The ISO/IEC 20000 series is a family of international standards for IT service management (ITSM). Together, they provide best-practice guidance for planning, delivering, monitoring, and continually improving IT services that meet business and customer requirements.
The series includes certifiable standards (most notably ISO/IEC 20000-1) and supporting guidance standards that help organisations design, operate, and improve effective IT service management systems.
What is the ISO/IEC 20000 series?
The ISO/IEC 20000 series is jointly published by the International Organization for Standardization and the International Electrotechnical Commission.
Its purpose is to provide a consistent, process-based framework for managing IT services in a controlled, customer-focused, and auditable way, regardless of organisation size or sector.
What does the ISO/IEC 20000 series cover?
Across the family, the standards address:
- IT service management governance and policy
- Service design, transition, and delivery
- Incident, problem, and change management
- Service level management and reporting
- Configuration and asset management
- Supplier and third-party service management
- Service continuity and availability
- Performance measurement and continual improvement
The focus is on service quality and reliability, not just technology.
Core standards in the ISO/IEC 20000 series
ISO/IEC 20000-1 – IT service management systems
The certifiable standard that specifies requirements for establishing, implementing, maintaining, and continually improving an IT service management system (ITSMS).
ISO/IEC 20000-2 – Guidance on service management systems
Provides practical guidance on how to apply the requirements of ISO/IEC 20000-1.
ISO/IEC 20000-10 – Concepts and terminology
Explains key concepts and definitions used across the ISO/IEC 20000 series.
These standards form the foundation of ISO/IEC 20000-based IT service management.
Additional and supporting standards
The ISO/IEC 20000 series also includes standards that support specific aspects of IT service management, such as:
- ISO/IEC 20000-3 – Guidance on scope definition and applicability
- ISO/IEC 20000-5 – Exemplar implementation plan
- ISO/IEC 20000-6 – Requirements for certification bodies auditing ISO/IEC 20000-1
These documents help organisations implement and maintain ISO/IEC 20000-aligned service management more effectively.
Who is the ISO/IEC 20000 series for?
The ISO/IEC 20000 series is suitable for:
- Managed service providers (MSPs)
- IT outsourcing and support organisations
- Cloud, hosting, and SaaS providers
- Internal IT departments in medium and large organisations
- Public sector and regulated environments
It is particularly valuable where service consistency, accountability, and customer confidence are critical.
Certifiable vs non-certifiable standards
| Certifiable | Guidance only |
|---|---|
| ISO/IEC 20000-1 | ISO/IEC 20000-2 |
| ISO/IEC 20000-3 | |
| ISO/IEC 20000-5 | |
| ISO/IEC 20000-10 |
Only ISO/IEC 20000-1 can be independently certified. Other standards support understanding and implementation.
How organisations use the ISO/IEC 20000 series
Organisations typically:
- Certify to ISO/IEC 20000-1 to demonstrate service management capability
- Use ISO/IEC 20000-2 for implementation guidance
- Align service management processes across teams and suppliers
- Integrate ITSM with information security, continuity, and quality systems
- Use audit results to drive continual improvement
This approach provides structure without limiting operational flexibility.
Benefits of using the ISO/IEC 20000 series
Organisations commonly achieve:
- More reliable and consistent IT services
- Clearer service ownership and accountability
- Improved incident, change, and problem control
- Better customer satisfaction and confidence
- Stronger supplier and third-party management
- Improved alignment between IT services and business objectives
For service providers, ISO/IEC 20000-1 certification can be a strong competitive differentiator.
Common misunderstandings about the ISO/IEC 20000 series
- “All ISO/IEC 20000 standards are certifiable” – only ISO/IEC 20000-1 is
- “ISO/IEC 20000 is only for large IT providers” – it is scalable
- “ISO/IEC 20000 replaces ITIL” – it complements ITIL practices
- “The standards are purely technical” – governance and service quality are central
Understanding these distinctions helps organisations apply the series effectively.
How the ISO/IEC 20000 series integrates with other ISO standards
The ISO/IEC 20000 series integrates well with:
- ISO/IEC 27001 (information security management)
- ISO 22301 (business continuity management)
- ISO 9001 (quality management systems)
- ISO 31000 (risk management guidance)
This supports integrated management systems covering service quality, security, risk, and resilience.
Next steps
If you are considering the ISO/IEC 20000 series:
- Define the IT services and customers in scope
- Decide whether ISO/IEC 20000-1 certification is required
- Review existing service management processes
- Use supporting standards to guide implementation
- Plan realistic costs and timescales
ISOcertified.net provides detailed guidance on the ISO/IEC 20000 series, including certification requirements, implementation steps, costs, and how IT service management standards fit alongside security and business continuity frameworks.