EXECUTIVE SUMMARY

ISO IEC 20000-1 is a generic service management standard. The
official name of this standard is ISO/IEC 20000-1:2011. Information
technology - Service management - Part 1: Service management
system requirements. These requirements can be found in the
following six sections:

4. Service Leadership
5. Service Development
6. Service Delivery
7. Service Relationships
8. Service Resolution
9. Service Control

The purpose of ISO IEC 20000-1 is to show service providers
how to establish a service management system (SMS). A SMS is
a set of interrelated or interacting elements that service providers
use to direct and control their service management activities.
These elements include all of the policies, objectives, processes,
procedures, documents, and resources that service providers
need in order to direct and control how services are planned,
designed, implemented, deployed, delivered, monitored,
measured, reviewed, maintained, and improved.

SCOPE OF ISO IEC 20000-1 STANDARD

ISO IEC 20000-1 2011, section 1.2, says that "All requirements
in this part of ISO/IEC 20000 are generic and are intended to be
applicable to all service providers, regardless of type, size and the
nature of the services delivered." As you can see, ISO IEC 20000-1
is a generic standard and can be used by any service provider.
It doesn’t matter what size they are or what they do.

According to ISO IEC 20000-1 2011, service providers must be able
to show that every requirement is being met if they wish to claim
that they comply with this standard. No exclusions are allowed.

But that does not mean that they must meet every requirement by
themselves. They may use other internal or external parties whenever
they need to do so. According to section 1.2, service providers may
ask other parties to help them with any process mentioned in
sections 5 to 9 (this is not true for section 4).

However, according to section 4.2, whenever they use other parties
to operate processes (or parts of processes) mentioned in sections
5 to 9, service providers must be able to demonstrate that suitable
governance structures and methods have been established and
are being used to direct and control these processes and parts.

Furthermore, service providers must be able to demonstrate that
they have the authority to ensure that each process and process
part is actually being followed and that someone is accountable for
this. In addition, they must be able to demonstrate that they actually
control the definition of each process and how it interfaces with
other processes, that they routinely evaluate process performance
and compliance with process requirements, and that they actively
control how process improvements are planned and prioritized.

In short, service providers may comply with everything themselves
or they may comply with most of it themselves and have other parties
do the rest as long as they can show that all ISO IEC 20000-1 2011
requirements are being met.

While ISO IEC 20000-1 says that service providers must meet every
requirement, exactly how they do so is up to them. It will depend on
the services they provide, the risks they must manage, the needs
and expectations of their customers, and the unique relationship
service providers have with them.

WHO SHOULD USE ISO IEC 20000-1

ISO IEC 20000-1 can be used by:

Service providers. ISO IEC 20000-1 can be used by any service
provider to show that it is capable of meeting its customers’ unique
service requirements. It can be used by any service provider to
demonstrate that it is capable of designing, delivering, and improving
its services. Service providers can also use it to monitor, measure,
audit, and review their service management practices, processes,
policies, and procedures.

Service recipients. ISO IEC 20000-1 can be used by organizations
that need to be sure that the services they receive from their service
providers will consistently meet their unique service requirements.
It can be used by any organization to establish and maintain a
consistent approach to service delivery throughout its entire
service supply chain.

Service auditors. ISO IEC 20000-1 can be used by auditors and
assessors to examine any service management system (SMS).
It can be used to evaluate any service provider’s performance
and compliance.

HOW TO USE ISO IEC 20000-1

ISO IEC 20000-1 is designed to be used for certification purposes.
If you’re a service provider and you decide to pursue this option,
you need to establish a service management system (SMS) that
complies with the ISO IEC 20000-1 2011 standard. Once you’ve
done so, it’s time to ask a registrar (certification body) to audit the
system to see if it, in fact, complies. If it does, your registrar or
certification body will issue an official certificate that states
that your SMS complies with the standard.

While ISO IEC 20000-1 2011 is specifically designed to be used for
certification purposes, you don’t have to become certified. You can
be in compliance without being formally registered by an accredited
registrar or certification body. You can self-audit your system and
then simply announce to the world that it complies with the ISO IEC
20000-1 2011 standard (assuming that it actually does). If you decide
to pursue this option, you should be ready to support your claim
when asked to do so.