If you want to comply with international guidelines for (IT) service management, should you apply ISO9001 to your service management domain, should you apply ISO20000 because it claims to do exactly that, or should you use the ISO/IEC TR 90006 guidelines that describe how to apply ISO9001 to IT Service Management and how to integrate it with ISO20000? As so often, I’m completely lost….
ISO20000 was supposed to be the international standard for IT Service Management. It was published in 2005 by means of a fast track voting procedure, based on the British standard BS15000, after two voting rounds – the first one didn’t get enough support to promote BS15000 to an international standard. A bit of lobbying did the trick, and the ITIL-based British standard got its international status. As you may expect, the regular commercial circus applied to the new situation. The industry developed products and services around the standard, and the regular cat-fight between providers, including the itSMF, started, distracting the business from the content of what was supposed to be delivered.
ISO20000 was delivered in 2005 by the ISO Sub Committee 7 of the Joint Technical Committee 1, aiming for something that obviously wasn’t there: a quality standard on IT service management. Obviously – in their eyes - ISO9001 wasn’t sufficient to cover the guidance for quality management in the IT service management domain.
Six years later, ISO20000:2011 was released to align closer to ….. yessss…. .....drums …... ISO9001!
ISO9001 had been subject to some serious re-engineering, because it devaluated in the nineties, being abused through scoping tricks and other ‘smart’ use of the label. It was revised in 2000, and again in 2008, putting more weight on the customer perspective, but it had lost most its former position. Nevertheless it had a powerful community of users (and of course providers of derivatives). This community was not too happy with the results of ISO20000. After all, ISO9001 already pretended to deliver the standard on service management….
As usual in markets where money is to be made and where business positions are getting lost, the call for a ‘better’ standard got louder and louder. But would the ISO organization allow for yet a third standard for the IT service management domain?
No – they pulled the TR rabbit out of the hat.
A TR is Technical Report, of an entirely informative nature, used in exceptional circumstances, when ISO has run into information that should be published, but cannot be published in the format of a regular standard. That – clearly – was the case here: a third standard was totally unacceptable, and neither one of the two involved parties was willing to merge into the other.
So here it is: ISO/IEC TR 90006:2013, explaining how we could use both ISO9001 and ISO20000-1, applying ISO9001 to IT service management, and integrating it with ISO20000. Do you still follow?
The introduction and scope clauses of ISO/IEC TR 90006 state:
‘This Technical Report provides guidelines for the application of ISO 9001:2008 to IT service management. It also provides guidelines for the integration of a quality management system (QMS) and a service management system (SMS).
This Technical Report provides a comparison of the requirements of ISO 9001:2008 and ISO/IEC 20000-1:2011. It highlights those areas where there is the greatest similarity between the two management systems, and where there are differences between the two.’
TR 90006 has endless tables that explain the differences in meaning of ISO9001 terms and ISO20000-1 terms. Without setting either one as the standard to be used in practice. It explains the difference between Quality Management Systems and Service Management Systems. It illustrates which processes are described in ISO20000-1 that are missing in ISO9001 and vice versa, but as usual it discusses practices instead of processes. Etc. Etc.
“One business benefit of an integrated management system can be that the organization does not have two management systems with duplicating and contradictory requirements.”
This quote from the TR 90006 actually says that multiple ISO standards that are supposed to support the same environment, can contradict each other…. TR 90006 then continues with statements that integrating ISO9001 and ISO20000-1 would deliver various forms of synergy in processes, systems, etc…. Wow!! Do you still follow? Who would have thought of that?
Now, if we accept that ISO9001 does not align fully to the goals and requirements of ISO20000-1, and ISO20000-1 does not align fully to the goals and requirements of ISO9001, why not just improve the one, or the other, or better: improve both, so they would align to the sum of the parts? Just imagine: ISO20000 could then be moved to the position of an ISO9000 sub standard, describing how the ISO9001 requirements apply to an IT service management environment.....
But no – that would be asking too much of ISO.
This can only be a sign of vested interests in the communities defending the separate standards. Obviously, the ISO organization has no control over this, or they would not have published an “exceptional” TR that re-establishes both existing standards in their respective position.
Now, where would you put your money? In the ISO9001 standard that was devaluated so dearly, but still is the official quality management standard? In the ISO20000-1 standard that has only been successfully deployed in a small number of countries, and that is still not adopted in any significant numbers, even after 10 years? Or in an integration of the two, although they obviously do not align easily? Or perhaps in none of them?
Let me be clear: there is much value to be found in ISO9001 as well as in ISO20000-1, even though the risk of running into the usual pitfalls of complexity is significant. But applying it the way we have done for decades now, is definitely not delivering the value we expect to get from it.
My advise? Quit the whole charade, look at the other end of the stick, get your management system in order, and get in control of your service management by adopting a straightforward method. It has been proven in practice that it will save you the cost of ‘implementing’ any of the aforementioned standards (or large parts of others like ISO27000), it prepares you for any new ‘contemporary’ set of requirements from your external regulators (who follow the ISO standards), and it will simplify the way your service organization works, in such a way, that you will finally be able to do what you were meant to do: support your customers in a simple, understandable, and effective way.
It’s already there, you just have to pick it up…