FAQ: ISO 20000 Certification

This page offers answers to a number of common questions related to ISO 20000 certifications and
ISO 20000 audits.

On this Page:
What are the Benefits of an ISO 20000 Certification?
What do we need to change?
What is being verified during the ISO 20000 Certification Audit?
What are the typical Project Steps leading to Certification?
Are there typical Pitfalls in an ISO 20000 Project?
Additional Information & Downloads
What are the Benefits of an ISO 20000 Certification?
An ISO 20000 certificate is proof that your IT organization has demonstrated its ability to
Be aware of customer needs and respond to these needs.
Deliver services which meet defined quality levels.
Make use of resources in an economical way.
As such, the ISO 20000 certificate and the corresponding logo are increasingly a competitive
advantage in the market:
Many clients even demand ISO 20000 compliance as a condition for awarding contracts to IT service
providers.
Of course, working along ISO 20000 (and ITIL) principles also offers internal benefits for the IT
organization, because the standard is all about supporting the business side with adequate IT services,
while providing those services as efficiently as possible.
The decision to go for an ISO 20000 certificate sets a specific target for your IT organization and helps
to concentrate minds. An ISO 20000 certification initiative is, in other words, a good way to kick-start
the adoption of ITIL Best Practice and to make sure motivation stays high.
[top]
What do we need to change?
What exactly do we have to do to become ISO 20000 compliant?
Unfortunately, the standard ISO/IEC 20000:2011 itself only sets out a number of requirements which
must be fulfilled in order to qualify for an ISO 20000 certification. So there is no short answer to the
question "What needs to change?".
As a result, there is often a problem at the start of an ISO 20000 certification initiative:
It is not clear what the future (ISO 20000 compliant) state of your IT organization should be like,
making it hard to determine what you should aim for and how much change is needed.
However, since ITIL and ISO 20000 are closely aligned, it is possible to turn to ITIL for advice.
[top]


Make ITIL Best Practice instantly available for your ISO 20000 Project
ITIL knowledge is available in the form of books, but the ITIL Process Map, together with the ITIL -
ISO 20000 Bridge provides you with a better alternative:
Our ISO 20000 compliant ITIL process model presents the ITIL contents as a complete set of process
flowcharts ("Process Templates") and checklists ("Document Templates").
The ITIL - ISO 20000 Bridge tells you what ITIL processes and documents should be in place to meet
a certain ISO 20000:2011 requirement. For every one of the standards 147 single requirements, you
can jump right into the relevant process diagrams and document templates.
This means you get specific suggestions on how the requirements can be fulfilled - the ideal way to
quickly understand what exactly it means for your IT organization to become ISO 20000 compliant.
We do not mean to say, however, that you must implement all processes to the letter. The reference
processes should be seen as one possible approach to implementing ISO 20000, and it is acceptable
to use the original processes as a starting point and adapt them to your own organization's needs - as
long as you stay in line with the ISO 20000 requirements.
[top]
What is being verified during the ISO 20000 Certification Audit?
The aim of the ISO20000 certification audit is to check if your organization fulfils the ISO 20000
requirements. In particular, the mandatory requirements of 'ISO/IEC 20000:2011, Part 1: Service
Management System Requirements' must be fulfilled.
Broadly speaking, the ISO 20000 audit relates to the following aspects of your organization:


Documentation of the ISO 20000 Processes
Adequately documented processes are a prerequisite for managing and continually improving your
processes. This is why an ISO 20000 audit typically starts with the examination of the process
documentation:
Are all the processes documented?
Are the processes linked by consistent information flows?
Do the processes fulfill the ISO 20000 requirements?
[top]


Familiarity with the ISO 20000 Processes
The ISO 20000 auditor will hold structured interviews with IT staff to check if everyone is familiar the
processes:
Do all members of IT staff know their own processes?
Do they have a general understanding of all ISO 20000 processes?
[top]


Adherence to the ISO 20000 Processes
If the ISO 20000 processes are executed as documented, there are traces in the form of documents
and records (for example, the Incident Management process is producing Incident Records if executed
correctly).
This is why the ISO 20000 audit will include an examination of evidence related to the ISO 20000
processes:
Do the expected documents and records exist?
Are they adequate for their purposes?
[top]


