Would you trust an ITSM Learner? – An Accredited ISO 20000 Certificate is an ITIL Business Driving Licence!

The results of a recent survey published by APMG-International support the view that most organisations using ISO/IEC 20000 have done so after adopting ITIL. [1]

There is a growing awareness that using ITIL and ISO/IEC 20000 together adds value. The reasons for this can form a long list of plus points, but I would prefer to focus on what IT Service Managers actually face in their daily lives and state here that I hold the following truths to be self-evident.

1. The main benefits for use of both ISO 20000 and ITIL are ‘Improvements in processes’ and ‘Improvements in services’, irrespective of if the organisation is certified under ISO/IEC 20000-1 or not.

2. ISO 20000 has much greater emphasis on governance, audit evidence, policy and SMS. These concepts are somewhat disparate in all ITIL books. And let’s face it, there are a lot of ITIL books. Therefore, ISO 20000 helps when it comes to providing a management system framework for ITSM that you and the rest of the world can put faith in when it comes to compliance.

Perhaps though, the most significant benefit is to do with raising the ITIL game to a level of certified assurance. It’s an argument that has plenty of backers because the extent to which any organisation had seriously adopted ITIL was always a matter for conjecture – unless you worked on the inside and knew the truth based on your own (often bitter) experience about the extent to which ‘best practice’ was the actual working practice.

What was the situation before ISO 20000? Why was ITIL not sufficient?

The fact is, prior to ISO 20000, organisations were at the mercy of ITIL practitioners to implement ITIL services that simply could not be certified. ISO 20000 now provides organisations with a proven ability to audit implementation and certify (accredit) their implementation based on an agreed scope. ISO 20000 has also, I would suggest, helped managers conduct risk assessments; – which have had a positive impact on business performance and introduced a methodology that was poorly understood until ISO 20000. This is especially true in those situations where risk assessments prepared for senior management were limited to financial risk; where standards such as ISO 20000, ISO 22301 and ISO 27001 were alien to the culture. ISOs that, when introduced, had a wide-reaching effect that went beyond the purpose of reassuring clients that started the project.

The same survey showed that 84% of the ITIL users are aware of ISO/IEC 20000, 26% use ISO/IEC 20000 but are not certified, and 28% are
certified. The results support the view that most organisations that use ISO/IEC 20000 have done so after adopting ITIL. However, there are exceptions to the ‘ITIL came first’ rule – especially judging by our clients’ requests for gap analysis work with reference to ISO 20000 certification.

ISO 20000 is attracting small firms – against the expectations of its critics

We are seeing an interest in the ISO 20000 standard from SMEs (20 to 250) and this commentator can state that, in his personal experience, that even microbusinesses (<19 employees) have expressed genuine interest. Companies that have adopted one or more international standards – ISO 27001 in particular since that is one of our specialisms – that have spotted the fact that standards compliance is the best marketing tool they’ve had for years. Being able to quote their certificate numbers when bidding for contracts has opened commercial contract doors for them – and it has paid!

The largest category of respondents to the survey said that they were ‘Certified under ISO/IEC 20000-1’, 29%. In addition, 8% were ‘Working towards certification’, and 22% ‘Intending to use ISO/IEC 20000 in the future’. If my Maths is correct this means that 59% of the managers that responded were in some way or other involved with an ISO 20000 project.

But why do 41% have no interest in ISO 20000 – and why are nearly a quarter only “intending” to use ISO 20000. Is the answer a simple one?

Personally, I think it is. Cost. Or rather, the misguided perception of cost.

No matter which route is taken to achieve certification, time and effort are required by the organisation. This equates to cost. Fear of an uncertain economic picture and concerns about job losses push many ITSM managers in the direction of the ‘Wait and see’ school of business decision-making. And it’s true: the implementation of ITSM standards is not a painless exercise! If a do-it-yourself approach is taken then a project leader will need to spend a considerable portion of their time ensuring that the work required is being carried out. The ISO 20000 project will effectively become their job, which they (understandably) don’t want to lose in the event that the project ends as a write-off. Hence, they carry on with ‘best practice’.

This Fear is a dangerous driver.

Consultancy Costs are often cited as a reason to reject ISO 20000 projects – wrongly!

The complexity of the ISO/IEC 20000 standard means that the do-it-yourself approach is often unproductive compared to hiring a specialist with experience and qualifications. A consultant, with years of auditing other IT management systems standards project work behind them, will know exactly what is required. On the other hand, many IT service managers attempting the task themselves will be re-inventing the wheel. This is great news if your aim of your organisation is to provide them with ‘on the job’ training and the chance to fail – but pretty pointless otherwise. ISO/IEC 20000 has a number of connection points across the 13 processes which need in-depth understanding when confronted by the auditors, and the simple truth is, corporate failure to understand these requirements can lead swiftly to failing the audit – and the inevitable blame game to follow.

