""

ISO/IEC 20000-1 Certification - Service Management System (SMS)

ISO/IEC 20000-1 certification attests to the implementation of a Service Management System (SMS), enabling organizations to deliver digital services in a controlled, structured manner aligned with international best practices.
It aims to guarantee the quality, reliability, and continual improvement of delivered services, while optimizing the operational processes associated with support, operations, and infrastructure management.
This certification is intended for public and private organizations that deliver, manage, or support IT services: managed service providers (MSPs), cloud operators, internal IT departments, shared service centers, digital service companies, hosting providers, multi-site actors, etc.

What is ISO/IEC 20000-1?

The ISO/IEC 20000-1 standard is the premier international benchmark specifying requirements for establishing, implementing, maintaining, and continually improving a Service Management System (SMS). Frequently associated with ITIL (Information Technology Infrastructure Library) best practices—a framework for managing and improving IT support and service delivery—the ISO/IEC 20000-1 standard transforms these recommendations into strict, verifiable requirements. This ensures that services (whether technological or business-aligned) precisely fulfill customer expectations.

This framework adopts a comprehensive approach to the service life cycle, from planning and design through transition and operational delivery. By integrating service level management, change management, and incident management processes, ISO/IEC 20000-1 ensures maximum agility and total control over the value chain.

 

In particular, the standard relies on:

  • The definition of a service catalogue and service level agreements (SLAs).
  • The management of relationship processes with customers and suppliers.
  • Control over change management, release, and deployment management.
  • Capacity management, service availability, and service continuity management.
  • A framework of continual improvement based on performance measurement.

What is a Service Management System (SMS)?

To understand a Service Management System (SMS), think of it as the "engine" of your service organization. An SMS under ISO/IEC 20000-1 is a comprehensive governance framework that aggregates the policies, processes, and resources necessary to direct the service life cycle. It transforms IT management (commonly referred to as ITSM for IT Service Management) into an industrialized discipline where every action is planned, measured, and improved to guarantee that the delivered service corresponds exactly to the committed agreement.

The challenges of ISO/IEC 20000-1 certification

Certification enables organizations to:

  • Structure and professionalize IT service management.
  • Improve service quality and user satisfaction.
  • Reduce the impact of incidents through clear, proven processes.
  • Optimize operational costs through enhanced operational control.
  • Strengthen customer and partner confidence in the capability to deliver reliable services.
  • Support contractual commitments and procurement tender requirements.

 

It acts as a lever for operational maturity, reinforcing the performance and continuity of IT operations.

Obtaining ISO/IEC 20000-1 certification serves as a strategic transformation lever for the organization:

  • Increased Customer Satisfaction: Guaranteeing that delivered services are systematically aligned with actual business needs and contractual commitments.
  • Operational Efficiency: Reducing costs and service interruptions through proactive incident and problem management.
  • Commercial Credibility: Demonstrating to prospects and partners an organizational maturity validated by an independent third party.
  • Unified Governance: Easily integrate service management with security(ISO 27001) and continuity(ISO 22301) thanks to the common structure of ISO standards.

Who is ISO/IEC 20000-1 certification for?

A solution for all service providers

ISO/IEC 20000-1 certification is designed for any organization, public or private, that delivers services to internal or external customers. It has become an essential hallmark of credibility for entities where delivery reliability is a critical success factor.

 

Sectors highly relevant to ISO/IEC 20000-1

  • IT Departments (DSI): To align IT services with the strategic needs of business units.
  • Managed Service Providers (MSP) and Cloud Providers: To contractually guarantee high availability and infrastructure quality.
  • Digital Service Companies (ESN): To differentiate during procurement tenders with proof of operational excellence.
  • Shared Service Centers: To harmonize support and delivery processes across large corporate groups.
 

What to do before taking ISO/IEC 20000-1 certification?

Before requesting a certification audit, the organization must have deployed an operational SMS. LSTI verifies not only documentation compliance but also the field-level effectiveness of your service processes.

 

Define the SMS scope

The organization must first identify the key services it intends to certify. This step requires clarifying the boundaries of the management system, taking into account internal organization, geographical sites, and dependencies on external suppliers.

 

Structure the service catalogue and service requirements

As the cornerstone of the standard, this step involves documenting the delivered services, defining expected service levels, and establishing performance measurement mechanisms (KPIs).

 

Prepare SMS documentation

Compliance relies on a structured "service management plan." To be ready for the audit, the company must provide operational evidence of process execution: service request management, configuration controls, performance reports, and budget management.

 

Validate the system through internal audit and management review

As with any ISO standard, an internal audit must be conducted to confirm that the SMS fulfills both the organization's requirements and the standard's criteria. A management review subsequently validates objectives and improvement plans.

