ISO/IEC 20000 as a Standard for ITSM Processes - News, tips & guidance for agile, development, Atlassian-Software (JIRA, Confluence, Bitbucket, ...) and Google Cloud

Modern ITSM is flexible and individual

Unless a company operates in a primarily highly regulated industry and has strict internal and/or external compliance requirements to meet, IT Service Management (ITSM) is a relatively individual matter in most organizations today. Every company's requirements, intentions, staffing capabilities, and ways of working are different - and that often applies to the design, implementation, and delivery of ITSM services and the underlying processes.

This is taken into account by the well-known and popular Information Technology Infrastructure Library framework, or ITIL for short, which has been established as a widely used standard in the field of ITSM for years. ITIL provides organizations with a toolbox, so to speak, which no longer imposes rigid process specifications but serves as a pool of processes and tools from which ITSM teams can draw according to their needs and those of their company.

The international ITSM standard for organizations

In the field of ITSM, there is a single globally recognized certification standard that entire organizations can obtain (instead of just individuals within the company). We are talking about ISO/IEC 20000, a certificate that proves, based on an objective assessment, that the organization reliably delivers ITSM services of the highest quality.

The ISO/IEC 20000 standard aims to make IT quality virtually measurable. As a norm and certifiable standard, ISO/IEC 20000 promises to increase the effectiveness and quality of IT services while creating measurability, optimization, and verifiability.

To this end, ISO/IEC 20000 declares minimum requirements for ITSM processes, from service level management and capacity management to incident and problem management, which the company must adapt and fulfill to provide its services in a quality that can be independently assessed, reproduced, and certified.

The ISO/IEC 20000 requirements and ITIL

The process definitions laid down in ISO/IEC 20000 are primarily based on the descriptions in the ITIL framework, so teams that use ITIL as the basis for their ITSM processes should generally already be in a good starting position for certification.

It should be noted here, however, that the ISO/IEC process descriptions tie in with ITIL version 3, in which the processes, their implementation, and their measurement are defined down to the last detail. In the meantime, a more current iteration of ITIL places significantly more emphasis on openness and flexibility and thus better accommodates the working methods of modern teams.

In this respect, ISO/IEC 20000 means a certain return to the meticulous process fidelity that has been overcome. Teams that use ITIL more as a source of inspiration for their individual ITSM implementations than as a stringent process template will undoubtedly have to adjust to this.

The ISO/IEC 20000 audits

ISO/IEC 20000 auditing is performed by certified external auditors and is divided into two broad phases. In phase one, the auditors evaluate the status quo with regard to the company's ISO/IEC 20000 maturity level. The most important findings from this phase relate to those areas where action is required, i.e., those that do not yet meet the requirements.

The resulting report is therefore used to assess the current state of affairs. From this, the company can derive actions and measures that must be implemented to meet the quality criteria of ISO/IEC 20000.

The second phase of the audit then assesses whether the company meets the ISO/IEC 20000 requirements. If it does, the organization receives official certification to the ISO/IEC 20000 standard, which is initially valid for three years and can be renewed through recertification.

Does an ISO/IEC 20000 seal make sense?

As is often the case, this question has no universal answer. After all, such certification involves significant costs and effort. The usefulness of ISO/IEC 20000 certification depends heavily on the environment, the market, the organizational structure, the compliance requirements, and, last but not least, the ambitions of the ITSM team.

In particular, companies that work with public institutions fare very well with an ISO/IEC 20000 seal. Standardized certifications are often essential for awarding projects and contracts in this environment. But many other customers also regard official certifications as good pro arguments when evaluating potential project partners for IT and software services. After all, they indicate an objectively assessed high quality of internal and external processes and services.

Internal criteria should be addressed here too. After all, increasing quality and reducing costs are among the core promises associated with ISO/IEC 20000 standardization. An evaluation of ITSM processes carried out by external experts according to objective criteria certainly has what it takes to overcome the notorious operational blindness and bring bottlenecks, inefficiencies, error-proneness, and optimization potential to light.

Ultimately, each organization and each ITSM team must find an individual answer to the question of whether ISO/IEC certification makes sense or not.

What is beyond question, however, is the fact that modern IT Service Management requires a strong software foundation.

Atlassian Tools for ITSM Teams

Teams need powerful and feature-rich tools that can digitally map as many practices of common ITSM frameworks such as ITIL as possible - from ticket-based helpdesk with individual workflows to service level agreements and systematic service request management to extensive automation.

Jira Service Management from Atlassian has, among other things, the official certification as PinkVERIFY Certified ITIL 4 toolset and thus fulfills all functional requirements for professional ITSM.