Skip to content

ISO/IEC 20000 – Myths and Truths

ISO/IEC 20000

During my work in service and information security management training and consultancy, I come across many myths about ISO/IEC 20000. These are often used as fear factors and reasons for not implementing ISO/IEC 20000. This blog discusses those myths and what is the truth behind them.

Myth 1 – ISO/IEC 20000 is only for large commercial organizations

Truth: The standard itself says in clause 1.2,  ‘All requirements in this part of ISO/IEC 20000 are generic and are intended to be applicable to all service providers, regardless of type, size and the nature of the services delivered.’ All management system standards can be used by all organizations – large, small, private, public, not for profit. ISO/IEC 20000-1 states what is to be achieved. By varying how this is achieved, the standard can be applied to all types and sizes of organizations.

Myth 2 – ISO/IEC 20000 is only applicable to IT infrastructure

Truth: ISO/IEC 20000 is about service management. As long as all of the requirements in part 1 are satisfied, it can apply to any service. In reality it is primarily used for IT services but has also been used for business process outsourcing services. It has also been used in varying contexts of IT – telecommunications, cloud services, media services etc. Again refer to the statement from clause 1.2 of ISO/IEC 20000 quoted in myth 1 – ‘All requirements in this part of ISO/IEC 20000 are … applicable … regardless of … the nature of the services delivered.’

Myth 3 – ISO/IEC 20000 is of no value to internal service providers

Truth: Many service providers who provide services within their own company have found benefits from certifying to ISO/IEC 20000. It brings about full usage and integration of service management processes, something that often does not happen when implementing ITIL alone. Additionally it adds management system discipline of the plan-do-check-act cycle guaranteeing continual improvement. It also demonstrates that the service management is professional and recognized by being certified by an independent body. This in itself can stave off outsourcing for the service department. It can also increase efficiency to help to deliver services in the face of budget cuts.

I have had one customer where one part of the business rarely used the service desk because it was not performing well. With the implementation of ISO/IEC 20000, the service improved hugely and the business department started to use it again. They quoted that their business productivity had improved because they were no longer doing their own IT support but were using the proper channels.

Myth 4 – Service providers must use ITIL®[1] as the underlying framework because ISO/IEC 20000 is based on ITIL

Truth: ISO/IEC 20000 was developed by looking at ITIL and other methods for service management. ITIL is the most commonly used service management framework. It therefore makes sense for ISO/IEC 20000 to take account of ITIL. For the last update in 2011, the implications of ITIL 2011 edition were considered and some items were updated in the standard because of this. However, ISO/IEC 20000 will never be the same as ITIL because they have different purposes.  ISO/IEC 20000 can be implemented by using ITIL, MOF, eTOM or any other framework. There is no mandate at all to use ITIL – in fact ITIL is not mentioned in ISO/IEC 20000-1.

Myth 5 – ISO/IEC 20000 will make my service management slow, more costly and bureaucratic

Truth: This can be true if you implement it in this way. However, it is not necessary. In fact, if you make the processes/procedures etc. very bureaucratic, it is likely that the service provider staff will not use them. The documentation is required to be used by the service provider. It is not produced just because the standard says it is needed.  The documentation can be minimized to make it user friendly. The policies, processes, procedures and plans can be streamlined using techniques such as 6-Sigma or Lean. Remember that ISO/IEC 20000-1 tells you what to do. You decide how to do it and you can choose to make it fast, efficient and streamlined. Many implementations of ISO20000 become more streamlined as they mature and go through continual improvement.


In summary, there are many perceptions of ISO/IEC 20000 which are myths and not the truth. If you have more myths or queries about your perceptions of ISO/IEC 20000, please let me know and I will endeavour to provide an answer.

Lynda Cooper, an independent consultant and trainer, is one of the first people in the world to hold the ITIL Master qualification. Lynda chairs the BSI committee for IT service management (ITSM) and is one of the authors of ISO/IEC 20000. Lynda sits on various ISO/IEC committees and is the project editor for ISO/IEC 20000-1 and ISO/IEC 90006.


[1] ITIL® is the registered trademark of AXELOS Limited

Posted in ISO Schemes.

Tagged with , .