International ITSM standard — ISO/IEC 20000-1:2018 is the reference framework increasingly required by US enterprise procurement, federal contracts, and managed service provider tenders.
ISO/IEC 20000-1:2018 · IT Service Management

ISO/IEC 20000 Documentation Package — Service Management System

Structure your ITSM Service Management System and prepare for certification in weeks, not months.

  • 115 documents built clause by clause
  • Full coverage of all 7 normative chapters (4 to 10)
  • Editable procedures and records
  • Compatible with BSI, SGS, DNV, Bureau Veritas, and other US certification bodies
Get the ISO 20000 Package — $689
Equivalent to $15,000 — $40,000 of consulting fees
Instant download 30-day guarantee Editable Word format
ISO/IEC 20000:2018 Documentation Package
115
Documents included
7
Normative chapters covered
100%
Requirements mapped
Annex SL
High-level structure aligned
Who this package is for

Designed for organizations that deliver, manage, or operate IT services.

The ISO/IEC 20000 package is for any organization that designs, transitions, delivers, or improves IT services — whether delivered in-house, fully or partially outsourced, or as a managed service provider serving external customers.

1

CIOs & internal IT departments

Chief Information Officers and IT departments that deliver IT services to their organization and need to demonstrate professional service management (SLAs, incidents, changes, capacity) to executive leadership and business stakeholders. Particularly relevant for federal contractors, healthcare networks, and Fortune 500 IT operations.

2

MSPs & managed service providers

Managed service providers (MSPs), IT outsourcers, and cloud providers that sell IT services to external customers and need to demonstrate ITSM maturity to win enterprise tenders, federal contracts, and Fortune 500 vendor onboarding processes.

3

SaaS providers & cloud platforms

SaaS software vendors and cloud platform operators that need to structure the service lifecycle management (run, change, capacity, availability, continuity) with auditable traceability — complementary to SOC 2 Type II reports and ISO 27001 ISMS.

4

Consultants & ITSM advisory firms

ITSM consultants and advisory firms that want a validated documentation foundation to quickly launch client engagements on ISO/IEC 20000 or ITIL 4 (consultant license available on request).

Why this package exists

An ITSM Service Management System cannot be built from a set of disparate ITIL templates.

ISO/IEC 20000-1:2018 contains 7 normative chapters (4 to 10) structured according to Annex SL. Each requires written policies, traced processes, and operational evidence. Building this foundation in-house takes 6 to 12 months of writing work, and exposes the organization to major findings during the certification audit.

01

ITIL is not ISO/IEC 20000

ITIL is a best-practice framework; ISO/IEC 20000 is a certifiable standard with precise requirements. A well-executed ITIL process doesn't automatically pass a 20000 audit — the standard demands structured documentation, formal policies, and traceability that ITSM tools alone (ServiceNow, Jira SM, Cherwell, BMC Remedy) don't provide on their own.

02

Enterprise customers and government demand certification

Fortune 500 procurement, federal agencies, healthcare networks, and regulated industries (finance, defense, energy, healthcare) increasingly include ISO/IEC 20000 in their IT vendor RFPs and master service agreements. Without a ready ITSM file, opportunities close before the technical stage even begins.

03

Annex SL changed the game since 2018

The 2018 revision aligned ISO/IEC 20000-1 with the high-level structure shared by ISO 9001 and ISO/IEC 27001. The new requirements on context, leadership, risk analysis, and interested parties demand specific documentation that legacy ITSM manuals lack — this is also what enables direct integration with SOC 2 control sets.

04

A consulting engagement costs $15,000 to $40,000

A complete ITSM SMS implementation engagement billed by a specialized consulting firm represents 20 to 60 days of intervention. The documentation package gives you the complete written foundation — you keep your budget for operational implementation, tool configuration, and team training.

What is included

115 documents organized by normative chapter and ITSM process.

The package covers the 7 normative chapters of ISO/IEC 20000-1:2018 as well as the entire chapter 8 service management processes (catalog, SLAs, incidents, problems, changes, capacity, continuity, security, suppliers, budgets). Aligned with ITIL 4, SOC 2 service operations criteria, and NIST 800-53 SI/CP control families.

