As we all probably know, in February this year a new edition of ISO/IEC 20000-2 (Guidance on the application of service management systems) was published, following the last year's (April 15.) new edition of ISO/IEC 20000-1. Now that we have Requirements and Code of practice, we can talk more on what's new and how it fits in what we already have.
I would like to shortly outline main new moments that happened to ISO20k during last year.
First, as expected, standard is more mature and seasoned. After 5-6 years in production, bottlenecks and most of logic-defying points are corrected.
There are more requests (256 "SHALLs" vs. previous 170) but they are more reasonable, understandable and even somewhat less demanding then before.
Language is "internationalized", in a way that you don't have to be born in UK to understand most of it.
Also, terminology and content is made more compatible with ISO 9001 and ISO/IEC 27001 since these standards are likely to coexist in Service Support organizations.
|ISO/IEC 20000 Process Schema|
Some changes reflect a shy alignment to ITIL 3, although the overall concept indicates major divorce from ITIL altogether. Prior to pre-release info, this was a subject of guesswork: is the new edition going to be aligned to ITIL V3? So we got our answer-a firm NO. It would be difficult to align to ITIL's new 'I want to be all and encompass everything' philosophy. So ITIL is now more aligned to ISO20k then vice versa.
Additionally, ITIL is now lifecycle-oriented framework of best practices (or wannabe best :) and ISO20k is a process-oriented standard, so the intentions behind each one are basically different.
Clause 3 Terms and definitions now has 37 terms instead of 15 from previous edition. Two items are removed: service desk, and change record. Service Desk since it refers to a function, and ISO20K is process oriented with no other organizational references. Change record probably to remove potential ambiguity with ISO9000 records.
- Some additions to clause 3 are for additional compliance with ISO 9001: continual improvement, corrective and preventive action, customer, nonconformity etc.
- Some other additions refer to ISO/IEC 27000 family: information security and information security.
- Also a few are here to refer flirting with ITIL 3: service, service request, transition...
|ISO/IEC 20000 with number of SHALLs for every clause|
Former Incident management now became Incident and service request management, one of small concessions to ITIL 3.
A significant tribute to ITIL 3 is clause 5 Design and Transition of new or changed services. Which represents a serious chunk of 20k, but that's about it, if we are looking for an expansion of ITIL ISO20K love story.
There is no release module any more, and Release management is now in 9 Control processes, logically together with it's sisters Change and Configuration management, now called Release and Deployment management, just to be sure everyone understands what is it all about.
Catalogue of services is not just a recommendation in part 2, it is required in clauses 4, 5 and 6.
Clause 4.2 Governance of processes operated by other parties is added in order to make SP demonstrate management of his external suppliers and internal business organizations which participate in service delivery.
These are the basic changes I've noticed. My opinion: ISO/IEC20000 goes in the right direction. Requirements are more mature and aligned with the real world. ISO20k is a very useful formal framework for service improvement, aligned with industry best practices. Especially when used in synergy with ISO 9000 and ISO/IEC 27000. If you are a serious service provider (as my company is), then 20000 is the way to go. It is good for you and your company too.