In December 2005, the International Standards Office published ISO/IEC 20000 (the international standard for IT Service Management). It is based on the British standard of the same topic (BS15000) which was also published by Standards Australia (AS8018). ISO/IEC 20000 is a standard that promotes the adoption of an integrated approach for the effective delivery of IT services. The standard comes in two parts; Part 1 is the Specification for Service Management and Part 2 is the Code of Practice.
ISO/IEC 20000 is largely based on the IT Infrastructure Library (ITIL) which is a framework of IT service management processes developed by the Office of Government Commerce (United Kingdom) in the late 1980s. ISO/IEC 20000 and ITIL are based on integrated tactical and operational.
The benefits of adopting well defined processes are:
- help your organization to identify the key IT services and assist with IT to business alignment,
- incorporate a focus on customer relationship management and security management,
- allow organizations which have implemented or started to implement ITIL to leverage more from their investments by achieving international certification, and
- provide risk management of all IT services and not just those services governed by your project management framework.
While the benefits can be described as "soft", there are some fundamental deliverables that the new International Standard provides beyond the ITIL framework.
A typical ITIL implementation involves the adoption by organizations of the Service Delivery and Service Support processes. Experience dictates that some 'ITIL-adopting' organizations are not even fully aware of the complete ITIL framework. Such organizations typically focus on just the red Service Delivery book and the blue Service Support book. The ISO/IEC 20000 standard provides pointers to the other components of ITIL. These include:
- the requirement of a comprehensive management system,
- documented evidence of management's commitment to improving the delivery of IT services,
- providing documentation or records to ensure planning and control of IT services,
- demonstrated competencies, awareness and training of your organization's staff and other key stakeholders,
- evidence of processes to plan and implement new or changed services, including Service Acceptance Criteria and change reviews,
- methods and records showing the planning, implementing, monitoring and improving of IT services,
- processes that focus on business relationship management and supplier management, and
- evidence of specific service reporting, including major events and customer satisfaction analysis.
In pre-ISO/IEC 20000 times, the primary challenge regarding ITIL implementations was how to "sell" it to stakeholders. How did CIOs and IT managers promote the "soft" benefits of process improvement to business management, customers, staff and suppliers.
The sales pitch centred largely on use of a common language and the introduction of processes that would allow everyone in IT to understand their role in the grand scheme of things.
However, now with ISO/IEC 20000 there is the facility for independent, certified recognition that organizations (ITIL-aware or not) have been looking for. Passing the ISO/IEC 20000 audit earns you a piece of paper. This piece of paper is an independent indicator that your IT organization is effectively and efficiently providing IT services.
While most process experts will tell you that to earn a "piece of paper" should not be the ultimate goal, it is a sign that is easily identifiable and it becomes a benchmark of quality. The main benefit of an international standard for an organization is what it can provide to others ... a degree of assurance.