ISO/IEC 20000-1:2011 vs.
ISO 9001:2015
matrix
�ISO/IEC 20000-1:2011 ISO 9001:2015
Introduction
Explanation
Introduction
0.1 General
The introductory section of the ISO 20000 standard contains a general
description related to the:
0.2 Quality management
principles
0.3 Process approach
ISO 9001 has more comprehensive explanations:
0.4 Relationships with other
management system
standards
Copyright 2015 20000Academy. All rights reserved.
Purpose of the standard
Service Management System (SMS)
PDCA methodology applied to SMS
0.1 General This clause explains the benefits of the Quality
Management System (QMS) implementation, while pointing out that
the standard does not imply a need for uniformity in the structure of the
QMS. Additionally, enhancing customer satisfaction is pointed out in
this clause.
0.2 Quality management principles This clause lists the quality
management principles that are also applicable for ISO 20000
implementation.
0.3 Process approach This clause explains the process approach,
PDCA cycle, and risk-based thinking. For more information, read PlanDo-Check-Act in the ISO 9001 Standard.
0.4 Relationships with other management system standards This
clause defines ISO 9001 as a framework for other management
standards, i.e., SMS.
�ISO/IEC 20000-1:2011 ISO 9001:2015
Explanation
Read these articles:
ISO 20000 The perfect way to improve IT services
Using ISO 20000 to control IT services
to learn more about ISO 20000 and its usage in the business environment.
Service Management
System requirements
Quality Management
Systems - Requirements
1 Scope
1 Scope
Clause 1.1 contains an explanation of the areas of ISO 20000 usage.
Additionally, clause 1. of ISO 9001 refers to customer satisfaction, which is
also applicable to some of the processes within the scope of the SMS.
1.1 General
This clause defines the applicability of ISO 20000 and overlaps with part of
clause 1. of ISO 9001.
1.2 Application
2 Normative references
2 Normative references
Copyright 2015 20000Academy. All rights reserved.
These clauses are the same.
�ISO/IEC 20000-1:2011 ISO 9001:2015
Explanation
3 Terms and definitions
Terms and definitions in ISO 20000 contain mainly vocabulary specific for
the standard, whereas ISO 9001 refers to the ISO 9000 definitions of terms,
which contain general wording.
3 Terms and definitions
4. Service management
system general requirements
4.1 Management
responsibility
5.1 Leadership and
commitment
4.1.1 Management
commitment
5.1.1 General
Copyright 2015 20000Academy. All rights reserved.
Clause 4.1.1 of ISO 20000 sets the requirements of the top management,
which partially overlap with clause 5.1.1 of ISO 9001. Additionally, ISO 9001
sets more requirements related to improvement and effectiveness of the
QMS (read How to comply with new leadership requirements in ISO
9001:2015 to learn more about leadership requirements in ISO 9001).
�ISO/IEC 20000-1:2011 ISO 9001:2015
Explanation
4.1.2 Service management
policy
This clause defines the Service Management Policy for the SMS.
Additionally, clause 5.2 (and sub-clauses 5.2.1 and 5.2.2) of ISO 9001
partially contains some common requirements with ISO 20000:
5.2 Quality policy
that the policy is appropriate to the purpose of the organization
to fulfill service requirements
to continually improve the management system
that the policy is communicated and understood by personnel
See a sample of the SMS Policy here: Service Management System (SMS)
Policy.
4.1.3 Authority, responsibility
and communication
5.3 Organizational roles,
responsibilities and
authorities
4.1.4 Management
representative
Copyright 2015 20000Academy. All rights reserved.
Clause 4.1.3 from ISO 20000 overlaps with clause 5.3 of ISO 9001 in the
requirement that top management should ensure that authorities and
responsibilities are defined. ISO 9001 sets additional requirements for top
management, e.g., to promote customer requirements throughout the
organization, ensure that processes are delivering their intended outputs,
etc.
Only the requirements from ISO 20000 apply, because ISO 9001 does not
require appointing a management representative.
�ISO/IEC 20000-1:2011 ISO 9001:2015
Explanation
4.2 Governance of processes
operated by other parties
Although third parties are managed by the Supplier Management
(requirement 7.2), i.e., Service Level Management process (requirement
6.1), ISO 9001 provides extensive requirements for externally provided
processes, products, and services. The following requirements apply to both
standards:
8.4 Control of externally
provided products and
services
The organization remains accountable for the processes that are
performed by external parties.
The organization should determine that process performance meets
requirements.
The article How to control outsourced processes using ISO 9001 explains
this topic in more detail.
