ISO 20000-1. IT Service management

ISO 20000 defines the requirements for a service management system through an integrated set of processes meant to support the efficient provision of IT services.

Although this is not a specific requirement, the use  of ITIL recommendations is helpful in obtaining conformity to ISO/IEC 20000-1.  This certification scheme is owned by the APM Group Ltd.

Certification to ISO/IEC 20000-1 provides the opportunity for the organization to demonstrate customer focus. The standard can be implemented and certified as a stand alone or it can be integrated with other management system standards like ISO/IEC 27001 (information security management system) or ISO 9001 (quality management system).

ISO 20000 Standard

IT service management includes all activities performed by an organization to plan, design, provide, operate and control IT services that it offers to customers.

ISO/IEC 20000 has been developed initially in 2005, the revised in 2011 and includes good practice guides from ITIL (Information Technology Infrastructure Library).

There are several parts of this standard like ISO/IEC 20000-1 (defining the requirements of a service management); ISO/IEC 20000-2 (a guide with relevant good practice) or ISO/IEC TR 20000-9 (a guide for applying ISO/IEC 20000-1 for cloud services), among others.

For certification purposes though, organizations should respect the requirements of ISO/IEC 20000-1. The main requirements are for the IT processes to be documented, adequately managed and continually improved.

ISO/IEC 20000-1 refers to aspects like the development and transition to new or changed service, continuity and availability of services, service budgeting, capacity management, supplier management, information security or the management of incidents and service requests.

Get in touch with us!

Which are the components of the P-D-C-A cycle?
What represents a requirement determined as not applicable to the QMS as per ISO 9001:2015?
Which of the following can be considered post-delivery activities according to ISO 9001:2015?
What is the frequency for internal audits required by ISO 9001:2015?
Which of the following statements is true?

1. What is the relation between environmental aspects and impacts?
2. Which statement is true according to ISO 14001:2015?
3. The corrective action is?
4. As per ISO 14001:2015 compliance obligations refer to:
5. For determining environmental aspects purposes, the life cycle of a product may include stages like:

1. The occupational health and safety policy
2. What represents a “near-miss”?
2. OHSAS 18001 requires:
4. Which of the following statements is false?
5. As per OHSAS 18001 the health and safety of visitors to the workplace represents the responsibility of the organization?

1. What represents the Statement of Applicability?
2. In case the same person is responsible for both initiating and approving specific transactions, what information security control is not respected?
3. In case the organization decides to outsource software development does it have any responsibility to monitor the activity of its subcontractor(s) in terms of information security?
4. The decision to accept a security risk represents an option for treatment?
5. What is the principle of independence related to internal audits referring to?