How To Get Certified For Iso/iec 20000 It Service Management System?

By Author: niha
Total Articles: 107
Comment this article

ISO/IEC 20000 is the international standard for IT service management, which makes it a significant and helpful standard for businesses and companies to obey. ISO 20000 certification tells the world that IT department meets rigorous guidelines for service design, delivery, and constant improvement. The Ascent explores ISO 20000 standard and its advantages. In a digital world, business's information technology (IT) department must deliver the best services possible to satisfy consumers, improve partner and supplier relationships, and contribute to the bottom line.
ISO/IEC 20000 Certification:
For an organization to gain the ISO 20000 certification, it has to involve the services of a Certification Body. Is an organization that is responsible for delivering certificates to companies that request their services and obey with the requirements of the standard against which they want to become certified. The Certification Bodies must also obey with rules and requirements of another ISO 17021, and also must be audited and licensed by local entities that are known as Accreditation Bodies. Each country has an Accreditation ...
... Body that is responsible for auditing Certification Bodies to confirm they meet the requirements of the reference standard.
Steps:
The steps that are essential in the process of ISO/IEC 20000 certification:
Request: The organization that requires to certify against ISO/IEC 20000 requests an application. The request must state information about the company: number of people included in the scope, main lines of business, scope, etc. Based on this information, the Certification Body calculates the number of days mandatory, and dependent on the number of days sets the price of the proposal. Finally, the Certification Body sends the proposal to the organization.
ISO 20000 Certification Audit: If the organization accepts the ISO/IEC 20000 certification proposal, then it carries out the certification audit. This audit is essentially composed of two phases:
• Phase 1: The audit team makes an Audit Plan, which must contain all problems to be reviewed at this phase. It will also identify persons who will interview, and date and time of all activities to be undertaken during the audit. The activities carried out in this phase are essentially the review of ISO 20000 documents generated by the company, i.e., primarily procedures, technical instructions, etc., and everything associated to Management System. Also, the organization will plan dates and events that will take place in the next stage. As a result of phase 1, the audit team will grow and deliver an audit report to the company, which reflects all the detected deviations. So, the aim of the phase 1 audit, also called Documentation Review, it is to check whether the documentation is compliant with ISO/IEC 20000.
• Phase 2: As in phase 1, the audit team will make an Audit Plan for this phase, which will contain all the things to do and all the people complex. In this second phase the audit team will review everything that has been pending management system and operational implementation of all ISO/IEC 20000 processes. As a result of this phase, an Audit Report is produced, which will contain all deviations from phase 2, with the deviations that have not been treated in phase 1. Therefore, it can say that this report will be the final report of the certification audit. So, the aim of the phase 2 audit, also called the Main Audit, is to check whether the activities and processes in a company are compliant with the ISO 20000 standard and with the documentation. In further words, to check whether the SMS works.
These two phases are required only in the first certification audit, and therefore are not present in the surveillance audits and audits of recertification.
Obtaining the Certificate: If the organization addresses all deviations of the report accessible by the audit team and presents the essential evidence to the Certification Body, the Certification Body then releases a Decision Evaluation Report, and finally accepts the granting of the ISO/IEC 20000 certificate to the organization. The most common problem is that the certificate is granted, but sometimes may be rejected, due to the immaturity of the system.
Surveillance Visits: An ISO 20000 certificate is valid for 3 years, during which time surveillance visits are conducted. That is, after the first certification audit, in the next 2 years the organization will have to face further audits.
Recertification Audit: Finally, after 3 years, when the ISO/IEC 20000 certificate expires, the organization will have to face a recertification audit to maintain the certificate.