New format, big changes to ISO/IEC 20000-1


If you’ve been following the news, you may have seen that the third edition of the International Standard for Service Management is due to be released next month. 

So what are the changes being made to ISO/IEC 20000-1 (from the 2011 edition) and what benefits might this bring?


3 key areas of change

To begin with, the revised standard will include a number of welcome changes for those looking to adopt 20K as a foundation for best practice service management.  These may be summarised perhaps into three main areas:

Increased Flexibility

Some of the more stringent requirements have been removed or replaced, thereby making the standard somewhat simpler to implement. Whilst ISO/IEC 20000-1 still remains prescriptive on what you must achieve for minimum best practice, it has softened its stance on how this must be done, providing flexibility to use whatever other sources of guidance as appropriate (think ITIL, COBIT, VeriSM, DevOps, etc.)

Supplier Integration

The revised standard provides far more flexible support for more contemporary approaches to supplier sourcing, including developments in Service Integration and Management (SIAM).

Integrated Assurance 

In recent years there has been an increasing requirement to establish a balance between risk, compliance and quality management. Improvements to the structure to bring 20K into alignment with other standards provides a greater ability to implement common controls to drive greater efficiency and reporting to top management.


What can we expect to see in the new version?

Revised Format (Annex SL)

ISO/IEC 20000-1:2018 will be adopting the “Annex SL” format, bringing it into alignment with other popular standards such as ISO 9001 (Quality), ISO/IEC 27001 (Information Security), ISO 22301 (Business Continuity) and ISO 14001 (Environmental Management) to name a few.  

Annex SL is a high-level structure created by ISO to bring a wide array of management system standards into closer alignment with each other. This is particularly useful as it will greatly assist organisations needing to comply with more than one management system standard, thereby reducing the amount of work and duplication of effort required in the past. However, another benefit is the ability to implement common sets of controls to drive better compliance, risk and quality reporting… this is a welcome change indeed!

Service Management System

Changes include more specific detail with regard to organisational context, risk management, requirements for leadership and commitment, and enhanced requirements for the planning aspects of the SMS. Support for the SMS has been added, along with the simplification and improvement of documentation requirements, and a new set of requirements for Knowledge Management.

Service Planning and Portfolio Management

Several changes new and changed requirements have been made to this area, including Service Portfolio Management. Service Catalogue Management, including the determination of service criticality and priority, has been expanded, along with the requirement to classify services as CIs. Also included are considerations for improvements to the processes and the coordination of activities with third parties involved in the service lifecycle. 

Service Assurance, Capacity and Demand

Service Continuity and Availability Management have been finally separated out into two sets of requirements. Specific clauses to create availability and capacity plans have been simplified (replaced) with a more general need to plan for availability and capacity. Demand Management has been introduced as a new process. Information Security requirements, including the regular assessment and management of risk, and its relationship to the ISO/IEC 27001 standard, have been improved.

Service Design, Build and Transition

The requirement to address new or changed services within the scope of the Change Management process have now been clarified. The requirement for a Configuration Management Database (CMDB) has been dropped in favour of a more simplified requirement to manage ‘configuration information’, with the scope of this information widening to cover the full service lifecycle. 

Service Resolution and Fulfilment

Incident and Service Request Management have now been separated into two separate process areas – why they were even combined in the first place is anyone’s guess! 

Performance Evaluation and Improvement

The requirements for the measurement and evaluation of the performance and effectiveness of the processes and services of the SMS have been expanded and improved. The requirement for a more specific Service Improvement Policy and Procedure have been removed.


What’s Next?

In summary, we are very excited about the upcoming changes to the third edition of the ISO/IEC 20000 standard, due for release 15th September 2018. 

Not only will it give a stronger and clearer focus on the key requirements for good end-to-end service management, aligning it to the Annex SL format is a welcome update for those needing to manage multiple ISO standards.  

So for those looking to finally adopt 20K (even if certification is not required) now’s the time! 


In a later article, we will examine ways in which multiple best practice frameworks and standards (including the new ISO/IEC 20000 standard) can be leveraged to drive integrated assurance across the business.