ISO 20000-1 – IT service management

ISO 20000-1 is the international standard for IT service management systems (ITSMS). It provides a structured framework to help organisations plan, deliver, monitor, and continually improve IT services that meet business and customer requirements.

ISO 20000-1 certification demonstrates that an organisation has effective controls in place to manage IT services reliably, consistently, and in line with agreed service levels.

Get a quote for ISO certification

What is ISO 20000-1?

ISO 20000-1 is an international standard published by the International Organization for Standardization. It specifies the requirements for establishing, implementing, maintaining, and continually improving an IT service management system.

The standard aligns closely with IT service management best practice (including ITIL concepts), but it is certifiable, meaning organisations can be independently audited and formally recognised.

What does ISO 20000-1 cover?

ISO 20000-1 focuses on the end-to-end management of IT services. Key areas include:

  • Service management policy and objectives
  • Service design, transition, and delivery
  • Service level management and reporting
  • Incident, problem, and change management
  • Configuration and asset management
  • Capacity and availability management
  • Information security within service management
  • Supplier and third-party service management
  • Monitoring, measurement, and continual improvement

The emphasis is on delivering consistent, high-quality IT services rather than managing technology in isolation.

Who is ISO 20000-1 for?

ISO 20000-1 is suitable for organisations that provide or rely heavily on IT services, including:

  • Managed service providers (MSPs)
  • IT outsourcing and support providers
  • Cloud and hosting companies
  • Internal IT departments within larger organisations
  • Software-as-a-service (SaaS) providers
  • Public sector and regulated environments

It is particularly valuable where service reliability, accountability, and customer confidence are critical.

ISO 20000-1 requirements explained

To achieve ISO 20000-1 certification, an organisation must demonstrate:

Leadership and governance

  • A service management policy
  • Defined roles and responsibilities
  • Management commitment to service quality

Service planning and delivery

  • Documented service catalogue
  • Defined service level agreements (SLAs)
  • Capacity, availability, and continuity planning

Control of service operations

  • Incident and problem management processes
  • Change and release management
  • Configuration and asset control

Supplier and customer management

  • Control of third-party service providers
  • Performance monitoring and review
  • Clear communication channels

Performance evaluation and improvement

  • Service reporting and metrics
  • Internal audits
  • Management review and continual improvement

Auditors look for evidence that service management processes are consistently applied and monitored.

How to get ISO 20000-1 certified

The certification process typically includes:

  1. Defining the scope of IT services covered by the ITSMS
  2. Reviewing existing service management processes
  3. Developing or refining service management documentation
  4. Implementing controls and training staff
  5. Carrying out an internal audit and management review
  6. Passing a Stage 1 and Stage 2 certification audit

ISO 20000-1 works well alongside ISO 27001 and ISO 9001 in an integrated management system.

How long does ISO 20000-1 certification take?

Indicative timeframes are:

  • Small organisations or IT teams: 6–12 weeks
  • Medium organisations: 2–4 months
  • Large or complex service environments: 3–6 months+

Timelines depend on service complexity, number of customers, and maturity of existing service management processes.

How much does ISO 20000-1 certification cost?

Indicative total costs (initial certification):

  • Small organisations:
    £4,000–£10,000 | $5,000–$13,000 | €4,500–€12,000
  • Medium organisations:
    £10,000–£25,000 | $13,000–$35,000 | €12,000–€30,000
  • Large or complex organisations:
    £25,000–£45,000+ | $35,000–$60,000+ | €30,000–€55,000+

Costs vary depending on audit duration, service scope, number of customers, and preparation approach.

Benefits of ISO 20000-1 certification

Organisations commonly achieve:

  • Improved reliability and consistency of IT services
  • Clearer service responsibilities and processes
  • Better incident and change control
  • Increased customer confidence and credibility
  • Stronger supplier and third-party management
  • Improved alignment between IT and business objectives

For service providers, certification can be a strong differentiator in competitive markets.

Common ISO 20000-1 mistakes to avoid

  • Defining an unclear or overly broad service scope
  • Treating ISO 20000-1 as documentation only
  • Weak control of third-party suppliers
  • Poor service reporting and metrics
  • Failing to integrate service management into daily operations

Auditors expect service management processes to be active, measurable, and continuously improved.

ISO 20000-1 certification FAQs

Is ISO 20000-1 mandatory?

No. ISO 20000-1 is voluntary, but it is often required by customers or contracts for IT service providers.

Is ISO 20000-1 only for external service providers?

No. Internal IT departments can also achieve ISO 20000-1 certification.

How long does ISO 20000-1 certification last?

Certification is typically valid for three years, with regular surveillance audits.

Can ISO 20000-1 be combined with other standards?

Yes. ISO 20000-1 integrates well with ISO 27001, ISO 9001, and ISO 22301.

Next steps

If you are considering ISO 20000-1 certification:

  • Define the IT services and customers in scope
  • Review existing service management processes
  • Decide whether to prepare internally or use external support
  • Plan realistic costs and timescales

ISOcertified.net provides detailed guidance on ISO 20000-1 certification, including preparation steps, audit expectations, costs, and ongoing service management best practice.

Get A Quote ⓘ