Free Downloads

ISO 20000: 2011
ITIL 2011 MMap

Request for Change (RFC) Template

Major Incident Report Template

ISO 20000/ITIL Timeline poster


Sponsored Links



Feb 22, 2008

ISO/IEC 20000 Essentials

In a previous post I announced a few more words on ISO/IEC 20000. So here they are.

ISO/IEC 20000 is an international functionally based standard for IT Service Management. This functionally based means that it is not a broad general standard like ISO 90000. It was published by ISO (International Standards Organization) in mid December 2005., evolved from BS15000 with only a few minor changes.


During the ‘80s British Standard Institute’s Service Management Group worked on a code of service management practices, which covered 13 basic processes, aligned with the first version of ITIL. Final version of this code was promoted to a standard and published in 2000 as BS15000. It was the first world’s standard for Service Management. After initial testing on early adopters, additional polishing and changes for realignment with ITIL V2, it was republished in 2002. It was adopted by many service companies in UK, but also companies worldwide accepted it.

In 2005, BS-15000 was placed on the “fast track” by the ISO. By the end of the year it was published as ISO-20000 standard.

ISO/IEC 20000 and BS15000 are practically the same, only a few less significant changes were made in the process.

ISO/IEC 20000 consists of two specifications: ISO/IEC 20000-1:2005 and ISO/IEC 20000-2:2005.

  • ISO/IEC 20000-1:2005 is Specification and it defines Requirements for ITSM. Part 1 is very formal, it defines processes and provides assessment/ audit criteria.
  • ISO/IEC 20000-2:2005 is a Code of Practice that gives HOW-TOs and describes best practices for implementation of Part 1.
The standard introduces elements of Quality Management (Plan-Do-Check-Act) in Service Management. Some parts of ISO17999 (ISO standard for internet security) are added. Also it is very much aligned with ITIL and speaks the same language. Basic ITIL processes are described and grouped in a following way:

1. Service Delivery:

  • Service Level Management
  • Availability Management
  • Capacity Management
  • Continuity Management
  • Budgeting and Accounting for IT Services (Financial Management)
  • Information Security Management
  • Service Reporting
2. Relationship:
  • Business Relationship Management
  • Supplier Management
3. Resolution:
  • Incident Management
  • Problem Management
4. Control:
  • Configuration Management
  • Change Management
5. Release:
  • Release Management

ISO/IEC 20000 Process Groups Model
ISO/IEC 20000 Process Groups Model


All service oriented companies, and in particular for business organizations that provide IT services.

The way I see it, if you provide IT services, you need a fine balance of ITIL and ISO20000. ITIL gives you competence, and ISO20000 tells you how competent you are, protects company’s investment and knowledge, and gives you competitive advantage on the market.


Certification Scheme for ISO/IEC 20000 is created and managed by itSMF. To formally confirm compliance with the norm, independent assessment can be performed by an itSMF Registered Certification Body.

ISO/IEC 20000 and ITIL

ISO20000 and ITIL are complementary, in a sense that:

  • ITIL is a best practices framework which enables business organizations to establish a common language and understand + establish essential ITSM processes. ITIL says how things SHOULD BE.

  • ISO20000 is a standard that enables business to implement and measure best practices. The main point is that the norm helps to objectively test if those practices have really been adopted. It says how things HAVE TO BE. And who is responsible if they aren’t.

Did ITIL V3 Ruin Everything?
In May 2007 ITIL V3 was published. Did this create a lack of balance between the two?
ISO20000 was aligned with ITIL V2. To be a true quality standard it had to adopt some ISO90000 and develop/evolve some processes. Primarily, it implemented Deming’s P-D-C-A lifecycle for continual improvement.

Deming Circle and ISO/IEC 20000 Process Model

ITIL V3 caught up with ISO 20000, it is also lifecycle oriented, it adopted some of ISO20000 methods (PDCA) and processes (Security, Supplier Management and Service Reporting). In some aspects, we can say that ITIL and ISO20000 are more aligned now then before.

On the other hand, ITIL V3 significantly evolved in some higher level aspects. ISO will have to revise 20000 in the following years to anticipate this. But that doesn’t mean much to companies that are making first steps in standard adoption, since the early implementation path is focused on the basics, anyway.

ITIL gained a lot of popularity with IT professionals due to its earlier appearance, individual approach and market value for consulting/training companies. Last year's ITIL V3 hype also contributed to it.
Adoption of ISO20000 on the other hand, is a bit slower since it's primary value is to the company, and mixed individual interests of the stakeholders probably slow it down. Also it is more formal and strict, so that can scare away some businesses. With time, it will probably change, at least in companies that are really interested in return of their investment.

Related posts:
ITILV3: What's New?; ITIL V3 Qualification Scheme; Implementing ITIL and Staying Alive

And remember, last week I have put a few mindmaps for you to download:

    Feb 18, 2008

    Implementing ITIL and Staying Alive

    At first sight, ITIL implementation path depends on who you are and what you do. And of course, with what do you do it. So: People, Processes, Technology.

    At the beginning, let's move one starting dilemma out of the way: full frontal or phased approach? Phased, period. Strategically, you will have in mind full set of processes. But when you start, you want to dig deep and narrow, not broad and shallow. Hit the major pain points, ensure quick wins, and fly on the wings of starting success. This will enable you to move forward easier.

