The revised parts 1 and 10 of ISO/IEC 20000 were published on September 15th 2018.
There is sometimes confusion about the use of other parties and how they are managed.
Who are the key parties in ISO/IEC 20000-1:2018?
The main party is the organization that is delivering the services and needs to demonstrate conformity to the requirements of ISO/IEC 20000-1. This can be a whole organization or part of a larger organization. It is the organization in the scope of the service management system (SMS).
The organization may use other parties to support the service delivery. The other parties can be:
- External suppliers
- Internal suppliers
- Customers acting as a supplier.
An external supplier is outside of the organization delivering the services and, if it is part of a larger organization, outside of the larger organization. The internal supplier is within the same organization but outside of the scope of the service management system (SMS). For the final option, the customer is both receiving a service and also acting as a supplier.
However, suppliers cannot be used to do everything. Clause 8.2.3 states ‘Other parties shall not provide or operate all services, service components or processes within the scope of the SMS.’ So, if you have outsourced just about everything, you cannot demonstrate conformity to ISO/IEC 20000-1. Ask your suppliers to get certified to ISO/IEC 20000-1 instead!
What do other parties do?
They can support the organization to:
- provide or operate services;
- provide or operate service components;
- operate processes, or parts of processes, that are in the organization’s SMS.
How are other parties managed?
Figure 2 from ISO/IEC 20000-1 illustrates the usage, agreements and relationships between business relationship management, service level management and supplier management.
Clause 1.2 of ISO/IEC 20000-1, states that ‘The organization itself demonstrates conformity to Clauses 4 and 5. Alternatively, the organization can show evidence of retaining accountability for the requirements specified in this document and demonstrating control when other parties are involved in meeting the requirements in Clauses 6 to 10.’
As can be seen in figure 2, supplier management is used to manage the other parties.
A customer acting as a supplier is managed by supplier management and also has a relationship with the organization through service level and business relationship management.
Demonstrating control of other parties is referring to clause 8.2.3 of ISO/IEC 20000-1, Control of parties involved in the service lifecycle. The 1st sentence of this clause is clear that regardless of who is involved in the service lifecycle, the organization is accountable. Before another party is agreed, criteria for the evaluation and selection of other parties must be used. The various parties and their part in the delivery of services needs to be documented. The organization is responsible for integrating the various parties and elements together so that they operate to deliver services successfully. Finally, controls are applied to measure and evaluate the process performance and effectiveness of the other parties.
Summary
If you are already certified or starting to implement ISO/IEC 20000 part 1, do not worry, there will be a 3-year transition period following the revision of part 1.
Lynda Cooper is speaking on the revised ISO/IEC 20000-1 at ITSMF UK November 19 #ITSM18
and at ITSMF 1-day workshop in London on December 13th. Also, at the end of year debate at BCS in London on November 28th about service management methods, frameworks and architectures featuring ITIL4, ISO/IEC 20000 and IT4IT. https://www.bcs.org/content/ConWebDoc/60340
Lynda Cooper, an independent consultant and trainer, is one of the first people in the world to hold the ITIL Master qualification. Lynda chairs the BSI committee for IT service management (ITSM). Lynda sits on various ISO/IEC committees representing the UK and is the project editor for ISO/IEC 20000-1.
