ISO 20000 IT service management gives organisations a clear, certifiable way to plan, deliver and continually improve IT services against a single international standard. The current edition, ISO/IEC 20000-1:2018, defines the requirements for a service management system (SMS) — the coordinated set of policies, processes and controls that an IT service provider uses to deliver value reliably and consistently. This guide explains what the standard covers, how its structure works, how it relates to ITIL, and what it takes to reach and maintain certification.
Whether you run an internal IT function, a managed service provider, or a shared-services team, the standard offers a common language for service quality that customers, auditors and executives all recognise. Below we walk through the essentials without inventing figures — where a specific number, clause reference or date matters, verify the current version against the published standard before you rely on it.
What is ISO 20000 IT service management?
ISO/IEC 20000-1:2018 is the internationally recognised standard that specifies requirements for establishing, implementing, maintaining and continually improving a service management system. In plain terms, ISO 20000 IT service management is about running IT as a disciplined service — with agreed service levels, defined processes, measured performance and evidence that you improve over time.
Crucially, ISO/IEC 20000-1 is certifiable. An organisation can be independently audited by an accredited certification body and, if it meets the requirements, receive a certificate. That certificate is a credible, third-party signal that your service management is mature and well governed.
The standard is deliberately technology-neutral and sector-neutral. It does not prescribe a specific tool, methodology or vendor. Instead, it sets out what a capable SMS must achieve, leaving the how to each organisation’s context, size and risk appetite.
Part of a wider family
ISO/IEC 20000-1 sits within a broader ISO/IEC 20000 series. Part 1 contains the auditable requirements; other parts and technical reports provide guidance on application, scoping and related topics. When people say “ISO 20000 certification,” they almost always mean conformity with Part 1. You can review the official standard entry via the ISO catalogue page for ISO/IEC 20000-1:2018.
The service management system (SMS) structure
ISO/IEC 20000-1:2018 follows the Harmonized Structure (formerly called the High-Level Structure) that ISO applies across its modern management-system standards. This is the same backbone used by ISO 9001, ISO/IEC 27001 and others, which makes integrating multiple management systems far easier.
The Harmonized Structure organises requirements into consistent top-level themes. While you should verify exact clause numbering against the current text, the standard broadly addresses the following areas:
- Context of the organisation — understanding internal and external factors, interested parties, and the scope of the SMS.
- Leadership — top-management commitment, a service management policy, and clear roles and responsibilities.
- Planning — addressing risks and opportunities, and setting service management objectives.
- Support — resources, competence, awareness, communication and documented information.
- Operation — the service management processes that plan, deliver, support and improve services.
- Performance evaluation — monitoring, measurement, internal audit and management review.
- Improvement — nonconformity, corrective action and continual improvement.
Because this structure is shared across standards, an organisation already certified to ISO 9001 or ISO/IEC 27001 will recognise much of the framework and can often reuse existing governance, audit and improvement mechanisms.
Key ISO 20000 IT service management processes
The operational heart of the standard is a set of service management processes. ISO/IEC 20000-1:2018 groups requirements so that providers can demonstrate control across the full service lifecycle — from planning and design through transition, delivery, relationships and resolution. The table below summarises the main process groups qualitatively; consult the current standard for the exact wording and grouping.
| Process group | Purpose | Representative activities |
|---|---|---|
| Service planning & design | Ensure new or changed services are planned and designed to meet agreed requirements. | Service portfolio planning, design of services, transition planning. |
| Service transition | Deliver new or changed services into live operation with controlled risk. | Change management, configuration management, release and deployment. |
| Service delivery | Meet agreed service levels and manage capacity, continuity and availability. | Service level management, service reporting, capacity and continuity. |
| Relationship processes | Manage the interface with customers and suppliers. | Business relationship management, supplier management. |
| Resolution processes | Restore service and remove root causes efficiently. | Incident management, service request management, problem management. |
| Control processes | Maintain integrity and traceability of the service environment. | Configuration management, change control, asset information. |
Alongside these processes sit two cross-cutting themes that appear throughout the standard: service level agreements (SLAs) that define what “good” looks like for each service, and continual improvement, which requires you to act on measurement, feedback and audit findings rather than let performance drift.
Why SLAs matter
SLAs turn vague expectations into measurable commitments — response times, resolution targets, availability and reporting cadence. Under ISO 20000 IT service management, SLAs are not marketing documents; they are agreed, monitored and reported against, and they feed the improvement cycle when targets are missed.