    Critical factor number one? Management support. A lot of it.

    From What Angle?

    • You can try to imagine a well-organized company whose major pain is to know what it has, where it is and how it works. They have a stabile infrastructure with a low incident rate, and their Service Desk copes with it fine. But they implement a lot of changes and they want to gain more control over the Change and Configuration management. Of course, this is a fairy tale company, since a lot of hanges automatically means a lot of incidents, but just for the sake of the argument, this imaginary company would start it's ITIL journey in Change and Configuration Management.
    • Or, maybe you are in a bank. Security is probably one of your biggest concerns. Maybe you want to start with Information Security and Access management. Depending on your country regulations, maybe you will even start ISO27000 certification. In some parts of the world it is a very likely case.
    • Some service organizations with a high-end infrastructure (ASPs?) will be focused on geting their services definition right: Catalog, Portfolio, Demand, Suppliers, SLM...
    • But, in nine out of every 9.1 cases, you are firefighting. In incidents up to your ears. Your left doesn't remember what your right has just done. Your customers are pissed. And because of the chaos you're in, you turned to ITIL. So you start from Incident Management. What a cliché.

    So you decided to implement ITIL. How?

    Simple: first you get a few ITIL Foundations certificates. Then you realize that you need a magic wand. What? Something to do the job for you. So, you realize that it is the tool that will take you on a journey. Of course, the TOOL.

    You read some Gartner reports, evaluate some tools, and choose the best salesmen of evaluated tools. His implementing team is ITIL certified, his Tool is all Pink and shiny. Sadly, but this is usually the most critical point on your way.

    You probably chose a good application, since most of the tools on the market are adequate for first steps in ITIL. At the end of the day, and at the beginning of your project, it all depends how good is your vendor. Because at most cases, he will be your ITIL consultant, too. So look closely. References, team certification, staff fluctuations.

    To add some odds to your side, at least at the first phase of your project, hire an independent consultant. If you can afford one. This will probably save you a lot of effort, and eventually your job.

    P.S.: If your company has ISO9000 certificate, it will be relatively painless for you to start preparing for ISO/IEC20000. You can implement the tool and ITIL processes, you can certify your people, but ISO 20000 offers you the mechanism for process definitions and audits. More on ISO/IEC20000 later, for now I've put a few mindmaps for you to download:

      Feb 7, 2008

      What ITIL books to read?

      The man who doesn't read good books has no advantage over the man who can't read them. - Mark Twain

      What ITIL books to read? Depends on where do you want to go. Let's examine the main possible reasons for reading ITIL books:

      • Say you just want to get acquainted with the matter and decide what to do next. Plenty of texts on the internet, executive summaries, and stuff bordering with copyright laws. That's all you need. If you have the money, you can hire an ITIL consultant and he will supply you with enough materials and knowledge in short time. This could save you a lot of effort searching and filtering, i.e. the before mentioned money. Also, read a free copy of An Introductory Overview of ITIL V3.

      • Maybe you just want to certify in ITIL Foundation, without further ambitions, let's say that your company wants you to. Go to the training, they will supply all the necessary material. Find the question examples on the internet, practice a little, and you have some 70% chance of passing the exam. Read ITIL3 Foundations Exam Questions and ITIL3 Foundations Exam Questions2. Also, if you have the access to Introduction to the ITIL Service Lifecycle (ITIL Version 3), take it home and read it overnight. Not the night before the exam, you want to get a good night sleep before it.
        This is a VERY good book. All the important graphics and tables are in there, all stages described on a moderate detail level. If it was just a bit more specific on process details, it would be ideal one-in-all book for Foundation exam preparation.

      • Finally, maybe you want to become an expert in ITIL. Download and browse all you want, but in the end, you will want to read these books:
        Itil Lifecycle Publication Suite, Version 3: Continual Service Improvement, Service Operation, Service Strategy, Service Transition, Service Design
        Borrow, steal, or buy them. Or better, make your company obtain them. Just READ them. Remember, this is a recommendation, not a self-purpose advertisement. I am not some copyright freak or light-minded advertiser, I deeply believe that knowledge should be more available to people, but if one is serious about things he/she wants to accomplish, then some investments have to be made. And this is a good one. These are well written books and reading them in this starting ITIL v3 era will give you a serious competitive advantage.
      As for the version choice, you can read the ITSkeptic article about it. Interesting, I had this article half written and then his one appeared in my RSS feed. And I had to rewrite most of this. Damn.

      Ok, so books are available in three versions: PDF, online and hardcopy. My company bought hardcopies of five books set and then we purchased a PDF version of Introduction.
      My advice: stick to the hardcopy version. Here is a copy/paste of my comment on ITSkeptic site: PDF is such a drag, we still didn't manage to move it to another PC (and we have 40 hardcore IT system consultants), printer copy is nowhere near usability of a real book and printing more then once is next to impossible.
      So go for the real book version. Those who prefer piracy will soon have a plenty of cracked copies on their P2P networks, and good citizens like us will enjoy our books, appreciating the price of our knowledge.

      Related articles: