includes sections on managing suppliers and the business, as well as Security Management.

Grouping Security Management (previously its own ITIL book) with Service Delivery is an interesting spin, and may also foretell the changes planned for ITIL v.3, due late in 2006 and early 2007.