New ISO IEC 20000-1: A step in the right direction
Improvement #1 Redefinition of section 5: How many times have you stumbled on the question, “Why do we need this section: ‘Planning and implementing new or changed services’?” Regardless of wheter a service is new or has been changed, their implementations have to follow Change Management and then Release Management. This question is quite logical. The actual intent of section 5 was to define service design and transition. The 2011 version has redefined section 5 as “Service Design and Transition.”
Improvement #2 Alignments with ISO 9001: There are only 3 clauses for management system requirements in the 2005 version. Honestly, you can’t establish a management system by fulfilling only those three requirements. Perhaps, it was assumed that organizations will follow ISO 9001 anyway. Actually, IT Services organizations should not require ISO 9001 when ISO 20000 is available. The new release of ISO 20000-1 has added more comprehensive requirements from ISO 9001. If you are a start up, ISO 20000-1 is adequate for a management system. If you already have ISO 9001, just add on service related requirements from ISO 20000-1.
Improvement #3 Alignments with ISO 27001: The information security related requirements of 2005 were so inadequate that it was almost imperative to refer to ISO 27001 to understand what was required for information security. If you are looking for a minimum requirement, ISO 27001 will easily overwhelm you. The new version of ISO 20000-1 has adopted the synopsis of ISO 27001. It is adequate to establish a rudimentary information security system which can be easily migrated to a full blown ISMS following ISO 27001.
Improvement #4 Applications in a complex sourcing scenario: In the era of outsourcing, very rarely do you have a straightforward sourcing deal where one service provider delivers end to end IT services, supported by few suppliers. Sourcing scenarios are often far more complicated then envisioned in the 2005 version. What if a client is managing part of the process or a shared services organization is involved in the service delivery? There was no clear guidance. The new version added a section on “Governance of processes operated by other parties.”
With these improvements, the new standard is better aligned to the real world.
Subrata Guha, Director of IT Services, UL DQS Inc.