+918368353855contact@legalfidelity.comITR season is open · File before 31 JulyFile Now →
4.8 · Average Google Rating

ISO 20000 Certification - for IT service management

ISO/IEC 20000-1:2018 is the only standard against which an IT service management system can be certified. We define your service scope, build the SLAs and process documentation your auditor will ask for, and get you certified through an independent certification body.

  • Service management system scope and service catalogue defined with you
  • SLAs, incident, problem, change and capacity management procedures drafted
  • Aligned with ITIL practice, audited against ISO/IEC 20000-1:2018
  • Certificate issued by an independent certification body, with a clear scope statement
  • Support through the annual surveillance audits for 3 years
10,000+
Happy Customers
70,000+
Services Completed
4.8
Average Google Rating
Free Consultation
Free expert call
Get started with ISO 20000 Certification

Our expert will connect with you for a detailed consultation.

Your info is safe. No spam, ever.
Free Consultation
100% Online Process
No Hidden Costs
Satisfaction Guaranteed
ISO 9001 Certified
Trusted by 10,000+ founders & businesses across India
AWSCarDekhoHDFCOYORapidoSwiggyTata PlayTestbookAWSCarDekhoHDFCOYORapidoSwiggyTata PlayTestbook
Overview

What is ISO 20000 Certification?

ISO/IEC 20000-1:2018 is the international standard for an IT Service Management System (SMS) — and it is the only standard against which an IT service management system can actually be certified. Certification means an independent certification body has audited how you plan, deliver, monitor and improve your IT services: your service catalogue, your service level agreements, and your incident, problem, change, capacity and continual improvement processes.

Here is the distinction people get wrong constantly. ITIL is a framework of best practice, and it is individuals who take ITIL exams and hold ITIL qualifications. ISO 20000 is a standard, and it is the organisation that is certified against it. Your team can be full of ITIL-certified engineers and your company still holds no ISO 20000 certificate — and an ISO 20000 certificate says nothing about who on your team holds ITIL. ITIL is how many organisations get their processes into the shape ISO 20000 wants to see, but it is not a substitute for the certificate.

The demand almost always comes from a buyer. IT services firms, managed service providers and BPOs bidding for enterprise contracts, central government IT contracts and PSU RFPs routinely find ISO 20000 listed as a pre-qualification condition — no certificate, no bid. LegalFidelity is a consultant: we build the service management system and prepare you for the audit; the certificate comes from the certification body.

Standard
ISO/IEC 20000-1:2018 — IT service management
Certifies
The organisation — ITIL certifies individuals
Validity
3 years, with annual surveillance audits
Mandatory?
Voluntary — but a common tender pre-qualification
Why it matters

Why IT firms get ISO 20000 certified

Clear tender pre-qualification

Central government IT contracts, PSU RFPs and enterprise managed service agreements commonly list ISO 20000 as a pre-qualification condition.

Win enterprise clients

BFSI, telecom and healthcare buyers treat ISO 20000 as a baseline quality signal before they hand over a managed service contract.

SLAs you can actually meet

The standard makes you define, measure and report against service levels — so commitments in the contract match what operations can deliver.

Fewer repeat incidents

Structured incident, problem and change management stops the same failure recurring and stops changes causing new outages.

Process ownership, not heroics

Service delivery stops depending on the one engineer who knows how it works, because the process is documented and owned.

Integrates with ISO 27001

ISO 20000 and ISO 27001 share a common high-level structure, so if you already hold one, the second is faster and audits can be combined.

Eligibility

Who needs ISO 20000 certification?

