The standard ISO 20000 is an information technology (IT) service management certification that has been developed to replace the former British Standard (BS) 15000 certification as set by British Standards International group (BSI). Developed as a joint project by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), the standard is alternatively known as IEC 20000. The concept of the standard is to allow all organizations with a core business model founded in information technology to ensure that internationally set best practice measures are adhered to. It also provides the tools for companies to develop and maintain processes that provide for the core needs of their businesses.
Consisting of two main sections, ISO 20000 shares similarities with other ISO standards, such as ISO 14000 and ISO 9000. These similarities include a continual improvement process (CIP) and a process improvement cycle based on the concepts of plan, do, check, and act. As with other ISO certifications, conforming to ISO 20000 guidelines is not certified by the ISO itself but rather through a network of independent assessors and certification bodies. These assessors have the ability to issue ISO 20000 accreditation following an extensive auditing process.
The two parts of the standard have different objectives: specifying the requirements of the standard and setting out the accreditation guidelines. Part one of the documentation is a specification document and sets out the requirements for IT service management in regard to initializing and maintaining processes. It is in this first part that the core requirements for ISO 20000 accreditation are established.
While bearing the same general title as part one, part two is actually a code of practice documentation. In this second section, guidelines for both external auditors and those individuals with responsibility for maintaining the service provision processes within the applying organization are set out. Within the code of practice documentation, guidelines in regard to the measures against which an organization will be audited are provided.
For an organization to be eligible to apply for ISO 20000 accreditation, the scoping document for the standard states that they must possess management control of a process. To achieve this management control, the company must have knowledge and control of the inputs and outputs of the process, including having a set measurement and review procedure in place. The scoping guidelines, published to accompany the documentation for the standard, provide examples of this management control along with guidance regarding whether or not an organization will be eligible to apply for ISO 20000 accreditation.