Free Downloads

ISO 20000: 2011
ITIL 2011 MMap

Request for Change (RFC) Template

Major Incident Report Template

ISO 20000/ITIL Timeline poster


Sponsored Links



Feb 22, 2008

ISO/IEC 20000 Essentials

In a previous post I announced a few more words on ISO/IEC 20000. So here they are.

ISO/IEC 20000 is an international functionally based standard for IT Service Management. This functionally based means that it is not a broad general standard like ISO 90000. It was published by ISO (International Standards Organization) in mid December 2005., evolved from BS15000 with only a few minor changes.


During the ‘80s British Standard Institute’s Service Management Group worked on a code of service management practices, which covered 13 basic processes, aligned with the first version of ITIL. Final version of this code was promoted to a standard and published in 2000 as BS15000. It was the first world’s standard for Service Management. After initial testing on early adopters, additional polishing and changes for realignment with ITIL V2, it was republished in 2002. It was adopted by many service companies in UK, but also companies worldwide accepted it.

In 2005, BS-15000 was placed on the “fast track” by the ISO. By the end of the year it was published as ISO-20000 standard.

ISO/IEC 20000 and BS15000 are practically the same, only a few less significant changes were made in the process.

ISO/IEC 20000 consists of two specifications: ISO/IEC 20000-1:2005 and ISO/IEC 20000-2:2005.

  • ISO/IEC 20000-1:2005 is Specification and it defines Requirements for ITSM. Part 1 is very formal, it defines processes and provides assessment/ audit criteria.
  • ISO/IEC 20000-2:2005 is a Code of Practice that gives HOW-TOs and describes best practices for implementation of Part 1.
The standard introduces elements of Quality Management (Plan-Do-Check-Act) in Service Management. Some parts of ISO17999 (ISO standard for internet security) are added. Also it is very much aligned with ITIL and speaks the same language. Basic ITIL processes are described and grouped in a following way:

1. Service Delivery:

  • Service Level Management
  • Availability Management
  • Capacity Management
  • Continuity Management
  • Budgeting and Accounting for IT Services (Financial Management)
  • Information Security Management
  • Service Reporting
2. Relationship:
  • Business Relationship Management
  • Supplier Management
3. Resolution:
  • Incident Management
  • Problem Management
4. Control:
  • Configuration Management
  • Change Management
5. Release:
  • Release Management

ISO/IEC 20000 Process Groups Model
ISO/IEC 20000 Process Groups Model


All service oriented companies, and in particular for business organizations that provide IT services.

The way I see it, if you provide IT services, you need a fine balance of ITIL and ISO20000. ITIL gives you competence, and ISO20000 tells you how competent you are, protects company’s investment and knowledge, and gives you competitive advantage on the market.


Certification Scheme for ISO/IEC 20000 is created and managed by itSMF. To formally confirm compliance with the norm, independent assessment can be performed by an itSMF Registered Certification Body.

ISO/IEC 20000 and ITIL

ISO20000 and ITIL are complementary, in a sense that:

  • ITIL is a best practices framework which enables business organizations to establish a common language and understand + establish essential ITSM processes. ITIL says how things SHOULD BE.

  • ISO20000 is a standard that enables business to implement and measure best practices. The main point is that the norm helps to objectively test if those practices have really been adopted. It says how things HAVE TO BE. And who is responsible if they aren’t.

Did ITIL V3 Ruin Everything?
In May 2007 ITIL V3 was published. Did this create a lack of balance between the two?
ISO20000 was aligned with ITIL V2. To be a true quality standard it had to adopt some ISO90000 and develop/evolve some processes. Primarily, it implemented Deming’s P-D-C-A lifecycle for continual improvement.

Deming Circle and ISO/IEC 20000 Process Model

ITIL V3 caught up with ISO 20000, it is also lifecycle oriented, it adopted some of ISO20000 methods (PDCA) and processes (Security, Supplier Management and Service Reporting). In some aspects, we can say that ITIL and ISO20000 are more aligned now then before.

On the other hand, ITIL V3 significantly evolved in some higher level aspects. ISO will have to revise 20000 in the following years to anticipate this. But that doesn’t mean much to companies that are making first steps in standard adoption, since the early implementation path is focused on the basics, anyway.

ITIL gained a lot of popularity with IT professionals due to its earlier appearance, individual approach and market value for consulting/training companies. Last year's ITIL V3 hype also contributed to it.
Adoption of ISO20000 on the other hand, is a bit slower since it's primary value is to the company, and mixed individual interests of the stakeholders probably slow it down. Also it is more formal and strict, so that can scare away some businesses. With time, it will probably change, at least in companies that are really interested in return of their investment.

Related posts:
ITILV3: What's New?; ITIL V3 Qualification Scheme; Implementing ITIL and Staying Alive

And remember, last week I have put a few mindmaps for you to download:


    Anonymous said...

    I have been reading your blog and I am impresed by the detailed explanation that you offer. I am interested in ISO/IEC 20000. Can you tell me if there are any free of charge tutorials for it?

    Thx for sppending my time in such a quality manner,

    doctor said...


    Thanks for your kind words. Info published here is probably bordering the good taste of intellectual property laws. ITIL and ISO20K are heavily copyrighted and everything you want to read, hear or certify costs money. Much info is available on illegal sources on the web, but I will not advertise that kind of activity. When you decide ITIL or ISO20k is important for you, you will have to invest something in your knowledge and status in the community. Good luck with that. If you need an advice, i am available on itsmdoc(mnky)

    Best, ITSMdoc