Page 60 ISO/IEC 20000 Guide If a Registered Certification Body (RCB, commonly known as an external auditor) conducts the external review and you meet the certification criteria, your organization can become certificated as part of the scheme.
You can then display the ISO/IEC 20000 certification logo.
This demonstrates that you have been independently assessed as having adequate controls and procedures in place and that you are able to consistently deliver a quality of service.
There is a list of accredited RCBs on at www.bs15000certification.com.
What is BS15000? BS15000 is the British Standard for IT Service Management.
As of midDecember 2005, this was replaced by the international standard, ISO/IEC 20000.
I have BS15000 consultant/auditor qualification.
What happens to that? BS15000 and ISO/IEC 20000 only have minor differences so your current qualification will be equally useful in supporting organizations with certification for ISO/IEC 20000.
You now need to understand the differences between the two standards.
BSI has published a booklet to accompany ISO/IEC 20000 that details the exact changes between the two standards.
Full details are posted on www.bs15000 certification.com.
I have been working to achieve BS15000.
Is this a wasted effort? Because ISO/IEC 20000 is so similar to BS15000, any preparation activities previously made for BS15000 will be equally valid for ISO/IEC 20000.
There are 16 changes to requirements in ISO/IEC 20000, all of which are minor. Page 61 ISO/IEC 20000 Guide How does the transition between BS15000 to ISO/IEC 20000 certification work? The certification body, itSMF, has issued guidance on the transition which can be found on www.bs15000certification.com.
I already have ISO 9000 certification.
Why do I need ISO/IEC 20000? ISO 9000 is applied and used by all organisations in different sectors and industries and whilst it has certain attributes and benefits that are valuable to your existing commercial relationship, you should consider whether you wish to have a specific certification for the IT Service Management (ITSM) component of your business.
ISO 9000 addresses all working practices in a business, without concentrating specifically on IT Service Management processes (although they may be included at a detailed level).
ISO/IEC 20000 is a focused specification for IT service management, its terminology is that of IT service management and all types of assessment will need to be carried out by competent auditors in order to provide you with an assessment report and a certificate if successful, which will be totally aligned with your IT service management business.
ISO/IEC 20000 addresses only the IT Service Management processes, and the supporting Management System.
Adoption of ISO/IEC 20000 is therefore relevant to those organisations which specifically wish to target their IT Service Management processes, and is not directly related to the adoption or continuance of ISO 9000.
There is however some areas of overlap between the standards.
Should the principal purpose of your business be ITSM, then ISO/IEC 20000 is virtually essential.
Is an existing ISO 9001 certification of benefit? Yes.
An existing ISO 9001 Certification indicates that the knowledge and processes of a structured QMS are already accepted and in use.
It should quicken the process, and provides the opportunity for both certifications to be assessed together. Page 62 ISO/IEC 20000 Guide Which other frameworks can be used with ISO 20000? Whilst ITIL is the most common and most closely aligned, it is by no means mandatory to use it.
Other potential frameworks/methods include MOF, COBIT and Six Sigma.
As a business seeking ISO/IEC 20000 certification, what external help is available? There are a number of organizations that have qualified consultants who can advise on the appropriate course of action required.
In addition, many RCBs will offer pre-audit evaluations to help the organisation understand its current status.
In addition, BSI has produced a series of books to assist with understanding different aspects of a full service management solution.
Contact us for further information.
As an ITIL Service Management Consultant with an interest in ISO/IEC 20000, how can I help my clients? Your consultants should become qualified in ISO/IEC 20000.
See the Qualification Scheme on the following page. Page 63 ISO/IEC 20000 Guide I believe there are many quality standards available.
How do they compare and overlap? There are many Quality Standards, frameworks and methods available and being unsure which one to examine or implement is understandable.
You may have heard of MOF, CoBIT, CMM, TickIT, ISO 9000, ISO27001, EFQM, Six Sigma, Balanced Scorecard and Sarbannes-Oxley.