Chapter 4

Context of the organization

  • Internal/external context analysis procedure
  • Interested parties register
  • SMS scope statement
  • Service Management System manual
  • Third-party services policy
Chapter 5

Leadership

  • Service management policy
  • Management commitment
  • Roles and responsibilities matrix (RACI)
  • Role descriptions (Service Owner, Process Owner)
  • SMS organizational chart
Chapter 6

Planning

  • Risk analysis and treatment procedure
  • Risk and opportunity register
  • SMS objectives and indicators
  • Service management plan
  • SMS change planning procedure
Chapter 7.1 — 7.5

SMS support

  • Resource management procedure
  • Competency matrix and training plan
  • Awareness procedure
  • Internal and external communication procedure
  • Document control procedure
  • SMS records management
Chapter 7.6

Knowledge management

  • Knowledge management procedure
  • SMS knowledge base (template)
  • Lessons-learned capture form
  • Knowledge sharing and dissemination procedure
Chapter 8.1 — 8.2

Operational planning & service portfolio

  • Operational planning and control procedure
  • Service portfolio procedure
  • Service catalog (template)
  • Lifecycle stakeholder control procedure
  • Asset management procedure
  • Configuration management procedure
  • Configuration information (5-attribute template)
Chapter 8.3

Customer relationship & service levels

  • Business relationship management procedure
  • Service level management (SLM) procedure
  • SLA / OLA / UC contract templates
  • Complaint management procedure
  • Service reporting
Chapter 8.4

Supply & demand

  • Service budgeting and accounting procedure
  • Inter-service billing template
  • Demand management procedure
  • Capacity management procedure
  • Capacity requirements and targets (documented)
Chapter 8.5

Service design, build & transition

  • Change management policy (documented)
  • Change management procedure (including emergency)
  • Service design and transition procedure (new / changed)
  • Service acceptance criteria
  • Release & deployment management procedure
  • Release types and frequency definition
  • Standard release plan
Chapter 8.6

Resolution & fulfillment

  • Incident management procedure
  • Major incident management procedure (documented)
  • Service request management procedure
  • Problem management procedure
  • Known errors register
  • Escalation decision tree
Chapter 8.7

Service assurance

  • Service availability management procedure
  • Availability requirements and targets (documented)
  • Service continuity management procedure
  • Service continuity plan(s) (5 mandatory inputs)
  • Information security policy (documented) — HIPAA / SOC 2 aligned
  • Information security controls procedure
  • Information security incident management procedure
Chapter 9.1 — 9.3

Performance evaluation

  • Monitoring, measurement, analysis, and evaluation procedure
  • SMS indicators dashboard
  • Customer satisfaction procedure
  • Internal audit procedure
  • Multi-year audit program and audit checklist by chapter
  • Management review procedure (12 mandatory inputs)
  • Standard management review agenda
Chapter 9.4

Service reporting

  • Service reporting procedure
  • Service report template (performance, trends)
  • SLA report template (target attainment)
  • Monthly SMS report template
Chapter 10

Improvement

  • Nonconformity management procedure
  • Corrective action procedure
  • Nonconformity register
  • Continual improvement procedure
  • Improvement opportunity evaluation criteria
  • Improvement opportunity register (CSI register)
Delivery format. All documents are delivered as fully editable Microsoft Word (.docx) files. The ISO/IEC 20000-1:2018 mapping matrix is delivered in Excel format. The graphic charter is neutral, ready to receive your visual identity.
Clause-by-clause mapping

Every standard requirement, mapped to a document in the package.

The mapping below follows the official structure of ISO/IEC 20000-1:2018 (chapters 4 to 10, Annex SL). Each row links a normative requirement to the package documents that cover it. This is the matrix the certification auditor (BSI, SGS, DNV, Bureau Veritas) will request.

