The 2018 (third) edition of ISO/IEC 20000-1, the International Standard for service management will be released on 15th September along with ISO/IEC 20000-10. All other parts of the standard should be updated over the course of the next year from this date.
But what are the changes to the main part of the standard?
- The standard now follows the common structure of Annex SL as with many other standards, such as ISO/IEC 27001, ISO 14001 and ISO 9001, this makes for ease of implementation when implementing multiple standard and removes duplication in a business management system.
- It has now been updated to reflect the latest developments in service management. Topics now covered include service commoditisation, management of multiple suppliers as well as the need to determine the value of services.
- Some of the requirements within the standard have been made more abstract so that organisations have the freedom to meet the requirements as they see fit.
- New requirements have been added covering knowledge and the planning of services.
- A number of clauses have been separated that were previously combined, these are: capacity management, demand management, service catalogue management, service level management, service availability management, service continuity management, service request management, and incident management.
- The section previously called ‘Governance of processes operated by other parties’ has been renamed ‘Control of parties involved in the service lifecycle’. Requirements within this section have also been updated to include services, service components and processes. The standard also clarifies within this section that the organisation cannot ‘demonstrate conformity’ to the standard if another party is used to provide and run all services, service components or processes within the scope of the SMS.
- Clause 3 of the standard has been separated into sub-clauses for management system terms and service management terms. The key changes here include:
- Some terms specifically for service management have been added, and some new terms have been added to Annex SL such as ‘objective’ and ‘policy’.
- The term ‘service provider’ has been replaced by the term ‘organisation’ to bring the standard in line with Annex SL.
- Further, the term ‘internal group’ has been replaced by ‘internal supplier’, and ‘supplier’ by the term ‘external supplier’.
- The definition of the term ‘information security’ has been aligned with that in ISO/IEC 27000. Additionally, the term ‘availability’ has been replaced by ‘service availability’, this is so to differentiate from the term ‘availability’ which is now used in the definition of ‘information security’.
- Reduced the amount of documentation needed for a service management system. This leaves only key documents such as the service management plan. Other changes to the required documentation include:
- No longer a need for availability and capacity plans, this is replaced with a requirement to plan service availability and capacity.
- Removed the need for a configuration management databased (CMDB) and instead replaced it with a requirement for configuration information.
- There is no longer the need for a release policy, instead the standard now has a requirement to define release types and frequency.
- Finally, the requirement for a continual improvement policy has been removed and replaced with a requirement to determine an evaluation criteria for opportunities for improvement.
- Figures 2 and 3 within the standard have been renumbered and updated. Figure 1 has been removed as have references to Plan-Do-Check-Act.
- The detailed reporting requirements from the service reporting clause have been moved into the clauses where the reports are likely to be produced.
For more information on the latest edition of ISO/IEC 20000 and its release, check out A Guide to ISO/IEC 20000-1:2018 Service Management.