The British Standards Institute (BSI) in 2005 developed and issued the ISO/IEC 20000: 2005 standard, which defines the requirements for the quality of IT services. It replaced the earlier version of this standard BS 15000, summarized the best world practices for managing IT services and can be applied to organizations of all sizes - from small offices to large technological (and not only) companies.
The idea to generalize the best practices of IT services in a single document belonged to the British government, which in 1989 initiated the development of the Information Technology Infrastructure Library (ITIL). The first stage of the project was realized by British Central Computer & Telecommunications agency, on the basis of which a community of IT-providers representatives, corporations and consultants was created. As a result of their work, a seven-volume set of recommendations was issued, in which comprehensive methods of managing the IT infrastructure were developed.
The basis for ISO 20000 was the latest version of the British standard BS 15000, developed by BSI and containing a description of universal criteria for evaluating the management system of organization IT services. ISO 20000 was originally prepared for application in the technical field, therefore it was formed taking into account the requests and IT companies work specifics - it contains links to the IT risk assessment methodology and is applicable to the assessment of information security systems.
The requirements for the service management system are laid down by the international standard ISO 20000-1:2011, according to which the ISMS should be based on the following key components:
In the ISO/IEC 20000-1:2011 standard, 13 critical processes have been identified, grouped into four key groups:
The ISO/IEC 20000-1 standard requires that all processes be implemented without exception.
The standard defines the service management processes that help the organization:
The information services management system can be integrated with another management system, for example, with a quality management system in accordance with ISO 9001, an environmental management system in accordance with ISO 14001, an information security management system in accordance with ISO 27001 and others.
ISO 20000 series standards include:
1. ISO/IEC 20000-1:2011 Part 1. Requirements for the service management system. The ISO/IEC 20000-1:2011 standard defines the requirements for the service provider in planning, establishing, applying, managing, monitoring, analyzing, maintaining and improving the service management system. Requirements include the design, transfer, provision and improvement of services to meet the requirements of the services.
2. ISO/IEC 20000-2:2005 - Code of Practice. The ISO/IEC 20000-2:2005 standard provides a concise set of practical recommendations to auditors and assistance to service providers in planning improvements in the service management system or in passing certification for compliance with the requirements of ISO/IEC 20000-1. The ISO/IEC 20000-2:2005 standard is based on the British standard BS 15000-2.
3. ISO/IEC TR 20000-3:2009 - Part 3. Guidance for determining the scope and applicability of ISO/IEC 20000-1 (Technical Report). ISO/IEC TR 20000-3:2009 complements the ISO/IEC 20000-2 standard and provides guidance on determining the scope, applicability and demonstration of conformity for service providers seeking to meet the requirements of ISO/IEC 20000-1, or for service providers that plan improvement of services and use ISO/IEC 20000 standards as a management tool. It can also help service providers who implement a service management system using ISO/IEC 20000-1 and who need advice on how ISO/IEC 20000-1 requirements apply to their organization and how to define the purpose of their service management system.
4. ISO/IEC TR 20000-4:2010 - Part 4. Basic Process Model (Technical Report). The purpose is to facilitate the development of a process assessment model in accordance with the principles of the ISO/IEC 15504 process assessment. The ISO/IEC 15504-1 standard describes the concepts and terms used in process assessment, ISO/IEC 15504-2 - assessment requirements and measuring system for assessment process capabilities. The basic process model described in ISO/IEC TR 20000-4:2010 is a logical representation of the processes elements in the service management system that can be implemented at a basic level. The use of the model in practice may require additional elements appropriate to the environment and circumstances.The basic process model is not an ISO/IEC 20000-1 requirement.
5. ISO/IEC TR 20000-5:2010 Part 5. Implementation plan model for the first part of the standard (Technical Report). ISO/IEC TR 20000-5:2010 includes practical advice to service providers on how to plan and implement improvements. It is supposed that for the service management system introduction, there is a typical three-step approach, which is a structured basis for setting priorities and managing activities to implement the system. ISO / IEC TR20000-5: 2010 is a guide.
• improving the efficiency and reliability of the IT services provision ;
• reduction of risks, level of consequences and damage from incidents;
• reduction of the costs of support and systematic development of information technologies in general;
• expansion of opportunities for the company to participate in large state contracts;
• company functioning stability increasing;
• obtaining international recognition and strengthening the company's image in the domestic and foreign markets.
Contacting us for developing an information security management system for ISO 20000, you can get:
Whether it’s a failure to protect workers against toxic chemicals, or a sleep-deprived employee getting into a fatal car accident, millions of people are hurt or killed at work each year. Now, with the arrival of the world’s first International Standard on occupational health and safety, many such incidents can be prevented. Uncover why ISO 45001 has the potential to be a real game changer for millions of workers (and workplace health hazards) around the world.
The world’s much anticipated International Standard for occupational health and safety (OH&S) has just been published, and is set to transform workplace practices globally.
Consumers have high concerns about what they buy and environmental labels and declarations can help them identify those products or services proven “environmentally preferable”. But the world’s environmental context has changed dramatically since 1999 when ISO 14024 laid down the first international requirements for ecolabelling – a change that is mirrored by heightened consumer demands. A new updated version of the standard will help meet these expectations.
2018 may only have just begun, but it looks like a big year for information security. With questions being raised about the security of micro-processors, and major cyber security initiatives such as the EU’s General Data Protection Regulation brought into effect this year, a new edition of ISO/IEC 27000 has come at just the right time.
Damage to reputation or brand, cyber crime, political risk and terrorism are some of the risks that private and public organizations of all types and sizes around the world must face with increasing frequency. The latest version of ISO 31000 has just been unveiled to help manage the uncertainty.
Cruising never ceases to grow in popularity. Yet, what few like to consider is the small but real number of holidaymakers who fall overboard. New international guidelines from ISO aim to provide a boost to the technology that detects such incidents and helps them get back on board.
