ISO/IEC 20000

present and future -

applicable to all IT
enabled services
Lynda Cooper
BCS SMSG
July 2015

Service 20000 Ltd 2015 8/14/2015 1

 Lynda Cooper
• Project editor ISO/IEC 20000-1
• Chair of BSI committee
• UK representative to ISO committee
• Deputy chief examiner APMG for ISO20000
• Auditor for Exin for ISO20000, ISO27001, ITIL, Agile
• ISO27001 Lead Implementer
• UKAS assessor for ISO20000 and ISO27001 (assess the
certification bodies)
• ITIL Master
• Independent consultant and trainer
• MBCS, CITP

Service 20000 Ltd 2015 8/14/2015 2

What do these have in
common?

Service 200008/14/2015
Ltd 2015 3
 Agenda
• Introduction
• ISO20000 overview
• ISO20000 in a changing service environment
• The revision of ISO20000
• Your suggestions for the future of ISO20000

• Make it interactive – please

Service 20000 Ltd 2015 8/14/2015 4

 ISO20000 pedigree
• 1995 Book - Code of practice for ITSM
• 1998 Revised smaller edition book
o awarded innovation of the year by ITSMF
• 2000 BS15000
• 2005 ISO/IEC 20000-1
• 2011 ISO/IEC 20000-1
• Other parts
o ISO/IEC 20000-2: 2012 : Guidance on the
application of service management systems
o ISO/IEC 20000-3: 2012 : Guidance on scope
definition and applicability of ISO/IEC 20000-1
o ISO/IEC 20000-5: 2013: Exemplar implementation
plan for ISO/IEC 20000-1
o ISO/IEC 20000-9:2015: The application of ISO/IEC
20000-1 to cloud services
o Part 10 concepts and vocabulary
o Part 11 – mapping to ITIL (not yet published)
o ISO/IEC 27013, ISO/IEC 90006 – Integration
guidelines for 27001 and 9001

Service 20000 Ltd 2015 8/14/2015 5

 Scope of ISO20000
• The management of Information, Communication
and Technology Enabled Services
• Examples
o IT services
• Infrastructure management
• Application management
• Desktop support
• etc.
o Telecoms
o Media
o Cloud services
o Business process outsourcing
o …………………………….

Service 20000 Ltd 2015 8/14/2015 6

 Non-IT Enabled Survey
Who has an ISO20000
qualification?

Who works in an organisation

with ISO20000 certification?

Who is sceptical about the

value of ISO20000?

Service 20000 Ltd 2015 8/14/2015 7

 ISO20000 overview

Service 20000 Ltd 2015 8/14/2015 8

 What is ISO/IEC 20000
• What it is:
o A standard that includes the
design, transition, delivery and Customers
improvement of services that
fulfil service requirements and Services
provide value for both the Service Provider
customer and the service Internal or External
provider
o A management system
standard (like ISO9001) that can
be assessed for compliance Lead Supplier(s) or
Supplier(s)
• What it is not:
o A product or tool standard Sub-contracted
o A service standard Supplier(s)
o A maturity model

Service 20000 Ltd 2015 8/14/2015 9

 ISO20000 Myths
• Lots of documentation
that is purely for the
standard
• Only for large
organisations
• Only for IT
infrastructure
• Based on ITIL, must use
ITIL
• Too slow and
bureaucratic

Service 20000 Ltd 2015 8/14/2015 10

 Typical benefits
• Supports the business to operate more effectively
• Improved quality of service
• Increased business/customer confidence
• Controlled costs
• Improved reputation, consistency and interoperability
• Enables better understanding of business, roles and processes
• Staff morale boosted by working in a controlled environment
• Major milestone for a service provider: demonstrates
professionalism and serious intent
• Competitive edge for selection of an external service provider
• Provides method of review that assures continual
improvement
• Ability to develop integrated management system
• Turns the ‘shoulds’ into ‘shalls’ leading to fully integrated
processes

Service 20000 Ltd 2015 8/14/2015 11

 ISO/IEC 20000 processes
The generic
Service management system (SMS) (4)
Management responsibility Governance of processes
management operated by other parties
system Establish the SMS Resource management
processes - Scope
- PDCA Documentation management

Design and transition of new or changed services (5)