IT services companies and managed service providers bidding for enterprise contracts
BPOs and IT support desks running SLA-driven service agreements
Firms responding to central government IT tenders or PSU RFPs that list it
Cloud, hosting and infrastructure providers whose uptime is contractually committed
Telecom, BFSI and healthcare IT vendors whose clients audit service delivery
Large in-house IT teams that deliver services to internal business units
Checklist

Documents required

Business identity

  • PAN card of the business
  • Certificate of incorporation / GST certificate / Udyam certificate
  • Aadhaar and PAN of the authorised signatory
  • Address proof of each delivery location to be covered

Scope and service definition

  • SMS scope statement — the services and locations to be certified
  • Service catalogue listing every service in scope
  • Service level agreements with customers
  • Agreements with suppliers and subcontractors supporting those services

Policy and process documentation

  • Service management policy and objectives approved by management
  • Risk register for the service management system
  • Incident and service request management procedures
  • Problem, change, capacity, availability and continuity procedures

Records and reviews

  • Internal audit programme and audit reports
  • Management review minutes
  • Corrective action and continual improvement records
  • Service performance and SLA reports
How it works

How ISO 20000 certification works

01

Free consultation

Fill the form and our ISO expert calls you to understand the services you deliver and the scope the tender or client is asking to see on the certificate.

02

Gap analysis and scope

We review your current processes against ISO/IEC 20000-1:2018, define the SMS scope and service catalogue, and flag what is missing.

03

Build the service management system

Service management policy, SLAs, and incident, problem, change and capacity procedures are drafted and put into use across your delivery team.

04

Audit and certificate

An independent certification body audits your SMS in two stages and issues your ISO 20000 certificate, valid three years subject to annual surveillance audits.

Ready to get your ISO 20000 Certification?

Talk to a Licenses & Certifications expert for free. Fixed quote upfront, no hidden costs.

Compare your options

ISO 20000, ITIL and the other major standards

ISO 20000 certifies your organisation's IT service management system. ITIL is a best-practice framework that individuals get qualified in — the two are not interchangeable.

What it coversWho or what is certified
ISO 20000IT service management system — SLAs, incident, problem, changeThe organisation, by an independent certification body
ITIL 4A framework of IT service management best practice, not a standardIndividuals — your engineers sit ITIL exams; companies are not ITIL certified
ISO 27001Information security managementThe organisation — commonly held alongside ISO 20000
ISO 9001Quality management systemThe organisation — the general-purpose, most widely recognised standard
ISO 22301Business continuity managementThe organisation — where uptime and recovery are contractual
ISO 45001Occupational health and safety managementThe organisation — factories, construction, high-risk workplaces
Questions answered

Frequently asked questions

ISO/IEC 20000-1:2018 is the international standard for an IT Service Management System (SMS), and the only standard against which an IT service management system can be certified. Certification means an independent certification body has audited how you plan, deliver, monitor and improve your IT services — your service catalogue, your service level agreements, and your incident, problem, change and capacity management processes.

This is the point almost everyone gets wrong, so it is worth being precise.

ITIL is a framework of best practice — a body of guidance on how to run IT services well. It is individuals who get ITIL certified: your engineers sit ITIL exams and hold ITIL qualifications. There is no such thing as an ITIL-certified company.

ISO 20000 is a standard with auditable requirements, and it is the organisation that is certified against it, by an independent certification body, with a certificate to show a client or a tender authority.

They work together — implementing ITIL practice is a common way to get your processes into the shape ISO 20000 requires — but an office full of ITIL-qualified staff does not give your company an ISO 20000 certificate, and holding ISO 20000 says nothing about who on your team holds ITIL.

Any organisation that provides or manages IT services. The requirements are generic and apply regardless of size or sector — IT services firms, managed service providers, BPOs, cloud and hosting providers, telecom operators, banks, hospitals and large in-house IT teams all qualify. There is no minimum headcount or turnover.

No. It is a voluntary standard and no law requires it. In practice it is often decisive: IT companies bidding on central government IT contracts, PSU RFPs and enterprise managed service agreements regularly find ISO 20000 listed as a pre-qualification condition, and a bid without it is simply disqualified before anyone reads the technical proposal.

ISO writes the standards but does not certify anyone — your certificate comes from an independent certification body. That body may or may not be accredited by a national accreditation body belonging to the International Accreditation Forum (IAF).

