The ISO 20000 clauses form the backbone of ISO/IEC 20000-1:2018, the certifiable international standard for an IT service management system (SMS). If you are preparing for certification or simply mapping your current processes to the standard, understanding how these clauses fit together is the essential first step. This guide explains the structure of the standard, what each area asks of your organisation, and how the requirements connect to service delivery in practice.
How the ISO 20000 clauses are organised
ISO/IEC 20000-1:2018 follows the Harmonized Structure (formerly known as the High-Level Structure) that ISO applies across its modern management system standards. This means the ISO 20000 clauses share the same numbering logic as ISO 9001, ISO 27001 and ISO 22301, making integrated management systems far easier to build.
The standard opens with introductory clauses covering scope, normative references and terms and definitions. The requirements you are actually audited against begin at approximately Clause 4 and run through to Clause 10. Because the exact clause count and wording can change between editions, always verify the current version directly with the standard rather than relying on summaries.
The management-system clauses (approximately 4 to 10)
The upper-level ISO 20000 clauses establish the discipline around your SMS. They are broadly consistent with other Harmonized Structure standards, so teams familiar with ISO 9001 will recognise the pattern.
| Clause area | Focus | Typical requirements |
|---|---|---|
| Context of the organisation | Understanding needs and scope | Interested parties, SMS scope, service portfolio boundaries |
| Leadership | Top-management commitment | Policy, roles, responsibilities, authorities |
| Planning | Risks, opportunities and objectives | Service management objectives, planning to achieve them |
| Support | Enabling resources | Resources, competence, awareness, documented information |
| Operation | Running the service management system | The core service management processes (see below) |
| Performance evaluation | Measuring effectiveness | Monitoring, internal audit, management review |
| Improvement | Correcting and improving | Nonconformity, corrective action, continual improvement |
The service management processes within the ISO 20000 clauses
The operational heart of the standard sits within the Operation clause, where the ISO 20000 clauses set out the service management processes an organisation must plan, implement and control. These are grouped by theme rather than treated as isolated activities, and they map closely to the service lifecycle.
- Service planning — planning the services, capacity and resources needed to meet agreed requirements.
- Service design, build and transition — designing new or changed services and transitioning them into live operation safely.
- Service delivery — service level management, service reporting, availability, capacity, and service continuity.
- Relationship and agreement — business relationship management, supplier management, and service level agreements (SLAs).
- Resolution — incident management, service request management, and problem management.
- Control — configuration management, change management, and release and deployment management.
Together these processes ensure that services are not only designed and delivered, but continually measured against SLAs and improved over time. Continual improvement runs throughout the standard, reinforced by the Improvement clause.
Where SLAs and continual improvement fit
Service level agreements are central to the delivery processes: they define what “good” looks like and give both provider and customer a shared measure of performance. The standard expects you to monitor performance against these agreements, report on it, and act when targets are missed. This closes the loop with the performance evaluation and improvement clauses.
ISO 20000 versus ITIL: a common confusion
Many teams treat ISO 20000 and ITIL as interchangeable, but they play different roles. ISO/IEC 20000-1:2018 is the certifiable standard your organisation can be audited and certified against. ITIL is a complementary best-practice framework that offers detailed guidance on how to run service management well — it is not a standard against which an organisation is certified.
| Aspect | ISO/IEC 20000-1:2018 | ITIL |
|---|---|---|
| Nature | Certifiable requirements standard | Best-practice guidance framework |
| Organisation certification | Yes | No (individuals hold ITIL qualifications) |
| Structure | Harmonized Structure clauses | Practices and value chain guidance |
| Role together | Defines “what” you must achieve | Offers detailed “how” to get there |
In practice, organisations often use ITIL guidance to help satisfy the requirements set out in the ISO 20000 clauses — the two work well side by side.
Using the clauses to prepare for certification
A practical approach is to read each clause, identify the evidence it expects, and gap-assess your current SMS against it. Document your scope early, secure genuine leadership commitment, define measurable objectives, and make sure your service processes produce records you can show an auditor. For the authoritative source, refer to the official standard listing at ISO/IEC 20000-1 on iso.org.
Frequently asked questions
How many clauses does ISO 20000 have?
The auditable requirements sit in approximately Clauses 4 to 10, preceded by introductory clauses covering scope, references and definitions. Because editions differ, verify the current version before quoting an exact count.
Are the ISO 20000 clauses the same as ISO 9001?
They share the same Harmonized Structure, so the upper-level clause numbering and headings align closely. This makes integrating ISO 20000 with ISO 9001 or ISO 27001 considerably simpler.
Which clause covers SLAs?
Service level agreements are addressed within the service delivery and relationship processes in the Operation clause, supported by monitoring and reporting requirements elsewhere in the standard.
Do I need ITIL to meet the ISO 20000 clauses?
No. ITIL is optional guidance, not a requirement. It can help you implement the processes, but certification is achieved against ISO/IEC 20000-1:2018 alone.

Related guides
- ISO 20000 IT Service Management: a complete guide
- ISO 20000 requirements checklist for certification readiness
- The ISO 20000 certification process, step by step
Ready to move from understanding the clauses to meeting them? Our editable ISO/IEC 20000-1:2018 toolkit gives you ready-made policies, process documents and templates mapped to the standard’s structure. Explore the ISO 20000 toolkit and build your service management system faster.

