Information technology — Service management — Part 1: Service management system requirements (Adopted ISO/IEC 20000-1:2018, third edition, 2018-09)
Standards development within the Information Technology sector is harmonized with international standards development. Through the CSA Technical Committee on Information Technology (TCIT), Canadians serve as the SCC Mirror Committee (SMC) on ISO/IEC Joint Technical Committee 1 on Information Technology (ISO/IEC JTC1) for the Standards Council of Canada (SCC), the ISO member body for Canada and sponsor of the Canadian National Committee of the IEC. Also, as a member of the International Telecommunication Union (ITU), Canada participates in the International Telegraph and Telephone Consultative Committee (ITU-T).
For brevity, this Standard will be referred to as CSA ISO/IEC 20000-1 throughout.
This Standard supersedes CAN/CSA-ISO/IEC 20000-1:13 (adopted ISO/IEC 20000-1:2011). The International Standard, was reviewed by the CSA TCIT under the jurisdiction of the CSA Strategic Steering Committee on Information Technology and deemed acceptable for use in Canada. From time to time, ISO/IEC may publish addenda, corrigenda, etc. The TCIT will review these documents for approval and publication. For a listing, refer to the Current Standards Activities page at standardsactivities.csa.ca. This Standard has been formally approved, without modification, by the Technical Committee and has been developed in compliance with Standards Council of Canada requirements for National Standards of Canada. It has been published as a National Standard of Canada by CSA Group.
This document specifies requirements for an organization to establish, implement, maintain and continually improve a service management system (SMS). The requirements specified in this document include the planning, design, transition, delivery and improvement of services to meet the service requirements and deliver value. This document can be used by:
a) a customer seeking services and requiring assurance regarding the quality of those services;
b) a customer requiring a consistent approach to the service lifecycle by all its service providers, including those in a supply chain;
c) an organization to demonstrate its capability for the planning, design, transition, delivery and improvement of services;
d) an organization to monitor, measure and review its SMS and the services;
e) an organization to improve the planning, design, transition, delivery and improvement of services through effective implementation and operation of an SMS;
f) an organization or other party performing conformity assessments against the requirements specified in this document;
g) a provider of training or advice in service management.
The term service as used in this document refers to the service or services in the scope of the SMS. The term organization as used in this document refers to the organization in the scope of the SMS that manages and delivers services to customers. The organization in the scope of the SMS can be part of a larger organization, for example, a department of a large corporation. An organization or part of an organization that manages and delivers a service or services to internal or external customers can also be known as a service provider. Any use of the terms service or organization with a different intent is distinguished clearly in this document.
All requirements specified in this document are generic and are intended to be applicable to all organizations, regardless of the organization’s type or size, or the nature of the services delivered. Exclusion of any of the requirements in Clauses 4 to 10 is not acceptable when the organization claims conformity to this document, irrespective of the nature of the organization.
Conformity to the requirements specified in this document can be demonstrated by the organization itself showing evidence of meeting those requirements.
The organization itself demonstrates conformity to Clauses 4 and 5. However, the organization can be supported by other parties. For example, another party can conduct internal audits on behalf of the organization or support the preparation of the SMS.
Alternatively, the organization can show evidence of retaining accountability for the requirements specified in this document and demonstrating control when other parties are involved in meeting the requirements in Clauses 6 to 10 (see 8.2.3). For example, the organization can demonstrate evidence of controls for another party who is providing infrastructure service components or operating the service desk including the incident management process.
The organization cannot demonstrate conformity to the requirements specified in this document if other parties are used to provide or operate all services, service components or processes within the scope of the SMS.
The scope of this document excludes the specification for products or tools. However, this document can be used to help the development or acquisition of products or tools that support the operation of an SMS.
Information technology - Service management - Part 1: Service management system requirements (Adopted ISO/IEC 20000-1:2011, second edition, 2011-04-15)