Preparing for Changes in ISO20000 (2018) New Version

Let’s examine the changes in the new version of ISO20000:2018, the international certification standard for ITSM, and identify key points to prepare for ISO20000 renewal audits. For general information on ISO20000 certification standards and frameworks, please refer to standard resources. This article focuses only on the major changes introduced in ISO20000:2018.

ISO20000 is the only international certification standard related to ITIL/ITSM that specifies the minimum requirements an organization’s IT service management system must meet. It currently reflects all processes from ITIL v2 and some processes from ITIL v3.

This ISO20000 standard has been revised from ISO20000:2011 to ISO20000:2018.

As shown in the history below, ISO20000 started as BS15000 in 2000 and has undergone three major changes.

[Figure 1. History of ISO20000 Revision]

Organizations certified under the 2011 version must complete transition audits by September 2021.

“BSI can issue new certificates for ISO/IEC 20000-1:2011 until March 30, 2020. After that, only ISO/IEC 20000-1:2018 certificates will be issued. All new or existing ISO/IEC 20000-1:2011 certificates will expire by September 29, 2021, regardless of their issuance date.” (BSI Guide)

Major Changes in ISO20000:2018 and How to Prepare for Renewal Audits

The revision direction of ISO20000:2018 can be summarized into three main points:

1) Introduction of Risk-Based Thinking

2) Changes in structure based on Annex SL (or SL)

3) Separation and addition of processes

1. Introduction of Risk-Based Thinking

The concept of Risk-Based Thinking has been introduced.

The standard now requires a systematic approach to risks in the Service Management System (SMS), adopting Annex SL requirements. Risks, previously part of preventive actions, must now be considered across the entire SMS. The standard recommends using Risk-Based Thinking alongside the process approach and PDCA cycle.

[Figure 2. Risk-related clauses in ISO20000:2018]

As shown in the standard, risk management requirements have been clarified. To comply, organizations must define criteria for assessing the importance of risks and determine acceptable levels of risk.

2. Changes in Structure Based on Annex SL 

The structure of the standard has changed to align with Annex SL.

The nine clauses in the 2011 version have been revised to ten clauses in the 2018 version to comply with Annex SL. Most process-related content from Chapters 5–9 has moved to Chapter 8: Operation of the Service Management System.

This change standardizes ISO20000:2018 based on Annex SL, ISO’s High-Level Structure (HLS), which provides a common framework for all management system standards. This ensures consistency, applies common terminology, and helps harmonize different management system standards.

[Figure 3. Revised clause structure in ISO20000:2018]

[Figure 4. Framework structure in ISO20000:2018]

3. Separation and Addition of Processes

Several processes have been separated or added:

- New requirements for Risk Management and Knowledge Management

- Service Catalog Management separated from Service Level Management

- Demand Management separated from Capacity Management

- Incident Management and Service Request Management separated

- Service Availability Management and Service Continuity Management separated

[Figure 5. Process separation and addition in ISO20000:2018]

These changes reflect user needs and IT trends, making processes more detailed through separation and addition.

We have reviewed the three major directions of ISO20000:2018 revisions.

Based on these changes, organizations with existing certifications must prepare for renewal audits. Below is a summary guide of key considerations for review.

For systematic renewal preparation—including pre-assessment, internal training, documentation updates, and audit response—or for training on the revised standard, you can work with STEG Inc., an ITSM/ISO20000 specialist company, for structured support.

STEG Inc. – Solution Business Division, Senior Consultant Lee Jung-je