ISO 20000-1:2018
Information technology Service Management

The document specifies requirements for an organization to establish, implement, maintain and continually improve a service management system (SMS).

The requirements specified in this document include the planning, design, transition, delivery and improvement of services to meet the service requirements and deliver value. This document can be used by:

- a customer seeking services and requiring assurance regarding the quality of those services

- a customer requiring a consistent approach to the service lifecycle by all its service providers, including those in a supply chain

- an organization to demonstrate its capability for the planning, design, transition, delivery and improvement of services

- an organization of monitor, measure and review its SMS and the services

- an organization to improve the planning, design, transition, delivery and improvement of services through effective implementation and operation of an SMS

- an organization or other party performing conformity assessments against the requirements specified in this document

- a provider of training or advice in service management.

The term “service” as used in this document refers to the service or services in the scope of the SMS. The term “organization” as used in this document refers to the organization in the scope of the SMS that manages and delivers services to customers. The organization in the scope of the SMS can be part of a larger organization, for example, a department of a large corporation. An organization that manages and delivers a service or services to internal or external customers can also be known as a service provider. Any use of the terms “service” or “organization” with a different intent is distinguished clearly in this document.


All requirements specified in this document are generic and are intended to be applicable to all organizations, regardless of the organization’s type or size, or the nature of the services delivered. Exclusion of any of the requirements in clause 4 to 10 is not acceptable when the organization claims conformity to this document, irrespective of the nature of the organization.

Conformity to the requirements specified in this document can be demonstrated by the organization itself showing evidence of meeting those requirements.

The organization itself demonstrates conformity to clause 4 to 5. However, the organization can be supported by other parties. For example, another party can conduct internal audits on behalf of the organization or support the preparation of the SMS.

Alternatively, the organization can show evidence of retaining accountability for the requirements specified in this document and demonstrating control when other parties are involved in meeting the requirements in clause 6 to 10 (see 8.2.3). For example, the organization can demonstrate evidence of controls for another party who is providing infrastructure service components or operating the service desk including the incident management process.

The organization cannot demonstrate conformity to the requirements specified in this document if other parties are used to provide or operate all services, service components or processes within the scope of the SMS.

The scope of this document excludes the specification for products or tools. However, this document can be used to help the development or acquisition of products or tools that support the operation of an SMS.

Certification, inspection and audit solutions focused on business optimization.






WHO WE ARE           






244 Fifth Avenue, Suite 1203, New York, NY 10001 US
how is ISO 20000 different from ITIL?

The basic difference between ISO 20000 and ITIL is that ISO 20000 gives you the methodology and framework (providing you with the pieces with which to construct the ITSM jigsaw puzzle), while ITIL gives you the details (the practices) on how to manage each and every IT process in your organization (i.e., how to put the jigsaw puzzle together).

A good way to think of it is that ISO 20000 says what you need to do, while ITIL tells you how to do it.

ISO 20000 does not work in complete isolation. It can be implemented independently from ITIL, but they do go very well together.

As opposed to a standard, ITIL is a practical framework of best practices that focuses on aligning your IT services with the wider needs of your business. As a company, you can’t become ITIL certified; you can only comply with the best practice guidelines.

ISO 20000 is based on the fundamental principles of ITIL, and is a standard that your company can certify against.

Individuals seeking excellence in ITSM and internationally recognized certification can become certified against ITIL and ISO 20000 (e.g., the foundation course discussed further below).

ISO 20000 certification for organizations is essentially the evidence that best practices have been implemented. ITIL is not required to gain certification in ISO 20000, but it is easier to achieve if you’re following an ITIL approach to IT Service Management.