Service Management Blog

ISO 20000 vs ITIL: What’s The Difference?

10 minute read
Stephen Watts

ITIL is an acronym that stands for Information Technology Infrastructure Library and is the common term used to describe the catalog of best practices that it represents. It refers to the gold standard framework for managers looking to transition from a basic IT infrastructure to an IT-services oriented company.

ITIL provides guidance on how to operate in a way that meets the specific IT needs of your organization across all departments. Individuals within an organization can maximize their knowledge of ITIL practices through a number of certifications.

Download Now: ITIL 4 Best Practice e-Books

These all-new for 2020 ITIL e-books highlight important elements of ITIL 4 best practices. Quickly understand key changes and actionable concepts, written by ITIL 4 contributors.

However, it is important to note that entire organizations themselves cannot be awarded an ITIL certification. Instead, they can seek awards from other regulating bodies offering codified standards that complement the ITIL framework. ISO is one such organization.

In the body of this article, we will look at ITIL and ISO 20000, individually, in terms of practice, certifications and how organizations stand to benefit from implementing them. We will also look at major differences between the two and how they relate to each other.

ITIL in practice

Globally, ITIL is the most widely accepted approach to the management of IT services. ITIL’s framework creates an environment of continuous improvement where all of an organization’s resources are elevated by the proper implementation of best practices. This includes its people, processes and technology all working together seamlessly.

As a framework, ITIL is meant to provide guidance without codified standards. There are no “musts” in ITIL only “shoulds” and possibilities. Managers can choose to implement the practices that apply most readily to their business model while skipping other ITIL practices that aren’t applicable at the moment.

There were seven books that made up the catalog of ITIL best practices, condensed from 30 books originally. They included:

  • Service Support
  • Service Delivery
  • Planning to Implement Service Management
  • ICT Infrastructure Management
  • Applications Management
  • Security Management
  • The Business Perspective

In 2007, these were re-evaluated and condensed further into the five ITIL books widely used today. Let’s look at each one in turn.

ITIL Service Strategy

ITIL Service Strategy principles help organizations adapt to a market-driven approach to service management. Delivery and support of services and products are encouraged using five tenets, as follows:

  • Service portfolio management
  • Financial management for IT services
  • Demand management
  • Business relationship management
  • Strategy management for IT services

ITIL Service Design

The RACI matrix offers key insight on ITIL Service Design. RACI stands for responsible, accountable, consulted and informed. Using this matrix, organizations are encouraged to come up with prioritized business objectives for which IT products and services can be deployed.

The tenets of ITIL Service Design are:

  • Design Coordination
  • Service catalogue management
  • Service-level management
  • Capacity management
  • IT service continuity management
  • Security management
  • Supplier management

ITIL Service Transition

This refers to a project development facet that exists outside of day-to-day IT functions. It focuses on the following tenets:

  • Transition planning and support
  • Change management
  • Service asset and configuration management
  • Release and deployment management
  • Service validation and testing
  • Change evaluation
  • Knowledge management

ITIL Service Operation

ITIL Service Operation is all about best practices. It offers insight on how to deliver on end-user expectations while being cost conscious and uncovering issues. ITIL service operation can be separated into two main groups: Processes and Functions.

Functions include:

  • Technical management
  • Service desk
  • Application management
  • IT Ops management

Processes include:

  • Fulfilment
  • Problem management
  • Incident management
  • Event management
  • Access management

ITIL Continual Service Improvement

This is ITIL’s philosophy for improving service beyond transition. It has seven major tenets:

  • Identify strategy for improvement
  • Define what you will measure
  • Gather data
  • Process data
  • Analyze information
  • Present / Use the information
  • Implement improvement

Which organizations benefit from ITIL?

The short answer is any business, big or small, can benefit from adopting an ITIL framework. The purpose of the framework is to align business and IT goals. This creates a single technology-focused organization instead of one with any number of fractured processes or an IT department that is mostly reactive and which operates independently of business operations. In a business world driven by technology and innovation, the latter is an antiquated organizational structure that stifles organizations.

