But why do we need a new standard? The introduction of this standard is the result of the worldwide success and rapid development of the “Best Practices in IT Service Management”. The recognition of a formal standard requires corresponding measures to be taken in the service provider sector in order to develop and deliver high quality services.

For the very first time ISO/IEC 20000 offers an integrated management approach in the IT area. The ITL-based management model is generic and forms the basis for business cost effective action. The requirements of these maxims are:

• Identify specific risks
• Align processes in such a way that the risks are under control
• Set and implement improvement targets
• Periodic overall review of the IT strategy and operational processes.

ISO/IEC 20000 today gives us a specific, measurable quality standard which forms a key pillar of the IT governance, ensuring adherence to standards and security to equal extent. At the same time, the services are continually adapted to meet the ever changing business requirements in the global competition. ISO/IEC 20000 includes a monitoring system which allows for the auditing of the implementation of and adherence to the standard and consequently provides everyone with an objective verification.

So how does the certification procedure work? What are the rights and obligations of the accrediting company and the customer? Who is authorized to issue ISO 20000 certificates?