hero-two-bg

ISO/IEC 2000-1

ISO/IEC 20000-1 is an international standard that specifies requirements for the establishment, implementation, maintenance, and continuous improvement of a service management system.

Request a demo of Secureframe Custom Frameworksangle-right

Definition and purpose

ISO/IEC 20000-1 defines the requirements for an organization to plan, design, transition, and deliver services that meet service requirements and deliver value. It outlines the criteria for establishing a service management system that is consistent with best practices and capable of delivering high-quality services, and improving this system over time.

Governing Body

ISO/IEC 20000-1 is developed and maintained by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).

Last updated

ISO/IEC 2000-1 was last updated in 2018. 

Applies to

ISO/IEC 20000-1 applies to all organizations, regardless of the organization’s type or size, or the nature of the services delivered.

Controls and requirements

ISO/IEC 20000-1 specifies requirements for a service management system. These requirements deal with:

  • Understanding the organization and its context
  • Involving leadership and getting their commitment
  • Addressing risks and opportunities when planning the service management system
  • Setting service management objectives
  • Providing resources and generating awareness about service management
  • Monitoring, measuring, and reviewing system performance

Please refer to the official ISO/IEC 2000-1 documentation for a detailed list of controls and requirements.

Audit type, frequency, and duration

It is recommended that organizations perform internal audits to check how their service management system is working. 

Additionally, organizations may undergo external audits by accredited certification bodies to achieve ISO/IEC 20000-1 certification. The external audit can be broken down into Stage 1 (preliminary assessment) and Stage 2 (comprehensive assessment). To maintain certification, surveillance audits are typically conducted annually by certification bodies, with a recertification audit every three years.

The audit duration depends on various factors like the size of the organization and complexity of its service management system. 

Get compliant using Secureframe Custom Frameworks

Request a demoangle-right
cta-bg