Chapter Normative requirements Package documents
4.1 — 4.4 Context: internal/external issues, interested parties, SMS scope, general requirements Context analysis Interested parties register Scope statement SMS manual Third-party services policy
5.1 — 5.3 Leadership: management commitment, service management policy, roles and responsibilities SMS policy Management commitment RACI matrix Role descriptions SMS organizational chart
6.1 — 6.3 Planning: actions to address risks and opportunities, objectives, SMS change planning Risk procedure Risk register SMS objectives Service management plan SMS changes
7.1 — 7.5 SMS support: resources, competence, awareness, communication, documentation Resource management Competency matrix Training plan Awareness Communication procedure Document control Records management
7.6 Knowledge management: determine, maintain, share knowledge needed for the SMS and services (new clause 2018) Knowledge management procedure Knowledge base Lessons-learned form Dissemination procedure
8.1 — 8.2 Operational planning, service portfolio, lifecycle stakeholder control, service catalog, asset and configuration management Operational planning Service portfolio Service catalog Third-party control Asset management Configuration management Configuration information
8.3.1 — 8.3.4 Business relationship, service level management, external supplier management (contract) and internal (documented agreement) Business relationship SLM procedure SLA template External supplier contract Internal supplier agreement Complaint management
8.4.1 — 8.4.3 Supply and demand: service budgeting and accounting, demand management, capacity management Service budgeting Service accounting Billing template Demand management Capacity management Capacity requirements
8.5.1 — 8.5.3 Change management policy, change procedure, design and transition of new/changed services, release and deployment management Change policy Change procedure Design & transition Acceptance criteria Release management Release types and frequency Release plan
8.6.1 — 8.6.3 Incident management (including major incidents), service request management, problem management Incident management Major incidents Service requests Problem management Escalation tree
8.7.1 — 8.7.3 Service assurance: availability management, continuity management, information security management (policy, controls, incidents) — aligned with HIPAA Security Rule and SOC 2 Availability management Availability requirements Continuity management Continuity plan(s) Information security policy Security controls Information security incidents
9.1 — 9.3 Monitoring, measurement, analysis, evaluation; internal audit; management review (12 mandatory inputs) Monitoring and measurement SMS dashboard Customer satisfaction Internal audit procedure Audit program Management review Review agenda
9.4 Service reporting: reporting requirements, trends, decisions and actions based on reports Service reporting procedure Service report template SLA report template Monthly SMS report
10.1 — 10.2 Nonconformities and corrective actions, continual improvement with opportunity evaluation criteria Nonconformity management Corrective actions NC register Continual improvement Evaluation criteria CSI register
Not included Elements specific to each organization and its ITSM tooling — which must be filled in or configured case by case by your team Filled-in configuration information (real inventory) SLAs signed with customers Signed external supplier contracts ITSM tool configuration Technical runbooks per service Operational technical procedures (per infrastructure) Tested continuity plan (DRP)
Why these elements can't be in any documentation package — from any supplier.

The filled-in configuration information (compliant with clause 8.2.6: unique identifier, type, description, relationships, status) depends on the real inventory of your assets and the ITSM tool you use (ServiceNow, Jira Service Management, BMC Remedy, Cherwell, Ivanti, BMC Helix, GLPI, iTop). SLAs and supplier contracts are agreements signed with specific customers and suppliers. Runbooks and operational procedures depend on your infrastructure (cloud provider, OS, applications, schedulers).

A package claiming to deliver these pre-filled would either be unusable (fictitious data) or dangerous (configuration unsuitable for your environment). These deliverables must be built service by service, tool by tool, by your technical teams.

The QSE Academy package, however, provides all the procedures and templates that frame the production of these operational deliverables: configuration management procedure, configuration information template, SLA template, runbook template, standard continuity plan — the entire documentation framework within which your configuration, your SLAs, and your runbooks take shape.
In addition, this mapping is delivered as an Excel matrix in the package. It can be presented as-is to a certification auditor, an enterprise customer, or an internal stakeholder as proof of complete normative coverage.
For experienced professionals

Technical conformance — the points an experienced ISO/IEC 20000 auditor checks first.

Beyond the clause-by-clause mapping, here are the technical rigor points that Service Managers, CIOs, and experienced ITSM auditors verify first.

  • Integrated service lifecycle — planning, design, transition, delivery, improvement coherent with each other, not siloed processes
  • Formally defined SMS scope — included services, justified exclusions, compliance with the "no 100% subcontracted" rule of clause 8.2.3
  • 5-attribute configuration information — unique identifier, type, description, CI relationships, status (clause 8.2.6); the 2018 version replaced the CMDB requirement with a controlled information requirement
  • Measurable and reported SLAs — quantified targets, workload limits, exceptions, real performance data, analyzed gaps (clause 8.3.3)
  • Distinguished major incidents — separate documented procedure (clause 8.6.1), trigger criteria, top management informed, post-incident review
  • Documented change policy — items under control, change categories including emergency, major impact criteria (clause 8.5.1.1)
  • Continuity plan with 5 inputs — invocation criteria, procedures for major loss, availability targets, recovery, return to normal conditions; tested at planned intervals (clause 8.7.2)
  • Stakeholder control — services, components, and processes operated by third parties identified and documented, evaluation criteria, managed interfaces (clause 8.2.3) — critical for vendor risk assessments and federal subcontractor oversight
  • Knowledge management (new in 2018) — knowledge determined, maintained, relevant, and accessible to support the SMS and services (clause 7.6)
  • 12-input management review — previous actions, context changes, NC/audit/satisfaction trends, policy adherence, service and supplier performance, risks (clause 9.3)
L

ISO/IEC 20000: international recognition and US compliance alignment

ISO/IEC 20000-1:2018 is an international standard recognized in over 70 countries. Its Annex SL structure enables native integration with ISO 9001 (QMS), ISO/IEC 27001 (ISMS), and US compliance frameworks — making it a strategic asset for any IT provider serving Fortune 500, federal, healthcare, or financial services markets.

