Standards and best practice

Best practices are often adopted by organisations seeking to operate their IT services in the most effective and efficient way.

However, organisations cannot realistically be assessed against best practice, at least not in a meaningful and consistent way since best practice can only consist of generic advice, is not prescriptive and very open to interpretation.

ISO/IEC 20000 was created because of this, as there was a perceived need in the market for a consistent standard that allowed comparison between organisations, differentiating those who had achieved what was defined as the minimum level of service management process to allow effective delivery of managed services.

Two different assessor organisations would be likely to come up with two very different reports as to the 'degree of compliance' against generic best practice.

ISO/IEC 20000 can be thought of as ISO9000 for IT Service Management. It describes the minimum requirements which an effective service management organisation will have in place and provides a set of requirements which can be audited against in a Quality Management system framework that is compatable with other management system standards such as ISO/IEC 27001 and ISO/IEC 9001.

It is important to realise though that ISO/IEC 20000 certifies the service management system supporting the provision of the services, it does not certify the services (or products) directly.