An IAF-accredited certificate carries more weight with large corporate buyers, exporters and government tender authorities, and costs more. A non-accredited certificate is faster and cheaper, and is accepted by many buyers who simply want to see that you hold ISO 20000.

Our plans are issued through an independent certification body. Before you buy, check what the customer or tender asking you for ISO 20000 actually requires — tell us and we will tell you straight which route you need.

For a small IT firm with a single delivery location, certification typically takes 10–15 working days once your documentation is in order. If you are starting from scratch — no service catalogue, no SLAs, no documented incident or change process — allow longer, because the service management system has to genuinely be in use before it can be audited.

Our professional fees start at ₹4,999. The certification body charges its own audit fee on top, which depends on your headcount, the number of service lines and the number of locations in scope. You get a fixed quote on your free consultation before anything is filed.

Stage 1 is a documentation review: the certification body checks your SMS scope statement, service management policy, service catalogue and process documentation, and tells you what is missing. Stage 2 is the implementation audit — auditors interview your service desk and delivery staff, inspect incident, problem and change records, and check performance against your SLAs to confirm the system is actually being used. Once any nonconformities are closed out, the certificate is issued.

Three years. The certification body conducts a surveillance audit each year during that period to confirm the service management system is still operating and improving, and a full recertification audit at the end of the three-year cycle.
Many Indian IT firms hold both, and enterprise clients often ask for both — ISO 20000 for how reliably you deliver the service, ISO 27001 for how securely you handle the data. They share a common high-level structure, so once you hold one, adding the second is significantly faster and the audits can often be combined.
No. The process runs online — you share documents from your phone or laptop and we handle the documentation and coordination with the certification body. Depending on the scope and the size of your delivery operation, the certification body may conduct its audit remotely or visit your premises.
Still have questions? Talk to an expert
In depth

ISO 20000 Certification in India

ISO 20000 Certification is the international standard for IT Service Management Systems (ITSMS), and it’s becoming a baseline requirement for Indian IT companies, BPOs, and managed service providers that want to win enterprise and government contracts. Built on the ISO certification overview framework developed by the International Organization for Standardization, ISO/IEC 20000-1:2018 sets out precisely what an organisation must do to plan, deliver, and improve IT services reliably. If your company manages IT services for clients, or depends on internal IT to run critical business operations, this certification signals that your processes meet a globally recognised benchmark.

What is ISO 20000 Certification?

ISO 20000 certification is formal recognition that an organisation has built and maintains a Service Management System (SMS) that meets the requirements of the ISO/IEC 20000-1 standard. An SMS is the set of policies, processes, documentation, and controls that govern how IT services are planned, delivered, monitored, and improved. Certification is granted by an accredited third-party certification body after a two-stage external audit.

ISO 20000 is often confused with ITIL (Information Technology Infrastructure Library). The key distinction is that ITIL is a framework of best practices, while ISO 20000 is a certifiable standard with auditable requirements. An organisation can implement ITIL practices to help meet ISO 20000, but holding an ITIL qualification doesn’t give you ISO 20000 certification.

ISO/IEC 20000-1:2018 – The Current Standard

The current version is ISO/IEC 20000-1:2018, published in September 2018. It replaced the 2011 edition and introduced closer alignment with the High Level Structure (HLS) used by other ISO management system standards like ISO 9001 quality management certification and ISO 27001 information security certification. This alignment makes it easier for organisations already holding one ISO certificate to add ISO 20000-1 without rebuilding their management system from scratch.

How ISO 20000 Relates to ITIL

ITIL and ISO 20000 are complementary, not competing. ITIL describes what good IT service management looks like in practice. ISO 20000 defines what an auditor will check to confirm your system is working. Most Indian IT companies that pursue ISO 20000 certification already follow ITIL-aligned processes, which shortens their gap analysis and implementation timeline considerably.

Who Needs ISO 20000 Certification in India?

ISO 20000 certification is relevant to any organisation that provides or manages IT services, whether those services are delivered to external customers or to internal business units. The standard itself states that its requirements are “generic and applicable to organisations of all sizes, sectors, and complexities.”