4.3 Documentation
management
7.5 Documented information
4.3.1 Establish and maintain
documents
ISO 20000 recognizes the difference between documents and records,
whereas ISO 9001 defines documented information, which could be in
various forms (i.e., documents and records). According to ISO 9001, all
requirements are valid for both documents and records; therefore, ISO 9001
is more extensive in setting requirements for records.
Read the article New approach to document and record control in ISO
9001:2015 to learn more.
4.3.3 Control of records
Copyright 2015 20000Academy. All rights reserved.
�ISO/IEC 20000-1:2011 ISO 9001:2015
Explanation
4.4 Resource management
ISO 20000 sets few general requirements regarding resources, whereas ISO
9001 is more detailed in setting non-technical resources requirements. See
more about resource management in ISO 9001 in the article Understanding
Resource Management in ISO 9001.
7.1 Resources
7.1.1 General
4.4.1 Provision of resources
7.1.3 Infrastructure
7.1.4 Environment for the
operation of process
4.4.2 Human resources
7.1.2 People
Copyright 2015 20000Academy. All rights reserved.
ISO 20000 sets requirements for human resources regarding competence,
training, effectiveness, their contribution to the service management
objectives, and records of their training and education. Quite the contrary,
clause 7.1.2 of ISO 9001 only requires that persons must be provided to
implement the Quality Management System and operate the processes.
�ISO/IEC 20000-1:2011 ISO 9001:2015
Explanation
4.5 Establish and improve the
SMS
ISO 20000 defines processes throughout the standard, but ISO 9001 sets
generic requirements for the processes. This can underpin the requirements
of ISO 20000 in the way that ISO 9001 explicitly defines that processes
need to have:
4.4 Quality management
system and its processes
4.5.1 Define scope
4.3 Determining the scope of
the quality management
system
Determined inputs and defined expected outputs
Determined sequence and interactions of the processes
Determined and applied criteria for the operation of the processes
Assigned roles and responsibilities
Risks addressed
Evaluation in order to ensure that processes achieve their intended
results
Scope requirements in ISO 20000 are very narrow and service related. ISO
9001 requirements for the scope are more general and organization related,
taking into consideration the organizations context, and needs and
expectations of interested parties.
For more information, read
Copyright 2015 20000Academy. All rights reserved.
How to identify the context of the organization in ISO 9001:2015
How to define the scope of the SMS in ISO 20000
�ISO/IEC 20000-1:2011 ISO 9001:2015
Explanation
4.5.2 Plan the SMS (Plan)
Clauses 4, 5, 6, and 7
The SMS Plan requirements in ISO 20000 cover all aspects of the SMS.
However, those requirements (e.g., management system objectives, roles
and responsibilities, resources, etc.) are elaborated in more detail in clauses
4, 5, 6, and 7 of ISO 9001.
4.5.3 Implement and operate
the SMS (Do)
7.1 Resources
ISO 9001 has more detailed requirements for human, infrastructure, and
environment resources, so resource management as defined in ISO 9001
can provide more details when defining resources needed to support the
requirements of ISO 20000. Additionally, ISO 9001 has more detailed
requirements for management, monitoring, and measuring of resources.
7.1.1 General
7.1.2 People
7.1.3 Infrastructure
7.1.4 Environment for the
operation of process
7.1.5 Monitoring and
measuring resources
8.1 Operational planning and
control
4.5.4 Monitor and review the
SMS (Check)
9.1 Monitoring,
measurement, analysis and
evaluation
Copyright 2015 20000Academy. All rights reserved.
�ISO/IEC 20000-1:2011 ISO 9001:2015
Explanation
4.5.4.1 General
9.1.1 General
ISO 20000 can benefit from the broader requirements in ISO 9001, i.e.,
both standards require that methods for monitoring and measurement
should be defined. But, ISO 9001 sets additional requirements in planning
of the measurement and monitoring, which can help when implementing
ISO 20000 monitoring of the SMS. Learn more about Analysis of measuring
and monitoring requirements in ISO 9001:2015.
4.5.4.2 Internal audit
9.2. Internal audit
Both standards require planning, objectivity, and impartiality of the audit
process, as well as corrective actions and proceeding with them. However,
ISO 9001 explains each of the items in more detail, and that can be used
when implementing ISO 20000. Find out more about Five Main Steps in
ISO 9001 Internal Audit.
4.5.4.2 Management review
9.3 Management review
Both standards have extensive requirements regarding management review
inputs, and many of them are the same (e.g., customer feedback, status of
actions from previous management review, audit results, opportunities for
improvement, etc.). Additionally, ISO 9001 has output requirements that
are applicable for the SMS, i.e., requirements for the output of the
management review. See more about management review in ISO 9001 in
the article How to make Management Review more useful in the QMS.
