ISO/IEC 20000 is the international standard specifically for IT Service Management. It describes an integrated set of management processes which form a service management system for the effective delivery of services to the business and its customers. The standard allows IT service provider organizations to achieve conformance to a service management system which requires them to continually improve their delivery of IT services. ISO/IEC 20000 was first released in 2005 and is now at the second edition. It aligns to the IT infrastructure library (ITIL®) best practice framework. The ultimate goal being effective overall IT service management, the standard is based on key processes ranging from service level management reporting, budgeting and accounting for IT services, to information security, supplier, incident, change and release management.
A clearer view of current IT capabilities
Better information on current services
Greater flexibility for the business through improved understanding of IT support
Enhanced customer satisfaction as a service provider know & deliver what is expected of them
Improved cycle time for changes & greater success rate.Improvements in security, accuracy, speed, availability for the required level of service
Profit margins will improve as more repeat business is won
Improved Quality of Service- more reliable business support
More focused IT Service continuity procedures & more confidence in their ability to follow them when required
Having chosen a third-party certification body for your audit, it will review your documentation to ascertain that it meets all the requirements of ISO 20000. This is followed at a later date by an audit to check that records are being kept and documented working practices are being followed
After a successful audit, a certificate of registration to ISO 20000 will be issued. Then there will be continual surveillance visits (usually once a year) to ensure that the system is maintained and continues to be effective.
Client interested in obtaining a certificate of registration under the QMS scheme from CQAL shall have established a documented quality system in accordance with the requirements of current version of the ISO 20000 standard and the applicable product standards.
CQAL Certification Services reviews the submitted documentation against the requirements of ISO 20000 standard and prepares a report detailing its finding. The deficiencies, if any, will have to be corrected prior to assessment since this documentation will form a part of the assessment criteria during the assessment.
Stage 1 assessment shall include – Review of quality manual/ procedures, supporting documentation, evaluation of client’s location, assessment of preparedness for stage 2 audit, collecting of information regarding the scope of the management system, statutory and regulatory aspects, legal aspects and risks and processes and locations, preparation of an audit plan for stage 2 audit, evaluation of internal audits and management review performed by the customer.
Stage 2 assessment is an on-site assessment which includes
- Evaluation of the implementation, including the effectiveness of the client’s management system
- Evidence about conformity to all requirements of the applicable standard or scheme
- Performance monitoring and reviewing against key performance objectives and targets
- Conformance to regulatory and legal aspects relevant to the standard
- Operational control of the client’s processes
- Internal auditing, management review and management responsibility, the competence of personnel, performance data, audit findings and conclusions
- Links between the normative requirements, policy, performance objectives and targets
CQAL Certification Services will issue a certificate of registration to the applicant once the corrective action has been accepted. The certificate carries a validity of three years from the date of issue subject to satisfactory findings during surveillances.
The certified clients are committed through the signing of a certification agreement to comply with the certification body’s requirements.
The Organization may choose one of two surveillance methods:
- Annual surveillance method – which includes conducting one surveillance audit annually, and performing a Recertification every third year
- Semi-annual surveillance method – which includes conducting two audits annually and a Recertification every third year
Surveillance audits shall be conducted at least once a year. The date of the first surveillance audit shall be not more than 12 months from the last day of stage 2 audit.
The following clauses shall be checked in each surveillance audit cycle:
- Implementation or the corrective actions required by the previous audit
- Review of changes in the organization
- Management reviews
- Internal system audits
- Customer complaints
- Corrective and preventive actions
- Scopes/activities that have changed since the last audit
- Customer complaints & appeals received in the Division concerning the organization
- Use of marks (certification logos)
The client’s quality system is re-assessed for the renewal of the certificate. All actions related with renewal (including completion of corrective actions) shall be completed before the expiry of the certificate to ensure continuity of certificate.
Are we ready for a certification audit? What is the cost of an audit to ISO 20000:2018? When can we get audited? Please Contact us for more information!