Discover in 9 steps how to “implement” ISO/IEC 20000 in your organization!

Service Management is an increasingly valuable element for companies. After all, it provides a framework for service provisioning that adapts to the organization’s culture. In this sense, it is crucial to think about ISO/IEC 20000.

ISO/IEC 20000 is a guideline for building a Service Management System (SMS). The myths surrounding this standard have been debunked, and today it plays an important role for service providers.

The latest version of the standard, released in 2018, fulfills this role impeccably; it is aligned with the most current management practices, such as DevOps and Agile, and is also integrated with other standards.

Therefore, it is almost mandatory for a service provider company that wants to deliver value to its customers.

But how can you implement the ISO/IEC 20000 requirements in an organization? In this article, you will see how to do this in 9 steps that any service-providing organization can apply. So, let’s get to them!

Step 1: Know ISO/IEC 20000

At first, it is interesting that you get to know ISO/IEC 20000 better. And I’m not just talking about ISO/IEC 20000-1, which is the “standard” part of the standard, but also 20000-2 and 20000-3!

The three documents provide formal requirements and guidance for establishing a Service Management System. Thus, they will be a guide in implementing such a system.

Step 2: Top management support

Top management support in implementing the ISO/IEC 20000 requirements is fundamental. In fact, the standard itself reserves a series of activities in this regard for the management body.

Some of the responsibilities include:

• Defining a service management policy, expressing a direction for the SMS that is in line with the organization’s strategic context;
• Defining or approving service management objectives, which are nothing more than goals for SMS and services;
• Making resources available for the design, implementation, and support of the SMS, including financial, human, and technological information;
• Assigning SMS management responsibilities;
• Ensuring that the SMS achieves the results that are being sought.

If top management is not involved in these aspects, a project that seeks to comply with ISO/IEC 20000 is likely to fail.

Step 3: Determine your organization’s context

The next step in implementing an SMS that is in line with ISO/IEC 20000 is to determine the organization’s context.

This is usually a complicated task because it is difficult to have a real dimension of this context.

Tip: use analysis models such as SWOT and PESTLE, determining the most important aspects of the organization.

These aspects can be:

• Any relevant issue for the organization, such as competition, resources, market, development of new products, among other things;
• Relevant stakeholders who are important in the context of the organization and have certain expectations of their activities;
• The internal and external environment in which the organization operates, also including the degree of influence on the SMS and the services of these environments.

Stage 4: Communication is Everything

Communication with stakeholders should never be disregarded when implementing an SMS.

In the previous stage, you determined who the stakeholders are. At this point, communication needs to be tailored, always considering whether these stakeholders are internal or external, and taking into account their roles and what they need to know.

In other words, according to the standard, communication involves:

• Creating awareness of the service management policy and objectives, as well as how stakeholders can help in the success of the SMS;
• Defining what needs to be communicated, to whom, and how, always considering everything that is relevant to the SMS and services;
• Documenting policies, processes, procedures, and other information that need to be available to people involved in the work included in the scope of the SMS or other stakeholders.

Stage 5: Analyze What You Currently Have

When you decide to implement ISO/IEC 20000, it is normal to have some apprehension about not having everything it requires. Don’t worry! If you are a service provider, it is likely that your organization already has a series of processes in relation to what the document requires.

In any case, think about basic processes to interact with customers, your incident management, service catalog, etc.

Thinking about these aspects will make it clearer whether you already have them documented or not. Noting that these processes are already established is an important step in building a complete SMS.

Create a baseline of these basic processes because they will be the basis of your SMS, and you can expand the full scope of the standard from there.

Stage 6: Identify Gaps, Risks, and Opportunities

After creating the baseline of basic processes, it is time to analyze the gaps. You will have to read the standard carefully and check if you are already following each requirement or not.

And here’s another tip: apply a checklist that indicates the actions needed to meet the requirements.

This will help you identify risks and opportunities.

Although the standard does not require a complete risk management process, it is important to be attentive in this regard.

Determine the risk management approach together with the acceptance criteria, defining what actions will be taken in these scenarios.

If you already have a risk management process in the organization, you can use it to deal with these risks to the SMS.

Stage 7: Time to Implement

Having completed all the previous stages, it is time to take some actions to build your SMS based on the requirements of the standard.

Some actions are easier to implement than others. So, take the time necessary to implement them.

We dedicate a lot of time to designing processes. While designing these processes, use a methodology that:

• Makes the processes more efficient, limiting waste wherever possible. A good example of this is the Lean methodology.
• Understand how processes interact. The output of one process usually serves as input to another, creating a system of interacting processes. There are ways to visualize this, such as the Lean system map, and the more complex this image appears, the more adjustments for improvements will be found;
• Set performance goals for processes and find ways to measure their efficiency. This evaluation can measure qualitative considerations, such as Critical Success Factors, or quantitative considerations, such as Key Performance Indicators.

Oh, and don’t forget to communicate all stakeholders during the process configuration stage.

Stage 8: SGS Operation

The previous stages address the transition period in implementing ISO/IEC 20000-based SGS. Now it’s time for the operation to come into play!

In this stage, the processes need to continue to be managed so that the organization maintains service levels and customer satisfaction. This management is only possible by evaluating and measuring the SGS and generating reports on it.

Therefore, the evaluation should include the effectiveness of each process, compliance with service management objectives, customer satisfaction, among other aspects. This makes it easier to identify possible improvements that need to be made.

Stage 9: Evaluation and Improvement

Speaking of improvements, the last stage is post-implementation when it’s necessary to evaluate the processes and identify improvements. We can divide this stage into four steps:

• Set up an internal audit program, bringing in someone who is independent, such as another part of the organization or an outside party, but within the scope of the SGS. Show the internal audit procedures described in Clause 9.2 and also in ISO 19011, so that an annual audit can be performed.
• Top management should conduct a review of the SGS operation, preferably twice a year. They are responsible for what happens in the SGS and services. So, they should be kept informed at all times.
• Deal with non-conformities. If the requirements requested by ISO/IEC 20000-1 are not in compliance in the organization, action must be taken to resolve the issue.
• Set up a Service Continuous Improvement process. This is an ITIL expression that we can use here. However, this process needs to involve services and the SGS itself. In addition, any interested party can present an improvement for consideration by management.

Done! Now your organization is ready and has an efficient Service Management System, suitable for all ISO/IEC 20000 requirements!

But remember, this is just a basic guide, and some companies may have already implemented ISO/IEC 20000 in other ways.

By the way, leave a comment if your organization has already implemented ISO/IEC 20000, and what strategy was used!