NEXT GENERATION SERVICE MANAGEMENT SYSTEM
The international standard for service management ISO/IEC 20000 has been updated for the second time since it was published originally in 2005. It has been released on September 15, 2018.
When looking at the new version or edition three, as the ISO/IEC JTC 1 committee for Information technology, SC 40, IT Service Management and IT Governance calls it, the current trends and challenges regarding service management have been taken into account. The focus of the 2018 version is even more on management and quality assurance and much less on the design and implementation of processes and procedures. A service provisioning ecosystem composed of a multi-service-provider environment emphasizes more on the management of quality services than unifying all processes across all participating organizations.
Here are some of the main differences of the 2018 edition of ISO 20000 compared to version two of the standard which was released in 2011.
- The new structure of the standard is now consistent with all other management system standards, which makes it easier to integrate the respective management systems
- There are several new general requirements that have been introduced regarding the context of the organization and the measures to manage risks and opportunities
- Also new, are the requirements for planning the services, including:
- Knowledge management
- Asset Management
- Demand management, and
- Service delivery
- Processes that were combined are now separated in distinct clauses. This includes:
- Incident management
- Service request management
- Service continuity management
- Service availability management
- Service level management, and
- Service catalog management
- The term “service provider” has been replaced by the term “organization” in order to comply with the common text of annex SL
- The term “internal group” has been replaced by “internal supplier, internal supplier”
- The role of the management representative, is no longer referenced
- The definition of “information security” was adapted to align with the definition according to the ISO/IEC 27000 series of standards
- The term “availability” has been replaced by “service availability”
- The requirements for documented availability and capacity plans have been removed and replaced with requirements to plan for the availability and capacity of services
- The request for a CMDB has been removed and replaced with the request for configuration information
- The release policy requirement has been removed and replaced with the requirement to define release types and frequency
- The requirement of the continual improvement policy has been eliminated and replaced by the requirement to determine evaluation criteria for improvement opportunities
- The references and structure on Plan – Do – Check – Act have been removed, however, the requirements have been re-structured
- The detailed reporting obligations are moved from the service reporting clause to the clauses in which the reports are most likely to be created
- A reduced number of documented procedures are required
Service Management System
The new service management system (SMS) of ISO/IEC 20000-1 shows additional processes and increased emphasis on aspects such as leadership, risks and planning.
More Processes, Fewer Requirements
At first glance, the new standard appears to be more extensive and have become more complex; the 2011 version requires 14 processes and the 2018 version implies the need for 20 processes. However, the requirements for the respective process topics are much less and the documentation requirements have been greatly reduced from 256 to 212. This allows organizations to define their processes much more freely. The standard is now more geared to effective service management than to its detailed descriptions.
As a result, the focus now is much more on topics such as leadership & commitment, risk management, service planning, and performance evaluation and improvement.
Easier To Comply With
Another result of the standard being less prescriptive is that service provider organizations other than IT service providers may find it easier to benefit from the standard’s guidance on implementing a management system that enables for the delivery of effective and quality services.
For companies that are already ISO/IEC 20000 certified, the transition must be well prepared, but the changes will not be really big. However, it is recommended to agree on the transition date with the certification body. In most cases, you will have until September 2020 to recertify against the 2018 version of the standard.
For companies who seek compliance with the ISO/IEC 20000-1 requirements for the first time, this will be easier because the new version of the standard is less prescriptive and is more focused on what organizations need to do, and thereby having more freedom in the implementation of the standard’s best practices.
Also the other parts of the standard, such as the guidance provided in ISO/IEC 20000-2, are already planned and can be expected within the next 2 years.
In short, the 2018 version of ISO/IEC 20000 is easier to interpret, is more coherent and more complete, is less prescriptive, and is a better reflection of today’s services industry with integrated service value chains across multiple organizations.
INTERPROM offers a self-paced ISO/IEC 20000 Transition course for organizations seeking a boost to meet the new requirements. The course is also offered online with a live instructor.
The course will be released in October and offers:
- What are the new requirements?
- Which requirements have been removed?
- Which requirements have been revised?
- How do the existing requirements map to the new requirements?
The course also goes over:
- What are the new terms and definitions?
- How to interpret the new requirements?
- How to migrate to the new standard?
Stay Tuned! We’ll update this blog and include a link to the course.