Prove reliable, secure, and compliant IT services with the world's first standard for IT Service Management. Essential for MSPs, SaaS providers, and enterprise IT departments.
IT Service Management (ITSM) provides a structured approach for delivering, managing, and improving IT services to meet business requirements. ISO/IEC 20000-1 is the international standard that defines requirements for establishing, implementing, maintaining, and continually improving a service management system.
Reduce outages and improve service availability through systematic incident and problem management.
Increase change success rates and reduce change-related incidents through controlled change processes.
Demonstrate governance and compliance to clients through certified service management processes.
Win tenders and contracts by proving your service management capabilities with ISO/IEC 20000-1 certification.
Choose the right combination of standards based on your service delivery requirements and business objectives.
Need to prove systematic IT service management capabilities to clients, regulators, or stakeholders.
ISO/IEC 20000-1 →Delivering cloud services and need specific controls for cloud security and privacy protection.
ISO/IEC 27017/27018 →Need comprehensive information security management alongside service management.
ISO/IEC 27001 →Processing personal data in your services and need privacy management extension.
ISO/IEC 27701 →Need to ensure service continuity and disaster recovery capabilities for critical services.
ISO 22301 →Looking for practical guidance on implementing ISO/IEC 20000-1 requirements.
ISO/IEC 20000-2 →Core ITSM standards and related frameworks for comprehensive service management capabilities.
The international standard for IT service management. Specifies requirements for establishing, implementing, maintaining and continually improving a service management system.
Practical guidance for implementing ISO/IEC 20000-1. Provides recommendations and examples for service management system implementation.
Comprehensive information security management that complements ITSM by securing the underlying IT infrastructure and data.
Ensures your IT services can continue during disruptions. Essential for mission-critical service providers.
Cloud-specific security controls for cloud service providers and cloud service customers. Extends ISO/IEC 27002 for cloud environments.
Privacy management extension to ISO/IEC 27001/27002. Essential for services processing personal data.
Common combinations of standards that work together to address specific business scenarios and industry requirements.
Comprehensive certification for managed service providers delivering services to multiple clients with security and continuity assurance.
Essential certifications for SaaS providers to demonstrate operational maturity, security, and privacy compliance to enterprise customers.
Comprehensive framework for internal IT departments to improve service delivery, security, and business continuity capabilities.
Compare key characteristics of ITSM and related standards to choose the right combination for your organization.
| Standard | Certifiable? | Primary Use | Works With | Typical Timeline | Audit Cycle |
|---|---|---|---|---|---|
| ISO/IEC 20000-1 | Yes | ITSM requirements | 27001, 22301 | 12–20 weeks | 3-year, annual surv |
| ISO/IEC 20000-2 | No | Implementation guidance | 20000-1 | — | — |
| ISO/IEC 27017/27018 | No | Cloud controls/PII | 20000-1, 27001 | — | — |
| ISO/IEC 27701 | Yes* (extension) | Privacy Management | 27001/27002 | 8–16 weeks | 3-year |
End-to-end support from gap analysis to certification, tailored to your service delivery environment and business objectives.
Evaluate current service delivery capabilities against ISO/IEC 20000-1 requirements and identify improvement opportunities.
Design comprehensive service catalog with clear SLAs, SLOs, and service level requirements aligned to business needs.
Implement change, incident, problem, and SLA management processes with proper workflow and escalation procedures.
Establish service performance monitoring with real-time dashboards for MTTR, SLA attainment, and service quality metrics.
Develop internal audit capabilities to monitor compliance and drive continuous improvement in service delivery.
Preparation and support through the certification audit process with experienced ITSM consultants and auditors.
Comprehensive training pathway from basic awareness to lead auditor certification.
ITIL is a framework providing best practices for ITSM, while ISO/IEC 20000-1 is a certifiable standard with specific requirements. ITIL provides the "how-to" guidance, while ISO/IEC 20000-1 defines the "what must be done" for certification. Many organizations use ITIL practices to implement ISO/IEC 20000-1 requirements.
ISO/IEC 20000-1 includes specific requirements for supplier management. Organizations can achieve certification even when using multiple suppliers, provided they maintain proper supplier agreements, performance monitoring, and integration of supplier services into their overall service management system.
The standard is tool-agnostic, but you'll need systems for incident management, change management, service catalog, monitoring, and reporting. Popular choices include ServiceNow, JIRA Service Management, or integrated suites. The key is ensuring tools support the required processes and provide audit trails.
These standards complement each other well. ISO/IEC 27001 secures your IT services, ISO 22301 ensures service continuity, and ISO/IEC 20000-1 manages day-to-day service delivery. Use an integrated management system approach with shared policies, risk assessments, and audit programs.
Implement automated monitoring and ticketing systems that capture timestamps for incident lifecycle events. Define clear SLOs based on business impact, establish baseline measurements, and use dashboards for real-time visibility. Focus on trends rather than individual incidents for continuous improvement.
Clearly define which services are in scope for certification. You can certify shared services (like email, network) separately from business-unit-specific services. Document service boundaries, customer relationships, and interfaces in your service catalog to ensure clear audit scope.
Join leading MSPs, SaaS providers, and enterprise IT departments who trust AEC for their ISO/IEC 20000-1 certification journey.