Text Box: IT Experience.  Practical Solutions.

Text Box: DITY™ Newsletter






Vol.  2.3, JAN. 18, 2006

Hank Marquis, 2006, CTO




By Hank Marquis


The ITIL is not a standard and has no auditing criteria.  Some chose CobiT for audits, but CobiT isn’t a standard either.  The British Standards Institute (BSI) created British Standard BS 15000 as an audit standard, but it wasn’t an international standard.  However, BS 15000 delivered specifications for managing IT, implementing the ITIL, established audit criteria and corporate-level certification. 


Used in the UK, BS 15000 had slow adoption elsewhere in the world.  Then BSI submitted BS 15000 to the International Standards Organization (ISO) and ISO released it as ISO 20000 in December of 2005.  For the first time, IT now had an international standard for auditing and certifying IT. 


ISO 20000 is an industry standard like ISO 9000/9001, and like ISO 9000/9001, ISO 20000 offers organizational certification — this means that some very major changes are coming to an IT shop near you, and soon!  Following is an explanation of ISO 20000, and how it relies upon the ITIL. 


As a standard, ISO 20000 shows IT how to manage and improve IT while establishing audit criteria.  It also provides auditors with a documented standard to use for measuring IT compliance. 


The ITIL offers certifications for individuals; ISO 20000 is an organizational certification with international recognition.  This removes one of the toughest problems we face in IT today -- management commitment.  Every senior manager in an ISO 9000 certified company knows the benefits that came from gaining that status.  With ISO 20000, it will now be far easier to gain mind share among senior management -- a key benefit for those implementing or planning to adopt the ITIL.


ISO 20000 is really two specifications, ISO/IEC 20000-1:2005 and ISO/IEC 20000-2:2005, I will refer to them as ISO 20000-1 and 20000-2. 

  • ISO 20000-1 is the specification for Service Management.  It defines the processes and provides assessment criteria and recommendations for those responsible for IT Service Management.  Organizational certification uses this section.

  • ISO 20000-2 documents a “code of practice” that explains how manage IT with regard to ISO 20000-1 audits.  


Both ISO 20000-1 and ISO 20000-2 derive directly from the ITIL best practice.  ISO 20000 groups the ITIL processes we all know into five core bundles:

  1. Service Delivery Processes -- Service Level Management, Availability Management, Capacity Management, Continuity Management, and Budgeting and Accounting for IT Services (Financial Management) along with Information Security Management and Service reporting

  2.  Relationship Processes -- Business Relationship Management and Supplier Management

  3. Resolution Processes -- Incident Management and Problem Management

  4. Control Processes -- Configuration Management and Change Management

  5. Release Process -- Release Management

So, what does it all mean?  It means that a boom in ITIL adoption is on the horizon!  Already, several governments have stated that ISO 20000 is a requirement for outsourced IT services.  As the industry recognizes the value of ISO 20000, more and more companies will require their partners and vendors to reach ISO 20000 certification -- just as they did for ISO 9000/9001.  If your organization is already ISO 9000/9001 certified, you will have a much easier time gaining and maintaining management commitment for your ITIL implementation!  In addition, if you are already implementing or adopting ITIL, there is now an organizational certification.


ISO 20000 certification is already becoming a requirement, so you should start getting familiar with it today!  Its based on the ITIL, so you already understand a lot of this standard.  But ISO 20000 also includes more than Service Delivery and Service Support.  It includes sections on managing suppliers and the business; as well as Security Management.  Grouping Security Management (previously its own ITIL book) with Service Delivery is an interesting spin, and may foretell the changes planned for ITIL 3, due late in 2006 or early 2007. [See ‘The New ITIL and What it Means to You’ DITY Vol. 2 #12 for more on the ITIL refresh to ITIL v3.] 


As the industry progresses, the new ISO 20000 terminology is already becoming apparent -- the most recent ITIL Certification, the itSMF approved Practitioner cluster certification is called "ITIL Practitioner in Release and Control", and covers Change Management, Release Management and Configuration Management -- and now you know why!


  • Subscribe to our newsletter and get new skills delivered right to your Inbox, click here.
  • To browse back-issues of the DITY Newsletter, click here.

Entire Contents © 2006 itSM Solutions LLC.  All Rights Reserved.