How does ISO 20000-1 certification work?

The ISO/IEC 20000-1 certification process follows a rigorous three-year cycle designed to validate the implementation, effectiveness, and continual improvement of your Service Management System (SMS). As an independent third party, LSTI ensures an impartial assessment of your compliance with international standards.

 

A 3-step certification cycle

The certificate is issued for a three-year period and relies on the following steps:

  • The Initial Certification Audit: Conducted in two stages (a documentation review followed by operational verification), it validates the compliance of your SMS with the standard's requirements.
  • Annual Surveillance Audits: During the two years following certification, LSTI auditors verify the ongoing compliance of the SMS, tracking service interruptions and overall service quality.
  • The Recertification Audit: At the end of the third year, a full audit is conducted to initiate a new three-year cycle and ensure the long-term sustainability of your operational excellence.
 
Demandez un devis

Your questions about ISO 20000-1 certification

  • What is the link between ISO 20000-1 and the ITIL framework?

    The link between ISO 20000-1 and the ITIL framework is based on their strong complementarity, despite their different natures. Whereas ITIL is a best practice framework offering recommendations on how to manage services, ISO 20000-1 is a certifiable international standard imposing strict, verifiable requirements. This synergy transforms ITIL's pragmatic advice into a structured, formal management system that can be audited by an independent third party.

  • How does ISO 20000-1 fit in with other standards?

    ISO 20000 integrates natively with other management standards, thanks to the High Level Structure (HLS) common to all ISO standards. This compatibility makes it easy to align the Service Management System (SMS) with other standards, such as ISO 27001 with its Information Security Management System. This synergy ensures that service performance and data protection are managed transversally within a unified governance framework.

  • What's the difference between ISO 20000-1 and ISO 27001?

    The fundamental difference between ISO 20000-1 and ISO 2700 lies in their management objectives. On the one hand, NF ISO/IEC 20000-1:2018 specifies the requirements of a Service Management System (SMS) to ensure quality and operational performance. On the other, ISO/IEC 27001:2022 defines the requirements of an Information Security Management System (ISMS) to safeguard data confidentiality, integrity and availability through risk management. Beyond this distinction, both standards can incorporate ISO's Harmonized High Level Structure (HLS), a common ten-chapter model that natively merges technology service management and information security into a single integrated management system.

  • What operational areas are covered by the standard's processes?

    The operational areas of ISO 20000-1 cover the entire service management value chain. The standard requires mastery of the service catalog and service level agreements (SLAs), as well as critical processes such as incident and service request management, problem management to eradicate root causes, and capacity and availability management. Finally, the standard also requires rigorous configuration and change management. The aim is to ensure that every change to the infrastructure is controlled and documented, so as to avoid any regression in service quality.

Find out more

about our other certifications

""
ISO 27001 certification: Certify your Information Security Management System (ISMS)
In the face of ever-increasing cyber threats and regulatory requirements, information security has become a strategic priority for organisations. The ISO/IEC 27001 standard has established itself as the leading international framework for structuring information security governance and managing the risks associated with information systems.
ISO 27001 certification is based on the implementation of an Information Security Management System (ISMS) that guarantees the confidentiality, integrity and availability of data. As an independent third-party body, LSTI validates the compliance of your approach, transforming this security requirement into a genuine factor of trust and a competitive advantage for your digital, cloud or healthcare services.
See more
""
SecNumCloud
SecNumCloud qualification is the most advanced set of requirements for Cloud service providers operating in France.
This qualification is issued by ANSSI on the basis of an assessment report by LSTI, an accredited assessment body.
See more
""
HDS Certification: Certification for Health Data Hosts
The Health Data Host (HDS) certification is the cornerstone of digital trust in France. It certifies that an IT service provider has implemented a robust cybersecurity strategy to ensure the protection of personal data. This certification audit process, overseen by the French Digital Health Agency (ANS), guarantees the integrity and availability of sensitive information.
See more

Why choose LSTI?

1

Recognized expertise

With over twenty years' experience, LSTI supports more than 300 organizations in France and Europe as a leading certification body and assessment center, operating in the fields of cybersecurity, digital trust and information security.

2

Specialized auditors

Our teams of auditors are made up of experienced professionals who are fully conversant with ANSSI cybersecurity guidelines, information security management practices and European digital trust frameworks. Their approach guarantees assessments that are demanding, balanced and adapted to the operational contexts of each organization.

3

Independent third party and dedicated support

LSTI guarantees impartiality, transparency and consistency throughout the entire cycle: preparation, audits, surveillance and renewals. A dedicated contact ensures continuity and clarity throughout the certification process.


Discover our news