In this era where digitalisation is rapidly adapting to our lives, service management has become an operational necessity for organisations. It is also a strategic element in terms of corporate sustainability and customer trust.
ISO 20000 provides an integrated management system for the planning, delivery and continuous improvement of IT services. It ensures the consistency, reliability and efficiency of services by enabling the disciplined execution of fundamental processes such as incident, problem, change and configuration management. Furthermore, it enables performance to be evaluated based on concrete data through systematic monitoring and measurement mechanisms; this helps organisations prioritise their workflow, ensure compliance, meet customer expectations, and sustainably leverage technological innovations.
The Crown Commercial Service (CCS), which manages public procurement in the United Kingdom, recently published guidelines making ISO/IEC 20000-1 certification a mandatory criterion for public institutions purchasing IT services. This decision signifies the beginning of a major transformation in terms of technical service quality, reliability and sustainability.
What is ISO/IEC 20000-1?
ISO/IEC 20000-1 is an international standard that specifies requirements for an organisation to establish, implement and continually improve a Service Management System (SMS).
This standard covers:
- Service planning and design,
- Transition, delivery and support processes,
- Incident and problem management,
- SLA monitoring: Monitoring whether service levels agreed with the customer (e.g. time, availability) are being met,
- KPI monitoring: Regular monitoring of indicators that measure service success (e.g. response time, resolution rate),
- Continuous improvement cycle.
The purpose of ISO/IEC 20000-1 is to ensure that IT services are delivered consistently, reliably and in line with business objectives.
What does the CCS (UK Commercial Services) Directive say?
According to the revision, when purchasing IT services, public institutions must evaluate not only the price and technical offers, but also whether the organisation providing the service is ISO/IEC 20000-1 certified.
Service providers without certification will have reduced or even no chance of participating in CCS tenders. This aims to improve service quality in the market and provide more reliable solutions to the public.
ISO/IEC 20000-1 Benefits for Public Institutions;
The ISO/IEC 20000-1 standard provides significant advantages in service management for public institutions. Thanks to this standard, all service providers are required to comply with a common quality system, thus ensuring consistency and reliability in services. Risk management processes minimise potential service interruptions and security vulnerabilities. The continuous improvement approach increases service efficiency while enabling more effective control of costs. Furthermore, by providing a transparent and auditable structure, it enables public services to become measurable and reportable. This gives the organisation a significant advantage in both internal audits and public accountability processes.
ISO/IEC 20000-1 Service Management System Implementation Process
1. Current Status Analysis: Determine whether the organisation has ISO/IEC 20000-1 certification. If certification is not available, examine existing systems (e.g. ITIL, ISO 27001) to identify which processes are compatible with ISO/IEC 20000-1.
2. Gap Analysis: The seven core areas of ISO/IEC 20000-1 must be checked:
- Service planning
- Service design
- Service transition
- Service delivery
- Service improvement
- Asset and resource management
- Relationship and supplier management
These areas are compared with existing processes. Processes such as Service Level Management, Incident and Problem Management, and Continuous Improvement Mechanisms are particularly critical.
3. Implementation and Documentation: At this stage, the Service Management System is established and all processes are documented. Points to note:
- Policies and procedures,
- KPIs (Key Performance Indicators),
- SLAs (Service Level Agreements),
- Risk and change management,
- Senior management commitment and leadership,
4. Internal Audit and Management Review: Internal audits are conducted to assess whether the system complies with ISO/IEC 20000-1. Subsequently, a management review identifies opportunities for improvement and action plans are developed.
5. Certification Audit: A two-stage audit is performed by an accredited certification body:
6. Continuous Improvement: Annual surveillance audits are provided to ensure the Service Management System is sustainable, and the continuous improvement cycle (PDCA: Plan, Do, Check, Act) is implemented.
When examining the relationship between ISO/IEC 20000-1 and other standards, it is particularly closely related to ISO/IEC 20000-1, ITIL, COBIT and ISO/IEC 27001. ITIL guides operational processes, COBIT supports IT governance, and ISO/IEC 27001 contributes to the provision of secure and sustainable services by ensuring integration with information security.
This revision of the standard heralds a quality revolution in the public sector. IT will now be required to be measurable and sustainable. This transformation will pave the way for stronger partnerships and higher quality services in the long term.
If you wish to integrate this new revision into your organisation or professionally structure awareness of the vision of quality and sustainability, please contact us. For detailed information, simply reach out to us at info@cfecert.co.uk.
