So, what’s the difference between ITIL and ISO 20000? | SITA

Like this post?
get more like it as soon as they are published
Back to blog

So, what’s the difference between ITIL and ISO 20000?

Published on  18 October by Steven McReynolds , Senior Expert Service Improvement, SITA Global Services
0 comment(s)

In my last blog I talked about the growing stature and importance, especially in mission-critical industries like air transport, of ISO / IEC 20000 certification for service providers. This blog looks at the difference between ISO 20000 and ITIL, how they are related and why would a service provider need both.

Not totally separate and divorced from each other, ITIL and ISO 20000 are in fact a lot closer and more related than most people realize. Not very helpful really, but let me explain what I mean.

Most of ISO 20000 is based on ITIL. In fact there are numerous publications that focus on the relationship, for example: ISO 20000 and ITIL – How are they related? But let me try and summarize the differences.

The essentials

At a very basic level the difference is simple. ITIL is a best practice or guideline, whereas ISO 20000 is a standard. In practice what does this mean?

ITIL was developed around the end of the 1980s and has since gone through several versions: ITIL V1, V2, V3 and 2011. It’s currently undergoing a review with a view to a new version (ITIL 4) being available in early 2019.

Where they originated

The phrase “best practice” is a fitting description for ITIL, as the original version was developed by going around and talking to many UK IT departments and asking: “How do you run the Help Desk (Service Desk now)” and “How do you run Problem Management”? The responses were then formulated and reviewed in such a way that the best practices were extracted and formed into the first version.

ISO 20000 originally saw life as a Code of Practice (namely PD 005) again in the late 1980s, but the first BSI 15000 edition was produced in 1980. ISO 20000 was first produced in 2005 and reviewed in 2011 with a new version planned for October 2018.

Four key differences

There are four key differences between ITIL and ISO 20000, as follows:

  • ITIL is a best practice, ISO 20000 is a standard. So, if you hear that an IT provider or their staff are “ITIL Compliant” then this isn’t true. ISO 20000, however, is a standard and must be certified by an external registrar audit for both its documentation and execution.
  • The certification / examination side of ITIL is designed for individuals rather than the company. Each of the levels (foundation, intermediate and expert) stay with the individual, even if they move.
  • ISO 20000, unlike ITIL, is totally prescriptive and rigorous in its certification process. ITIL does not have any prescriptive parts to it. This means that IT providers can do as much or as little of ITIL as they like. There is no certification process. On the other hand, ISO 20000 is totally prescriptive and rigorous in its certification process. IT providers have no choice in what they can, or cannot, do. There are over 250 requirements that must be complied with. There are also additional codes of practice which are there for guidance but are not mandatory.
  • ISO 20000 focuses on the IT Service Organization and the information captured is intellectual property of the IT provider company. So, the certifications stay with the company. There are a couple of qualifications for individuals: an ISO 20000 auditor and an ISO 20000 practitioner. These qualifications are a requirement for certification and can be provided in-house or by external staff.

In a nutshell the major difference is that ISO 20000 provides “must do” guidelines that work with ITIL’s best practice framework. 

ITIL or ISO 20000 – which should service providers have?

It’s a bit of a loaded question, but my recommendation would be to look for service providers that utilize both ITIL and ISO 20000 for the following reasons:

  • Service providers can use ITIL for its original intention to provide a baseline and foundation for their own processes. As ITIL is not prescriptive, service providers can keep their underlying business principles within the best practice. A pragmatic example of this is with Incident Management and setting up a Service Desk. ITIL will say that ‘the exact nature, type, size and location of a Service Desk will vary depending upon the type of business, users etc.” So, this would work for a company with one central Service Desk or equally as well for a company such as SITA with many service desks geographically spread across the world.
  • With ISO 20000 service providers must meet the criteria across 16 different processes. In addition to this there is the Service Management System (SMS) to manage as well as running your own annual internal audits.
  • The combination of ITIL and ISO 20000 is greater than the sum of the parts.

Question: Where does SITA stand?

ISO 20000 certification is a desirable feather in the cap of any organization because it provides proof that the business is dedicated to service delivery, is aware of customer needs and how to respond to them, and uses resources in a cost-effective manner.

SITA Global Services – our customer service organization – is committed to both ITIL and ISO. Across the SITA Global Services organization, many of our staff have attained expert and intermediate foundation certification in ITIL. Importantly, for ISO 20000 we have on our internal team with qualified ISO 20000 auditors and ISO 20000 practitioners.

For more

To learn more about the differences, read "ITIL vs. ISO/IEC 20000: Similarities and Differences & Process Mapping."

Leave your Comment


Type the code from the image


    There are currently no comments, be the first to post one!
Back to the top
Connect with us