Resource management
Service delivery processes (6)
Capacity management Service level management Information security
The SM Service reporting management
Service continuity Budgeting &
processes Control processes (9) accounting
& availability
management Configuration management for services
Change management Relationship
Resolution Release and deployment
processes (8) management processes (7)
Business relationship
Incident and service
management
request management
Supplier management
Problem management

Service 20000 Ltd 2015 8/14/2015 12

 PDCA methodology
applied to SM

Service 20000 Ltd 2015 8/14/2015 13

 Further information
• BSI books
o A managers guide to service management
o Introduction to the ISO/IEC 20000 series

• APMG web site ISO20000 blogs

• http://blog.apmg–international.com/author/lynda–cooper/

• Many LinkedIn forums

• Qualifications
o BCS ISO20000 Foundation
o APMG ISO20000 Foundation, Practitioner, Auditor
o Exin
o PeopleCert

Service 20000 Ltd 2015 8/14/2015 14

 Questions
• Can ISO 20000 help you create, deliver,
support and improve technology that
enables your business?
• If ISO20000 is based largely on ITIL, then
how can ISO20000 be relevant today
when ITIL is largely out of date?
• Do you believe that you can use a
standard to help drive change and
simplify what, how, who, when and why
technology for an organisation?
• How can ISO20000 help SIAM, Agile, ITSM
and business governance?

Service 20000 Ltd 2015 8/14/2015 15

 ISO20000 and changing
service environments
Is ISO20000 applicable for changing services environment
such as Cloud, 'as a service' models, SIAM, Devops,
LeanITSM, Agile and ITIL.

Service 20000 Ltd 2015 8/14/2015 16

 ISO20000 and other
frameworks
• Principle: ISO/IEC 20000-1 should
allow the use of any framework,
commercial or public, in order to
achieve certification.
• ISO standards are not allowed to
favour one framework

Service 20000 Ltd 2015 8/14/2015 17

 ISO20000 and ITIL
• ITIL is the most
common
framework used Incident
with ISO20000
• ITIL and ISO20000
CMDB
have different
purposes so they will Problem
never be the same

Service 20000 Ltd 2015 8/14/2015 18

ISO20000, Cloud and ‘as a
service’ models
• See ISO20000 part 9 – the application of ISO/IEC 20000-1
to cloud services
• A typical cloud services lifecycle is followed with
reference to part 1 requirements
• The scope of part 9 states:
o This part of ISO/IEC 20000 provides guidance on the use of ISO/IEC 20000-
1:2011 for service providers delivering cloud services. It is applicable to
different categories of cloud service, such as those defined in ISO/IEC
17788/ITU-T Y.3500 and ISO/IEC 17789/ITU-T Y.3502, including, but not
limited to, the following:
o a) infrastructure as a service (IaaS);
o b) platform as a service (PaaS);
o c) software as a service (SaaS).
o It is also applicable to public, private, community, and hybrid cloud
deployment models.
o The applicability of ISO/IEC 20000-1 is independent of the type of
technology or service model used to deliver the services. All requirements
in ISO/IEC 20000-1 can be applicable to cloud service providers.

Service 20000 Ltd 2015 8/14/2015 19

 ISO20000 and Devops
• Devops spans entire
delivery lifecycle
• Origins in Agile
• When preparing for
service delivery and
delivering, what in
ISO20000 is not
relevant?

Service 20000 Ltd 2015 8/14/2015 20

 ISO20000 and Lean
• Lean, 6-Sigma
o great ways to support continual improvement, a
key requirement of ISO20000
• The central concern of Lean is the
elimination of waste, where waste is work
that adds no value to a product or service.
• Just make sure that any proposed changes
to the SMS as a result of LEAN initiatives
retain conformity to ISO20000 requirements

Service 20000 Ltd 2015 8/14/2015 21

 ISO20000 and Agile
• Agile – what a great way to
work for changes, and
improvements during service
delivery
• If Agile has been used for
development and results in
some early delivery of
functionality, then a decision
needs to be made if this
becomes subject to ISO20000
o is there any reason not to?
Service 20000 Ltd 2015 8/14/2015 22
 ISO20000 and SIAM
• Principle: The ISO/IEC 20000 series should be applicable to all
sizes (very small enterprises, medium and large) and types
(public, private, not for profit) of internal or external service
providers.
• Probably only very large organisations will use SIAM
• Many suppliers in SIAM models can achieve ISO20000
• The SIAM broker/lead may only operate a few processes e.g.
SLM, BRM, supplier management. They therefore are not
(currently) eligible for ISO20000
• A study group has been set up to look at the service
management and governance of services provided with
multiple suppliers. This will review the requirements for
additional standards.
Service 20000 Ltd 2015 8/14/2015 23
 Not applicable?
• Can you think of any service
models where ISO20000 is not
applicable?