United States & Canada Aligned with ITIL 4 SOC 2 Trust Services Criteria HIPAA Security Rule NIST 800-53 SI/CP families FedRAMP-compatible
Comparison

Why the QSE Academy package over the alternatives.

Criterion QSE Academy ISO 20000
$689
Free ITIL templates
$0
Consulting firm
$15,000 — $40,000
Specific to ISO/IEC 20000-1:2018 (not generic ITIL)
Coverage of all 7 normative chapters (4 to 10) ✓ 100% Partial ✓ 100%
Annex SL structure included (context, risks, interested parties) ✓ Included Per engagement
SOC 2 / HIPAA / NIST CSF alignment ✓ Included Per engagement
Clause-by-clause mapping ✓ Excel matrix Per engagement
Editable Word format, neutral charter Variable
Delivery time Instant Instant 6 to 12 months
Money-back guarantee ✓ 30 days
Field implementation, ITSM tooling & training On you On you Included
The package doesn't replace field implementation — it gives you the complete written foundation. That's precisely the part where consulting firms charge the most. For SMS implementation support or pre-certification engagement, we also offer custom services.
ITSM flash audit

Where do you stand today?

Answer the 14 questions covering the 7 normative chapters of ISO/IEC 20000-1:2018 (chapters 4 to 10) to get your SMS maturity score. Instant result, free, no personal information required.

Question 1 / 14
Chapter 4 — Context
0
/ 100

Get the ISO 20000 Package — $689
Deployment process

From order to certification audit, here is the path.

The package isn't just delivered. Here is the concrete path to deploy your SMS in your organization, step by step.

1
Day 1

Download

Secure payment, immediate access to the full package as a ZIP. Within minutes, you have all 115 Word documents, the Excel matrix, and the user guide.

2
Weeks 1 — 4

Customization

Adapting the documents to your organization: SMS scope, real service catalog, chosen ITSM tool, internal RACI, role assignments for Service Owner and Process Owner.

3
Weeks 5 — 12

Implementation

Deployment of ITSM processes in your tooling, team training, start of records (incidents, changes, problems). The first service reviews appear.

4
Weeks 12 — 16

Mock audit

Internal audit using the checklist provided in the package. Identification of remaining findings, corrective action plan, preparation for the certification audit (BSI, SGS, DNV, BV) or enterprise customer audit.

Typical timeline: 12 to 16 weeks between order and a "ready for certification audit" state. Organizations already mature in ITIL reach this state in 10 weeks; those starting from scratch on ITSM may take up to 20 weeks. Your internal resources and your tooling make the difference, not the package.
Used by organizations worldwide

What organizations that adopted it say.

★★★★★

We started our SMS file in 10 weeks instead of the 8 months estimated in-house. The clause-by-clause mapping saved us considerable time during the certification audit.

T
Thomas
CIO · Managed services firm, USA
★★★★★

Written by professionals who really know Annex SL. The separation between management system and service management is clean, exactly what our SOC 2 auditor was looking for during integration with our existing controls.

C
Catherine
Service Manager · IT outsourcer, UK
★★★★★

Unbeatable value. We integrated the package with our existing ISO/IEC 27001 setup thanks to the shared Annex SL structure, which avoided documentation redundancy and accelerated our dual-audit prep.

L
Laurence
IT Quality Manager · SaaS provider, Canada
★★★★★

Fully customizable Word documents, neutral charter, rigorous ISO/IEC 20000 vocabulary. The major incident and continuity procedures are particularly well constructed for federal contract requirements.

F
Frank
Director of Operations · MSP, Australia
Risk-free

30-day guarantee, no questions asked.

30-day money-back guarantee

You test the package. If you change your mind, we refund you.

You have 30 days to download the package, review its content, open the documents, and verify that the writing quality matches your expectations. If something is off, you write us an email — no justification needed — and the refund is processed within 5 business days. That simple.

The package evolves with you

Updates included for 12 months.

ITSM standards evolve. The package you buy today shouldn't become obsolete in 6 months. That's why updates are included.

12 months of normative updates

In case of an ISO/IEC 20000-1 revision or amendment, evolution of related standards (ISO/IEC 20000-10 — concepts and vocabulary, Part 2 — application guide), or publication of official amendments impacting documentation requirements, you receive relevant package updates free of charge for 12 months after your purchase.

  • ISO/IEC 20000-1 revisions
  • Amendments and corrigenda
  • Alignment with ISO/IEC 20000-10
  • NIST & SOC 2 framework updates affecting documentation
  • Email notifications upon publication
Frequently asked questions

Answers to your most common questions.

