ISO/IEC 20000

ISO/IEC 20000 is the first international standard for IT service management. It was developed in 2005 by ISO/IEC JTC1/SC7 and revised in 2011 and 2018.[1] It was originally based on the earlier BS 15000 that was developed by BSI Group.[2]

ISO/IEC 20000, like its BS 15000 predecessor, was originally developed to reflect best practice guidance contained within the ITIL (Information Technology Infrastructure Library) framework (reference needed), although it equally supports other IT service management frameworks and approaches including Microsoft Operations Framework and components of ISACA's COBIT framework. The differentiation between ISO/IEC 20000 and BS 15000 has been addressed by Jenny Dugmore.[3][4]

The standard was first published in December 2005. In June 2011, the ISO/IEC 20000-1:2005 was updated to ISO/IEC 20000-1:2011. In February 2012, ISO/IEC 20000-2:2005 was updated to ISO/IEC 20000-2:2012.

ISO 20000-1 has now been revised by ISO/IEC JTC 1/SC 40 IT Service Management and IT Governance. The revision has been released in July 2018. From that point certified entities enter a three year transition period to update to the new version of ISO 20000-1. <>


ISO/IEC 20000-1: Service management

Formally: ISO/IEC 20000-1:2018 ('part 1') specifies requirements for "establishing, implementing, maintaining and continually improving a service management system (SMS). An SMS supports the management of the service lifecycle, including the planning, design, transition, delivery and improvement of services, which meet agreed requirements and deliver value for customers, users and the organization delivering the services.". The 2018 version (ISO/IEC 20000-1:2018) comprises ten sections, following the high-level structure from Annex SL of the Consolidated ISO/IEC Directives, Part 1:

  1. Scope
  2. Normative references
  3. Terms and definitions
  4. Context of the organization
  5. Leadership
  6. Planning
  7. Support of the Service Management System
  8. Operation of the Service Management System
  9. Performance Evaluation
  10. Improvement

ISO/IEC 20000-2: Guidance on the application of service management systems

ISO/IEC 20000-2:2012 provides guidance on the application of service management systems (SMS) based on the requirements in ISO/IEC 20000-1:2011. It is currently being updated to provide guidance on ISO/IEC 20000-1:2018 and is scheduled to be published mid-2019.

ISO/IEC 20000-3: Guidance on scope definition and applicability of ISO/IEC 20000-1

ISO/IEC 20000-3:2012 provides guidance on scope definition, applicability and demonstration of conformance for service providers aiming to meet the requirements of ISO/IEC 20000-1, or for service providers who are planning service improvements and intending to use ISO/IEC 20000 as a business goal. It supplements the advice in ISO/IEC 20000-2, which provides generic guidelines for implementing an SMS in accordance with ISO/IEC 20000-1. ISO/IEC 20000-3 is currently being updated to provide guidance on ISO/IEC 20000-1:2018 and is scheduled to be published mid-2019.

[Withdrawn] ISO/IEC 20000-4: Process assessment model

ISO/IEC TR 20000-4:2010 has been withdrawn. A set of new documents providing a Process Reference Model (PRM) and a Process Assessment Model (PAM) based on ISO/IEC 20000-1:2018 is being developed by ISO/IEC JTC1/SC7 in the 33000 series of standards.

ISO/IEC 20000-5: Exemplar implementation plan for ISO/IEC 20000-1

ISO/IEC TR 20000-5:2013 service providers on how to best achieve the requirements of ISO/IEC 20000-1. ISO/IEC 20000-5 will be updated based on the current version of ISO/IEC 20000-1.

ISO/IEC 20000-6:2017 Requirements for bodies providing audit and certification of service management systems

ISO/IEC 20000-6:2017 provides requirements for auditing bodies for the assessment of conformance to ISO/IEC 20000-1.

ISO/IEC 20000-7: Guidance on the Integration and Correlation of ISO/IEC 20000-1:2018 to ISO 9001:2015 and ISO/IEC 27001:2013

ISO/IEC TR 20000-7 provides guidance on the integrated implementation of a Service Management System based on ISO/IEC 20000-1 with a Quality Management System based on ISO 9001:2015 and/or an Information Security Management System based on ISO/IEC 27001:2013. It is currently being developed and aimed for publication mid-2019.

