ISO/IEC 20000 IT Service Management is a global standard that specifies the requirements for a system that manages information technology services ITSMS. It describes several management practices aimed at assisting firms in providing more effective IT services to both internal and external clients. Its major goal is to reflect best practice recommendations from the ITIL Information Technology Infrastructure Library framework; however, it also supports other IT service management frameworks and methodologies. The ISO/IEC 20000 standard was intended to replace the British Standard 15000 and to provide a globally recognized management system services information technology standard. And since we all know how stressful the documentation process can be, here are three basic measures to follow when preparing for the ISO/IEC 20000 documentation.
- Documentation Structure: Before starting, anything Organization should make its policies, process, and descriptions from the same template. This way, anyone will be able to make navigation throughout the documentation set easier.
- Classification: SMS requirements and processes are the two key aspects of ISO 20000. The sequence should be followed while preparing the documentation. Try to prepare the SMS system documents first, for example, such as policies, scope, etc. Then perhaps you should deal with document processing. Finally, these documents must be reviewed.
- Content: ISO 20000 has contained some mandatory requirements for policies and procedures. The standard has specified certain requirements. However, the organization may need to contain some non-mandatory elements as well. Sometimes, the number of required documents also depends on the size and type of the organization.
Mandatory documents required by ISO/IEC 20000-1
Here is the list of ISO/IEC 20000-1 documents that need if anybody wants to be compliant with the ISO/IEC 20000-1:2018 standard
- Scope of the Service Management System according to the clause 4.3
- Service management policy and objectives according to the clauses 5.2 and 6.2
- Risk assessment and management for the SMS according to the clause 6.1.2
- Service management plan according to the clause 6.3
- Change management policy according to the clauses 7.5.4 d and 8.5.1.1
- Information security policy according to the clauses 7.5.4 d and 8.7.3.1
- Service continuity plans according to the clauses 7.5.4 d and 8.7.2
- Processes of the organization’s SMS according to the clause 7.5.4 e
- Service requirements according to the clauses 7.5.4 f, 8.2.2, and 8.3.3
- Service catalogs according to the clauses 7.5.4 g and 8.2.4
- Service level agreements according to the clauses 7.5.4 h and 8.3.3
- Contracts with external suppliers according to the clauses 7.5.4 I and 8.3.4.1
- Agreements with the internal suppliers or customers acting as a supplier according to the clauses 7.5.4 j and 8.3.4.2
- Services that are provided or operated by other parties according to the clause 8.2.3.1a
- Service components that are provided or operated by other parties according to the clause 8.2.3.1b
- Processes, or parts of processes, in the organization’s SMS that are operated by other parties according to the clause 8.2.3.1c
- Customers, users, and other interested parties of the services provided according to the clause 8.3.2
- Release acceptance criteria according to the clause 8.5.3
- Risks for service availability, service continuity, and information security according to the clauses 8.7.1, 8.7.2, and 8.7.3.2
- Procedure for classifying and managing a major incident according to the clause 8.6.1
- Procedure for continuing operations in the event of a major loss of service according to the clause 8.7.2 b
- Procedure for restoring normal working conditions after service disruption according to the clause 8.7.2 e
- Capacity requirements according to the clause 8.4.3
- Design of new or changed services according to the clause 8.5.2.2
- Service availability requirements and targets according to the clause 8.7.1
Other documents that can be used to implement ISO/IEC 20000-1 are listed below. Depending on the complexity and structure of the organization, usage may differ.
- Procedure for determining the context of the organization and interested parties according to the clauses 4.1 and 4.2
- Procedure for addressing risks and opportunities according to the clause 6.1
- Procedure for competence, training, and awareness according to the clauses 7.1.2, 7.2, and 7.3
- Procedure for document and record control according to the clause 7.5
- Procedure for management of nonconformities and corrective actions according to the clauses 10.1
- Procedure for monitoring customer satisfaction according to the clause 8.3.2
- Procedure for internal audit according to the clause 9.2
- Procedure for management review according to the clause 9.3
IT Services Management System- 20000 