When the 2011 edition of the global standard ISO/IEC 20000 came into effect, there was a visible interpretation in (at least some portions of) the industry that the standard has now made itself applicable to ‘generic Service management’ and not just IT.
But in those areas as well, there has been a split in opinion:
A set of practitioners, consultants, auditors etc who believed that ISO/IEC 20000 has really moved beyond an ITSM standard into a standard for ‘Service management in general‘. In other words, this standard can be used to benchmark and certify non-IT Service management as well.
Another set of people (including me) who were not very sure if that was really the case…
Why the interpretation came into the industry?
- Most of the text in clauses and terminologies of the standard mentioned just ‘Service management’ and nothing specific about IT.
- The Application Section of the standard stated: ‘All requirements in this part of ISO/IEC 20000 are generic and are intended to be applicable to all service providers, regardless of type, size and the nature of the services delivered.’
Then why the doubt or confusion still existed? Here are some reasons:
- The title of the standard still read: ‘Information technology — Service management’
- The Forward section of the 2011 edition talks about the summary of differences with the earlier (2005) edition of the standard such as: closer alignment to ISO 9001; closer alignment to ISO/IEC 27001; change of terminology to reflect international usage and so on – but nothing on this significant scope change of this standard.
And more importantly, if you look closer, even the 2005 edition of the standard never mentioned anything specific to IT in most of its text, except in the title! (This in some form, justifies the point about the Forward Section mentioned in second bullet above.)
So is this a change in the standard with the 2011 edition? Or Is ISO/IEC 20000 intended from a standard for generic service management from day 1?
If so why the title specifically says ‘Information Technology’ ?
Recently I came across a discussion in this regard in a LinkedIn group (ISO 20000) where in a detailed response from Erin Casteel high-lighted a few interesting points.
Erin wrote (just an extract from her post in the LinkedIn group post) :
“As the Convener of the working group within ISO responsible for the ISO/IEC 20000 series (JTC1/SC7/WG25), I can confirm that because ISO/IEC 20000-1 is a requirements standard used by auditors and by organizations wishing to demonstrate conformity and achieve certification, it must be interpreted as written. Clause 1.2 states: ‘All requirements in this part of ISO/IEC 20000 are generic and are intended to be applicable to all service providers, regardless of type, size and the nature of the services delivered.’ “
“I can also confirm that we were very careful when writing ISO/IEC 20000-1 not to use the term ‘IT’ within the body of the standard, specifically for this reason. ISO/IEC 20000-1 is requirements for a service management system (SMS), not an IT service management system. The services supported by the SMS can be any type of services, often several different types. What an auditor/assessor cares about is whether the service provider meets the requirements of 20000-1.”
“So the question everybody asks once they understand this is ‘Why does the title of ISO/IEC 20000-1 include Information Technology?’. The answer is that every single standard from the JTC1 part of ISO gets this title automatically – it is on the template. ISO/IEC 27001 is a good example. The full title of that standard is: ISO/IEC 27001:2005 – Information technology – Security techniques – Information security management systems – Requirements. However, ISO/IEC 27001 is not just for IT security management, but enterprise wide security management.”
These are very useful inputs – however, I really doubt if industry has really understood or interpreted the standard that way!
Here are some examples where ISO/IEC 20000 is still treated as ‘IT’ Service management standard:
- The official Certification scheme page of APMG (http://www.isoiec20000certification.com/) states:
“The APM Group Ltd owns and operates the ISO/IEC 20000 Organizational Certification Scheme formerly managed by itSMF. Our market-leading scheme allows organizations to demonstrate the quality of their IT processes through certification against the ISO/IEC 20000 standard. ISO/IEC 20000 is an international IT standard that allows companies to demonstrate excellence and prove best practice in IT management. The standard ensures companies can achieve evidence-based benchmarks to continuously improve their delivery of IT services.
- APMG ISO/IEC 20000 qualifications page describe the standard with points such as :
“ISO/IEC 20000 is an international standard that allows organizations to demonstrate excellence and prove best practice in IT service management.
