The second edition of ISO/IEC 20000-1 (Part 1) is to be published on 15th April 2011. A simple thing to say, but five years of work has been required to get to this stage.
Why did this take so long? The group responsible for the 20000 series has active membership of standards organizations from 25 countries, with about 60 more allowed to vote. We also have liaison members, including itSMF and ISACA, although they cannot vote. Getting a consensus across this range of views is difficult.
What we have learned along the way is how to write a standard for people who are not native English speakers. For that matter, we have also avoided use of words that are used differently by different native English speakers – such as 'address'.
We have been careful to standardise wording where possible, for example 'requirements are fulfilled', not 'met'. We do not now use 'management control', because for some languages both management and control translate into the same word. Instead, we use just 'management' or just 'control' or 'governance of processes', depending on the context. This all helps with consistent application of Part 1 as well as translation.
There are more special terms defined. This is mainly because many organizations are certified under more than one standard. So when possible the 20000 series uses the same special terms as ISO 9001 and ISO/IEC 27001. Of course, some terms are specific to service management and they have been retained. The 20000 series still relies as much as possible on normal English, with words used with the meanings given commonly used dictionaries. In the last five years I have used a dictionary more often than the rest of my life put together.
So what are the other differences? Well, the structure has changed a little. Clauses 3 and 4 in edition 1 have been merged into Clause 4, covering all the general requirements for the service management system. Part 1 clause numbering also aligns with the next edition of Part 2, due in a few months.
Part 1 is also longer, with more requirements, i.e. the' shalls'. For example, there is now a requirement for a service catalogue, whereas previously it was only a recommendation in Part 2. Not much of a change for an industry that has been using service catalogues for many years. Other changes include criteria for releases that could have a big impact on the service. These are the releases that the additional protection of Clause 5. Clause 5 still covers new and changed services but the process now starts earlier in the lifecycle, including requirements for design and planning.
Incident management is now incident and service request management. Release management has been included in the control process group and is now called release and deployment. These changes have resulted in some new requirements.
Many of the significant changes are linked to applicability of Part 1 and the definition of the scope of the service management system and within that, service management. The first edition of Part 1 has a solitary requirement for scope to be defined as part of planning. Defining the scope is a complex part of service management, so Part 1 now includes requirements for how this is to be done. This is supported by the scenario based advice in Part 3, published in 2009.
This differences between edition 1 and 2 also recognise that many services are the combined effort of not just the service provider, but other parties as well. This has mainly affected the requirements on how the contribution of suppliers should be managed. There are more requirements for supplier management, but the notable change is a new Clause 4.2 on governance of processes operated by other parties.
Clause 4.2 is included so that the service provider is required to demonstrate that they control their suppliers effectively. Again, this not a new idea, and a service provider with any claim to having adopted best practices should be managing their suppliers to a high standard anyway. However, some organizations will have to provide additional evidence that proves this, and for some cases they might have to negotiate changes to contracts with their suppliers.
The 'other parties' are not just suppliers. Part 1 requirements include control of processes operated by internal groups within the same organization as the service provider, but not under the service provider's direct control. This is most likely for an in-house service provider. For example, a specialist support group with a strong business focus outside the IT department.
When the service provider and customer are in different organizations, such as a commercial outsourcing arrangement, the other party can be part of the customer's organization. When this is the case the group is a 'customer acting as a supplier'. Both the internal groups and 'customer acting as a supplier' are managed by the service provider using a process based on Clause 6.1 – service level management.
Although these are new requirements they also reflect the reality that service providers are already facing and these new requirements also help clarify how the scope is defined. Reliance on other parties is an important feature of how many service providers operate – including multi-vendor arrangements. So Part 1 now advises what degree of reliance on suppliers is likely to be acceptable, especially during a certification audit. For example, the overall control of the service management system in Clause 4 should always be under the direct control of the service provider. Overall control includes the Plan-Do-Check-Act cycle for continual improvements of the service management system and the services. Part 1 also warns that a service provider reliant on other parties for the majority of the service management processes is unlikely to be able to demonstrate adequate control.
So what happens now?
