ISO 20000 specifies the requirements for an IT service management (ITSM) system. It was developed to showcase the best practices in the IT infrastructure library (ITIL) framework. The standard allows organizations to demonstrate vividness and prove excellent practices in IT management services.
Comprises of two parts –
- a) IT service management (ISO 20000 -1) &
- b) Code of practice for service management (ISO 20000 – 2)
Organizations primarily adopt ISO 20000 to identify whether their services are working and what are the chances for continual improvement. ISO Certification also demonstrates to current and potential clients that the organization is committed to a high quality of service; reduces the costs of conformance to many laws. Many public sector entities such as government authorities require IT, service providers, to reveal conformity with the Standard.
Steps to get ISO/IEC 20000
Step 1: Creating awareness
Have interaction with all the members and the process owners explaining the goals & benefits of ISO 20000 certifications and the necessary approach for its compliance. It should cover all the members in an organization to understand the basic knowledge with respect to the best practices of service management.
Step 2: Determine the Scope for ISO 20000 certification.
Determining the scope of the organization is one of the most important things to be decided. It is not related only to the implementation of the standard but later on the benefits will be reaped from the continual improvement in the organization.
Factors determining the scope:-
- Location of the unit delivering the services
- The location of the customers to whom the services are being delivered.
- The technology (ies) used to impart the services to the customers.
- To specify the services being offered to the customers.
- Other parties (internal or external) who are in the chain for the delivery of the services
Importance of defining the Scope Statement:-
- It gives a clear understanding of the auditors from certification bodies what to look for …what the processes needed to be audited.
- It helps to differentiate what’s included and what is excluded in the SMS. This helps all the individuals for having a fixed goal and target and clears the path of uncertainty.
Step 3: Conduct an initial ISO 20000 assessment
Gap analysis is the first step to determine the gaps between the present-day situations with the requirements as needed by the standard. Hiring a consultant would be ideal as he looks into the situation with a professional outlook without any bias. However, if there are competent persons within the organization, it can be handled by self-assessment.
Here the YaSM model comes into help which can be used as a point of reference for the assessment.
A list of conformities and non-conformities are to be identified and noted down and presented before the management to discuss the findings of the issues and how they can be addressed.
Step 4: Set up the ISO 20000 project
After approval for a go-ahead from the management, a project board needs to be created within the organization. A Project head or Marketing co-coordinator needs to be appointed, steer heading the project.
The resources need to be identified, prepare a project plan, and assign a respective task to the process owners.
Assistance from an experienced consultant may be required at this stage for implementing the project. An auditor must be fixed.
Step 5: Prepare for the ISO 20000 certification audit
Closing the gaps which were recognized during the initial 20000 assessment may be the time-consuming part. A significant number of service management processes will either need to be modified or introduce depending upon the compliance level found during the initial assessment.
The YaSM model, however, will help to define the processes. The comprehensive templates provided will also provide additional benefit to kick start the project work.
A Checklist should be followed to keep track of the exact requirements as per the standard and the evidence to support it.
Step 6: Conduct the ISO 20000 certification audit
The final audit should be carried out by an external auditor from a registered certification body from where the organization wants to go in for the accreditation.
Retain ISO 20000 certification
Once the certification is being awarded, it is valid for three years. Surveillance audit has to be done at the end of each year so that the organization stick to the standard and follows all the requisite details. There should be a strong emphasis on continual improvement in the services and processes.