Skip to content

ISO/IEC 20000 and human resources

74300;110067;178509;178556;180425;181038;181053No matter how much we try to automate, service management cannot work without people. ISO/IEC 20000-1 contains many references to ‘authorities and responsibilities’. It also has a specific sub-clause about human resources. This blog aims to clarify these requirements and answer some common questions about how to provide evidence of fulfillment of the requirements.

Authorities and responsibilities 

In ISO/IEC 20000-1, authorities and responsibilities are required in many clauses to be defined, maintained, and assigned. The service management plan needs to contain a ‘framework of authorities, responsibilities and process roles’.

Process roles will typically include process owners, process managers, and process practitioners. There may also be other roles in service management such as service owners, business relationship managers, supplier managers, management representatives etc.

Each of these roles needs to have defined responsibilities e.g. a process manager will typically have responsibility to for the effective operation of the process. In addition the authorities of the role need to be defined e.g. who can declare a major incident, who can invoke service continuity, who has the authority, perhaps at different levels, for approving changes, accountable for the process.

A common way of showing responsibilities and authorities is using a RACI matrix showing activities for a process with a matrix of roles responsible, accountable, consulted and informed.

Human resource competencies 

Human resource competency requirements are in clause 4.4.2 of ISO/IEC 20000-1:2011. One of the key requirements is to ensure that ‘personnel are aware of how they contribute to the achievement of service management objectives and the fulfilment of service requirements’.

This is often done by passing down appropriate objectives linked to the overall service management objectives to staff members. For example, if there is an overall service management objective of increasing customer satisfaction, a staff member working on incident management might be given an objective to increase the number of incidents closed within the SLA targets in order to keep customers happy.

Clause 4.4.2 also states that ‘The service provider’s personnel performing work affecting conformity to service requirements shall be competent on the basis of appropriate education, training, skills and experience.’

In order to achieve this, there is a requirement to determine the competencies for personnel. One way of doing this is for each role description to contain the role title, responsibilities, authorities and competency requirements. The competency requirements can be stated in various ways such as:

  • technical skills e.g. capacity planning, incident resolution, skills in a specific technology
  • business/service skills e.g. skills for a specific service
  • experience e.g. 2 years’ experience working with a specific technology
  • qualifications e.g. ISO/IEC 20000 foundation
  • behavioral abilities e.g. problem solving, customer relationships

Competency levels can be based on a simple measure such as:

  • level 0 – no knowledge
  • level 1 – overview knowledge
  • level 2 – competent to work in a simple situation under supervision
  • level 3 – competent to work in an average situation under supervision
  • level 4 – competent to work in a complex situation or expert who can support others.

It is important to consider for a team, how many staff of each level are required to get a balance to suit the type of work.

The levels of competency for each staff member can be ascertained by asking the staff member to score themselves against various competencies and by the manager also scoring them. Any discrepancies are then discussed to agree a level.

The actual level of competency needs to be reviewed for each staff member against the required level. A simple way of recording competency levels both individually and for a team is using a matrix such as that below. This matrix can be simple, assigning an overall competence level to each staff member as below, or can be more complex stating requirements and staff competency levels by each type of skill/qualification etc.

Level for Incident management team Required staff numbers for incident management team Staff member 1 Staff member 2 Staff member 3 Staff member 4 Staff member 5 Total staff at this level
0 0           0
1 0 1         1
2 2     1   1 2
3 2   1       1
4 1       1   1


As can be seen in this matrix, there is 1 staff member who is only at level 1 but there are already 2 staff members who are at level 2 which is the number required. However, there is only 1 staff member at level 3 with a requirement of 2. Therefore it seems sensible in this case to plan for the staff member at level 1 to increase competence to level 2 and for 1 of the staff at level 2 to increase competency to level 3.

The next requirement is to ‘provide training or take other actions to achieve the necessary competency’. This needs to be shown on a plan. The plan can be for an individual such as a performance development plan or can be a plan for a team. The actions could be varied such as  training, self-study, coaching or mentoring.

The effectiveness of these actions needs to be measured i.e. has the competency been increased? This can be show by an increased competency level.  Consideration should be given to how this will be proven e.g. ability to work successfully on incidents, passing an exam for a required qualification.

Records need to be kept for each staff member about their education, training, skills and experience.


Human resources are a vital part of service management. ISO/IEC 20000-1 has requirements for human resources. Many organisations’ already have performance management systems which satisfy most of these requirements and may require only a small amount of work to ensure that it satisfies specific requirements for service management. For those organisations that do not have this already, the tips above should support the development of a simple system.

Lynda Cooper, an independent consultant and trainer, is one of the first people in the world to hold the ITIL Master qualification. Lynda sits on the BSI committee for IT service management (ITSM) and is one of the authors of ISO/IEC 20000. Lynda sits on various ISO/IEC committees and is the project editor for ISO/IEC 20000-1 and ISO/IEC 90006.

Posted in Accreditation, Exams, ISO Schemes, Qualifications.

Tagged with , , , , , , .