標準簡介
ISO/IEC 20000-1:2018 是 IT 服務管理系統(SMS)的國際標準。作為第三版於 2018 年 9 月發布,規定了組織建立、實施、維護和持續改進服務管理系統的要求。此標準與 ITIL 最佳實務緊密對齊,並採用 ISO 高階結構,能與 ISO 27001、ISO 9001 等管理系統標準無縫整合。
此標準涵蓋完整的服務生命週期,包括服務的規劃、設計、轉換、交付和改進。它要求組織定義服務管理政策、管理服務組合和服務水準、實施事件、問題和變更管理流程,並建立供應商和關係管理。ISO/IEC 20000-1 認證在 IT 委外合約、雲端服務協議和全球政府 IT 採購中日益受到重視。
Service Management System
Specifies requirements for establishing, implementing, maintaining, and continually improving a service management system (SMS) to deliver value through services.
ITIL Alignment
Closely aligned with ITIL best practices. Provides a certifiable framework that formalizes IT service management processes across the service lifecycle.
High Level Structure
Follows the ISO High Level Structure (HLS), enabling seamless integration with ISO 27001, ISO 9001, and other management system standards.
list_alt SMS Clauses (4-10)
- Context of the organization and interested parties
- Leadership commitment and service management policy
- Planning including risk and opportunities
- Support — resources, competence, awareness, communication
- Service portfolio and service level management
- Relationship and supplier management
- Incident, problem, and change management
- Performance evaluation and continual improvement
Who Needs to Comply?
IT service providers (internal or external), managed service providers, cloud service providers, and any organization that wants to demonstrate its ability to design, deliver, and improve services that meet service requirements consistently.
Key Requirements
Service Management System
Establish, implement, and maintain an SMS covering service planning, design, transition, delivery, and improvement. Define the SMS scope and service management policy.
Service Level Management
Define, agree, monitor, and report on service levels. Maintain service level agreements (SLAs) and ensure services meet agreed requirements.
Incident & Problem Management
Implement processes to restore normal service operation as quickly as possible (incident management) and identify root causes to prevent recurrence (problem management).
Change & Release Management
Control changes to the SMS and services through a formal change management process. Plan, test, and deploy releases to minimize impact on service quality.
Penalties & Enforcement
No direct legal penalties — ISO 20000-1 is a voluntary certification. However, loss of certification can result in disqualification from IT service contracts, particularly in government and financial sector procurement where ISO 20000-1 is often a prerequisite.