ISO/IEC 20000-1. Service management

ISO/IEC 20000-1 defines the requirements for a service management system that includes a set of interrelated processes to support the effective delivery of services to customers.

ISO/IEC 20000-1 is based on the IT service management best practice recommendations from ITIL (IT Infrastructure Library).

Certification to ISO/IEC 20000-1 confirms the customer focus of the service provider and the existence of effective processes meant to control and continually improve the services delivered. A service provider can decide to implement ISO/IEC 20000-1 individually or integrate it with other management system standards like ISO/IEC 27001 (that defines the requirements for an information security management system) or ISO 9001 (quality management system).

ISO/IEC 20000 Standard

Service management refers to all activities performed by a service provider in order to plan, design, deliver, operate and control the services it offers to customers.

ISO/IEC 20000-1 was initially published in 2005 (based on a British standard BS 15000) and revised later in 2011.

There are several parts to ISO/IEC 20000, the first ISO/IEC 20000-1 defines the requirements for a service management system, the second ISO/IEC 20000-2 provides guidance on the application of the requirements in the first part and there are other parts also, like ISO/IEC 20000-3 (guidelines for scope and applicability), ISO/IEC 20000-11 (guidelines on the relationship with ITIL) or ISO/IEC 20000-12 (that details the relationship with another service management framework, CMMI).

For certification purposes, though, service providers have to fulfill the requirements in ISO/IEC 20000-1. Generically, this document requires that service management processes are documented, effectively managed and continually improved.

The requirements of ISO/IEC 20000-1 refer to aspects like: the design and transition of new or changed services, service level management, capacity management, service continuity and availability, information security management, supplier relationship management, incident and service request management, among others.

If you are interested in a detailed presentation of the requirements of ISO/IEC 20000-1 you can check out our online course below.

Interested?
Get in touch with us!

Welcome to your {38e5eebb5c1380f7017bb98b6adfe22a76404ca792267d725b8f2bdb580a7de4}QUIZ_NAME{38e5eebb5c1380f7017bb98b6adfe22a76404ca792267d725b8f2bdb580a7de4}

Which are the components of the P-D-C-A cycle?
What represents a requirement determined as not applicable to the QMS as per ISO 9001:2015?
Which of the following can be considered post-delivery activities according to ISO 9001:2015?
What is the frequency for internal audits required by ISO 9001:2015?
Which of the following statements is true?

Welcome to your {38e5eebb5c1380f7017bb98b6adfe22a76404ca792267d725b8f2bdb580a7de4}QUIZ_NAME{38e5eebb5c1380f7017bb98b6adfe22a76404ca792267d725b8f2bdb580a7de4}

1. What is the relation between environmental aspects and impacts?
2. Which statement is true according to ISO 14001:2015?
3. The corrective action is?
4. As per ISO 14001:2015 compliance obligations refer to:
5. For determining environmental aspects purposes, the life cycle of a product may include stages like:

Welcome to your {38e5eebb5c1380f7017bb98b6adfe22a76404ca792267d725b8f2bdb580a7de4}QUIZ_NAME{38e5eebb5c1380f7017bb98b6adfe22a76404ca792267d725b8f2bdb580a7de4}

1. The occupational health and safety policy
2. What represents a “near-miss”?
2. OHSAS 18001 requires:
4. Which of the following statements is false?
5. As per OHSAS 18001 the health and safety of visitors to the workplace represents the responsibility of the organization?

Welcome to your {38e5eebb5c1380f7017bb98b6adfe22a76404ca792267d725b8f2bdb580a7de4}QUIZ_NAME{38e5eebb5c1380f7017bb98b6adfe22a76404ca792267d725b8f2bdb580a7de4}

1. What represents the Statement of Applicability?
2. In case the same person is responsible for both initiating and approving specific transactions, what information security control is not respected?
3. In case the organization decides to outsource software development does it have any responsibility to monitor the activity of its subcontractor(s) in terms of information security?
4. The decision to accept a security risk represents an option for treatment?
5. What is the principle of independence related to internal audits referring to?