+375 17 226 47 97 (tel./fax)
+375 17 208 73 99
+375 29 136 26 06
+375 29 677 78 46
+375 33 388 98 45
The British Standards Institute (BSI) in 2005 developed and issued the ISO/IEC 20000: 2005 standard, which defines the requirements for the quality of IT services. It replaced the earlier version of this standard BS 15000, summarized the best world practices for managing IT services and can be applied to organizations of all sizes - from small offices to large technological (and not only) companies.
The idea to generalize the best practices of IT services in a single document belonged to the British government, which in 1989 initiated the development of the Information Technology Infrastructure Library (ITIL). The first stage of the project was realized by British Central Computer & Telecommunications agency, on the basis of which a community of IT-providers representatives, corporations and consultants was created. As a result of their work, a seven-volume set of recommendations was issued, in which comprehensive methods of managing the IT infrastructure were developed.
The basis for ISO 20000 was the latest version of the British standard BS 15000, developed by BSI and containing a description of universal criteria for evaluating the management system of organization IT services. ISO 20000 was originally prepared for application in the technical field, therefore it was formed taking into account the requests and IT companies work specifics - it contains links to the IT risk assessment methodology and is applicable to the assessment of information security systems.
The requirements for the service management system are laid down by the international standard ISO 20000-1:2011, according to which the ISMS should be based on the following key components:
In the ISO/IEC 20000-1:2011 standard, 13 critical processes have been identified, grouped into four key groups:
The ISO/IEC 20000-1 standard requires that all processes be implemented without exception.
The standard defines the service management processes that help the organization:
The information services management system can be integrated with another management system, for example, with a quality management system in accordance with ISO 9001, an environmental management system in accordance with ISO 14001, an information security management system in accordance with ISO 27001 and others.
ISO 20000 series standards include:
1. ISO/IEC 20000-1:2011 Part 1. Requirements for the service management system. The ISO/IEC 20000-1:2011 standard defines the requirements for the service provider in planning, establishing, applying, managing, monitoring, analyzing, maintaining and improving the service management system. Requirements include the design, transfer, provision and improvement of services to meet the requirements of the services.
2. ISO/IEC 20000-2:2005 - Code of Practice. The ISO/IEC 20000-2:2005 standard provides a concise set of practical recommendations to auditors and assistance to service providers in planning improvements in the service management system or in passing certification for compliance with the requirements of ISO/IEC 20000-1. The ISO/IEC 20000-2:2005 standard is based on the British standard BS 15000-2.
3. ISO/IEC TR 20000-3:2009 - Part 3. Guidance for determining the scope and applicability of ISO/IEC 20000-1 (Technical Report). ISO/IEC TR 20000-3:2009 complements the ISO/IEC 20000-2 standard and provides guidance on determining the scope, applicability and demonstration of conformity for service providers seeking to meet the requirements of ISO/IEC 20000-1, or for service providers that plan improvement of services and use ISO/IEC 20000 standards as a management tool. It can also help service providers who implement a service management system using ISO/IEC 20000-1 and who need advice on how ISO/IEC 20000-1 requirements apply to their organization and how to define the purpose of their service management system.
4. ISO/IEC TR 20000-4:2010 - Part 4. Basic Process Model (Technical Report). The purpose is to facilitate the development of a process assessment model in accordance with the principles of the ISO/IEC 15504 process assessment. The ISO/IEC 15504-1 standard describes the concepts and terms used in process assessment, ISO/IEC 15504-2 - assessment requirements and measuring system for assessment process capabilities. The basic process model described in ISO/IEC TR 20000-4:2010 is a logical representation of the processes elements in the service management system that can be implemented at a basic level. The use of the model in practice may require additional elements appropriate to the environment and circumstances.The basic process model is not an ISO/IEC 20000-1 requirement.
5. ISO/IEC TR 20000-5:2010 Part 5. Implementation plan model for the first part of the standard (Technical Report). ISO/IEC TR 20000-5:2010 includes practical advice to service providers on how to plan and implement improvements. It is supposed that for the service management system introduction, there is a typical three-step approach, which is a structured basis for setting priorities and managing activities to implement the system. ISO / IEC TR20000-5: 2010 is a guide.
• improving the efficiency and reliability of the IT services provision ;
• reduction of risks, level of consequences and damage from incidents;
• reduction of the costs of support and systematic development of information technologies in general;
• expansion of opportunities for the company to participate in large state contracts;
• company functioning stability increasing;
• obtaining international recognition and strengthening the company's image in the domestic and foreign markets.
Contacting us for developing an information security management system for ISO 20000, you can get: