ISO 20000 – 2018. A new edition of ISO 20000 was published on 15 September 2018. ISO/IEC 20000:2018 (Part 1) is a completely revised version of the international service management standard, ISO/IEC 20000:2011
But what are the changes to the main part of the standard?
ANNEX SL FORMAT
- The standard now follows the common structure of Annex SL as with many other standards, such as ISO/IEC 27001, ISO 14001 and ISO 9001, this makes for ease of implementation when implementing multiple standards and removes duplication in a business management system.
- It has now been updated to reflect the latest developments in service management. Topics now covered include service commoditization, management of multiple suppliers as well as the need to determine the value of services.
- Some of the requirements within the standard have been made more abstract so that organizations have the freedom to meet the requirements as they see fit.
- New requirements have been added covering knowledge and the planning of services.
RE-ARRANGEMENT OF CLAUSES
- A number of clauses have been separated that were previously combined, these are: capacity management, demand management, service catalogue management, service level management, service availability management, service continuity management, service request management, and incident management.
- The section previously called ‘Governance of processes operated by other parties’ has been renamed ‘Control of parties involved in the service lifecycle’. Requirements within this section have also been updated to include services, service components and processes. The standard also clarifies within this section that the organization cannot ‘demonstrate conformity’ to the standard if another party is used to provide and run all services, service components or processes within the scope of the SMS.
CHANGE OF TERMINOLOGY AND DEFINITIONS
- Clause 3 of the standard has been separated into sub-clauses for management system terms and service management terms. The key changes here include:
- Some terms specifically for service management have been added, and some new terms have been added to Annex SL such as ‘objective’ and ‘policy’.
- The term ‘service provider’ has been replaced by the term ‘organization’ to bring the standard in line with Annex SL.
- Further, the term ‘internal group’ has been replaced by ‘internal supplier’, and ‘supplier’ by the term ‘external supplier’.
- The definition of the term ‘information security’ has been aligned with that in ISO/IEC 27000. Additionally, the term ‘availability’ has been replaced by ‘service availability’; this is so to differentiate from the term ‘availability’ which is now used in the definition of ‘information security’.
CHANGES OF DOCUMENTED PROCEDURES
- Reduced the amount of documentation needed for a service management system. This leaves only key documents such as the service management plan. Other changes to the required documentation include:
- No longer a need for availability and capacity plans, this is replaced with a requirement to plan service availability and capacity.
- Removed the need for a configuration management database (CMDB) and instead replaced it with a requirement for configuration information.
- There is no longer the need for a release policy; instead the standard now has a requirement to define release types and frequency.
- Finally, the requirement for a continual improvement policy has been removed and replaced with a requirement to determine evaluation criteria for opportunities for improvement.
- Figures 2 and 3 within the standard have been renumbered and updated. Figure 1 has been removed as have references to Plan-Do-Check-Act.
- The detailed reporting requirements from the service reporting clause have been moved into the clauses where the reports are likely to be produced.