In a previous blog post, we brought you six major benefits of ITIL. In this section, we will revisit those in terms of types of businesses that would benefit from making the transition.

Businesses Seeking to Align IT with Operations

Adopting an ITIL Framework is perfect for businesses seeking to align IT and day-to-day ops. A primary goal of ITIL is to turn traditional organizations with IT departments into IT service-oriented organizations that deliver valuable services to clients.

Businesses struggling with their Service Delivery Model

ITIL’s end game is simple: better, more efficient service delivery. The idea is that when IT goals and business goals are aligned, a technology-driven workforce will thrive. And service delivery outcomes will be measurable and able to be improved upon.

Businesses seeking to reduce costs

Some industries struggle with achieving year-over-year cost reduction. Whether a shareholder mandate or executive goal, all businesses are trying to reduce their costs at one time or another. ITIL’s framework helps businesses better utilize their existing resources to help reduce costs in the long run.

Businesses that want transparency

Most businesses want to make sure that their departments are spending as efficiently as possible. With ITIL framework, business leaders gain better visibility of IT spending and total assets, providing greater transparency from the IT organization.

Businesses seeking strategies for risk management and service disruption

ITIL is a good solution for businesses who don’t have a solid plan that includes risk management and service disruption contingencies. These elements are covered under ITIL best practices.

Businesses that want a reliable service delivery model capable of accommodating future changes

ITIL provides a stable model of service delivery. But it also allows businesses to grow and change because the framework can be easily modified to meet business needs. For this reason, it is a scalable, flexible model for midsize to enterprise businesses.

ITIL Certifications

ITIL certifications offer a tiered approach to learning. Each certification level offers a number of credits to individuals who wish to certify. A certain number of credits must be obtained at each certification level before moving on to the next.

ITIL certifications are for individuals only. Businesses cannot receive ITIL certifications. Each certification level requires a registration fee that ranges in the hundreds, and education can cost thousands of dollars.

Many organizations invest in certifications for their employees. The only drawback of this approach is when a certified employee moves on to another organization the business who paid for the certification has, in some cases, assisted their competition.

Certification Levels arranged by skill level:

  • ITIL Foundation
  • ITIL Practitioner
  • ITIL Intermediate Level
  • ITIL Managing Across the Lifecycle
  • ITIL Expert Level
  • ITIL Master Qualification

ISO 20000 in practice

Based on the principles of BS 15000, originally developed by British Standards Institutions to mirror ITIL practices, ISO 20000 is a set of global service delivery standards published by the International Organization for Standardization (ISO) and the International Electoral Commission (ICE). Unlike ITIL, ISO 20000 is codified to outline requirements for an Information Technology Service Management system (ITSM). It has two main parts called ISO 20000-1 and ISO 20000-2. They outline specifications and requirements, respectively.

ISO 20000 is a global standard with international reach. That’s a requirement in order for it to be deemed an International Standard or “IS”. ISO 20000 provides both a framework and methodology. It offers opportunities for businesses to prove they follow the best practices and gain certification in doing so. The two main components of ISO 20000 are detailed below.

ISO 20000-1 2011 Specification for IT Service Requirements

ISO 20000-1 is based on seven guiding principles. Each outline specific requirements that must be met for IT service delivery. These are:

  • Service management system requirements
  • Design and transition of new or changed services
  • Service delivery processes
  • Relationship processes
  • Resolution processes
  • Control processes

Organizations can be certified in ISO 20000-1 but not ISO 20000-2, as described below.

ISO 20000-2 2011 code of practice for ITSM

This section helps business leaders turn requirements into actionable practices. It offers guidance on service delivery. Organizations do not become certified in ISO 20000-2; these are best practices only.