Our experts can help you to gain ISO 20000 certification. Here’s how. We:
• Identify opportunities for improvement
• Prioritise IT improvements to achieve the greatest business impact, without pushing you towards particular technologies
• Bring a clear focus to your ITSM/ITIL project based on our real-world experience to ensure that you stay on track/within budget
• Build a convincing business case for ITSM/ITIL with the Board
• Avoid the pitfalls – there are plenty that you need to be aware of!
• Implement truly efficient supporting processes that deliver well-defined results and are right for the way your organisation works
• Introduce metrics that will clearly demonstrate your success
• Gain global status with ISO/IEC 20000 accredited certification

Do you like what you’ve just read? Then pick up the phone and talk to us.

0845 070 1750

I promise you, no matter how far away from your destination you think you currently are, we will listen. And we will guide you to the place you belong.

Bookmark this page as well:


Go on, do it now. Yes, I’m selling to you. But it’s something you want to buy!

What about the cost of certification? Is that the reason for holding back?

Certification Costs are seen by the hyper-cost conscious as a final nail in the ISO 20000 project coffin. But before you send your email of condolence to the brave individual who had the temerity to suggest the idea to the Board, remember that: the costs of registration are dependent on the size of your organisation. Most registrars charge a certain rate per day to be on-site at your facility. This day rate will vary and in some instances, a UKAS-accredited certificate will work out as less of an outlay than your annual Christmas Dinner. To maintain your certification, the certifying body must return periodically i.e. 6 months, or annually to audit a portion of your system. This is called a surveillance audit and they last for the duration of the certification (normally 3 years) – so yes, there are ongoing costs to bear that you will need to budget for; just like the costs of enterprise software licences, although in many examples, a bargain in comparison.

Standards are about business ethics as much as ‘supply chain assurance’

I am reminded of Eric Hoffer (1902-1983), the American moral and social philosopher, who believed that self-esteem and a sense of satisfaction with one’s life was of central importance to psychological well-being. He said:

“For many people, an excuse is better than an achievement because an achievement, no matter how great, leaves you having to prove yourself again in the future but an excuse can last for life.”

Ask yourself this clincher: if your organisation has so far failed to achieve international standards such as ISO 20000, ISO 27001, ISO 22301 etc, is this a sign that it has lost its self-esteem? – And do you feel this way too?

Is there really a demand for ISO 20000 – if so few organisations have it?

Fact: There is probably latent demand not reflected in the survey data globally. In the case of the APMG-International that I have cited here, a high proportion of those that responded work for organisations that are members of itSMF. In other words, they are already committed to high standards of ITSM excellence. What about the others (the majority?) who are not? How many of them are there out there for a start? itSMF-UK has approximately 350 member organisations. In contrast, the UK has over 2 million organisations registered by HMRC for value added tax, of which approximately 75,000 employ over 50 people, 10,000 employ over 250 people and 900 employ over 10000 people. These figures must give us reason to pause and reflect: most organisations are reliant on technology enabled services and could benefit from ITIL and ISO 20000 certification.

Although information on what proportion of UK organisations are reliant on technology enabled services is not readily available, it is assumed that in the UK a majority are reliant and could benefit from one or both of ITIL and ISO/IEC 20000. Larger entities such as those employing over 250 people would all benefit to some extent from aligning their information technology services with business strategies. Formal framework service management and service improvement increase performance. Creating competitive advantage via the promotion of consistent, reliable and cost-effective services is a business ‘no brainer’ when it comes to effective Governance. And yet it would seem that: “Even the most cautious Fermi calculation supports the view that in the UK a minority of eligible organizations use ITIL and / or ISO/IEC 20000.” [2] So what is going wrong in our industry?

Why does ISO 20000 matter so much – regardless of what it costs today?

Simple answer: UK Business needs standards – and that applies to ITSM!

ISO/IEC 20000 is currently being adopted worldwide because ITSM is a fact of life and learning to do it better based on standards makes sense.

Organisations in the emerging economies of Asia have realised that certification is proof that best practices are in place and that a continual improvement program and internal audits/assessments support the implementation. This is also verified by the accredited certification body performing annual surveillance audits. Verification that helps to win business, since external audits are the driving test for business excellence.

My conclusion: Leading an ITIL project without gaining ISO 20000 accredited certification is like learning to drive – and not taking your test!
And doing without best practice altogether is a road to fanaticism and ruin.

Please quote me. 

We can help you to pass your test in less time and with flying colours. Follow this link to learn more on our ISO 20000 Consultancy services.

[1] and [2] taken from ‘Using ITIL® and ISO/IEC 20000 together: a global view’, Dr. Jenny Dugmore, APMG-International