- +1 (281)-895-8736
- info@tuvcertiq.com
ISO 20000-1:2018 is an international standard for IT service management. It specifies the service provider’s requirements to plan, establish, implement, operate, monitor, review, maintain, and improve the management system. The requirements include designing, transitioning, delivering, and improving services to fulfill agreed service requirements.
ISO 20000-1 is the standard that enables companies who deliver services to align them with a unique Service Management Standard. Typically used for IT services, This Standard can be applied to all services industries.
It is currently the 8th most popular ISO standard Globally, with over 5,300 companies adopting the standard.
This Service Management System standard provides a framework for best practices based on the principles of the Information Technology Infrastructure Laboratory and ISO 9001 requirements. Key focus areas include defining:
Service Strategy
Service Design
Service Delivery
Continual Service Improvement
Processes
Roles & Responsibilities
Principles
Roles & Responsibilities
Principles
Processes
Roles & Responsibilities
Processes
Functions
Process
If your company is looking for a Certification in Information Technology (ITSM) system-based standard, you might be overwhelmed with figuring out where to start. To help with this, here is an overview of the steps that are needed to help you to make sure that nothing is missed during your implementation and preparations for Certification.
This is the most critical. Without the support of management, your implementation of ISO 20000 will almost certainly fail. Plan your sales pitch well to convince your management that this is a good idea.
Determine the cut-off period by which you need to have certification in place. This would enable reverse engineering of the project and the importance of the timelines, including the early start-off date. Identify the project leader. Identify the products or services to be included in the scope of this certification. Do the costing. It provides implementation learning costs and certification fees.
This is required to gain an A to Z in the fundamentals of ITSM. We need to cover all resources in the scope. This training is imparted in batches by specialists and industry experts. Evidence of Training records needs to be maintained for demonstration during Certification Audit.
Implementation can no longer be tasked to a single person or group of few persons in the organization. This standard is premised on RISK Based thinking, and risk management must be done at the hands of respective departments and functions, such that the head of the departments is the “Risk-Owners.”
Therefore, the implementation team would include Heads of the departments, deputies, or other critical resources besides the central unit in each function.
This training is imparted by a ‘specialist and industry expert’ to the implementation team identified by the organization. The Implementation training is workshop-style, covering practical implementation cases of your organization and its processes. This would last up to 7 days.
Defining the context, scope, and policy of your ITSM will help ensure you know the limits of what needs to be done so that you do not include areas of business that might not affect your system. The essential tool to define the scope is the dependency matrix which will be the first document you will need to create for the ITSM.
Risk Assessment and Risk Treatment is the backbone of ISO 22000 Implementation. ITSM objectives help to conduct a dipstick check of the performance levels Documentation will include the mandatory procedures defined by the ITSM Standard and any other processes and procedures required by your company to ensure consistent and adequate results concerning ITSM.
The key is to represent all processes in your company and look at how they interact with your organization. It is in these interactions that problems occur. The extent of documentation depends on the organization’s size, the processes’ complexity, and the people’s competence.
Often, these processes will already be in place at your company and must be adequately documented to ensure consistent results. Of course, not all functions need to be documented procedures, but deciding which ones need to be done to provide compliant products and services is essential.
This Standard requires the organization to train a team of internal auditors who regularly perform cross audits on one another. Therefore, internal Audits need to be competent. In addition, the organization shall need a specialist industry expert to impart Internal Auditor Training to evidence the same.
Before the Lead Auditors of the Certification body visit to audit your system, ISO 20000 mandates that you audit each process internally. This will allow you to ensure that the methods are going as you had planned. You will also be able to implement the necessary corrective actions to fix any problems you find.
This is the step where you find the root cause of any problems encountered during your measurements, internal audits and management review, deviations from the established processes, and customer concerns, and take action to correct the root cause. This is the critical step toward continual improvement.
Just as management must support the implementation of ITSM. It is also vital that they are fully involved in the maintenance of the ITSM. Top leadership needs to review specific data from the activities of the ITSM to ensure that the processes have adequate resources to be effective and improve.
Specialist industry experts do this to help organizations in gap analysis so that gaps identified during pre-assessment/ gap analysis are plugged before the organization Proceeds for Certification Audit. This is a crucial step to raising the confidence level of the auditees.
This can be a crucial step in determining how effective your implementation is. This Certification body is the company that will ultimately audit your ITSM and decides if it is compliant with ISO 20000 Requirements and whether it is effective and improving.
This is a review of your Documentation by the certification body auditors to verify that, on paper, you have addressed all the requirements of this standard.
The Auditors will issue a report outlining where you comply and where there are problems, and you will have a chance to implement any corrective actions to address the issues. This may occur during the time frame defined for the initial operation of the ITSM.
This is the leading audit when the certification body auditors will review the records you have accumulated by operating your ITSM processes, including your records of internal audits, management review, and corrective actions.
From this review, which will take several days, they will issue a report detailing their findings and whether your ITSM is effective and in compliance with the ISO 20000 requirements. The auditors will also recommend Certification if you meet all requirements. However, if you have any major non-conformances, you will need to take corrective action before Certification can be recommended.
A good plan will help a lot when implementing ITSM Standard and working toward Certification, so do take the time to plan and know what resources you need- this will save your time and resources later on.
It specifies requirements for implementing an Information Technology Service Management System.
Key Features