4.5.5 Maintain and improve
the SMS (Act)
Copyright 2015 20000Academy. All rights reserved.
10
�ISO/IEC 20000-1:2011 ISO 9001:2015
Explanation
4.5.5.1 General
Due to the fact that ISO 20000 has more detailed requirements, there are
not any new requirements in ISO 9001 that can be reused. Requirements
regarding nonconformities and corrective actions are described in more
detail in ISO 9001, which can be used in ISO 20000 implementation.
10 Improvement
10.1 General
10.2 Nonconformity and
corrective action
10.3 Continual improvement
4.5.5.2 Management of
improvements
There are no directly related clauses in ISO 9001.
Read the ITIL CSI 7-step improvement process: How to analyze and present
findings article to learn more about ITIL and ISO 20000 improvement.
5. Design and transition of
new or changed services
5.1 General
Copyright 2015 20000Academy. All rights reserved.
General requirements regarding the transition of new or changed services
are more detailed than in ISO 20000, and contain specifics about how to
define services within the scope of this process.
11
�ISO/IEC 20000-1:2011 ISO 9001:2015
Explanation
5.2 Plan new or changed
services
8.3.2 Design and
development planning
Some general requirements can be taken from ISO 9001 (i.e.,
considerations when determining stages and controls for design and
development), but there are many more requirements in ISO 20000. ISO
20000 also sets requirements regarding the removal of services. Learn
more about design and transition of new or changed services in the blog
Design and transition of new or changed services in ISO 20000.
5.3 Design and development
of new or changed services
8.3.3 Design and
development inputs
ISO 20000 has more extensive requirements than ISO 9001. Even so, ISO
9001 sets control requirements on the development of services, which can
be used during ISO 20000 implementation to ensure efficiency during the
development phase.
8.3.4 Design and
development controls
5.4 Transition of new or
changed services
8.3.5 Design and
development outputs
Copyright 2015 20000Academy. All rights reserved.
ISO 20000 sets general requirements for the transition into the live
environment and requires that deployment of the services will be done
using the Release and Deployment Management process. ISO 9001 partially
overlaps with ISO 20000 requirements (by requiring that any developed
service meet input requirements, and that any new service shall be verified
against acceptance criteria) and defines that service, include monitoring and
measurement requirements.
12
�ISO/IEC 20000-1:2011 ISO 9001:2015
Explanation
6 Service delivery processes
6.1 Service level management
8.5.5 Post-delivery activities
Section 8.5.5 of ISO 9001 sets requirements that partially overlap with ISO
20000 requirements (i.e., meeting customer requirements) or are an
extension of them (i.e., meeting statutory and regulatory requirements or
considering potential undesired consequences associated with its services).
Use these articles to learn about service level management and the service
catalogue:
Copyright 2015 20000Academy. All rights reserved.
Choosing four main inputs for the ITIL/ISO 20000 Service Catalogue to
avoid bureaucracy
ITIL Service Level Management making sure that what you want is
what you get
13
�ISO/IEC 20000-1:2011 ISO 9001:2015
6.2 Service reporting
8.7 Control of nonconforming
outputs
9 Performance evaluation
9.1 Monitoring,
measurement, analysis and
evaluation
Explanation
Although ISO 20000 sets some SMS-specific requirements, ISO 9001 has
extensive descriptions of controlling nonconforming outputs as well as
performance evaluation (section 9.1 of the requirements). Requirements of
ISO 9001 can be used to strengthen reporting made in ISO 20000.
Read the article Service Reporting: Get the picture, big and small to learn
more about service reporting.
9.1.1 General
9.1.2 Customer satisfaction
9.1.3 Analysis and evaluation
Copyright 2015 20000Academy. All rights reserved.
14
�ISO/IEC 20000-1:2011 ISO 9001:2015
Explanation
6.3 Service continuity and
availability management
ISO 9001 does not set particular requirements on continuity and availability
of the services.
6.3.1 Service continuity and
availability requirements
Read more in these articles:
6.3.2 Service continuity and
availability plans
ITIL Availability Plan A document you need, but probably dont have
IT Service Continuity Management waiting for the big one
6.3.3 Service continuity and
availability monitoring and
testing
6.4 Budgeting and accounting
for services
ISO 9001 does not set particular requirements on budgeting and accounting
for services.
Use these ITIL and ISO 20000 articles to gain understanding and
knowledge about budgeting and accounting for IT services:
Copyright 2015 20000Academy. All rights reserved.
