Fact Checked

What Is ISO 20000?

Andy Hill
Andy Hill

The standard ISO 20000 is an information technology (IT) service management certification that has been developed to replace the former British Standard (BS) 15000 certification as set by British Standards International group (BSI). Developed as a joint project by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), the standard is alternatively known as IEC 20000. The concept of the standard is to allow all organizations with a core business model founded in information technology to ensure that internationally set best practice measures are adhered to. It also provides the tools for companies to develop and maintain processes that provide for the core needs of their businesses.

Consisting of two main sections, ISO 20000 shares similarities with other ISO standards, such as ISO 14000 and ISO 9000. These similarities include a continual improvement process (CIP) and a process improvement cycle based on the concepts of plan, do, check, and act. As with other ISO certifications, conforming to ISO 20000 guidelines is not certified by the ISO itself but rather through a network of independent assessors and certification bodies. These assessors have the ability to issue ISO 20000 accreditation following an extensive auditing process.

Woman doing a handstand with a computer
Woman doing a handstand with a computer

The two parts of the standard have different objectives: specifying the requirements of the standard and setting out the accreditation guidelines. Part one of the documentation is a specification document and sets out the requirements for IT service management in regard to initializing and maintaining processes. It is in this first part that the core requirements for ISO 20000 accreditation are established.

While bearing the same general title as part one, part two is actually a code of practice documentation. In this second section, guidelines for both external auditors and those individuals with responsibility for maintaining the service provision processes within the applying organization are set out. Within the code of practice documentation, guidelines in regard to the measures against which an organization will be audited are provided.

For an organization to be eligible to apply for ISO 20000 accreditation, the scoping document for the standard states that they must possess management control of a process. To achieve this management control, the company must have knowledge and control of the inputs and outputs of the process, including having a set measurement and review procedure in place. The scoping guidelines, published to accompany the documentation for the standard, provide examples of this management control along with guidance regarding whether or not an organization will be eligible to apply for ISO 20000 accreditation.

You might also Like

Discussion Comments


@hamje32 - I agree, I think that ITIL processes have wider applications. They are basically a set of management principles that will explain how to address common Information Systems scenarios, such as help desk, configuration, capacity planning and continuity management to name a few.

In my opinion these principles are indispensable. Companies that don’t have a formal certification with ITIL or another comparable standard are basically shooting from the hip as I see it.

ITIL training forces you to confront real world scenarios so that when you encounter systems incidents at your workplace, you will be operating from a well thought out philosophy towards resolution rather than just playing things by ear.


@NathanG - It depends on what you want to do; the focus of Cobit is a little different. Cobit is more about IT governance, and I think it has become popular in part due to increased demands for compliance with certain legislation about information security. ITIL, on the other hand, is about managing information systems and processes.

There may be some crossover between the two but they are different. ITIL in my opinion is broader whereas Cobit might be useful if you want to work in the banking or financial sector in some kind of an auditing position.


@hamje32 - I’m familiar with ITIL, but I’ve read a lot of stuff online about Cobit certification. Have you heard about this and do you think it would be worth pursuing?


I believe that ISO certification has been the gold standard for companies wanting to certify the integrity of their business processes for many years. ISO means quality control and we actually considered whether we should pursue ISO certification for our small business.

Actually, for us it came down to a debate between whether to go for the ISO 9001 certification or the ITIL v3 certification. ITIL is more focused on Information Technology whereas ISO 9001 is more focused on management principles in general; in the end we had the IT crew go for the ITIL certifications.

We may pursue the ISO 9001 certification down the line as well, but as a company I think we’ve already internalized ISO 9001’s eight principles of management in our current business processes, so formal certification is not important at this point just yet.

Post your comments
Forgot password?
    • Woman doing a handstand with a computer
      Woman doing a handstand with a computer