Benefits of ISO 20000

Similar to ITIL, ISO 20000 is intended to advance the information technology resources of a wide range of businesses across industries, internationally. Implementing ISO 20000 provides organizations with a number of key benefits, some of which will sound similar to that of ITIL framework. For this reason, you might be wondering whether your organization needs both. We will explore the differences between ITIL and ISO 20000 and how they complement each other later on in this post. For now, let’s review the benefits of adopting ISO 20000.

Integrated support via Service Management System

By laying out requirements for a Service Management System (SMS), businesses adopt practices that standardize service levels. Support for this system is integrated from the top down — management to employees.

Improved credibility and reputation

Organizations that want to show consumers, competitors and everyone in between that they are serious about their trade can increase credibility by way of this prestigious certification.

Increased customer satisfaction and confidence

By elevating service levels, more customers are satisfied. This gives businesses confidence in a crowded marketplace.

Improved incident management and reduction in incidents

Following these best practices leads to both a reduction in incidents as well as improved incident management. This helps businesses mitigate risks that stem from accidents and liability.

Reduction in customer response times and outages

Using ISO 20000 standards empowers businesses to cut down on response times and outages. This has a positive impact on customer satisfaction and ensures services go as smoothly as possible.

Proactive IT services

In the workplace, IT departments can be historically reactive. But implementing ISO 20000 has the added benefit of creating a proactive, IT-focused business.

Reduced cost

Like ITIL, with greater utilization of existing resources businesses can dramatically reduce operational costs.

Promotes culture shift

By implementing ISO 20000, many businesses find positive changes in their culture soon follow. ISO 20000 promotes a system of continuous improvement at every level of an organization. This creates an ethos where ownership is everyone’s goal.

Creates a formal framework that includes benchmarks

ISO 20000 is a formal and regimented approach with specific benchmarks that can be completed to achieve certain goals. With a clear direction in place, businesses aren’t left questioning how to best apply the practices.

ISO 20000 organizational certificate

ISO 20000 offers businesses a competitive edge by allowing them a chance to receive an organizational certificate. To do this, organizations must pass an audit conducted by an approved agency. A certificate will be issued if the organization passes the audit.

The certificate is a desirable feather in the cap of any organization because it provides proof that the business is dedicated to service delivery, aware of customer needs and how to respond to them and uses resources in a cost-effective manner. Clients have begun to demand ISO 20000 certificates of contractors who they award business to.

ISO can be implemented with ITIL or several other best practice frameworks that complement one another. It isn’t intended as a stand-alone certificate.

Nonetheless, businesses starting out with ISO 20000 may run into an issue where it is unclear what the future state of their business needs to be in, in order to obtain certification. In these instances, it is advisable to look to ITIL for advice that complements ISO 20000 principles.

The ISO 20000 organizational certification audit compares businesses against the ISO 20000-1 2011 Specifications for IT Requirements. It will take into account many of the following standards:

  • Adequate documentation showing ISO 20000 practices
  • Familiarity with processes and principles of ISO 20000
  • Evidence that ISO 20000 processes are adhered to

For each audit, businesses will be asked to complete a project to be audited. The steps an organization must take to receive certification from inception to finished project are as follows:

  • Develop an internal awareness campaign about ISO 20000.
  • Determine a scope that makes sense for your organization. What needs to change?
  • Identify which areas of your business conform with ISO 20000 and which ones do not.
  • Set up a project for completion to ISO 20000 standards.
  • Select the project manager, staff and auditor.
  • Get ready for the audit by closing gaps in your business that were previously identified.
  • Conduct audit.
  • Retain certification.

Major differences between ITIL and ISO 20000

By this point, it’s probably clear that ISO 2000 and ITIL are intended to complement one another but have a few key differentiators. We will describe these below.

The major difference is that ISO 20000-1 2011 provides “must do” guidelines that work with ITIL’s best practice framework. To add to the blurring of lines between ISO 20000 and ITIL, ISO 20000-2 offers a catalog of best practice guidance which is very similar to ITIL. It’s no wonder why businesses are sometimes left scratching their heads wondering if they truly need both. But here’s why they are both important pieces of the service management journey.

