Select your language

ISO/IEC 20000-1 – ICT Service Management System

Alt Text

Implementing a Service Management System in compliance with the international standard

ISO/IEC 20000-1 is the international standard for Service Management Systems (SMS), defining requirements for planning, designing, transitioning, delivering, and improving ICT services. It is intended for all organizations that provide IT services, both internally and externally.

We help organizations implement, maintain, and certify their service management system according to ISO/IEC 20000-1 – from initial GAP analysis to preparation for the certification audit. Our solutions are designed to ensure full compliance with the standard while delivering real improvements in the quality and efficiency of your ICT services.

I want to consult

Who Needs ISO/IEC 20000-1?

ISO/IEC 20000-1 is suitable for a wide range of organizations:

  • IT Service Providers – outsourcing companies, MSPs, cloud providers
  • Internal IT Departments – in corporations, manufacturing, services, and public administration
  • Telecommunications Companies – network and communication service providers
  • Financial Institutions – banks, insurance companies, investment firms (synergy with DORA)
  • Healthcare Organizations – healthcare providers and IT service companies in healthcare
  • Public Administration – government institutions, municipalities, eGovernment projects
  • Manufacturing Companies – organizations with their own IT department and service processes
  • Startups and Scaling Companies – growing organizations needing to standardize ICT services

What You Gain with ISO/IEC 20000-1

  • Standardized service management processes – unified procedures for incident, problem, change, release, and other key processes.
  • Improved ICT service quality – measurable improvements in availability, reliability, and service performance.
  • Reduced ICT service costs – more efficient resource utilization, fewer incidents and outages.
  • Increased customer and user satisfaction – better SLAs, faster incident resolution, and transparent reporting.
  • Improved supplier management – clear requirements for external providers and partners.
  • Certification readiness – comprehensive support up to obtaining ISO/IEC 20000-1 certification.
  • Synergy with ISO 27001 and ISO 22301 – possibility to integrate management systems (ISMS, BCMS, SMS).
  • Competitive advantage – demonstrable quality and professionalism in providing ICT services.

OUR SERVICES

Gain an experienced ICT service management and ISO/IEC 20000-1 implementation specialist without creating an internal position.

This service includes:

  • managing the entire ISO/IEC 20000-1 implementation program
  • coordinating requirement implementation across the organization
  • maintaining and continuously improving the Service Management System (SMS)
  • overseeing incident, problem, change, release, and service level processes
  • communicating with the certification body
  • reporting to management and the board

Advantage: Expert know-how without the cost of an internal ICT service management specialist.

We develop complete documentation required for implementing and certifying your service management system according to ISO/IEC 20000-1.

Documentation includes:

  • Service Management Policy
  • Service Management Plan
  • Process documentation: incident, problem, change, release, service level, availability, capacity, continuity, security
  • SLA (Service Level Agreement) and OLA (Operational Level Agreement) templates
  • Service Catalogue
  • Process procedures and work instructions
  • KPI and SLA measurement and reporting methodology
  • Registers: incidents, problems, changes, releases, and configurations
  • Service Continuity Plan

Output: Documentation compliant with ISO/IEC 20000-1 requirements, ready for the certification audit.

Our Approach

  • Initial Consultation – analysis of your needs, service scope, and current state
  • GAP Analysis – assessment of current state against ISO/IEC 20000-1 requirements
  • Solution Design – development of a tailored implementation plan
  • Implementation – creation of documentation, processes, metrics, and controls
  • Testing and Validation – verification of process functionality and readiness
  • Internal Audit – independent compliance verification before certification
  • Certification Support – assistance during the certification audit
  • Long-Term Support – regular updates, surveillance audits, and continuous improvement

Why Choose IOSEC

✅ Practical, results-oriented approach – not just theory, but real functioning processes
✅ Experience with ISO/IEC 20000-1, ISO 27001, ISO 22301, and other standards
✅ Tailored solutions – every organization has different needs and starting points
✅ Long-term professional support – including continuous improvement and recertification
✅ Clear and understandable documentation and recommendations
✅ Synergy with other standards – integrated management systems (ISMS, BCMS, SMS)

Our Track Record

  • 50+ management system implementation projects (ISMS, BCMS, SMS)
  • 15+ projects focused on ICT service management
  • 50+ incident, problem, change, and release process implementations
  • 15+ years of experience in information security and service management

ISO/IEC 20000-1 and Synergies with Other Standards

Maximum efficiency through an integrated approach

ISO/IEC 20000-1 is closely linked to other standards and regulations. Organizations that have implemented ISO 27001 or ISO 22301 can significantly simplify the implementation of ISO/IEC 20000-1 due to shared requirements.

We help integrate requirements from:

  • ISO/IEC 20000-1 (SMS)
  • ISO/IEC 27001 (ISMS)
  • ISO 22301 (BCMS)
  • ITIL (best practices)
  • DORA (for financial institutions)
  • NIS2 (cybersecurity)

Advantage: One integrated system instead of several separate ones – less administration, lower costs, better clarity, and simpler compliance.

Frequently Asked Questions

What is the difference between ITIL and ISO/IEC 20000-1?
ITIL is a set of recommendations and best practices for IT service management (a framework). ISO/IEC 20000-1 is a certifiable standard that sets requirements for a service management system. ITIL is an ideal tool for implementing processes according to ISO/IEC 20000-1.

How long does ISO/IEC 20000-1 implementation take?
It depends on the organization's size and current state. Typically 4–8 months for a medium-sized organization with existing processes. For organizations without established processes, 8–12 months.

Can we integrate ISO/IEC 20000-1 with ISO 27001?
Yes, we recommend it. The standards share requirements for documentation, internal audits, management review, and continuous improvement. Integration saves time and costs.

Do we need to have ITIL implemented to certify for ISO/IEC 20000-1?
No, ITIL is not a requirement. The standard requires certain processes and their outputs but does not prescribe the method for achieving them. However, ITIL is the most commonly used framework.

How often does the certification audit occur?
The certification audit is conducted in two stages (Stage 1 – documentation, Stage 2 – implementation). Subsequently, surveillance audits are conducted annually, and a recertification audit is conducted every 3 years.