ISO 20000 Standard applies to organizations of any size and industry. It is a global standard that specifically outlines requirements for an Information Technology Service Management System(ITSMS). The standard was designed and developed to reflect the industry’s best practices for the management processes. Complying with the ISO20000 framework to manage the ITSM will help deliver effective IT services. The Standard comprises two parts namely-
1. IT Service Management (ISO 20000-1) is a standard for IT Service Management. It draws out requirements for delivering quality managed IT services to clients which should be on par with acceptable standards.
2. Code of practice for service management (ISO 20000-2) – is a standard of best practice for IT Service Management. It defines the framework for the management process that helps improve the quality of IT services.
Complying with the ISOO20000 Standards will ensure the organization’s ITSM processes are aligned with both the requirement of business and also international best practices.
We spend significant time with your team to determine IT systems and controls that need to be secured and audited.
Our team of experts will conduct a Gap Analysis to examine the current security posture of your organization and identify vulnerable areas.
We work in collaboration with your team to set timelines, responsibilities, and budgets for implementing necessary measures.
We examine your systems to identify your business-critical information assets, and classify them to create a separate Asset Inventory.
We work with your team to assess the potential risks your business is exposed to and identify areas that are weak & vulnerable.
Our team of expert consultants and risk analysts will assess the level of risk exposure and help you with strategies appropriate Risk Treatment measures.
We provide your organization’s ITSM Team a brief awareness training on ISO20000 and discuss with them their relevant roles and responsibilities for the same.
With all data in hand, our team then creates the ITSM document set and validates the same with your input.
Our experienced tech team will work with your team and provide necessary support in the ITSM rollout.
We will conduct User Training for all personnel covered in scope on their specific ITSM responsibilities. This will be an ongoing exercise which shall be recorded for future reference and training purpose.
After a reasonable gestation period, our team of experts will conduct a pre-assessment of your organization set up to verify the implementation of recommended measures.
Our team will provide you complete support and assistance in helping you achieve certification from external auditors (of your choice) for ISO20000.
We can even offer your organization continual support (Managed Compliance Services) to help your organization stay compliant and certified.
ISO 20000 applies typically to any service organization of any size and industry. Companies large or small can use this standard to great effect for improving IT Services and securing tremendous cost and efficiency savings.
ITIL is a very vast and comprehensive standard with thousands of requirements. We are not aware of any company in the world which has implemented the entire standard end to end. Organisations typically take specific control sets from ITIL and implement the same. Furthermore ITIL is not a certifiable standard.
ISO20000 on the other hand is a certifiable standard. It is by and large derived from the key requirements of ITIL. So, from the branding perspective, then ISO20000 is always a good choice.
Implementing ISO 20000 involves different processes and company-specific parameters. Depends on the type of service provided, people involved, first-timer, or recertification, the exact amount can be defined.
Depending on the business, compliance or regulatory requirement of an organization the decision should be taken. However, ISO 27001 is for Information Security Management in an organization & ISO 20000 is for IT Service Management.
The Certificate is valid for 3 years, but the organization would need to conduct surveillance audits every year.
Since the certificate is valid for 3 years, the recertification audit should be performed every 3 years with compliance audits to be done for the second and third year.