What are the typical Project Steps leading to ISO 20000 Certification?
Create awareness
Communicate the goals and benefits of the ISO 20000 certification and the approach for achieving ISO
20000 compliance. This step should include giving everyone in your IT organization at least a basic
understanding of ITIL.
[top]


Determine the ISO 20000 certification scope
If you want to limit the scope of your ISO 20000 certificate: Decide what parts of the organization,
what services and/ or what locations shall be covered by the ISO 20000 certificate.
[top]


Conduct an initial ISO 20000 assessment
Determine gaps between todays situation and the standard's requirements; this can be done by an
external advisor, but there is also an "IT Service Management Self Assessment Workbook" published
by BSI.
The result of this step is a detailed list of the ISO 20000 requirements where conformant and non-
conformant areas are identified. For non-conformant areas the list includes the findings on what
exactly the shortcomings are and how they can be addressed.
[top]


Set up the ISO 20000 project
Establish a project board. Choose a project manager and project staff. Determine the necessary
resources, prepare a project plan and assign tasks. Choose a certifier and an experienced external
advisor.
[top]


Prepare for the ISO 20000 certification audit
Close the gaps identified during the initial ISO 20000 assessment usually the most time-consuming
part of an ISO 20000 certification initiative, because (depending on the level of compliance found
during the initial assessment) a considerable number of processes may need to be modified or
introduced.
During preparation for the ISO 20000 audit, an inventory of requirements, documents and records
helps to keep track of what requirements are already fulfilled and what related evidence (documents
and records) is in place.
To help you with this task, the ITIL - ISO 20000 Bridge contains a pre-configured inventory which you
can use to monitor your progress towards ISO 20000 compliance.
[top]


Conduct the ISO 20000 certification audit
The actual ISO 20000 audit must be carried out by an external certifier from a Registered Certification
Body (RCB, an organisation which has been granted permission to operate under the itSMF ISO/IEC
20000 Certification Scheme).
[top]


Retain ISO 20000 Certification
After the initial certification, a renewal of the ISO 20000 certificate is due every three years, with
intermittent assessments every 6 to 12 months.
Make sure that you continue to adhere to the standard and put a strong emphasis on continual service
and process improvement.
[top]


Are there typical Pitfalls in an ISO 20000 Project?
No management support
Management must understand and communicate why the service provider is seeking certification, and
visibly endorse the initiative.


Too little involvement of IT staff
The advantages of Best Practice should be explained to everyone in your organization, and all
members of IT staff should be involved as closely as possible during the design of the new ISO 20000
compliant processes.
If IT staff are able to contribute their views and experiences during the ISO 20000 project, this greatly
enhances acceptance of the new processes - and ensures long-term success.


Insufficient resources for the ISO 20000 project
Management commitment must be backed up by the provision of sufficient resources for the
certification program. This includes making sure that staff assigned to the project are freed from some
of their day-to-day tasks.
[top]
Downloads and Additional Information
Video For a first introduction to the ITIL ISO 20000 Bridge,
take a look at our product video (3:11 min).


Introduction
[.PDF]
The PDF Introduction into ISO 20K and the ITIL - ISO
20000 Bridge contains a comparison between ITIL and
ISO 20000, and advice on how to go about ISO 20000
certification.


More on
ISO 20000
More on ISO 20k and ISO 20000 certifications


Get answers to
your questions
Contact us to ask further questions or use
ourRegistration Form to schedule a live web
presentation.


[top]




Home What is ISO 20000 ISO 20000 Templates ISO 20000 Certification
2006-2014 IT Process Maps GbR
Legal Notice | GTC & License Conditions | Privacy | Disclaimer | About Us | Contact

Member of itSMF
ITIL is a Registered Trade Mark of AXELOS Limited. IT Infrastructure Library is a Registered Trade Mark of AXELOS Limited.
The Swirl logo is a Trade Mark of AXELOS Limited.