ISO/IEC 20000-1, Service Management System Requirements, was published in April 2011. Aligned to this, the new editions of part 2 and 3 were published in 2012 and part 5 in 2013. A new part 10, concepts and terminology, was published on November 1st 2013. See previous blogs on the updated parts 1, 2, 3, 5 and 10.
Also published in late 2013 is a new standard ISO/IEC 90006 for the application of ISO 9001 to service management and its integration with ISO/IEC 20000-1.
What is ISO/IEC 90006?
ISO/IEC 90006 has the title Information technology — Guidelines for the application of ISO 9001:2008 to IT service management and its integration with ISO/IEC 20000-1:2011.
The introduction and scope clauses states: ‘This Technical Report provides guidelines for the application of ISO 9001:2008 to IT service management. It also provides guidelines for the integration of a quality management system (QMS) and a service management system (SMS).
This Technical Report provides a comparison of the requirements of ISO 9001:2008 and ISO/IEC 20000‑1:2011. It highlights those areas where there is the greatest similarity between the two management systems, and where there are differences between the two.’
The target audience is those organizations that use ISO 9001 for service management areas as well as organizations that wish to establish an integrated management system for ISO 9001 and ISO/IEC 20000-1. The standard is also very useful for auditors and assessors. The standard is written for IT service management but can be applied to all services – IT and non-IT.
The body of the document is 57 pages with 24 pages of annexes containing reference tables. The standard contains the text of ISO 9001 and needs to be read in conjunction with ISO/IEC 20000-1.
The terms and definitions used are those of ISO 9001 and ISO/IEC 20000-1 with the addition of a definition for information technology (IT). There is a very useful information about the terms – those in common e.g. nonconformity, those in ISO/IEC 20000-1 adapted from ISO 9001 e.g. corrective action, and terms which are similar but differ in use between ISO 9001 and ISO/IEC 20000-1 e.g. defect and incident.
After the usual introductory and mandatory clauses, the contents are:
– Introduction to ISO 9001
– Introduction to ISO/IEC 20000-1
– Defining scope for a QMS and an SMS
– The application of ISO 9001 to services and service management
– The integration of ISO 9001 and ISO/IEC 20000-1
– Comparison of ISO 9001 and ISO/IEC 20000-1
– Management system requirements in ISO 9001 related to ISO/IEC 20000‑1 – a clause which contains the text of ISO 9001 with guidance on how this relates to ISO/IEC 20000-1 and how it can be used when applying ISO 9001 to services management
– Management system requirements in ISO/IEC 20000‑1 and not in ISO 9001
– Annex A Comparison of requirements between ISO 9001:2008 and ISO/IEC 20000‑1:2011
– Annex B Comparison of requirements between ISO/IEC 20000‑1:2011 and ISO 9001:2008
– Annex C Integration of ISO 9001:2008 and ISO/IEC 20000‑1:2011.
Applying ISO 9001 to service management
ISO 9001 can be applied to service management. The application of ISO 9001 to service management can be useful where an organization cannot meet all of the requirements of ISO/IEC 20000‑1 e.g. the organization only operates six service management processes and the other service management processes are not operated. It is also possible that an organization wants to demonstrate conformity to ISO 9001 for all parts of the organization including service management and other activities.
Clause 6 of the standard provides detailed guidance for each sub-clause of ISO 9001 indicating any directly associated clause of ISO/IEC 20000-1 and specific guidance on how the ISO 9001 requirements can be applied in a service management environment.
Integrated management systems
‘ISO 9001 and ISO/IEC 20000‑1 differ significantly on the requirements for scope of the management system. The scope of a QMS can include all or a part of the activities of an organization. The scope of an SMS applies to the design, transition, delivery and improvement of services. The figure illustrates 3 possible scenarios for the related scope of a QMS and an SMS.’
‘Organizations can benefit from integrating their management systems to create one management system. Management and organizational processes, in particular, can derive benefit from integrating the similar requirements and defining common objectives for all management systems.’
‘All requirements from ISO 9001 and ISO/IEC 20000‑1 can be implemented in an integrated management system which can be used to demonstrate conformity to both ISO 9001 and ISO/IEC 20000‑1. Care should be taken to retain everything necessary for conformity to ISO 9001 and ISO/IEC 20000‑1.’ External audits can be done in an integrated way where an auditor covers both standards in one audit but still has to ensure that the requirements of both standards are met and will issue 2 separate certificates with separate scopes.
‘There are some clauses which are similar in wording or intent. Other clauses are either unique or different in either wording or intent in ISO 9001 and ISO/IEC 20000‑1. There are some requirements that are in only one of ISO 9001 or ISO/IEC 20000‑1.
Another example is that there are no requirements in ISO 9001 specifically for budgeting and accounting. Therefore, the ISO/IEC 20000‑1 process of budgeting and accounting for services is shown as not having corresponding requirements with any clauses in ISO 9001. Clause 4.1 of ISO 9001 includes requirements for the organization to determine the processes required for the QMS and these can include budgeting and accounting for services. The organization can also choose to include the requirements from the budgeting and accounting for services process in ISO/IEC 20000‑1 as product requirements in Clause 7.2.1 of ISO 9001.’ This is illustrated below.
The annexes show detailed comparison tables. Annex A has ISO 9001 as a base, annex B has ISO/IEC 20000-1 as a base. Annex C provides integration guidance.
‘Clauses in ISO 9001 and ISO/IEC 20000‑1 with no related clause are:
a) ISO 9001:
— 5.4.1 Quality objective;
— 6.4 Work environment;
— 7.4.2 Purchasing information;
— 7.5.4 Customer property;
b) ISO/IEC 20000‑1:
— 6.3 Service continuity and availability management;
— 6.4 Budgeting and accounting for services;
— 6.5 Capacity management;
— 6.6 Information security management.’
ISO/IEC 90006 is an essential document for those wanting to use ISO 9001 in a service management environment or those wanting to build an integrated management system for both ISO 9001 and ISO/IEC 20000-1.
This can also be used in conjunction with ISO/IEC 27013 which is about the integration of ISO/IEC 27001 and ISO/IEC 20000-1. You can read more on this in the next blog.
ISO/IEC 90006 can be obtained from the ISO web site, your country standards body e.g. BSI in the UK, or from the web address below.
ITIL Master, ISO/IEC 20000-1 project editor, consultant and trainer
Permission to reproduce extracts from BSI ISO/IEC 20000-1:2011 is granted by BSI. British Standards can be obtained in PDF or hard copy formats from the BSI online shop: www.bsigroup.com/Shop or by contacting BSI Customer Services for hardcopies only: Tel: +44 (0)20 8996 9001, Email: firstname.lastname@example.org.