[Withdrawn] ISO/IEC 20000-9: Guidance on the application of ISO/IEC 20000-1 to cloud services

ISO/IEC TR 20000-9:2015 provided guidance on the use of ISO/IEC 20000‑1:2011 for service providers delivering cloud services.

ISO/IEC 20000-10: Concepts and vocabulary

ISO/IEC TR 20000-10:2018 describes the core concepts of ISO/IEC 20000, identifying how the different parts support ISO/IEC 20000‑1:2018 as well as the relationships between ISO/IEC 20000 and other International Standards and Technical Reports. This part of ISO/IEC 20000 also explains the terminology used in the ISO/IEC 20000 series, so that organizations and individuals can interpret the concepts correctly.

ISO/IEC 20000-11: Guidance on the relationship between ISO/IEC 20000-1 and service management frameworks: ITIL®

ISO/IEC TR 20000-11:2015 is a Technical Report that provides guidance on the relationship between ISO/IEC 20000-1:2011 and a commonly used service management framework, ITIL.

ISO/IEC 20000-12: Guidance on the relationship between ISO/IEC 20000-1 and service management frameworks: CMMI-SVC

ISO/IEC TR 20000-12:2016 is a Technical Report that provides guidance on the relationship between ISO/IEC 20000-1:2011 and a commonly used service management framework, CMMI-SVC.

ISO/IEC 20000-13: Guidance on the relationship between ISO/IEC 20000-1 and service management frameworks: COBIT

ISO/IEC TR 20000-13 is a Technical Report that provides guidance on the relationship between ISO/IEC 20000-1:2018 and a commonly used service management framework, COBIT 2019. It is currently under development and aimed for publication late 2019

Certifications and qualification schemes

As with most ISO standards, organizations and individuals seek training towards establishing knowledge and excellence in applying the standard. The certification scheme targets organizations, while the qualification scheme targets individuals.

Qualification of individuals is offered by URS, APMG-International, EXIN, PECB, Loyalist Certification Services, TÜV SÜD Akademie, PEOPLECERT, and IRCA. The EXIN, Loyalist and TÜV SÜD program is in fact a qualification in IT Service Management based on ISO/IEC 20000 and includes a Foundation level and several role based certificates: professionals in Align, Deliver, Control and Support, Associate, (Executive) Consultant/Manager and Auditor. The APMG qualifications are focused on getting an organization certified and presume knowledge of IT Service Management is already available. The APMG qualifications are conducted at the Foundation, Practitioner and Auditor level. IRCA and other organizations involved in the certification of auditors have developed their own auditor training and certification for ISO/IEC 20000 auditors.

In terms of certification, there are leading certification bodies around the world, for instance, BSI in UK, Quality Austria in Austria, JQA in Japan, KFQ in Korea and SAI Global in Australia, Asia and Americas.

Academic resources

  • International Journal of IT Standards and Standardization Research, ISSN 1539-3054 (internet), ISSN 1539-3062 (print), Information Resources Management Association
  1. ISO20000-1:2018, released on 2018-07-15
  2. A Guide to ISO/IEC 20000-1:2018 Service Management ISBN 978-191-265-1344,

See also


  • ISO/IEC 20000-1:2018 Service management system requirements. Updated at 2018-07-15 (replacing ISO/IEC 20000-1:2011)
  • ISO/IEC 20000-2:2012 Guidance on the application of service management systems.
  • ISO/IEC 20000-3:2012 Guidance on scope definition and applicability of ISO/IEC 20000-1.
  • ISO/IEC TR 20000-5:2013 Exemplar implementation plan for ISO/IEC 20000-1
  • ISO/IEC 20000-6:2017 Requirements for bodies providing audit and certification of service management systems
  • ISO/IEC 20000-7 Guidance on the Integration and Correlation of ISO/IEC 20000-1:2018 to ISO 9001:2015 and ISO/IEC 27001:2013. Currently being developed.
  • ISO/IEC 20000-10:2018 Concepts and vocabulary
  • ISO/IEC 20000-11:2015 Guidance on the relationship between ISO/IEC 20000-1 and service management frameworks: ITIL®
  • ISO/IEC TR 20000-12:2016 Guidance on the relationship between ISO/IEC 20000-1 and service management frameworks: CMMI-SVC
  • ISO/IEC TR 20000-13 Guidance on the relationship between ISO/IEC 20000-1 and service management frameworks: COBIT


