How exactly do ITIL and ISO/IEC 20000 fit together? Lynda Cooper offers some clarification, and looks at Part 11 of the standard, which focuses specifically on the relationship between the two.
ITIL 4 is best practice guidance; it is not an industry standard. Organisations cannot be ITIL certified to prove that they meet all of the requirements of ITIL 4. However, an individual can attend courses and take exams to become qualified in various aspects of ITIL 4.
ISO/IEC 20000 Part 1 is an international standard that specifies 217 requirements for service management. An organisation can be assessed and certified that it meets the requirements of the standard. An individual can attend courses and take exams to become qualified in various aspects of 20000-1, such as an overview of the requirements, auditing or implementation.
ISO/IEC 20000-1 specifies an integrated process approach whereby the organisation establishes, implements, maintains and continually improves a Service Management System. The services can be delivered to internal or external customers or a combination of both.
Other parts of the ISO/IEC 20000 series provide supporting guidance. Part 2 provides more detail about the requirements of Part 1. Part 3 provides guidance about the scope and applicability of Part 1, while Part 5 provides guidance on its implementation. Part 7 provides help with integrating 20000-1 with 9001 (quality management) and 27001 (information security management). Part 10 expands on the concepts and vocabulary involved. However, none of the guidance is as detailed as that found in ITIL 4 and it is all based around the requirements of ISO/IEC 20000-1.
Both the ISO/IEC 20000 series and ITIL provide guidance on planning, design, transition, delivery and improvement of services that create value to the business and its customers. An organisation can adopt ITIL guidance to support the management of its services in alignment with the requirements specified in ISO/IEC 20000–1. Other frameworks can also be used such as Agile, IT4IT, SIAM, VeriSM and DevOps to name but a few. ISO/IEC 20000-1 does not specify any underlying framework that an organisation has to use to meet its requirements. It specifies what to do and each organisation decides how to meet the requirements. This allows the standard to be applicable to all sizes and types of organisations – large and small, public and commercial.
ISO/IEC 20000-11 (Part 11): Guidance on the relationship between ISO/IEC 20000-1 and ITIL 4
In September 2021, ISO/IEC 20000-11 (Part 11) was published which provides guidance on the relationship between ISO/IEC 20000-1 and ITIL 4. It is an update of the previous guidance which covered ITIL V3.
ISO/IEC 20000-1 and ITIL are not based on each other, but they have features in common and there are relationships between the two. There is a strong correlation between most of the ISO/IEC 20000-1 requirements and ITIL guidance. An organisation that has already adopted ITIL or some of the other methods/frameworks will find this helps to achieve conformance with ISO/IEC 20000-1, although it is unlikely to meet all of the requirements of 20000-1.
As ISO/IEC 20000-1 specifies the critical aspects of service management, it can be used as an approach to navigate through the critical parts of service management frameworks such as ITIL. This can be achieved by looking at the ISO/IEC 20000 requirements and guidance before examining the more detailed guidance that can be found in the framework(s) of choice.
An organisation that has not adopted any service management best practice guidance and wishes to achieve certification to ISO/IEC 20000-1 can use the best practice guidance to support them in how to implement the requirements of ISO/IEC 20000-1. Similarly, an organisation that is already certified to ISO/IEC 20000 may find service management best practice guidance useful to support continual improvement.
Part 11 Clause 4 of the standard provides an overview of ISO/IEC 20000-1 and ITIL 4 before describing how ITIL can support the demonstration of conformity to ISO/IEC 20000-1. Part 11 Clause 5 provides a very high-level overview of the correlation with each of the ITIL4 publications. For example:
- ITIL 4: Create, Deliver and Support correlates primarily with various parts of ISO/IEC 20000-1, including Clause 7: Resources, competence and knowledge; Clause 8: Various service management practices; and Clause 9: Monitoring and measurement
- ITIL Practice Guides correlate with various parts of ISO/IEC 20000-1, especially Clause 8: Various service management practices, and Clause 10: Continual improvement.
Correlation of terms and definitions
Part 11 Annex A provides a comparison of the terms and definitions used in ISO/IEC 20000-1 and those in ITIL 4 publications. The correlation of words specifically defined in ITIL 4 to words in ISO/IEC 20000-1 not defined but used with a common English dictionary definition is also shown. It is important when working with the two areas to understand the meaning of words used. For example:
- Objective is a defined term in ISO/IEC 20000-1 as ‘result to be achieved’. It is not defined in ITIL 4 but it is noted that ‘ITIL 4 does not define objective. However, it describes an objective as the outcome that an organisation wants to accomplish. [Foundation]’
- Organisation is defined the same in both areas as ‘person or group of people that has its own functions with responsibilities, authorities and relationships to achieve its objectives’.
- Service is defined slightly differently in the two areas. ISO/IEC 20000-1 defines it is ‘means of delivering value for the customer by facilitating outcomes the customer wants to achieve’ while ITIL 4 defines it as ‘a means of enabling value co-creation by facilitating outcomes that customers want to achieve, without the customer having to manage specific costs and risks.’
- ISO/IEC 20000-1 defines a service management system while ITIL 4 defines a service value system.
- ITIL 4 defines configuration and configuration item but ISO/IEC 20000-1 only defines configuration item.
Correlation of clauses in ISO/IEC 20000-1 to paragraphs in ITIL 4
The correlation of ISO/IEC 20000-1 clauses to paragraphs in ITIL 4 is intended to provide a view of the relationships between the two references. The correlations are shown in two tables as 20000-1 to ITIL 4 and then reversed as ITIL 4 to 20000-1. Only those correlations with significant matches are listed. Correlations are found for all ISO/IEC 200000-1 clauses. For example, problem management is mapped to ITIL 4:
- Foundation 5.2, Service management practices – Discusses problem management.
- Drive Stakeholder Value 8.2, Ongoing service interactions – Discusses interacting with end users in problem management.
- Create, Deliver and Support 4.2, Model value streams for creation, delivery and support – Discusses the use of value streams in problem management.
- Practice Guides, Problem management – Discusses problem management in terms of the four ITIL Dimensions.
Correlations are found for most of the ITIL 4 books and sections. One example where there is no correlation is for Managing innovation and emerging technologies in the Digital and IT Strategy. An example of correlation is in Direct, Plan and Improve: section 2, where Strategy and direction is mapped to ISO/IEC 20000-1:
- 1 Leadership
- 2 Policy
- 1 Risks and opportunities
- 2 Objectives
- 3 Plan the SMS
- 4 Communication 8.2.4 Service catalogue
- 4.1 Budgeting and accounting
- 4.2 Demand
- 4.3 Capacity.
The full text of ISO/IEC 20000 Part 11 can be obtained from various places including the BSI bookshop: https://shop.bsigroup.com/products/information-technology-service-management-guidance-on-the-relationship-between-iso-iec-20000-1-and-service-management-frameworks-itil%C2%AE
Lynda is an independent consultant and trainer, and is the project editor for ISO/IEC 20000-1. She chairs the BSI committee for service management and sits on various ISO/IEC committees representing the UK.