Most are not Standards in the strict sense, but simply tools to help organisations operate more efficiently and effectively.
It is important to understand the scope and purpose of each one, and then to match this to what you are trying to achieve in your organization.
ISO/IEC 20000 is unique in that it mirrors ITIL Service Management principles.
ISO/IEC 20000 will be readily understood by anyone with ITIL qualifications.
MOF, for instance, a branded product, openly states that it utilises ITIL principles, but also concentrates on the use of Microsoft® products in its implementation. Page 64 ISO/IEC 20000 Guide TickIT works in conjunction with ISO 9000 and focuses on application development and project management.
CoBIT focuses on corporate governance and can be used with ITIL.
Six Sigma is a process improvement tool but is not specific to ITSM and can be used with ITIL.
CMM is a maturity measure for primarily application development and project management processes.
Most quality systems, by their very nature, will overlap with each other.
The most common overlap will be in the areas of quality management, training, documentation audit and conformance.
A significant point in the adoption of or conversion to another standard is to avoid discarding any process, procedure or documentation without serious examination.
In what ways will ISO/IEC 20000 help me? As well as the potential external marketing and commercial benefits, it provides a recognised and tried and tested management system which allows an IT service organisation to plan, manage, deliver, monitor, report, review and improve its services.
It not only looks at operational aspects but also focuses on the business controls covering associated risks, finances, resources and capabilities, providing a proper infrastructure to enable a traditional Plan, Do, Check, Act (PDCA) cycle to be implemented and managed.
Our IT is distributed around the UK (and even overseas).
Can sites be certified separately? The scoping statement will be agreed with the Registered Certification Body carrying out the assessment and may restrict the scope of the audit and certification to certain services, geographies, locations etc.
It is not mandatory for all of an organisation to be certified.
This makes it essential for customers seeking an organisation which is ISO/IEC Page 65 ISO/IEC 20000 Guide 20000 certified to ask to see the scoping statement to ensure the services they require are actually covered.
We do not have all the processes in place.
Can we become part-certified? The simple answer is NO.
All of the ISO/IEC 20000 requirements have to be in place at an appropriate level.
It is not permitted to exclude parts of the standard by, for example, declining to carry out one or more of the processes.
Some processes may be outsourced, but they must be performed and the organisation being audited must demonstrate effective management control of those processes, including the interfaces with other, internal service management processes.
What Are the Benefits of ISO/IEC 20000 Certification? Primarily, the organisation will become more competitive, reducing the risk, cost and time to market new products and services, whilst improving value for money and service quality.
They will be able to manage suppliers more effectively.
Service providers will become more responsive, with services which are business-led rather than technology-driven.
Your IT service is more likely be chosen, or renewed over that of a competitor that does not demonstrate ISO/IEC 20000 certification, providing both a competitive edge and demonstrating a visible commitment to managing the provision of IT services.
It will provide enablers to visibly support the business strategy, with opportunities to improve the efficiency of services in all areas, impacting on costs and service.
An operational benefit is to clearly demonstrate service reliability and consistency, which in any environment is critical to business survival and potential growth.
Certification audits are continual and should be treated as a mechanism for educating and raising awareness of employees. Page 66 ISO/IEC 20000 Guide Certification can also reduce the amount of supplier audits thereby reducing costs.
Finally, the use of qualified and independent auditors can be used as a benchmark.
What are the origins of ISO/IEC 20000? ISO/IEC 20000 was adopted as an International standard from the original British Standard (BS 15000).
There were minor changes during the internationalisation, mainly to do with formatting and clarity.
There were few substantive changes to requirements.
The edition of BS15000 (BS 15000-1:2002 & BS 15000-2:2003) that was submitted to ISO was actually the second edition and replaced an earlier version released in 2000 called BS15000:2000.
The second edition came about as a result of experience and feedback from early adopters of the 2000 edition.