Is the package enough to pass an ISO/IEC 20000 certification audit?

The package gives you the complete documentation foundation required by ISO/IEC 20000-1:2018 (chapters 4 to 10). To pass a certification audit, you also need to implement the processes in the field: configure the ITSM tool, populate the configuration information, maintain incident and change records, conduct a management review, run an internal audit, execute an improvement cycle. The package saves you the 6 to 12 months of writing work. Operational implementation remains your work (typically 8 to 16 weeks depending on initial ITIL maturity).

What's the difference compared to ITIL templates downloaded online?

ITIL is a best-practice framework; ISO/IEC 20000 is a certifiable standard with formal requirements. Generic ITIL templates don't cover Annex SL requirements (organizational context, interested parties, risk analysis, management review, internal audit) or the mandatory documentation structure imposed by chapter 7.5 of the standard. The QSE Academy package is written specifically for the 2018 version with a verifiable clause-by-clause mapping the auditor can use directly.

Who delivers ISO/IEC 20000 certification and how does it work?

Certification is delivered by accredited certification bodies — in the US: BSI, SGS, DNV, Bureau Veritas, LRQA, NQA, Intertek, A2LA, themselves accredited by ANAB or other IAF-recognized bodies. The audit takes place in two stages: a Stage 1 audit (SMS documentation review, identification of major findings) followed by a Stage 2 audit (verification of field implementation). The certification cycle is 3 years, with annual surveillance audits. The package prepares you for the entirety of Stage 1 and forms the documentation base for Stage 2.

How long does it take to adapt the package to my organization?

Plan 3 to 5 weeks to customize the documents: define the SMS scope, assign Service Owner and Process Owner roles, adapt the service catalog to your real offering, align the procedures with your ITSM tool (ServiceNow, Jira SM, BMC Remedy, Cherwell, Ivanti, BMC Helix, GLPI, iTop, or other). Then plan time for operational implementation: tool configuration, team training, start of records, mock audit — 8 to 16 additional weeks depending on organization size and initial ITSM maturity.

Is the package delivered in Word or PDF format?

All documents are delivered in fully editable Microsoft Word (.docx) format. No locked PDFs, no proprietary software dependency. The ISO/IEC 20000-1:2018 mapping matrix is delivered in Excel format. The graphic charter is neutral, ready to receive your visual identity and internal nomenclature.

Does the package cover Annex SL structure and integration with ISO/IEC 27001 and SOC 2?

Yes. The 2018 version of ISO/IEC 20000-1 uses the Annex SL high-level structure, identical to that of ISO 9001 and ISO/IEC 27001. The package is built on this structure, which allows direct integration with an existing Quality Management System (QMS) or Information Security Management System (ISMS). Policies, risk procedures, management review, and internal audit can be shared across management systems — and many controls map directly to SOC 2 Trust Services Criteria, the HIPAA Security Rule, and NIST 800-53 SI/CP/CM control families.

Is the package tied to a particular ITSM tool (ServiceNow, Jira, BMC Remedy)?

No. The package is fully independent of any ITSM tool. The procedures describe the "what" and the "why" compliant with the standard, leaving your team the choice of "how" (tooling, automation, workflows). Whether you use ServiceNow, Jira Service Management, BMC Remedy, Cherwell, Ivanti, BMC Helix, GLPI, iTop, Atera, ConnectWise, or an internally developed tool, the package procedures apply.

How many users / entities does the license cover?

The $689 license covers a single legal entity, with unlimited internal use (all your team members can use the package). For multi-entity rollout, group use with subsidiaries, or consulting use across multiple clients, contact us for an adapted license.

Do I receive updates if the standard evolves?

Yes. In case of an ISO/IEC 20000-1 revision, official amendment, or significant evolution of related standards (ISO/IEC 20000-10 concepts and vocabulary, Part 2 application guide), you receive relevant updates free of charge for 12 months after your purchase.

What happens if I'm not satisfied?

You're covered by a 30-day money-back guarantee, no conditions. You write us a simple email — no justification required — and the refund is processed within 5 business days.

Take action

Your ITSM SMS file. Ready today.

115 documents, 7 ISO/IEC 20000-1:2018 normative chapters, integrated Annex SL structure, complete clause-by-clause mapping, SOC 2 / HIPAA / NIST alignment. Instant download after payment.

Equivalent to $15,000 — $40,000 of consulting fees
$689 Single-entity license · Secure payment · Instant download
Get the ISO 20000 Package — $689
30-day money-back guarantee Instant download 12 months of updates Editable Word format