ISO/IEC 20000-1:2018 (SR EN ISO 20000-1:2020) specifies the requirements for the establishment, implementation, maintenance and continuous improvement of a service management system (SMS) taking into account the context of the organization (size and structure, processes specific, needs and objectives, typology of services provided, requirements of interested parties - legal and regulatory requirements, requirements regarding services, performance, obligations, etc.). The service management system addresses the life cycle of services (planning, design, transition, delivery and improvement of services) that meet the established requirements and provide value to the organization, customers or users of these services.
This standard revised in 2018 with a view to the adoption of Annex SL of the ISO Directives - High Level Structure (High Level Structure), can be applied to any type of organization that provides services in the public, private or non-profit sector, regardless of size, structure or the nature of the services provided.
ISO/IEC 20000-1 addresses:
customers who are looking for quality services and need assurance regarding the quality of the respective services;
customers who require a consistent approach to the life cycle of services by their service providers, including those in the supply chain;
organizations that want to demonstrate the ability to plan, design, transition, deliver and improve the services provided;
organizations that want to monitor, evaluate and analyze SMS and its services;
organizations that carry out compliance assessments with the requirements of the reference;
organizations that want to improve the life cycle of the services provided through the implementation and effective operation of an SMS;
providers of training or consultancy in service management.
The adoption of a service management system must be a strategic decision that takes into account the general objectives of the organization, the governing body, the parties involved in the life cycle of the service, the need for effective and flexible services, being very important that this system should be an integral part of the global management processes and structure.
The effective implementation of the service management system ensures:
― visibility and continuous control of services,
― a standardized, structured way of providing services resulting in more efficient operation of processes;
― the implementation of continuous improvement opportunities resulting in increased customer satisfaction;
- increased effectiveness and efficiency resulting in lower operating costs.
There is a close relationship (resulting from similar concepts, common objectives) between the management of information security promoted by ISO/IEC 27001 and the management of services, so that many organizations opt for improving the way of operation by adopting an integrated management system (information security and service management ).
According to the ISO/IEC 27013 standard "Information technology - Security techniques - User guide for the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1", the implementation of an integrated management system that takes into account both the services provided and security information brings a series of advantages for an organization, namely:
― the credibility of the organization vis-à-vis internal or external clients that it has the ability to offer efficient and safe services;
― an integrated program of two projects with lower costs, in which the efficient and effective management of services and information security are part of the general strategy;
― reducing the implementation time through the integrated development of processes common to both standards;
- better communication, reduced costs and improved operational efficiency by eliminating unnecessary duplication;
― a better mutual understanding by the management of the services and by the security personnel of the points of view of the others;
― certification for ISO / IEC 27001 makes it much easier to meet the information security requirements specified in ISO / IEC 20000-1: 2011, 6.6, because both international standards have complementary requirements.
The effective implementation and certification of the integrated system - service management and information security in accordance with ISO/IEC 20000-1 and ISO/IEC 27001 guarantees the organization's ability to provide standardized services, of a high quality level, while ensuring the security and protection of the organization's resources against damages, thus favoring the sustainable success of the organization.