I wrote a blog in June about how ITIL can map onto ISO/IEC 20000-1. Now we have a new edition of ITIL and this paper discusses how the changes to ITIL map onto ISO/IEC 20000-1. This paper also updates the high level mapping table. I have left some of the original introduction text in this blog for those who did not see the original text.
The new edition of ITIL
I am so pleased to see that ITIL has finally caught up with ISO/IEC 20000 by having a business relationship management process. This is a key process to the success of a service and it is vital to understand that this operates at a strategic level while service level management operates at a tactical level.
I am less pleased to see that service reporting is no longer a process but an activity that occurs in all ITIL lifecycle stages. It has thus lost its focus of ensuring that the reports are defined and used for management activities and may get lost within other process details.
Other changes impacting the mapping are:
– New process – Strategy management for IT service
– New process – Design coordination
– Change of name from Financial management to Financial management for IT services
– Change of name from Evaluation to Change evaluation
– Service measurement has become an activity and not a process
The relationship between ISO/IEC 20000 and ITIL
ISO/IEC 20000, the international standard for service management, has been with us since 2005. The new edition of ISO/IEC 20000 part 1 was published in April 2011. This new edition provides better support for service providers who are using the ITIL best practice framework to help them to achieve the requirements of ISO/IEC 20000-1.
Whether you are an ITIL user wanting to achieve ISO/IEC 20000 certification or a user who already has ISO/IEC 20000 certification supported by ITIL, this is good news for you.
It is important to understand the relationship between the two. The links between ISO/IEC 20000 and ITIL® are links of spirit and intent, not of control. Both serve different purposes and are therefore different in format, structure, style and detail.
The standard sets out what is mandatory for a service provider to achieve. Much of the ITIL guidance would not be considered essential for all service providers. For example, not all service providers need to go through a service strategy phase in order to obtain certification for their currently running services.
Service providers can achieve compliance to the standard without using ITIL but by using other methodologies or their own techniques. There are therefore no references to ITIL within the standard. This is explained in the introduction to the standard: ‘ISO/IEC 20000-1 is intentionally independent of specific guidance. The service provider can use a combination of generally accepted guidance and its own experience.
There is to be an additional part of ISO/IEC20000 which maps ISO/IEC 20000-1 to ITIL. Publication is some time away as work on this has only just started. ISO/IEC 20000-1 will be mapped to the 2011 edition of ITIL which was published in July 2011. This is the first in a series of mappings. Other mappings may include COBIT and CMMI-SVC.
High level mapping of ISO/IEC 20000-1 to ITIL
Most national and international standards need to be capable of being used by many types of organization with different structures. It is also important that an organization does not become nonconforming if it reorganises its internal structure. Clause 1 of the 2011 edition covers the types of organizations: ‘All requirements in this part of ISO/IEC 20000 are generic and are intended to be applicable to all service providers, regardless of type, size and the nature of the services delivered.’
Functions, which are part of an organization’s structure, are therefore not included in the standard and it cannot be directly mapped to the 4 ITIL functions.
The key terms used in ISO/IEC20000-1 are similar to those in ITIL.
It is possible to map the ISO/IEC 20000-1 requirements at clause or process level to the ITIL lifecycles and processes. Some mappings are strong e.g. change management, and some are weak e.g. strategy management for IT services.
|ISO/IEC 20000-1 2011 edition clause||ITIL lifecycle stage||ITIL process – changes for 2011 edition of ITIL are shown in bold italics|
|4 – Service management system general requirements||Service Strategy||Strategy management for IT services|
|4.1 – management responsibility22.214.171.124 – management review5 – design and transition of new or changed services||Service Strategy||Service portfolio management|
|4 – Service management system general requirements6.5 – Capacity management7.1 – Business relationship management||Service Strategy||Demand management|
|4.1.2 – Service management policy4.5 – Establish and improve the SMS||Continual Service Improvement||7-step improvement process|
|4.3 – Documentation management9.3 – Configuration management||Service Transition||Knowledge management|
|4.6.4 – Monitor and review the SMS6.2 – service reportingas well as all other clauses||Continual Service Improvement||Service measurement (an activity and not a process)|
|5 – Design and transition of new or changed services||Service TransitionService Design||Transition planning and supportDesign coordination|
|5 – Design and transition of new or changed services9.2 – Change management9.3 – Release and deployment management||Service Transition||Service validation and testingChange evaluation|
|6.1 – Service level management||Service Design||Service level managementService catalogue management|
|6.2 – Service reporting||Continual Service Improvement||Service reporting (an activity and not a process)Other aspects of service reporting are within many of the ITIL processes e.g. service level management|
|6.3 – Service continuity and availability management||Service Design||Availability managementIT service continuity management|
|6.3 – service continuity and availability management6.5 – capacity management||Service Operation||Event management|
|6.4 – Budgeting and accounting for services||Service Strategy||Financial management for IT services|
|6.5 – Capacity management||Service Design||Capacity management|
|6.6 – Information security management||Service Design||Information security management|
|6.6 – Information security management6.3 – Service continuity and availability management8.1 – Incident and service request management||Service Operation||Access management|
|7.1 – Business relationship management||Service Strategy||Business relationship management|
|7.2 – Supplier management||Service Design||Supplier management|
|8.1 – Incident and service request management||Service Operation||Incident managementRequest fulfilment|
|8.2 – Problem management||Service Operation||Problem management|
|9.1 – Configuration management||Service Transition||Service asset and configuration management|
|9.2 – Change management5 – Design and transition of new or changed services||Service Transition||Change management|
|9.3 – Release and deployment management||Service Transition||Release and deployment management|
Lynda Cooper, ITIL Master, ISO/IEC 20000-1 project editor
Find out more about APMG-Internationals ISO/IEC 20000 qualifications for individuals, or read about our global ISO/IEC 20000 Certification Scheme here.