Service Management is a generic concept that refers to the activities performed by a service provider in order to design, plan, deliver, operate and control the services it offers to customers.
The purpose is to have the processes, the people and the technology in place; so that the service provider can meet its business objectives while the customer is satisfied with the valuable services he receives.
ISO/IEC 20000-1 specifies the requirements for a service management system.
This standard is meant to serve as reference for any service provider regardless if the customers are external or if they are part of the same organization (internal customers).
ISO/IEC 20000-1 requires organizations to design and implement processes to address different aspects like: service planning, business relationship management, budgeting and accounting for services, service design and transition, capacity management, incident and service request management or information security. Since ISO/IEC 20000-1 is meant to enable organizations to offer quality services; the quality management principles (from the ISO 9000 family of standards) apply here: customer focus, leadership, engagement of people, process approach, improvement, evidence based decision making and relationship management.
An organization familiar with other popular service management frameworks, like ITIL or CMMI-SVC will find it easier to implement ISO 20000 due to the existing similarities.
The first edition of ISO/IEC 20000-1 was published in 2005, then the standard was revised in 2011 with the latest version being the one from 2018.
RIGCERT provides ISO/IEC 20000-1 audit and certification services to help your organization demonstrate its commitment and capacity to offer valuable services that meet requirements.
It is a set of elements (policies, processes and procedures) used by an organization to fulfil its objectives and perform its tasks. A management system can address a single discipline (e.g. quality management system or information security management system) or several disciplines at the same time, in what is referred to as an integrated management system. It is the choice of the organization what type of management system it chooses to implement and certify.
For every discipline there are specific standards that define the requirements for a management system (e.g. ISO 9001, ISO 14001 or ISO/IEC 27001). An organization wishing to obtain the certification of its management system has to demonstrate during an initial certification audit that it fulfils the requirements of the specific standards used as reference for certification.
Regardless of the discipline all management systems generally require organizations to define roles, responsibilities and authorities for personnel, document policies, establish objectives and actions to achieve them, demonstrate operation in controlled conditions, monitor, measure, analyze and evaluate performance and act to continually improve the system.
A management system can be implemented by the organization using internal resources or with the help of external consultants . The management system needs to be maintained and continually improved.
To be useful, a management system should become an integral part of the organization’s activities and not a set of requirements separated from operational routine.
The support from top management is vital for the success of a management system in the organization.
Certification is an attestation from a third party (usually called registrar or certification body) that the management system implemented by an organization fulfills the requirements of applicable standard(s).
So, in fact, not the organization is the subject of certification but its management system.
The certification process begins with the application sent by the organization looking to obtain certification. It has to be a written application and its useful to the certification body for understanding what is required and to plan the resources needed to provide the certification services.
A contract for the certification is signed.
The certification audit is done to evaluate how the requirements of the standard(s)/ reference documents are implemented. The audit team is made of one or several members and the audit duration depends on a series of factors like the standards for certification involved, the size of the organization, its activities. locations, etc.
In case the conclusions of the audit are positive and there are no other elements that may affect the certification, the certification body issues the conformity certificate(s).
The document General rules for the certification of management systems contains detailed information about how the certification process works, what are the requirements for obtaining and maintaining certifications.
Management system certifications are valid for 3 years, with the condition that successful yearly surveillance audits are performed (in the first and second year after certification). Surveillance audits are meant to evaluate if the management system certified continues to respect applicable requirements.
The certification program is the document that specifies the planning of surveillance audits and it is communicated to the organization at certification date.
In the third year the recertification audit takes place and the organization enters another 3-year certification cycle in similar conditions as the previous.
In case surveillance audits are not performed as scheduled the certification may be suspended. During suspension the certification is temporarily invalid. If during suspension the situation is not corrected the certification is withdrawn.
Appeals refer to decisions of RIGCERT with regards to a certain certification (e.g. not granting, suspending, withdrawal, etc) while complaints may refer to a series of aspects like: the personnel working on behalf of RIGCERT, activities of the organizations certified by RIGCERT, activities of third parties connected to RIGCERT, etc.
Appeals and complaints should be sent at firstname.lastname@example.org and are treated confidentially.
RIGCERT personnel involved in the review and decision regarding a certain appeal or complaint have not been involved in the case being reviewed.
The review can include actions like performing special audits, request of information from the parties involved and is concluded with a formal decision communicated to the appellant and/ or complainant.
Detailed information on the appeals and complaints handling process are available in the document General rules for the certification of management systems.
Want to work with us
Complete the form below with your personal information and we will contat you as soon as possible.