ISO/IEC 20000 in Practice

The ISO/IEC 20000-1 standard may come across as a highly theoretical document. It basically states around 250 requirements for a Service Management System (SMS), which is the whole of processes, organizational structures, staffing, information systems and other elements that are used to provide services to customers.

This setup was done on purpose: ISO/IEC 20000-1 is an International Standard that only tells organizations what to do in order to develop a good SMS and deliver services in the right way; it does not tell you how to do it. How to run an SMS and services is dependent on the organization itself, the nature of the services provided, the customers served, and many other aspects.

There is a first practical step that organizations can take to start and conform to the requirements of ISO/IEC 20000-1, though. This step consists of putting together the required documentation. As it goes with ISO standards, certain evidence is required to be able to show auditors (either internal or external ones) that your organization conforms to the requirements. The best and easiest way to do this is to develop and maintain good documentation.

When you buy my book IT Service Management: ISO/IEC 20000-1:2018 Introduction and Implementation Guide, you get free access to the accompanying documentation toolkit (available on https://www.vanharen.net/). This toolkit contains a large number of easy-to-use document templates that can be used to meet all the documentation requirements from the standard. On top of that, templates have been provided that go beyond the requirements of the standard, but in fact constitute best practice to document aspects of your SMS.

An example of a template that meets the requirements of ISO/IEC 20000-1 is the one used to document the scope statement (ISO/IEC 20000-1:2018, clause 4.3). This document is part of the mandatory documentation called out in the standard. It is a matter of completing it for the scope of your organization and its services that are in scope of your SMS and you are done. This likely saves you a lot of time developing the right documentation yourself.

Other templates are based on my own experience running management systems and are not strictly required by the standard. For instance, a template is provided to document the interested parties and their needs (ISO/IEC 20000-1:2018, clause 4.2). Nowhere in the standard does it say that you need to write a document listing them. However, given that it constitutes a requirement form the standard, auditors may ask about them and then it is simply handy to have the list of your interested parties documented somewhere. If you don’t have it documented, an auditor may not list it as a non-conformity (it would at most qualify as an opportunity for improvement or OFI). If you do have it documented, you may score a “strength” during an audit, though.

Completing the required (and non-mandatory) documentation for your SMS is only a first step towards practically running the SMS and the services. It is in fact simply a baseline beyond which the actual day-to-day running of the SMS takes place. How practically to run your SMS on a daily basis is the subject of a future article.

Dolf van der Haven is the author of IT Service Management: ISO/IEC 20000-1:2018 Introduction and Implementation Guide and several other books in the area of IT Service Management and Governance of IT. He is member of the ISO/IEC committee developing the ISO/IEC 20000 series and acted as Project Editor for ISO/IEC 20000-7 and ISO/IEC 20000-11.

ITIL ISO 20000