  1. ^ ISO/IEC 20000-1:2018 Service Management System (SMS) Standard
  2. ^ BSI Group Fast Facts
  3. ^ Dugmore, Jenny (2006). Achieving ISO/IEC 20000 - The Differences Between BS 15000 and ISO/IEC 20000. BSI Group [1]. p. 124. ISBN 0-580-47348-1. External link in |publisher= (help)
  4. ^ Dugmore, Jenny (2006). "BS 15000 to ISO/IEC 20000 What difference does it make?". ITNOW. 48 (3): 30. doi:10.1093/combul/bwl017.

External links

Annex SL

The Annex SL is a section of the ISO/IEC Directives part 1 that prescribes how ISO Management System Standard (MSS) standards should be written. The aim of Annex SL is to enhance the consistency and alignment of MSS by providing a unifying and agreed upon high level structure, identical core text and common terms and core definitions. The aim being that all ISO Type A MSS (and B where appropriate) are aligned and the compatibility of these standards is enhanced.

Before 2012, various standards for management systems were written in different ways. Several attempts have been made since the late 90s to harmonize the way to write these but the first group that succeeded to reach an agreement was the Joint Technical Coordination Group (JTCG) set up by ISO/Technical Management Board.

Various of Technical Committees within ISO are currently working on revising all MSS published before Annex SL was adopted. Many standards are already following Annex SL such as ISO 9001, and ISO 14001).

Ascend Group

Ascend Group is a privately owned e-commerce company headquartered in Bangkok, Thailand as a spin-off of True Corporation. It marked its $150-million expansion by launching their affiliates in the Philippines and Indonesia, Vietnam, and also hard to reach economies like Myanmar and Cambodia.

Axios Systems

Axios Systems is a provider of Service Desk, IT Service Management and IT Asset Management software. The assyst enterprise application suite was the first to support IT Infrastructure Library (ITIL) best practices.The company has a customer base from the Fortune 50, Fortune 500 and Fortune 1000 lists. Worldwide, Axios Systems has more than 1,000 customers and typically targets organisations with at least 1,000 IT users.

BSI Group

BSI Group, also known as the British Standards Institution (BSI), is the national standards body of the United Kingdom. BSI produces technical standards on a wide range of products and services, and also supplies certification and standards-related services to businesses.


Fabasoft AG is a software manufacturer headquartered in Linz, Upper Austria. The company was established in 1988 by Helmut Fallmann and Leopold Bauernfeind.

The name Fabasoft is an acronym of Fallmann Bauernfeind Software.


FitSM is the name for a family of standards for lightweight IT service management (ITSM).

ISO/IEC 15504

ISO/IEC 15504 Information technology – Process assessment, also termed Software Process Improvement and Capability Determination (SPICE), is a set of technical standards documents for the computer software development process and related business management functions. It is one of the joint International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) standards, which was developed by the ISO and IEC joint subcommittee, ISO/IEC JTC 1/SC 7.ISO/IEC 15504 was initially derived from process lifecycle standard ISO/IEC 12207 and from maturity models like Bootstrap, Trillium and the Capability Maturity Model (CMM).

ISO/IEC 15504 has been revised by: ISO/IEC 33001:2015 Information technology – Process assessment – Concepts and terminology as of March, 2015 and is no longer available at ISO.


ISO/IEC JTC 1/SC 40 IT Service Management and IT Governance is a standardization subcommittee of the Joint Technical Committee ISO/IEC JTC 1 of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). ISO/IEC JTC 1/SC 40 develops and facilitates the development of international standards, technical reports, and technical specifications within the fields of IT service management and IT governance, with a focus in IT activity such as audit, digital forensics, governance, risk management, outsourcing, service operations and service maintenance. The international secretariat of ISO/IEC JTC 1/SC 40 is Standards Australia (SA), located in Australia.


