标准简介
ISO/IEC 20000-1:2018 是信息技术服务管理体系(SMS)的国际标准,规定了组织建立、实施、维护和持续改进服务管理体系的要求。该标准源自英国 ITIL(IT 基础设施库)最佳实践框架,但作为认证标准,ISO 20000 提供了可审核和可认证的要求。2018 版采用了 ISO 高级结构(HLS),与 ISO 9001、ISO 27001 等管理体系标准保持一致,便于整合实施。
ISO/IEC 20000-1 覆盖了服务管理的各个方面,包括服务组合管理、关系管理、供应商管理、服务级别管理、服务可用性管理、容量管理、服务连续性管理、变更管理、发布管理、事件管理、服务请求管理和问题管理。组织必须制定服务管理计划、定义和管理服务级别协议(SLA)、建立持续改进机制,并通过内部审核和管理评审确保体系的有效运行。该标准适用于各种规模的 IT 服务提供商,无论是内部 IT 部门还是外部服务供应商。全球已有超过 7,000 张证书,在 IT 服务外包、云服务和数据中心运营领域采用率较高。
Service Management System
Specifies requirements for establishing, implementing, maintaining, and continually improving a service management system (SMS) to deliver value through services.
ITIL Alignment
Closely aligned with ITIL best practices. Provides a certifiable framework that formalizes IT service management processes across the service lifecycle.
High Level Structure
Follows the ISO High Level Structure (HLS), enabling seamless integration with ISO 27001, ISO 9001, and other management system standards.
list_alt SMS Clauses (4-10)
- Context of the organization and interested parties
- Leadership commitment and service management policy
- Planning including risk and opportunities
- Support — resources, competence, awareness, communication
- Service portfolio and service level management
- Relationship and supplier management
- Incident, problem, and change management
- Performance evaluation and continual improvement
Who Needs to Comply?
IT service providers (internal or external), managed service providers, cloud service providers, and any organization that wants to demonstrate its ability to design, deliver, and improve services that meet service requirements consistently.
Key Requirements
Service Management System
Establish, implement, and maintain an SMS covering service planning, design, transition, delivery, and improvement. Define the SMS scope and service management policy.
Service Level Management
Define, agree, monitor, and report on service levels. Maintain service level agreements (SLAs) and ensure services meet agreed requirements.
Incident & Problem Management
Implement processes to restore normal service operation as quickly as possible (incident management) and identify root causes to prevent recurrence (problem management).
Change & Release Management
Control changes to the SMS and services through a formal change management process. Plan, test, and deploy releases to minimize impact on service quality.
Penalties & Enforcement
No direct legal penalties — ISO 20000-1 is a voluntary certification. However, loss of certification can result in disqualification from IT service contracts, particularly in government and financial sector procurement where ISO 20000-1 is often a prerequisite.