Service Management Blog

ISO/IEC 20000-1 vs 20000-2 vs 20000-3: What’s The Difference?

Stephen Watts
4 minute read
Stephen Watts
image_pdfimage_print

The technology sector is in a constant state of flux. Keeping up with all the changes is a difficult but necessary task for IT professionals that want to remain ahead of the curve. This is what makes IT service management equal parts exciting and frustrating.

Developments in the IT world can be particularly difficult to stay on top of compared to other sectors due to the complexity of the systems involved and the confusing naming conventions so often used. ISO/IEC 20000 may look like the name of an evil robot in a SciFi novel, but it’s not quite so nefarious as its title suggests.

What is ISO/IEC 20000?

Created by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), ISO/IEC 20000 is a service management best practices guide. Similar in intent but different in execution to the Informational Technology Infrastructure Library (ITIL), ISO 20000 was drafted for the purpose of helping organizations develop and maintain excellent software-as-a-service (SaaS) offerings.

Originally published in 2005, ISO/IEC 20000 has seen numerous updates over the past two decades. ISO/IEC 20000 is broken up into several parts which are updated contingent upon changes made to ISO/IEC 20000-1.

As of 2019, the core components of ISO/IEC 20000 (ISO/IEC 20000-1, ISO/IEC 20000-2, and ISO/IEC 20000-3) have been updated to provide guidelines for modern IT organizations.

Due to the constantly shifting nature of the IT world, ISO/IEC 20000 is in a state of continual improvement much like the service management process itself. ISO/IEC 20000 certification can go a long way in providing organizations some much needed credibility with their customers. ISO/IEC 20000 certifications must be renewed every 3 years, which makes keeping up with changes even more imperative for organizations and individuals who seek them.

Before we dive into more details of each updated section of ISO/IEC 20000, you may want to check out our introduction to ISO/IEC 20000 for a more complete outline of the basics.

What is ISO/IEC 20000-1?

The primary section of ISO/IEC 20000, ISO/IEC 20000-1 specifies “requirements for establishing, maintaining and continually improving a service management system (SMS).” These requirements cover all stages of the SMS process including planning, design, transition, delivery, and improvement of services.

The most recent version of this document is ISO/IEC 20000-1:2018, which cancels and replaces the edition created in 2011 (ISO/IEC 20000-1:2011). The major revisions from the 2011 version to the updated version were made to maintain the relevant requirements regarding modernizations in the service management field.

Some of the growing trends that are now accounted for by the updated ISO/IEC 20000-1 are commoditization of services, management of multiple suppliers by service integrators, and the need for determining service value for customers. Other changes include restructuring into the high level structure used for all management system standards and an overall reduction in specificity to shift the focus onto what organizations should do while providing freedom regarding how to accomplish those goals.

What is ISO/IEC 20000-2?

Part 2 of ISO/IEC 20000 is ISO/IEC 20000-2. Its purpose is to provide guidance regarding the application of a service management system based on ISO/IEC 20000-1. This complementary component gives examples and offers recommendations, aiding organizations in their application and interpretations of ISO/IEC 20000-1.

This document should be seen as a supplementary resource for organizations seeking to apply ISO/IEC 20000 recommendations to their service management operations. The goal of ISO/IEC 20000-2 is to provide supporting information and examples, making the application of ISO/IEC 20000-1 easier to implement. Despite this, examples and supplementary details are kept generic to provide context without placing constraints on the organization so it may act on the requirements as best fits its needs.

ISO/IEC 20000-2:2019 is the most recent version of the second part of ISO/IEC 20000. The primary changes from the second edition (ISO/IEC 20000-2:2012) are updates to align with ISO/IEC 20000-1:2018 as well as improved clarity and consistency of guidelines. In search of providing improved clarity, ISO/IEC 20000-2:2019 attaches three elements to each clause: Required Activities, Explanation (including a purpose statement), and Other Information (including guidance on documented information, roles, and authorities).

What is ISO/IEC 20000-3?

Part 3 of ISO/IEC 20000, ISO/IEC 20000-3 is also a supplementary document created to aid in the application of ISO/IEC 20000-1. Specifically, ISO/IEC 20000-3 deals with the definition of scope and the applicability of requirements detailed in ISO/IEC 20000-1. This document aids an organization in understanding whether ISO/IEC 20000-1 can apply to its circumstances.

ISO/IEC 20000-3 can aid organizations during the planning and preparation phases of performing conformity assessments against ISO/IEC 20000-1. This document is useful for personnel in charge of implementation of a service management system as well as SMS assessors and consultants. It is supplemental to both ISO/IEC 20000-1 and ISO/IEC 20000-2.

The most recent version is ISO/IEC 20000-3:2019, which was updated to conform to changes made in ISO/IEC 20000-1:2018 and ISO/IEC 20000-2:2019. In addition to being aligned with ISO/IEC 20000-1:2018, ISO/IEC 20000-3:2019 also saw updates to example scenarios that reflect contemporary SMS environments, such as complex service supply chains.

The three core pieces of ISO/IEC 20000 work in conjunction with one another to provide organizations with guidance on implementing and improving their service management systems. All three parts have been updated to retain relevancy in the modern era of IT service management.

These three sections do not make up the entirety of ISO/IEC 20000, but they are the essential pieces necessary for organizations seeking to apply these standards to specific operations. Additional sections are still in the process of being updated and published.

Access the Gartner Magic Quadrant for ITSM

The Gartner Magic Quadrant for ITSM is the gold-standard resource helping you understand the strengths of major ITSM software vendors, insights into platform capabilities, integration opportunities, and many other factors to determine which solution best fits your needs.


These postings are my own and do not necessarily represent BMC's position, strategies, or opinion.

See an error or have a suggestion? Please let us know by emailing blogs@bmc.com.

Run and Reinvent Your Business with BMC

BMC has unmatched experience in IT management, supporting 92 of the Forbes Global 100, and earning recognition as an ITSM Gartner Magic Quadrant Leader for six years running. Our solutions offer speed, agility, and efficiency to tackle business challenges in the areas of service management, automation, operations, and the mainframe. Learn more about BMC ›

About the author

Stephen Watts

Stephen Watts

Stephen Watts (Birmingham, AL) has worked at the intersection of IT and marketing for BMC Software since 2012.

Stephen contributes to a variety of publications including CIO.com, Search Engine Journal, ITSM.Tools, IT Chronicles, DZone, and CompTIA.