ISO/IEC JTC 1/SC 7 Software and systems engineering is a standardization subcommittee of the Joint Technical Committee ISO/IEC JTC 1 of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), that develops and facilitates standards within the field of engineering of software products and systems. The international secretariat of ISO/IEC JTC 1/SC 7 is the Bureau of Indian Standards (BIS) located in India.


ITIL, formerly an acronym for Information Technology Infrastructure Library, is a set of detailed practices for IT service management (ITSM) that focuses on aligning IT services with the needs of business.

ITIL describes processes, procedures, tasks, and checklists which are not organization-specific nor technology-specific, but can be applied by an organization for establishing integration with the organization's strategy, delivering value, and maintaining a minimum level of competency. It allows the organization to establish a baseline from which it can plan, implement, and measure. It is used to demonstrate compliance and to measure improvement. There is no formal independent third party compliance assessment available for ITIL compliance in an organisation. Certification in ITIL is only available to individuals.

Since July 2013, ITIL has been owned by AXELOS, a joint venture between Capita and the UK Cabinet Office. AXELOS licenses organisations to use the ITIL intellectual property, accredits licensed examination institutes, and manages updates to the framework. Organizations that wish to implement ITIL internally do not require this license.

The ITIL 4 Foundation Book was released February 18th 2019. In its former version (known as ITIL 2011), ITIL is published as a series of five core volumes, each of which covers a different ITSM lifecycle stage. Although ITIL underpins ISO/IEC 20000 (previously BS 15000), the International Service Management Standard for IT service management, there are some differences between the ISO 20000 standard, ICT Standard by IFGICT and the ITIL framework.

IT Service Management Forum

The IT Service Management Forum (itSMF) is an independent, international, not-for-profit organization of IT Service Management (ITSM) professionals worldwide. Around the operation of IT services the itSMF collects, develops and publishes “best practice”, supports education and training, discusses the development of ITSM tools, initiates advisory ideas about ITSM and held conventions. The itSMF is concerned with promoting ITIL (IT Infrastructure Library), Best Practice in IT Service Management and has a strong interest in the international ISO/IEC 20000 standard. The itSMF publishes books covering various aspects of Service Management through a process of endorsing them as part of the itSMF Library.

IT service management

IT service management (ITSM) refers to the entirety of activities – directed by policies, organized and structured in processes and supporting procedures – that are performed by an organization to design, plan, deliver, operate and control information technology (IT) services offered to customers.Differing from more technology-oriented IT management approaches like network management and IT systems management, IT service management is characterized by adopting a process approach towards management, focusing on customer needs and IT services for customers rather than IT systems, and stressing continual improvement. The CIO WaterCoolers' annual ITSM report states that business use ITSM "mostly in support of customer experience (35%) and service quality (48%)."


Japan Institute for Promotion of Digital Economy and Community (JIPDEC or 日本情報処理開発協会 in Japanese) is a nonprofit foundation for development of key IT technologies and policies, as related to the Ministry of Internal Affairs and Communications and Ministry of Economy, Trade and Industry (METI). The promotion of information processing by computers is JIPDEC's objective.

List of web service specifications

There are a variety of specifications associated with web services. These specifications are in varying degrees of maturity and are maintained or supported by various standards bodies and entities. These specifications are the basic web services framework established by first-generation standards represented by WSDL, SOAP, and UDDI. Specifications may complement, overlap, and compete with each other. Web service specifications are occasionally referred to collectively as "WS-*", though there is not a single managed set of specifications that this consistently refers to, nor a recognized owning body across them all.

"WS-*" is a prefix used to indicate specifications associated with web services and there exist many WS-* standards including WS-Addressing, WS-Discovery, WS-Federation, WS-Policy, WS-Security, and WS-Trust. This page includes many of the specifications that might be considered a part of "WS-*".

Management system

A management system is a set of policies, processes and procedures used by an organization to ensure that it can fulfill the tasks required to achieve its objectives. These objectives cover many aspects of the organization's operations (including financial success, safe operation, product quality, client relationships, legislative and regulatory conformance and worker management). For instance, an environmental management system enables organizations to improve their environmental performance and an occupational health and safety management system (OHSMS) enables an organization to control its occupational health and safety risks, etc.

