What is ISO/IEC 20000?
The volume of knowledge around the IT Service Management (ITSM) discipline continues to accumulate, but how positively it is actually affecting the management of IT services is largely unknown. While many authors and presenters state that the IT Infrastructure Library (ITIL) is the de facto standard for ITSM, in fact, it is not. ITIL is more appropriately labeled as the "de facto reference for ITSM" as it provides guidance and recommendations, but not requirements or minimal standards for compliancy. This lack of rigor in ITIL has driven many organizations to invest primarily at the individual level with training and certifications based at improving and validating the knowledge and abilities of its workforce. Thus, the often stated proclamation, "our whole organization is ITIL certified" should be followed by "Great. How is the management of your IT services running as a result?"
We are not disagreeing that validating the knowledge of best practices and related methodologies is beneficial. However, this does not ensure that the individual efforts are integrated and yielding improved results at the organizational level. In the end, knowing the best ways to perform IT Service Management does not imply an organization is actually implementing those same practices at an acceptable level of quality and repeatability.
ISO/IEC 20000 (ISO20k) is the actual standard that an internal or external IT service provider's processes and quality management systems should to be certified as adhering to an acceptable level of best practices. ISO/IEC 20000:2005 was jointly published by ISO (International Organization for Standardization) and IEC (International Electrotechnical Commission) to help organizations benchmark how they deliver managed services, measure service levels and assess their performance. Part 1 (ISO/IEC 20000-1:2005) provides the specification for IT service management, defining the standard to those responsible for initiating, implementing or maintaining IT service management in their organization.
One important aspect of this certification is that its scope applies only to the IT services that meet the acceptable levels of management. Therefore, a managed service provider with multiple IT services may claim certification only for those on which ISO20k has been granted. Another feature of the certification is that while ISO20k can be achieved through proper implementation of the ITIL framework's integrated process recommendations, the certification does not require any specific framework. Instead, it focuses on the outcomes of a provider's existing framework and accredits each service as being of a high quality across all mandatory service management areas. The standard defines these areas as seven primary disciplines with over 200 specific requirements. ISO20k also provides supplemental guidance in its "Code of Practice" as a source for additional recommendations and improvements beyond the minimal requirements for certification.
Why is ISO/IEC 20000 Important to an IT organization?
As businesses continue to become more dependent on IT services, and as the complexity of these IT services increase with the introduction of new technologies, outsourcing arrangements and managed services, there is increasing pressure on the IT organization to deliver more and higher quality services with the same or less resources. ISO20k certification requires the continual improvements that work to drive costs down, increase labor efficiencies and improve services and, ultimately, customer satisfaction. These improvements often result from a technology-orientation to customer-orientationshift, from the framework on which service levels are agreed and measured, and from the focus on service reliability and availability. Adding to these increased customer and cost demands, legislation such as Sarbanes Oxley and HIPPA has us hered in a new era of accountability within the IT organization. As a result of such factors, certifications which demonstrate an organization's ability to achieve this accountability will become a key market differentiator in the selection of supplier and partner organizations.
In the end, ISO20k certification provides a level of assurance to customers and prospects that the service provider is capable of fully delivering and assuring that service. Throughout the world, analysts are projecting significant growthto the many organizations that have already become certified. This is directly attributable to the reliability and quality of the services that business must now depend upon. As the ITSM community continues to mature, this certification is expected to become a mandatory credential for service providers and a specific requirement in contract proposals similar to ISO9000 requirements common in the manufacturing industry. Based on a strong structure and ability to show ROI, ISO 20000 will be the reference standard of choice for IT Service Management.
How Windward Consulting Enables ISO/IEC 20000 Certification?
Windward ISO/IEC 20000 certified consultants assist companies with preparations for eligibility to the standard. Windward's ISO20k consulting discipline takes a hard look at corporate ITSM processes already in place that work to prove that the standard is alive and well. Companies seeking certification in this standard typically have pursued process improvement frameworks, such as ITIL, that have been beneficial in preparing the company for ISO20k certification and annual surveillance audits. However, ISO20k consulting builds upon these complimentary efforts by discovering remaining areas where the company may fall short of the ISO20k standard, then analyzing company processes and specifying the scope of IT services that can be used for certification. Finally, Windward's ISO20k consultants work with the company to close any gaps and put the company in the best position to receive ISO20k auditors and achieve certification.
In summary, an ISO 20000 Compliance Assessment provides the following benefits to an IT organization:
- It provides an objective, comprehensive assessment of an organizations process maturity based on a recognized international standard.
- It identifies and quantifies the specific areas which must be addressed for the organization to attain ISO 20000 certification.
- It provides a measure of an organization's relationship with customers and suppliers in terms of alignment of resources and objectives with the business needs.