Service 20000 Ltd 2015 8/14/2015 24

 The future of ISO20000

Service 20000 Ltd 2015 8/14/2015 25

 Drivers for revision
• All standards reviewed every 5 years – remove,
keep as is or revise
• All management system standards are moving to a
new common high level structure with some
common requirements – known as Annex SL
• Changes in services market mean that the standard
needs to be updated
• Lessons learned, feedback on current standard
• Other standards that are frequently used with
ISO20000 have been revised and changes need to
be made to retain alignment (9001 and 27001
primarily)

Service 20000 Ltd 2015 8/14/2015 26

 Principles of changes
• Benefit for the service providers using the standard
and the customers of the services.
• Take into account the current market for the
standard and allow that market to grow and not be
likely to decline.
• Revision should not be a fundamental change of
direction for those working towards certification or
currently certified organizations. Transition should be
relatively simple and not deter current users of
ISO20000.

Service 20000 Ltd 2015 8/14/2015 27

 Expected timeline
Part 10
Part 1
2018 (Requirements)
(Concepts and
vocab)

Max. 6 Part 3 (Scope

Part 2
and
months later (Guidance)
applicability)

Part 6
Max. 12 Part 5
(requirements
(Implementation
months later for
planning
certification)

18 – 24
Other parts
months later

Service 20000 Ltd 2015 8/14/2015 28

 New Annex SL structure
related to PDCA
PLAN
DO
4. Context of
organization CHECK
8. Operation
ACT
5. Leadership 9.
Performance 10.
6. Planning
evaluation Improvement
7. Support
 Specific requirements from
ISO/IEC 20000-1:2011
• 4 – SMS general requirements
o requirements of current clause 4 are superceded by or
will be added into standard structure clauses 4 - 10
• 5 – Design and transition Will be
• 6 – Service delivery added
into
• 7 - Relationship standard
structure
• 8 - Resolution clause 8 -
• 9 - Control Operation
 Changes in Annex SL to
current clause 4
• Organisational context
• Risk based approach – more requirements than
currently in ISO20000-1
• Objectives – not only at top level but also at
relevant functions/levels
• More requirements for monitoring, measurement,
analysis and evaluation

Service 20000 Ltd 2015 8/14/2015 31

 Terms and definitions
• New Annex SL terms
• Some existing terms deleted due to Annex SL same
or similar terms
• Many existing terms have suggestions for
improvement
• Some suggested additions e.g. user

Service 20000 Ltd 2015 8/14/2015 32

 Other likely changes
• Principle: What, not how
o E.g. budgeting and accounting to be less prescriptive still
requiring control but within the normal financial processes of the
organisation
o E.g. Remove some prescriptive requirements e.g. list of contents
of contracts, to allow for standard contracts with large service
providers and cloud providers
• Principle: Maximum 20 pages of requirements
o Avoid duplication
o Combine common items together
• Principle: Minimise customisation of Annex SL text

Service 20000 Ltd 2015 8/14/2015 33

 Other likely changes
• Simplify DTNCS/clause 5 and relationship with
change management
• More emphasis on delivering business value to the
customer
• Interfaces with governance

Service 20000 Ltd 2015 8/14/2015 34

Integration with 9001 and
27001
• Common structure and some common
requirements
• Alignment with 27001 for information security
process
• But ensure that 20000-1 is not implying that there
needs to be an ISMS within the SMS. This will simplify
the information security requirements in 20000-1
• Review the revised 9001 edition and review for any
changes needed in 20000-1

Service 20000 Ltd 2015 8/14/2015 35

 Suggested further
structural changes
• Separate joint processes
o Service continuity and availability
o Incident and service request
• Combine
o Change and release
• Add processes (or requirements in other
clauses/processes)
o Portfolio management
o Knowledge management (some requirements now added to 9001)
o Asset management
o Requirements management
• Delete
o Budgeting and accounting

Service 20000 Ltd 2015 8/14/2015 36

 ISO20000 future – what are
your suggestions?
Lynda Cooper
Lynda.cooper@service20000.com

Service 20000 Ltd 2015 8/14/2015 37