Skip to content
SM Tutorials & Certification

ISO International Standards for Service Managers

ISO International Standards ensure that products and services are safe, reliable and of good quality.

Service Manager (SM) should have a deep understanding and knowledge of the following ISO norms or Standard Frameworks:

ISO/IEC 20000: Service Management

ISO 20000 is the world’s first International Standard that allows organizations to demonstrate excellence and prove best practice in Service Management.
The standard allows service providers to achieve conformance to a Service Management System (SMS) which requires them to continually improve their delivery of Services.
ISO 20000 consists of five parts:
  • ISO/IEC 20000-1, Part 1: Specification. Consists of the following 10 sections: Scope, Terms and Definitions, Requirements for a Management System, Planning and Inplementing Service Management, Planning and Implementing New or Changed Services, Service Delivery Process, Relationship Processes, Resolution Processes, Control Processes, and Release Process.
  • ISO/IEC 20000-2, Part 2: Code of practice. Provides assistance to organizations that are to be audited against ISO20000-1 or are planning service improvements.
  • ISO/IEC 20000-3:2012, Part 3: Guidance on scope definition and applicability of ISO/IEC 20000-1.
  • ISO/IEC TR 20000-4:2010, Part 4: Process reference model.
  • ISO/IEC TR 20000-5:2010, Part 5: Exemplar implementation plan for ISO/IEC 20000-1.
ISO  20000 International Standard supports other frameworks as ITILCMMi for Services, MOF and Run SAP.

ISO/IEC 27000 Series: Security Management

ISO 27000 Series are the International Standards that provides best practice recommendations on information security management for use by those responsible for initiating, implementing or maintaining Information Security Management Systems (ISMS). ISO 27000 Series defines information security in the context of the C-I-A triad (Confidentiality, Integrity and Availability).

ISO27000 Series consists of six publised parts:

  • ISO 27000 – Information technology: Information security management systems, Overview and vocabulary. 
  • ISO 27001 Security techniques: Information security management systems – Requirements. This is the specification for an Information Security Management System (an ISMS). Being a Management Standard means that such a standard defines how to run a system (in this case, ISMS). Therefore, certification against ISO 27001 is possible.
  • ISO 27002 Security techniques: Code of practice for information security management. Provides assistance to organizations that are to be audited against ISO 27001 or are planning security improvements. You cannot get certified against ISO 27002 because it is not a management standard. ISO 27002 contains best practices of Control Objectives, controlling the following areas of information security management:
    • Security Policy
    • Organization of information security
    • Asset Management
    • Human Resources security
    • Physical and Environmental security
    • Communications and Operations management
    • Access Control
    • Information Systems acquisition, development and maintenance
    • Information security Incident Management
    • Business Continuity management
    • Compliance
  • ISO 27003 Security techniques: Information security management system implementation guidance. This will be the official number of a new standard intended to offer guidance for the implementation of an ISMS (IS Management System). 
  • ISO 27004 Security techniques: Information security management -Measurement. This standard covers information security system management measurement and metrics, including suggested ISO27002 aligned controls. 
  • ISO 27005 Security techniques: Information security risk management. This is the methodology independent ISO standard for information security risk management..
  • ISO 27006 Security techniques: Requirements for bodies providing audit and certification of information security management systems. This standard provides guidelines for the accreditation of organizations offering ISMS certification.

At least 32 ISO27K standards are planned, and five of them are coming soon:

  • ISO 27007 – Guidelines for Information Security Management Systems Auditing.
  • ISO 27008 – Guidelines for ISM auditing with respect to security controls.
  • ISO 27011 – Information technology: Information security management guidelines for telecommunications.
  • ISO 27033 – Network Security. 
  • ISO 27799 – Health Informatics: Information security management in health using ISO/IEC 17799. 

Other International Standards and Frameworks

Take in account that ISO 37500 (Outsourcing), ISO 38500 (IT Governance) and ISO 17998 (SOA Governance Framework) are covered at

In addition, there are also some  interesting Commercial Frameworks (not ISO) such as COBIT®, ITIL®, CMMi® for Services, MOF, Run SAP®, etc. (you can get deeper into them in our 6.Frameworks article category).

As a Service Manager, are you planning to implement ISO Standards?

Author: angelberniz (All Rights Reserved by the author)
Source: Original Text (based upon first hand knowledge)
Image: © DOC RABE Media –
Help us to improve it: how-todiscussion