- What are the Benefits of an ISO 20000 Certification?
An ISO 20000 certificate is proof that your IT organization has demonstrated its ability to
- Be aware of customer needs and respond to these needs.
- Deliver services which meet defined quality levels.
- Make use of resources in an economical way.
As such, the ISO 20000 certificate and the corresponding logo are increasingly a competitive advantage in the market:
Many clients even demand ISO 20000 compliance as a condition for awarding contracts to IT service providers.
Of course, working along ISO 20000 (and ITIL) principles also offers internal benefits for the IT organization, because the standard is all about supporting the business side with adequate IT services, while providing those services as efficiently as possible.
The decision to go for an ISO 20000 certificate sets a specific target for your IT organization and helps to concentrate minds. An ISO 20000 certification initiative is, in other words, a good way to kick-start the adoption of ITIL Best Practice and to make sure motivation stays high.
- What exactly do we have to do to become ISO 20000 compliant?
Unfortunately, the standard ISO/IEC 20000:2011 itself only sets out a number of requirements which must be fulfilled in order to qualify for an ISO 20000 certification. So there is no short answer to the question “What needs to change?”.
As a result, there is often a problem at the start of an ISO 20000 certification initiative:
It is not clear what the future (ISO 20000 compliant) state of your IT organization should be like, making it hard to determine what you should aim for and how much change is needed.
However, since ITIL and ISO 20000 are closely aligned, it is possible to turn to ITIL for advice.
Make ITIL Best Practice instantly available for your ISO 20000 Project
ITIL knowledge is available in the form of books, but the ITIL Process Map, together with the ITIL – ISO 20000 Bridge provides you with a better alternative:
Our ISO 20000 compliant ITIL process model presents the ITIL contents as a complete set of process flowcharts (“Process Templates”) and checklists (“Document Templates”).
The ITIL – ISO 20000 Bridge tells you what ITIL processes and documents should be in place to meet a certain ISO 20000:2011 requirement. For every one of the standard’s 147 single requirements, you can jump right into the relevant process diagrams and document templates.
This means you get specific suggestions on how the requirements can be fulfilled – the ideal way to quickly understand what exactly it means for your IT organization to become ISO 20000 compliant.
We do not mean to say, however, that you must implement all processes to the letter. The reference processes should be seen as one possible approach to implementing ISO 20000, and it is acceptable to use the original processes as a starting point and adapt them to your own organization’s needs – as long as you stay in line with the ISO 20000 requirements.
- What is being verified during the ISO 20000 Certification Audit?
The aim of the ISO20000 certification audit is to check if your organization fulfils the ISO 20000 requirements. In particular, the mandatory requirements of ‘ISO/IEC 20000:2011, Part 1: Service Management System Requirements’ must be fulfilled.
Broadly speaking, the ISO 20000 audit relates to the following aspects of your organization:
Documentation of the ISO 20000 Processes
Adequately documented processes are a prerequisite for managing and continually improving your processes. This is why an ISO 20000 audit typically starts with the examination of the process documentation:
- Are all the processes documented?
- Are the processes linked by consistent information flows?
- Do the processes fulfill the ISO 20000 requirements?
Familiarity with the ISO 20000 Processes
The ISO 20000 auditor will hold structured interviews with IT staff to check if everyone is familiar the processes:
- Do all members of IT staff know their own processes?
- Do they have a general understanding of all ISO 20000 processes?
Adherence to the ISO 20000 Processes
If the ISO 20000 processes are executed as documented, there are traces in the form of documents and records (for example, the Incident Management process is producing Incident Records if executed correctly).
This is why the ISO 20000 audit will include an examination of evidence related to the ISO 20000 processes:
- Do the expected documents and records exist?
- Are they adequate for their purposes?
- What are the typical Project Steps leading to ISO 20000 Certification?
Communicate the goals and benefits of the ISO 20000 certification and the approach for achieving ISO 20000 compliance. This step should include giving everyone in your IT organization at least a basic understanding of ITIL.
Determine the ISO 20000 certification scope
If you want to limit the scope of your ISO 20000 certificate: Decide what parts of the organization, what services and/ or what locations shall be covered by the ISO 20000 certificate.
Conduct an initial ISO 20000 assessment
Determine gaps between today’s situation and the standard’s requirements; this can be done by an external advisor, but there is also an “IT Service Management Self Assessment Workbook” published by BSI.
The result of this step is a detailed list of the ISO 20000 requirements where conformant and non-conformant areas are identified. For non-conformant areas the list includes the findings on what exactly the shortcomings are and how they can be addressed.
Set up the ISO 20000 project
Establish a project board. Choose a project manager and project staff. Determine the necessary resources, prepare a project plan and assign tasks. Choose a certifier and an experienced external advisor.
Prepare for the ISO 20000 certification audit
Close the gaps identified during the initial ISO 20000 assessment – usually the most time-consuming part of an ISO 20000 certification initiative, because (depending on the level of compliance found during the initial assessment) a considerable number of processes may need to be modified or introduced.
During preparation for the ISO 20000 audit, an inventory of requirements, documents and records helps to keep track of what requirements are already fulfilled and what related evidence (documents and records) is in place.
To help you with this task, the ITIL – ISO 20000 Bridge contains a pre-configured inventory which you can use to monitor your progress towards ISO 20000 compliance.
Conduct the ISO 20000 certification audit
The actual ISO 20000 audit must be carried out by an external certifier from a Registered Certification Body (RCB, an organisation which has been granted permission to operate under the itSMF ISO/IEC 20000 Certification Scheme).
Retain ISO 20000 Certification
After the initial certification, a renewal of the ISO 20000 certificate is due every three years, with intermittent assessments every 6 to 12 months.
Make sure that you continue to adhere to the standard and put a strong emphasis on continual service and process improvement.
- Are there typical Pitfalls in an ISO 20000 Project?
No management support
Management must understand and communicate why the service provider is seeking certification, and visibly endorse the initiative.
Too little involvement of IT staff
The advantages of Best Practice should be explained to everyone in your organization, and all members of IT staff should be involved as closely as possible during the design of the new ISO 20000 compliant processes.
If IT staff are able to contribute their views and experiences during the ISO 20000 project, this greatly enhances acceptance of the new processes – and ensures long-term success.
Insufficient resources for the ISO 20000 project
Management commitment must be backed up by the provision of sufficient resources for the certification program. This includes making sure that staff assigned to the project are freed from some of their day-to-day tasks.