The original standard was based on a Code of Practice for IT Service Management – DISC PD 0005:1998.
The technical panel which produced BS15000 included representation from the British Computer Society (BCS), the Office of Government Commerce (OGC) and the IT Service Management Forum (itSMF) as well as from IT organisations and technical experts.
BS 15000 was aligned with ITIL, best practice guidance and advice first published by the UK government in the 1980s.
Today, ITIL is the globally accepted ‘de facto’ standard for best practice processes in ITSM.
ITIL was a major contributor to the development of ISO/IEC 20000, in that its major processes have been adopted entirely, and augmented by a few key management processes.
What is ITIL? ITIL provides ‘proven’ best practices in IT Service Management (ITSM), derived from public and private sector experts world-wide. Page 67 ISO/IEC 20000 Guide Currently, the core publications in ITIL are Service Support; Service Delivery; ICT Infrastructure Management; Application Management; Security Management; Planning to Implement Service Management; and The Business Perspective (of ITSM).
The processes defined in these publications also formed the core processes in BS 15000 (and hence ISO/IEC 20000) Isn’t ITIL Best Practice? Yes it is.
ISO/IEC 20000 incorporates all the ITIL Service Support and Service Delivery processes but goes further by separating out Service Reporting and introducing three new processes covering Business Relationship Management, Supplier Management and Information Security Management.
Additionally there are three management system processes.
ITIL is best practice guidance but it is not possible to be accredited as a company against ITIL.
The standard is a specification which provides the company level accreditation to demonstrate the consistent use of best practice.
ISO/IEC 20000 does not mandate the use of ITIL.
However, demonstrating best practice in IT Service Management is of course far easier if it is underpinned by the use of ITIL.
Will ISO/IEC 20000 be readily understood by anyone with ITIL qualifications? ISO/IEC 20000 and ITIL share common terminology so the short answer is yes.
Remember that conformance is also based on demonstrating appropriate training and skills to deliver the services being accredited so ITIL training should form a significant part of your Best Practice program.
What is the benefit of the logo? Whilst it is possible to seek an opinion from anyone as to whether you meet the standard, only Certificates of Compliance which bear the ISO/IEC 20000 logo confirm that the Certification Body which Page 68 ISO/IEC 20000 Guide issued the Certificate is one which has been registered as complying with the stringent requirements of the itSMF ISO/IEC 20000 Certification Scheme.
Organisations which have a current Certificate of Compliance bearing the itSMF logo are also permitted to display the logo on their stationery, etc.
Subject to certain terms and conditions.
In this way the organisation can demonstrate their compliance with the standard to a wide audience.
Why should I seek certification through the itSMF managed scheme? itSMF are the owners and managers of the ISO/IEC 20000 certification scheme.
ItSMF is generally accepted as the leading body of expertise for Service Management.
Becoming certified against ISO/IEC 20000 implies that you have been formally recognised in achieving a rigorous standard in IT Service Management by the organisation which is at the forefront of IT Service Management quality initiatives.
Our IT is distributed internationally.
Can sites be certified separately? Yes.
Eligibility is based on demonstrating management control of all processes within the ISO/IEC 20000 standard relative to the scope of certification.
A certification may be scoped by specific sites, departments, or by IT services irrespective of location.
Are customers already asking for ISO/IEC 20000 and BS15000 in tender documents? Yes.
There are a number of customers asking for statements of supplier conformance, accreditation plans and quality management policies: some are quoting ISO/IEC 20000 or BS15000 specifically as the service requirement.
It is likely that this movement will grow and, quite simply, if a prospective supplier cannot demonstrate such conformance, they may not be considered during a tendering exercise. Page 69 ISO/IEC 20000 Guide Even if a customer doesn’t ask for certification, your service is more likely to be chosen over that of a competitor who does not demonstrate ISO/IEC 2000 or BS15000 certification, providing competitive advantage. Page 70 ISO/IEC 20000 Guide Page 71
Read more about ITIL: