When the 2011 edition of the global standard ISO/IEC 20000 came into effect, there was a visible interpretation in (at least some portions of) the industry that the standard has now made itself applicable to ‘generic Service management’ and not just IT.
But in those areas as well, there has been a split in opinion:
A set of practitioners, consultants, auditors etc who believed that ISO/IEC 20000 has really moved beyond an ITSM standard into a standard for ‘Service management in general‘. In other words, this standard can be used to benchmark and certify non-IT Service management as well.
Another set of people (including me) who were not very sure if that was really the case…
Why the interpretation came into the industry?
- Most of the text in clauses and terminologies of the standard mentioned just ‘Service management’ and nothing specific about IT.
- The Application Section of the standard stated: ‘All requirements in this part of ISO/IEC 20000 are generic and are intended to be applicable to all service providers, regardless of type, size and the nature of the services delivered.’
Then why the doubt or confusion still existed? Here are some reasons:
- The title of the standard still read: ‘Information technology — Service management’
- The Forward section of the 2011 edition talks about the summary of differences with the earlier (2005) edition of the standard such as: closer alignment to ISO 9001; closer alignment to ISO/IEC 27001; change of terminology to reflect international usage and so on – but nothing on this significant scope change of this standard.
And more importantly, if you look closer, even the 2005 edition of the standard never mentioned anything specific to IT in most of its text, except in the title! (This in some form, justifies the point about the Forward Section mentioned in second bullet above.)
So is this a change in the standard with the 2011 edition? Or Is ISO/IEC 20000 intended from a standard for generic service management from day 1?
If so why the title specifically says ‘Information Technology’ ?
Recently I came across a discussion in this regard in a LinkedIn group (ISO 20000) where in a detailed response from Erin Casteel high-lighted a few interesting points.
Erin wrote (just an extract from her post in the LinkedIn group post) :
“As the Convener of the working group within ISO responsible for the ISO/IEC 20000 series (JTC1/SC7/WG25), I can confirm that because ISO/IEC 20000-1 is a requirements standard used by auditors and by organizations wishing to demonstrate conformity and achieve certification, it must be interpreted as written. Clause 1.2 states: ‘All requirements in this part of ISO/IEC 20000 are generic and are intended to be applicable to all service providers, regardless of type, size and the nature of the services delivered.’ “
“I can also confirm that we were very careful when writing ISO/IEC 20000-1 not to use the term ‘IT’ within the body of the standard, specifically for this reason. ISO/IEC 20000-1 is requirements for a service management system (SMS), not an IT service management system. The services supported by the SMS can be any type of services, often several different types. What an auditor/assessor cares about is whether the service provider meets the requirements of 20000-1.”
“So the question everybody asks once they understand this is ‘Why does the title of ISO/IEC 20000-1 include Information Technology?’. The answer is that every single standard from the JTC1 part of ISO gets this title automatically – it is on the template. ISO/IEC 27001 is a good example. The full title of that standard is: ISO/IEC 27001:2005 – Information technology – Security techniques – Information security management systems – Requirements. However, ISO/IEC 27001 is not just for IT security management, but enterprise wide security management.”
These are very useful inputs – however, I really doubt if industry has really understood or interpreted the standard that way!
Here are some examples where ISO/IEC 20000 is still treated as ‘IT’ Service management standard:
- The official Certification scheme page of APMG (
“The APM Group Ltd owns and operates the ISO/IEC 20000 Organizational Certification Scheme formerly managed by itSMF. Our market-leading scheme allows organizations to demonstrate the quality of their IT processes through certification against the ISO/IEC 20000 standard. ISO/IEC 20000 is an international IT standard that allows companies to demonstrate excellence and prove best practice in IT management. The standard ensures companies can achieve evidence-based benchmarks to continuously improve their delivery of IT services.
- APMG ISO/IEC 20000 qualifications page describe the standard with points such as :
“ISO/IEC 20000 is an international standard that allows organizations to demonstrate excellence and prove best practice in IT service management.
The standard allows IT service provider organizations to achieve conformance to a service management system which requires them to continually improve their delivery of IT services.
The adoption of ISO 20000 has grown rapidly in the international arena for both internal and external IT service providers and it has become a competitive differentiator for delivery of IT services”
Also to look at the sites of a couple of Registered Certifying bodies (RCB) of the standard just for sample:
- BSI group website describes the standard with points such as:
“Companies of any size rely on effective IT service management. No matter where you’re based or what you do, your IT services need to be cost effective, reliable, consistent and efficient. You can achieve all of this with ISO/IEC 20000 if you manage internal IT services or provide IT services as an outsourced service provider. Plus you’ll bring ITIL up to standard so that your IT services deliver exactly what’s needed”
- DNV website description of standard includes:
“The standard is intended for organisations that provide managed IT services such as infrastructure and applications support, both for external delivery to clients and for internal IT groups.
For third party certification, you need to implement an effective IT service management system complying with the requirements of the standard.”
The above examples are important indications that , if the intent of ISO is to make ISO/IEC 20000 as an international standard for Service management in general, the industry has not understood or accepted it in the same manner.
At this point, one thing is clear: there is not enough clarity here (no pun intended!)
At least, for me!
Does anyone have some clear views or sources of information on this? Have anyone come across any non-IT Service provider who (got, or planning to get) certified in ISO/IEC 20000?
Would be great to hear.