Part 1 is a very popular standard and many organizations have become certified. A certified service provider should check with their auditor to find out what arrangements there will be for transferring the certificate to the second edition of Part 1. Be warned – your auditor may not yet have detailed plans. There is always a transition stage when new editions are published and they are unlikely to make firm plans before they have examined the new edition.
This could also vary depending on the nature of the scheme – and there are now several well established schemes. Schemes accredited under the overall control of the International Accreditation Forum will all have similar transition arrangements.
A transition of up to two years seems likely. Two years will allow everyone to become completely familiar with the differences between edition 1 and 2. It will allow time for the auditing of the new requirements to be planned in advance.
Other schemes, such as registration schemes for certification bodies, may have different arrangements.
A service provider can seek re-certification under the new edition much faster than the maximum allowed for the transition stage. My suggestion of up to two years will allow time for any service providers who have to re-negotiate contracts with suppliers. Its never a good idea to have to re-negotiate a contract in a rush.
There are now several 20000 qualification schemes for individuals as well. Here the advice is similar – check with your qualification scheme owner or your training company. They will let you know if you can still consider yourself qualified for work with the 20000 series or if you need to be re-examined.
Copies of the 20000 series, including the new Part 1, are available from the ISO online shop.
Several national standards organizations are planning to sell Part 1 as a national version. The requirements are identical but the standards body can add another Foreword and another Bibliography. For example if there are national issues, such as supporting material or national legislative issues that they wish to draw attention to.
And if you need a copy of the 1st edition? It can still be published, but you need to ask for the 'withdrawn' edition.
Other sources of information:
- Introduction to ISO/IEC 20000-1 Series: IT Service Management by Jenny Dugmore and Shirley Lacy • A5 paperback • ISBN 978 0 580 72846 4 • BSI order reference BIP 0125
- A Guide to the New ISO/IEC 20000-1: The differences between the 2005 and 2011 editions by Lynda Cooper • A4 paperback • ISBN 978 0 580 72850 1• BSI order reference BIP 0124
- ITSM for Small IT Teams by Adam Poppleton and Ken Holmes • A5 paperback • ISBN 978 0 580 74254 5 BSI order reference BIP 0129
- A Manager’s Guide to Service Management 6th edition by Jenny Dugmore and Shirley Lacy • A5 paperback • ISBN 978 0 580 72845 7 • BSI order reference BIP 0005
And what else is the 20000 group doing?
The 20000 series is now five parts.
- Part 2 is advice on Part 1 and is being revised in line with Part 1. It is due for publication in a few months, depending on ballot results.
- Part 3 is the scope and applicability guidance for Part 1 and published in 2009.
- Part 4 is a process reference model. It will be useful for defining processes when establishing the Part 1 service management system. However, it was mainly produced to act as the basis of a multi-level assessment model aligned to Part 1. This is likely to be available in 2012.
- Part 5 is a practical, generic implementation plan for Part 1. It groups the development of the service management system into three main phases. It was intentionally written so most of the advice was applicable top both edition 1 and 2 of Part 1.
- Parts 6 to 9 are under consideration, subject to research on what is required by the service management industry. Proposals include mapping the requirements in Part to best practice advice in ITIL, and if this is agreed, other standards, methods and frameworks, such as ITIL.
- Part 10 is being drafted. It covers concepts and terminology of the 20000 series. This will include the special terms that apply to the whole of the 20000 series and put the 20000 series into context. This type of document is commonly provided to other series, such as ISO/IEC 9000 and ISO/IEC 27000.
And finally – the 20000 group business planning and market research. Being a customer service oriented group we have always been very interested in what our customers think. Our business planning group continues to be active in market research. We have also developed a new initiative. ISO have agreed that we can include a link to an online survey in the Introduction of each part of the 20000 series. This is the first time ISO have agreed to this being done. The first survey link is at the end of the Introduction to Part 1, when it is published on the 15th April. The rest of the series has to go through document change control for the link to be included, so the link will not be added immediately.
Because ISO have not directly linked from a published standard to a survey before, they are very interested to see how it goes. I have made a personal commitment to keep track of the feedback. Twice a year we will produce a report that will feed directly into our 20000 group business plan. When you buy an electronic copy of Part 1, let us know what you think and how you see it fitting in your adoption of best practices. We have allowed plenty of space for comments.
Any feedback and comments are always welcome!