ISO 20000

 

GENERAL INFORMATION AND HISTORY

The British Standards Institute (BSI) in 2005 developed and issued the ISO/IEC 20000: 2005 standard, which defines the requirements for the quality of IT services. It replaced the earlier version of this standard BS 15000, summarized the best world practices for managing IT services and can be applied to organizations of all sizes - from small offices to large technological (and not only) companies.

The idea to generalize the best practices of IT services in a single document belonged to the British government, which in 1989 initiated the development of the Information Technology Infrastructure Library (ITIL). The first stage of the project was realized by British Central Computer & Telecommunications agency, on the basis of which a community of IT-providers representatives, corporations and consultants was created. As a result of their work, a seven-volume set of recommendations was issued, in which comprehensive methods of managing the IT infrastructure were developed.

The basis for ISO 20000 was the latest version of the British standard BS 15000, developed by BSI and containing a description of universal criteria for evaluating the management system of organization IT services. ISO 20000 was originally prepared for application in the technical field, therefore it was formed taking into account the requests and IT companies work specifics - it contains links to the IT risk assessment methodology and is applicable to the assessment of information security systems.

The requirements for the service management system are laid down by the international standard ISO 20000-1:2011, according to which the ISMS should be based on the following key components:

  • services provision management;
  •  budgeting and accounting services;
  • information security management;
  • incident management;
  • capacity management;
  • relationships processes;
  • management of incidents and problems;
  • release and change management;
  • configuration management;
  • process trekking;
  • audits.

In the ISO/IEC 20000-1:2011 standard, 13 critical processes have been identified, grouped into four key groups:

  • Service delivery processes include service level management, continuity and availability management, capacity management;
  • Relationship processes-include the management of the interaction between the service provider, consumers, and suppliers;
  • Problem solving processes - focus on incidents that could be prevented or successfully resolved;
  • Control Processes - includes change management processes, assets and configurations.

The ISO/IEC 20000-1 standard requires that all processes be implemented without exception.

The standard defines the service management processes that help the organization:

  • establish that there is a relationship between processes and that this relationship depends on the application of processes within the organization;
  • ensure that the control objectives and methods allow the organization to provide the required services;
  • • mprove efficiency and provide opportunities for improvement;
  • • ensure that IT services meet the needs and requirements of the business;
  • • increase the reliability and availability of the system;
  • • provide a basis for a service level agreement;
  • • ensure the ability to measure the IT services quality.

INTEGRATION WITH OTHER STANDARDS

The information services management system can be integrated with another management system, for example, with a quality management system in accordance with ISO 9001, an environmental management system in accordance with ISO 14001, an information security management system in accordance with ISO 27001 and others.

ISO 20000 series standards include:

1. ISO/IEC 20000-1:2011 Part 1. Requirements for the service management system. The ISO/IEC 20000-1:2011 standard defines the requirements for the service provider in planning, establishing, applying, managing, monitoring, analyzing, maintaining and improving the service management system. Requirements include the design, transfer, provision and improvement of services to meet the requirements of the services.
2. ISO/IEC 20000-2:2005 - Code of Practice. The ISO/IEC 20000-2:2005 standard provides a concise set of practical recommendations to auditors and assistance to service providers in planning improvements in the service management system or in passing certification for compliance with the requirements of ISO/IEC 20000-1. The ISO/IEC 20000-2:2005 standard is based on the British standard BS 15000-2.

3. ISO/IEC TR 20000-3:2009 - Part 3. Guidance for determining the scope and applicability of ISO/IEC 20000-1 (Technical Report). ISO/IEC TR 20000-3:2009 complements the ISO/IEC 20000-2 standard and provides guidance on determining the scope, applicability and demonstration of conformity for service providers seeking to meet the requirements of ISO/IEC 20000-1, or for service providers that plan improvement of services and use ISO/IEC 20000 standards as a management tool. It can also help service providers who implement a service management system using ISO/IEC 20000-1 and who need advice on how ISO/IEC 20000-1 requirements apply to their organization and how to define the purpose of their service management system.

4. ISO/IEC TR 20000-4:2010 - Part 4. Basic Process Model (Technical Report). The purpose is to facilitate the development of a process assessment model in accordance with the principles of the ISO/IEC 15504 process assessment. The ISO/IEC 15504-1 standard describes the concepts and terms used in process assessment, ISO/IEC 15504-2 - assessment requirements and measuring system for assessment process capabilities. The basic process model described in ISO/IEC TR 20000-4:2010 is a logical representation of the processes elements in the service management system that can be implemented at a basic level. The use of the model in practice may require additional elements appropriate to the environment and circumstances.The basic process model is not an ISO/IEC 20000-1 requirement.
5. ISO/IEC TR 20000-5:2010 Part 5. Implementation plan model for the first part of the standard (Technical Report). ISO/IEC TR 20000-5:2010 includes practical advice to service providers on how to plan and implement improvements. It is supposed that for the service management system introduction, there is a typical three-step approach, which is a structured basis for setting priorities and managing activities to implement the system. ISO / IEC TR20000-5: 2010 is a guide.

 

IMPLEMENTATION (CERTIFICATION) BENEFITS 

• improving the efficiency and reliability of the  IT services provision ;
• reduction of risks, level of consequences and damage from incidents;
• reduction of the costs of support and systematic development of information technologies in general;
• expansion of opportunities for the company to participate in large state contracts;
• company functioning stability increasing;
• obtaining international recognition and strengthening the company's image in the domestic and foreign markets.

 


WHY BELPROJECTCONSULTING?

Contacting us for developing an information security management system for ISO 20000, you can get:

  • Confirmation of the IT-SERVICE management system compliance by the leading certification body in the CIS with the ANAB international accreditation (American National Accreditation Council);
  • Certificate of compliance with ISO ISO/IEC 20000-1: 2011 requirements from the International network of IQNet certification bodies;
  • Possibility to pass integrated management system certification for compliance with the requirements of 2 or more standards;
  • Possibility to use the transfer procedure.
Задать свой вопрос