Three reasons why ISO20000 certification is NOT ITIL V3 certification

A new publication from OGC highlights three good reasons why an ISO20000 certification of an organisation does not provide ITIL V3 certification (and the last one applies to ITIL V2 as well).

OGC have replaced the white paper on differences between ISO20000 and ITIL by Jenny Dugmore and Alison Holt (summarised here - does anybody have the original document?) with a new paper by Jenny Dugmore and Sharon Taylor, updated for ITIL V3 and more systematically addressing the differences.

This paper is second in a 'series' from OGC, following on from one that covered ASL. The conclusion of that ASL paper is that ITIL and ASL are "Living Apart Together". The IT Skeptic's interpetation: they have divorced but stay in touch occasionally. More on ASL in another post.

We look forward to the remaining COBIT paper as perhaps the most useful of the three (and probably the hardest to do).

Studying this latest ISO20000 paper reveals three reasons why ISO20000 certification of an organisation is NOT ITIL certification:

  1. ISO20000 only recognises the management of financial assets, not assets which include "management, organization, process, knowledge, people, information, applications, infrastructure and financial capital", nor the concept of a "service asset". So ISO20000 certification says nothing about the management of 'assets' in an ITIL sense.
  2. ISO20000 does not recognise CMS or SKMS, and so does not certify anything beyond CMDB
  3. An organisation can obtain ISO20000 certification without recognising or implementing the ITIL concept of Known Error, usually considered essential ITIL.

N.B. Yeah yeah, I know it is called ISO/IEC 20000. "Stop calling him Bert. His name is Engelbert".


Not true about Known Erors

ISO 20000 Part1 Chapter 8.3 states:

Problem management shall be responsible for ensuring up-to-date information on known errors and corrected problems is available to incident management.


known errors and Known Errors

The standard might mention them but "Because the standard does not use ‘known error’ with a special meaning, a service provider may choose to ignore both the ITIL definition and the advice linked to that definition, i.e. a known error is simply a ‘defect …that is recognised to exist’, without reference to whether there [sic] root cause has been established or not."

Known errors are described in part 2

There is one chapterISO/IEC 20000 Part 2, 8.3.3 Known errors. How much more specific it can be.

Compare to my recent comment re the V3 Known Error sub-process.

jus' quotin'

I's jus' quotin' th' paper.

Sounds like they see it differently but I don't know enough to comment. Since Jenny Dugmore co-authored the paper I gotta assume she knew that bit was there.

ISO 20000 vs ITIL v3

Hi All,

I am ITIL v3 foundation certified, I am looking to get certified in ISO 20000.

Could you suggest, which one should I take up, is it foundation or consultant. Since I have ITIL, can I directly go to ISO 20000 consultant or do I have to 1st get the foundation. Please advise.


There is also the EXIN path

Check this

The itSMF ISO 20000 Consultant Exam has a high failure rate, I have heard that only 15 % or less pass the exam at first attempt.


Riposte at rumour about itSMF ISO 20000 Consultant pass rates


I have just seen your comment and I feel I need to riposte since your comment might affect my and my colleagues' livelihood.

Where does 15% pass rate come from?

I have been teaching itSMF ISO 20000 Consultant since 2006 in the UK on behalf of a well established ATO.

I am getting very high pass rates for the itSMF ISO 20000 Consultant exam.

In 2009 my results were:


As a percentage of total delegates taking those 4 exams that's 76% pass rate. That's 5 times the pass rate you were stating

If your figure really is true please invite delegates to attend my courses, instead ;-)

Just a rumour

Sorry. That 15 % is old information, I heard it at the time I took the exam in 2006. It was true for the class I took. Has the exam changed somehow from 2006?


Thanks - same exam style today.

OK. That's good to hear. I took my exam in Feb 2006 and I think only 2 failed out of 9 or 10 on the course.

Exams are the same style - new sample papers have been released several times, so obviously new papers have periodically appeared on actual exams. Both exams in final hours of a 3 day course. External invigilator (always an itSMF employee)

Exam 1: 25 multichoice in 1 hour (+15 mins if English is a 2nd language): 15 are like ITIL Foundation, 10 test understanding of Part 1 and Part 2 of the standard.

Exam 2: Usually 3 questions in 1 hour written (+15 mins if English is 2nd language).

Pass marks: at least 50% on each but 65% overall.

For my delegates, I have found the few that fail always have passed both exams but don't hit 65% overall.

ISO 20000 consultant training


Can you provide contact details where I can discuss training arrangements for the ISO20K foundation?


Of course it isn't

Well, Skep..

I assume that you are doing just an analysis of the OGC document, because of course it is impossible that a pre-V3 certification can be V3 "compliant". It is so obvious that I had to tell... :-)


under the illusion

It isn't obvious to everyone - there are a lot of people under the illusion that ISO2000 does in fact indicate ITIL compliance.

And in fact this POST-V2 certification isn't version 2 compliant either, unless Known Error doesn't matter...

It doesn't matter...

Of course KE can be important in someone's business. On the other hand, there are companies with only IM and rudiments of Change Management implemented, braging on their "ITIL compliancy", and they stay alive.
Some businesses implement pieces of SLM and CMDB and they talk about ITIL like they invented it.

ISO2k introduced Supplier Management and Business Relationship Management in V2 era, which are also kind of important to some people. ISO2k is probably impossible to implement without ITIL (V2) help, but at least can be done. And it will be some time before someone will show us an ITIL V3 compliant company. Until then, we should work with what we have...

Compliance auditing is all about pedantry

Certification is a precise process. Certification says you have done it right. In theory certification says your systems will work with the systems of your suppliers and customers, in a value chain.

If you don't even acknowledge the existence of a Known Error then this is an issue. A pedantic issue but an issue nevertheless. Compliance auditing is all about pedantry :-D

Syndicate content