ISO/IEC 20000-1:2018
Information technology — Service management — Part 1: Service management system requirements
Standard Introduction
ISO/IEC 20000-1:2018 is the international standard for IT service management systems (SMS). Published in September 2018 as the third edition, it specifies requirements for an organization to establish, implement, maintain, and continually improve a service management system. The standard is closely aligned with ITIL best practices and follows the ISO High Level Structure, enabling integration with ISO 27001, ISO 9001, and other management system standards.
The standard covers the complete service lifecycle including planning, design, transition, delivery, and improvement of services. It requires organizations to define service management policies, manage service portfolios and service levels, implement incident, problem, and change management processes, and establish supplier and relationship management. ISO/IEC 20000-1 certification is increasingly expected in IT outsourcing contracts, cloud service agreements, and government IT procurement worldwide.
Service Management System
Specifies requirements for establishing, implementing, maintaining, and continually improving a service management system (SMS) to deliver value through services.
ITIL Alignment
Closely aligned with ITIL best practices. Provides a certifiable framework that formalizes IT service management processes across the service lifecycle.
High Level Structure
Follows the ISO High Level Structure (HLS), enabling seamless integration with ISO 27001, ISO 9001, and other management system standards.
list_alt SMS Clauses (4-10)
- Context of the organization and interested parties
- Leadership commitment and service management policy
- Planning including risk and opportunities
- Support — resources, competence, awareness, communication
- Service portfolio and service level management
- Relationship and supplier management
- Incident, problem, and change management
- Performance evaluation and continual improvement
Who Needs to Comply?
IT service providers (internal or external), managed service providers, cloud service providers, and any organization that wants to demonstrate its ability to design, deliver, and improve services that meet service requirements consistently.
Key Requirements
Service Management System
Establish, implement, and maintain an SMS covering service planning, design, transition, delivery, and improvement. Define the SMS scope and service management policy.
Service Level Management
Define, agree, monitor, and report on service levels. Maintain service level agreements (SLAs) and ensure services meet agreed requirements.
Incident & Problem Management
Implement processes to restore normal service operation as quickly as possible (incident management) and identify root causes to prevent recurrence (problem management).
Change & Release Management
Control changes to the SMS and services through a formal change management process. Plan, test, and deploy releases to minimize impact on service quality.
Penalties & Enforcement
No direct legal penalties — ISO 20000-1 is a voluntary certification. However, loss of certification can result in disqualification from IT service contracts, particularly in government and financial sector procurement where ISO 20000-1 is often a prerequisite.