The standard allows IT service provider organizations to achieve conformance to a service management system which requires them to continually improve their delivery of IT services.
The adoption of ISO 20000 has grown rapidly in the international arena for both internal and external IT service providers and it has become a competitive differentiator for delivery of IT services”
Also to look at the sites of a couple of Registered Certifying bodies (RCB) of the standard just for sample:
- BSI group website describes the standard with points such as:
“Companies of any size rely on effective IT service management. No matter where you’re based or what you do, your IT services need to be cost effective, reliable, consistent and efficient. You can achieve all of this with ISO/IEC 20000 if you manage internal IT services or provide IT services as an outsourced service provider. Plus you’ll bring ITIL up to standard so that your IT services deliver exactly what’s needed”
- DNV website description of standard includes:
“The standard is intended for organisations that provide managed IT services such as infrastructure and applications support, both for external delivery to clients and for internal IT groups.
For third party certification, you need to implement an effective IT service management system complying with the requirements of the standard.”
The above examples are important indications that , if the intent of ISO is to make ISO/IEC 20000 as an international standard for Service management in general, the industry has not understood or accepted it in the same manner.
At this point, one thing is clear: there is not enough clarity here (no pun intended!)
At least, for me!
Does anyone have some clear views or sources of information on this? Have anyone come across any non-IT Service provider who (got, or planning to get) certified in ISO/IEC 20000?
Would be great to hear.
Vinod Agrasala's ITSM / ITIL Blog 
March 1, 2013 at 8:38 am
This is a great blog and extremely insightful. I had a question going back to some of your earlier ITSM posts. Does the service design domain formalize interfaces between SD process and service ops (incident, problem, event)? and if so, how? Have you seen this as a challenge?
March 1, 2013 at 9:05 am
Hi Lucine,
Thanks.
I think there are two parts to the answer to your question.
If you think about the interface from SD as a lifecycle stage to SO, it will be predominantly through the connecting stage – ST. But there will be (or should be) much closer interactions between the Service Design Processes (or the processes included by ITIL in SD), and SO processes and functions.
Probably will put my detailed thoughts on the same in a separate post soon. Thanks for the trigger 🙂
Vinod
March 2, 2013 at 12:30 am
I’m not sure I’m following what you mean. So how does service design domain intend to formalize interfaces between SD and SO? What is your interpretation of “formalize”?
March 7, 2013 at 3:32 pm
Lucine,
What I meant is the lifecycle stage ‘formalize’ or formally document and establish the design details of the new/changed service in the Service design Package and hand over the same to Service Transition – not directly to Service operation (though the same SDP is an input for Service operation as well). Now if your question is about Processes included in Service Design by ITIL – for example say Capacity management: these process’ activities are not restricted in Service Design stage. Their activities get spread onto Service transition, Operation and CSI stages as well. So in the Service operation stage, these processes can have specific interfaces with the processes such as event management, Incident management. In fact those activities of the process (say, capacity management) that falls under Service operation stage – could be excuted by the Service operation functions and roles.
If I am completely off-the point regarding your question again – request you to explain and give context to the aspect ‘formalize’ please…
October 15, 2013 at 11:47 am
[…] I have written in an earlier post regarding the confusion that exists in this matter. […]
October 28, 2013 at 3:49 pm
useful Information .Thanks for sharing.
ISO 27001 Certification
May 19, 2014 at 6:19 pm
Very good post, I was really searching for this topic, as I wanted this topic to understand completely and it is also very rare in internet, that is why it was very difficult to understand.
ISO20000 Procedures
June 14, 2014 at 4:50 pm
Hi there! great post. Thanks for sharing some very interesting and informative content it is a big help to me as well, keep it up!!!
ISO 20000 Consultant
May 23, 2017 at 2:58 pm
It’s awesome to go to see this site and reading the views of all colleagues about this piece of writing, while I am also zealous of getting knowledge.|
December 9, 2020 at 2:38 pm
Nice blog. Thank you for sharing this blog.