Many parts of the management system are common to a range of objectives, but others may be more specific.

A simplification of the main aspects of a management system is the 4-element "Plan, Do, Check, Act" approach. A complete management system covers every aspect of management and focuses on supporting the performance management to achieve the objectives. The management system should be subject to continuous improvement as the organization learns.

Elements may include:

Leadership Involvement & Responsibility

Identification & Compliance with Legislation & Industry Standards

Employee Selection, Placement & Competency Assurance

Workforce Involvement

Communication with Stakeholders (others peripherally impacted by operations)

Identification & Assessment of potential failures & other hazards

Documentation, Records & Knowledge Management

Documented Procedures

Project Monitoring, Status and Handover

Management of Interfaces

Standards & Practices

Management of Change & Project Management

Operational Readiness & Start-up

Emergency Preparedness

Inspection & Maintenance of facilities

Management of Critical systems

Work Control, Permit to Work & Task Risk Management

Contractor/Vendor Selection & Management

Incident Reporting & Investigation

Audit, Assurance and Management System review & Intervention

Maxdata Software

Maxdata Software is a Portuguese-based company that develops healthcare software (Clinidata® software) for more than 30 years. Clinidata software is used in the biggest Portuguese hospitals (e.g., Hospital de Santa Maria, Hospitais da Universidade de Coimbra, Hospital de São João, Hospital de São José, Hospital de Dona Estefânia, Instituto Português de Oncologia Francisco Gentil) in different areas and laboratories, namely, electronic prescription, clinical pathology, anatomic pathology, immunohematology (blood banking), epidemiologic surveillance (Healthcare Associated Infections) and responsibility terms management. Clinidata® software is also present in a significant number of laboratories across 3 continents (Europe, Africa and South America).

The need to meet the quality requirements of international markets, which will soon apply to the Portuguese market, led Maxdata Software to become the first Portuguese company operating in the healthcare area certified according to the ISO/IEC 20000 international standard.

QA Ltd

QA Ltd is one of the UK’s leading digital education and skills providers with a growing presence in technical, management and other associated professional skills. The company is currently involved in providing education and training within consulting, apprenticeships, higher education and learning. It is an accredited training provider for ITIL and an approved trainer for the ISO/IEC 20000 Standard (the first international standard for IT service management). It provides certified qualifications for the Association for Project Management and the Project Management Institute as well as Prince2 qualifications.

Service Portfolio (ITIL)

The Service Portfolio is described in the ITIL books Service Strategy and Service Design. The Service Portfolio is the core repository for all information for all services in an organization. Each service is listed along with its current status and history. The main descriptor in the Service Portfolio is the Service Design Package (SDP).

The Service Portfolio consists of three parts:

Service PipelineThis contains references to services that are not yet live. They may be proposed, or under development

Service CatalogueThis contains links to active services through their Service Design Package

Retired ServicesServices in the process of being discontinued, before they are finally decommissioned

Of these three, only the Service Catalogue is visible to the customers and support team. Customers are excluded from the pipeline provisioning process for services under development.

Tudor IT Process Assessment

Tudor IT Process Assessment (TIPA®) is a methodological framework for process assessment. Its first version was published in 2003 by the Public Research Centre Henri Tudor based in Luxembourg. TIPA is now a registered trademark of the Luxembourg Institute of Science and Technology (LIST). TIPA offers a structured approach to determine process capability compared to recognized best practices. TIPA also supports process improvement by providing a gap analysis and proposing improvement recommendations.

TIPA uses the generic approach for process assessment published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in ISO/IEC 15504 – Process Assessment (now ISO/IEC 33000). The ISO/IEC 15504-2 requirements on performing assessments are structured and documented in the TIPA Assessment Process. Additional guidance, contextual advice and return of experience complete the TIPA Process Assessment Method and support the usability of the TIPA framework. The TIPA Process Assessment Method can be used to assess processes from any field of activity.

The TIPA framework is supported by an exhaustive toolbox that provides templates and tools for every single step of the assessment process. It can be customized to any application domain .

ISO standards by standard number
IEC standards
ISO/IEC standards

This page is based on a Wikipedia article written by authors (here).
Text is available under the CC BY-SA 3.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.