Timing is everything

One way to describe the difference between ITIL and ISO 20000 is to put them on a typical timeline of where organizations are in their quest to achieve superior service management. Oftentimes, businesses will adopt ITIL first, once they’ve identified a specific issue in service management and delivery. Using the guidance of ITIL they will correct the issue, only to uncover another issue with a related process.

Once the organization feels that it has a good handle on all of their resources – people, processes and technology – they may then begin to consider ISO 20000 certification for their organization.

The ISO 20000 certification is rigorous and hard to achieve for even those organizations with a good handle on ITIL. However, beginning with ITIL offers a natural segue into ISO 20000.

Structure and size considerations

ISO 20000 doesn’t have special considerations for organizations based on their structure or size. It operates independently of these metrics. On the other hand, ITIL provides recommendations and advice on management structure and offers special considerations for small companies.

System requirements for management

One example of system requirements set forth for management under ISO 20000 is the Plan Do Check Act cycle of continuous improvement. On the other hand, ITIL does not have system requirements and takes an approach that is more targeted at procedural best practices.

Comparing processes

While the two service management systems work well side-by-side, a knowledgeable and discerning IT professional could spot small differences in processes. For instance:

  • ISO 20000 offers standards for vendor management where ITIL does not.
  • ITIL includes advice on pricing on part of its section on financial management.
  • ITIL has a separate publication that is dedicated to software asset management, ISO 20000 and ITIL’s standard publication speak about asset management in more general terms.

ISO 20000 provides organizations with unlimited growth opportunities

Adding ISO certifications allow your business to grow in a number of strategic ways.

Firstly, by offering the opportunity to certify your business instead of your employees, ISO 20000 provides you with a boost in reputation and credibility that isn’t reliant on keeping the same employees. If an employee leaves your company for a competitor, you don’t have to worry about them bringing over skills they learned because they worked for you.

Moreover, having an ISO 20000 certification builds customer confidence. It allows your company to compete with an elite group of certified contractors all vying for a piece of the client’s portfolio.

But perhaps the best way ISO 20000 certification allows your business to grow, is by providing a stable foundation of superior service levels that you can build upon as you add services and gain new clients. It’s a fully scalable model that helps businesses of all sizes achieve peak efficiency.

ITIL and ISO 20000: Information Technology Services Management At It’s Best

The question this article is centered on is: Why do you need both? After all, if they are both similar; shouldn’t one be good enough?

Simply put, ITIL and ISO 20000 work best together. Organizations that rely on ITIL to solve problems should strive for ISO 20000 to help them build their organizations and grow to greater heights. That’s because ITIL is a comprehensive framework that provides service management best practice guidance for businesses. It provides a safety net when you’re experiencing an issue, and in doing so businesses can create a culture shift. But as mentioned, even savvy ITIL organizations have learned that achieving ISO 20000 certification isn’t easy.

While certifying individual employees in ITIL may be a good move for many organizations, getting an organizational certification in ISO 20000 adds value, and that’s something executives can take to the bank.

If your organization is thinking of transitioning to ITIL, you need a service management software provider you can trust.

New for 2020: ITIL 4 Best Practice e-Books

These all-new for 2020 ITIL e-Books highlight important elements of ITIL 4 best practices so that you can quickly understand key changes and actionable concepts. Download now for free!


These postings are my own and do not necessarily represent BMC's position, strategies, or opinion.

See an error or have a suggestion? Please let us know by emailing blogs@bmc.com.

BMC Bring the A-Game

From core to cloud to edge, BMC delivers the software and services that enable nearly 10,000 global customers, including 84% of the Forbes Global 100, to thrive in their ongoing evolution to an Autonomous Digital Enterprise.
Learn more about BMC ›

About the author

Stephen Watts

Stephen Watts (Birmingham, AL) has worked at the intersection of IT and marketing for BMC Software since 2012.

Stephen contributes to a variety of publications including CIO.com, Search Engine Journal, ITSM.Tools, IT Chronicles, DZone, and CompTIA.