Financial Management for IT services Theory and practice
ITIL Financial Management Charging as a moment of truth
15
�ISO/IEC 20000-1:2011 ISO 9001:2015
Explanation
6.5 Capacity management
ISO 9001 does not set particular requirements on capacity management.
Read the articles:
Three faces of Capacity Management
ITIL Capacity Plan A document you need, but probably dont have
6.6 Information security
management
ISO 9001 does not set particular requirements on information security
management.
6.6.1 Information security
policy
Learn more about information security management in these articles:
6.6.2 Information security
controls
If anything shouldnt be taken for granted its Information Security
Management
Security incidents How to approach them using ITIL and ISO 20000
6.6.3 Information security
changes and incidents
7 Relationship processes
Copyright 2015 20000Academy. All rights reserved.
16
�ISO/IEC 20000-1:2011 ISO 9001:2015
Explanation
7.1 Business relationship
management
ISO 9001 does not set particular requirements on business relationship
management with the customers.
Use these ITIL and ISO 20000 articles to learn more about business
relationship management:
7.2 Supplier management
8.4 Control of externally
provided products and
services
8.4.1 General
8.4.2 Type and extent of
control of external provision
8.4.3 Information for
external providers
Business Relationship Management through the ITIL Lifecycle
Business Relationship Management, Service Level Management Too
much management?
ISO 9001 sets extensive requirements regarding suppliers, their control,
and communication towards them. Those requirements partially overlap
with ISO 20000 (i.e., monitoring and evaluation of the supplier
performance, focus on service targets during evaluation of the suppliers
ability to meet agreed requirements, and documenting improvement
opportunities), but they could be used to manage suppliers more efficiently.
Find out more about supplier management in ITIL and ISO 20000 in these
articles:
ISO 20000 Supplier Management You lead the game
ITIL Supplier management The third party you depend on
8 Resolution processes
Copyright 2015 20000Academy. All rights reserved.
17
�ISO/IEC 20000-1:2011 ISO 9001:2015
Explanation
8.1 Incident and service
request management
ISO 9001 does not set particular requirements on incident and service
request management.
Learn more about ITIL and ISO 20000 incident and service request
management in these articles:
8.2 Problem management
8.7 Control of nonconforming
outputs
ITIL Incident Management How to separate roles at different support
levels, How to measure Incident Management efficiency according to
ITIL
ITIL Request Fulfillment: A quick win for customer satisfaction
The process for dealing with problems within the scope of ISO 20000 is
defined in more details. ISO 9001 sets general direction (e.g., correction or
obtaining authorization for acceptance under concession), which can be
used as a starting point when defining a course of action for managing
problems.
Read these ITIL and ISO 20000 articles to learn more about problem
management:
Copyright 2015 20000Academy. All rights reserved.
ITIL Reactive and Proactive Problem Management: Two sides of the
same coin
ITIL and ISO 20000 Problem Management Organizing for problem
resolution
18
�ISO/IEC 20000-1:2011 ISO 9001:2015
Explanation
9 Control processes
9.1 Configuration
management
ISO 9001 does not set particular requirements on Configuration
Management.
Learn more about Configuration Management in these ITIL and ISO 20000
articles:
9.2 Change management
8.5.6 Control of changes
Knowing your herd Service Asset and Configuration Management
(SACM)
Three main activities to set up ITIL Service Asset and Configuration
Management
ISO 20000 has an extensive set of requirements for change management.
But, some of the requirements overlap with ISO 9001 requirements in
section 8.5.6., i.e., review and control of changes, as well as requirements
regarding authorization.
Read these ITIL and ISO 20000 articles:
Copyright 2015 20000Academy. All rights reserved.
ITIL/ISO 20000 Request for Change Your steering wheel throughout
the change lifecycle
ITIL V3 Change Management At the heart of Service Management
19
�ISO/IEC 20000-1:2011 ISO 9001:2015
Explanation
9.3 Release and deployment
management
ISO 20000 sets more detailed requirements for release and deployment of
the services.
8.6 Release of products and
services
Use these ITIL and ISO 20000 articles to learn more about release and
deployment management:
Copyright 2015 20000Academy. All rights reserved.
ITIL Release and Deployment Management Part I General principles
and service testing
ITIL Release and Deployment Management Part 2 deployment
methods and early life support
20
�EPPS Services Ltd.
for electronic business and business consulting
Zavizanska 12, 10000 Zagreb
Croatia, European Union
Copyright 2015 20000Academy. All rights reserved.
Email: [email protected]
Phone: +1 (646) 759 9933
Toll-Free (U.S. and Canada): 1-888-553-2256
Toll-Free (United Kingdom): 0800 808 5485
Fax: +385 1 556 0711
21