ISO 20000 vs ITIL: a common point of confusion
People frequently treat ISO 20000 and ITIL as interchangeable. They are related but fundamentally different in nature. ISO/IEC 20000-1 is a certifiable standard that states requirements an organisation must meet. ITIL is a best-practice framework — detailed guidance describing how service management can be performed. You cannot certify an organisation to ITIL in the way you can with ISO/IEC 20000-1; ITIL offers professional qualifications for individuals and practical guidance, not an organisational conformity certificate.
| Aspect | ISO/IEC 20000-1:2018 | ITIL |
|---|---|---|
| Nature | Certifiable international standard (requirements) | Best-practice framework (guidance) |
| Organisational certification | Yes — via accredited certification bodies | No — guidance, not an org certificate |
| Tells you | What your SMS must achieve | How service management can be done in practice |
| Individual credentials | Auditor/practitioner training available | Individual certifications and qualifications |
| Relationship | Defines auditable conformity | Complements the standard as detailed guidance |
In practice the two work well together. Many organisations use ITIL guidance to design and mature their processes, then demonstrate conformity with ISO/IEC 20000-1 to earn independent certification. ITIL helps you build capability; ISO 20000 proves it to the outside world.
Benefits of ISO 20000 certification
Adopting ISO 20000 IT service management delivers value beyond a certificate on the wall. Typical benefits include:
- Consistent, repeatable service — defined processes reduce variation and firefighting.
- Stronger customer confidence — independent certification is a recognised trust signal in tenders and contracts.
- Better measurement — SLAs and reporting create objective evidence of performance.
- Continual improvement — a built-in cycle for learning from incidents, problems and audits.
- Easier integration — the Harmonized Structure aligns cleanly with ISO 9001 and ISO/IEC 27001.
- Clearer governance — defined roles, responsibilities and management review keep leadership engaged.
The path to certification
Reaching certification is a project, not a purchase. The broad journey usually looks like this:
- Scope and gap analysis — decide which services and locations the SMS covers, then compare current practice against the standard.
- Design and implementation — build or refine policies, processes, SLAs and documented information.
- Operate and generate evidence — run the SMS long enough to produce records, metrics and audit trails.
- Internal audit and management review — confirm the system works and address findings.
- Certification audit — an accredited body assesses conformity, typically in stages.
- Surveillance and recertification — ongoing audits maintain the certificate over the certification cycle.
Timelines vary widely by organisation size and starting maturity, so treat any single duration figure with caution and plan against your own context. Sustained management commitment, not a last-minute documentation sprint, is the strongest predictor of a smooth audit.
Common pitfalls to avoid
Teams new to ISO 20000 IT service management tend to stumble in a few predictable places. Watch for these:
- Documentation for its own sake — writing procedures nobody follows creates audit risk, not control.
- Weak SLA discipline — targets that are never measured or reported undermine the whole system.
- Ignoring suppliers — third parties are part of your service chain and fall within scope.
- Treating certification as a one-off — the standard demands continual improvement, verified at surveillance audits.
- Confusing ITIL adoption with conformity — using ITIL is helpful, but it does not by itself satisfy the standard’s requirements.
Frequently asked questions
Is ISO 20000 the same as ISO/IEC 20000-1?
“ISO 20000” is the common shorthand for the series. When people refer to certification they mean ISO/IEC 20000-1:2018, which contains the auditable requirements for a service management system. Other parts of the series provide guidance rather than certifiable requirements.
Can an organisation be certified to ITIL instead?
No. ITIL is best-practice guidance and offers qualifications for individuals, but there is no organisational certification against ITIL in the way there is for ISO/IEC 20000-1. If you need a certifiable standard for your IT service management, that is ISO/IEC 20000-1.
How long is an ISO 20000 certificate valid?
Certificates are issued for a defined certification cycle, with periodic surveillance audits in between and recertification at the end of the cycle. Verify the exact durations with your accredited certification body, as arrangements can vary.
Do we need ITIL before pursuing ISO 20000?
Not strictly. ITIL guidance can accelerate process design and maturity, and many organisations use it, but it is not a prerequisite. You can meet the standard’s requirements using whatever practices and tools suit your context, provided they satisfy the SMS requirements.
Does ISO 20000 apply to small IT teams?
Yes. The standard is scalable and technology-neutral, so small internal teams and managed service providers can both implement a proportionate SMS. Scope and complexity should match the size and risk profile of the services you deliver.
How does ISO 20000 relate to ISO 27001?
Both use the shared Harmonized Structure, so their frameworks align and can be integrated. ISO/IEC 27001 addresses information security management, while ISO/IEC 20000-1 addresses service management. Organisations often pursue both to cover quality of service and security together.

Related guides
- ISO 20000 requirements checklist: what the standard demands
- ISO 20000 certification process: a step-by-step roadmap
- ISO 20000 vs ITIL: standard versus framework explained
- ISO 20000 service management processes in detail
- ISO 20000 clauses explained: the SMS structure clause by clause
Get started with a proven toolkit
Building a conformant SMS from scratch is time-consuming, but you don’t have to start with a blank page. Our editable ISO/IEC 20000-1:2018 toolkit gives you ready-made policies, process templates, SLA frameworks and audit tools that you can tailor to your organisation — helping you move from gap analysis to certification-ready faster and with confidence.

