ISO/IEC 20000

What is ISO 20000 (ex. BS 15000)?
ISO/IEC 20000 is the first international standard for the IT Service Management System. It was developed in 2005 by ISO/IEC/TC1/SC7 based on (and with the objective to supersede) BS 15000. The standard was last revised in 2011 and took it’s today current issue.
In particular, ISO/IEC 20000 was developed taking into consideration the principles of ISO 9001 as well as of ITIL. It is a ‘family’ of standards that today consists of 8 standards.
The three main standards of the family are under the general title ‘Information Technology – Service Management’
  • Part 1- Requirements (ISO/IEC 20000-1:2011, Information technology -- Service management -- Part 1: Service management system requirements): Provides the requirements the service provider to plan, establish, implement, operate, monitor, review, maintain and improve an IT  Service Management System MS. The requirements include the design, transition, delivery and improvement of services to fulfill agreed service requirements.
  • Part 2 – Guidance on the Application (ISO/IEC 20000-2:2012, Information technology -- Service management -- Part 2: Guidance on the application of service management systems): Provides guidance on the implementation of a IT Service Management System based on the requirements of ISO/IEC 20000-1:2011. Additionally it enables better interpretation and understanding of ISO/IEC 20000-1:2011 and in turn more effective implementation.
  • Part 3 –  Guidance on Scope (ISO/IEC 20000-3:2012 Information technology -- Service management -- Part 3: Guidance on scope definition and applicability of ISO/IEC 20000-1): is useful tool for service providers, consultants and assessors on matters that concern scope definition, applicability and demonstration of conformity to the requirements in ISO/IEC 20000-1:2011.
The other 5 standards of ISO/IEC 20000 are the following:
  • 20000-4: Process assessment model
  • 20000-5: Exemplar implementation plan for ISO/IEC 20000-1
  • 20000-9: Guidance on the application of ISO/IEC 20000-1 to cloud service
  • 20000-10: Concepts and terminology
  • 20000-11: Guidance on the relationship between ISO/IEC 20000-1:2011 and service management frameworks: ITIL®
Certification of an IT Service Management System is provided only to the standard with the requirements i.e. to ISO/IEC 20000-1:2011

The standard with the requirements ISO/IEC 20000-1:2011 contains:
  • Scope
  • Normative references
  • Terms and definitions
  • Service management system general requirements
  • Design and transition of new or changed services
  • Service delivery processes
  • Relationship processes
  • Resolution processes
  • Control processes 
Why is IT Service Management Needed?

There is no doubt Information Technology is taking an increasing part in business and private life. Consequently the IT services and IT service providers are constantly increasing. Along with these, the value and significance of the quality in the provision of relevant services is inevitably increasing
ISO/IEC 20000 provides that framework that may safeguard the quality, continuity and improvement of the IT service provision. It is for this reason that it’s application becomes increasingly vital.
Being Audited to ISO 20000-1

Once all the documentation of the IT Service Management System (ITSMS) in accordance with the requirements of ISO 20000-1 have been met, and when the implementation has started,  then the conditions for an external audit are fulfilled. The external audit should be carried out by a third party, accredited certification body.
The chosen (by the service provider) certification body will firstly review relevant documentation (Stage 1). This should include the declared policy, the scope and boundaries, the objectives of the ITSMS, documented information that concern the Service Catalogue, configuration items, data , applications etc. as well as the documented procedures for the provision of services. The auditors will also be checking the design of the services, the establishment and implementation of management system controls and technical controls, as well as the suitability for the size and nature of the services provided. This process is normally carried out at the client premises, as this approach is deemed more effective to both parties.
This is followed at a later date by a full on-site audit of the management system (Stage 2) to ensure that working practices observe these procedures and stated objectives, and that appropriate records are kept. After a successful audit, a certificate of registration to ISO 20000-1 will be issued. There will then be surveillance visits (usually once or twice a year) to ensure that the system continues to work. 
What are the benefits of certification to ISO 20000-1?

A company / IT service provider that is certified from a independent third party certification body proves their responsibility as well as that it applies, operates and controls the quality of the IT Services that it provides. The advantages however don’t stop there.
  • Certification offers the following advantages :
  • Adds significant value on the Management System through the independent audit process.
  • Strengthens the trust of customers, employees, trading partners and stakeholders on the quality, continuity and improvement of the IT Services.
  • Demonstrates credibility and trust
  • Can lead to cost savings.
  • Ensures that a commitment to Quality of IT Services exists at all levels throughout and organization.  


Why Choose Alcumus ISOQAR for your Certification Body?
Alcumus - ISOQAR is an approved Certification body and therefore the ISO 20000-1:2011 certification carry the accreditation of APMG International 
Customer satisfaction is a matter of critical importance for Alcumus – ISOQAR. For this reason all our efforts aim and contribute in this direction. We are proud that we have  an enviable record on customer satisfaction for our certification services.
A friendly, practical and straightforward approach has led to continual steady growth through referrals from contented clients and management consultants.
Alcumus - ISOQAR only employs auditors that have empathy with this approach. They are also carefully allocated by their experience in the industry they are auditing.
This results in a practical, meaningful audit, carried out in an air of mutual understanding. Alcumus - ISOQAR firmly believes that its audits should “add value” and benefit the organization being audited. 
What is the cost of ISO 20000-1 Certification?
The policy of Alumus ISOQAR is to provide approachable (in financial terms also) certification.
The certification cost however would depend on the size, kind and range of services, number of liaison / branch offices etc of the service provider for the provision of IT services. It is therefore not possible to provide a cost offer without evaluating the above parameters. As an indication we may disclose that for a company with one location, simple process and up to 15 employees, the cost for the initial audit would be around 1500 Euro (including the cost for the certificate subject to successful completion of the process). The cost for the annual surveillance visit together with the annual registration fees would be around 750 Euro.
Consequently, in order for us to provide a quotation, we would need to receive and evaluate the aforementioned information. We therefore ask companies seeking registration to complete and submit to us a short questionnaire about its activities.
For receiving a copy of this Questionnaire, please contact us by telephone at +357-26222172 , +30-2106218021,  or by e-mail at
All quotation are provided without any obligation from the client’s part.
Where to obtain further information or help?
The actual standard can be purchased from ISO.
For more information on ISO 200001, using the Internet for research is by far the best approach. There is a wealth of information at webpages such as :


None of these web sites are recommended, vetted, approved by, or connected with Alcumus - ISOQAR. They are merely listed to help you find out more about ISO 20000-1.
The is a wide range of training courses that are offered on the design, implementation and/or auditing of IT Service Management Systems.  Please contact us for more details.