In our work with clients, we’ve found that ISO 20000 is most commonly pursued by IT services companies bidding on government or large enterprise projects, BPOs with SLA-based service contracts, and in-house IT teams inside banks, hospitals, and manufacturing companies that need to demonstrate service quality to regulators or auditors.

Industries and Organisation Types

The following sectors frequently hold or require ISO 20000 certification in India:

IndustryWhy ISO 20000 Matters
IT & Software CompaniesClient requirement for managed services contracts
BPO / KPOSLA compliance and operational quality assurance
TelecomService delivery consistency across large networks
Banking & Financial ServicesInternal IT governance and regulatory confidence
HealthcareIT systems supporting patient care and data management
Government / Public SectorMandatory for certain government IT contracts
Education TechnologyReliability and uptime standards for EdTech platforms

Benefits of ISO 20000 Certification

ISO 20000 certification delivers measurable operational and commercial benefits, not just a certificate to display on a website.

Organisations certified to ISO/IEC 20000-1 report improvements across three areas: service quality, cost efficiency, and customer retention. According to multiple certification bodies operating in India, companies that implement a structured SMS before their audit typically reduce IT service incidents by 20–35% within the first year of certification, due to the discipline of documented processes and regular internal audits.

Business and Competitive Advantages

  • Tender eligibility: Many central government and PSU IT contracts in India require ISO 20000 certification as a pre-qualification criterion.
  • Client trust: Enterprise clients in BFSI and telecom routinely audit their IT service vendors and treat ISO 20000 as a minimum quality signal.
  • Process efficiency: A certified SMS reduces duplicate efforts, clarifies ownership, and makes service transitions smoother.
  • Employee clarity: Staff know exactly what processes to follow, reducing onboarding time and error rates.
  • Continuous improvement: The PDCA (Plan-Do-Check-Act) cycle built into ISO 20000 means your service quality is designed to improve year on year.

Government and Public Sector Contracts

Public sector organisations in India are increasingly mandating ISO 20000 certification for IT vendors in RFPs. Just as ISO 45001 occupational health and safety is required in manufacturing, ISO 20000 is becoming a standard entry requirement for IT service contracts with ministries, state governments, and PSUs.

ISO 20000 Certification Requirements

ISO/IEC 20000-1:2018 is structured around 10 clauses. Clauses 4–10 contain the actual requirements your organisation must meet.

The standard requires your organisation to define the scope of the SMS, establish service management objectives, manage risks, document and control processes, measure performance, handle non-conformities, and drive continual improvement. It does not prescribe how to do these things – it sets what outcomes the SMS must achieve.

Service Management System (SMS) Requirements

Your SMS must cover the full service lifecycle: planning and design of services, transition (onboarding new services), delivery, improvement, and relationship management with customers and suppliers. The standard also requires you to manage any parts of the SMS that are operated by external parties or other teams within your organisation.

Mandatory Documentation

ISO/IEC 20000-1:2018 requires specific documented information as evidence of your SMS. Key mandatory documents include:

  • Scope statement for the SMS
  • Service management policy and objectives
  • Risk assessment methodology and results
  • Service catalogue
  • Agreements with customers and internal/external suppliers
  • Capacity and demand management plans
  • Service continuity and availability plans
  • Incident, problem, and change management procedures
  • Internal audit programme and audit results
  • Management review records

Documents Required for ISO 20000 Certification

When applying for ISO 20000 certification through a certification body, you’ll need to prepare and submit the following:

DocumentPurpose
SMS Scope StatementDefines which services and locations are covered
Service Management PolicyTop-level commitment from management
Risk RegisterDocuments identified risks and controls
Service CatalogueLists all services in scope with their attributes
Customer Agreements / SLAsFormal service commitments to customers
Supplier AgreementsContracts with third-party service components
Process DocumentationProcedures for all core service management processes
Internal Audit ReportsEvidence of self-assessment before external audit
Management Review MinutesRecords of leadership review of SMS performance
Corrective Action RecordsEvidence of addressing non-conformities

ISO 20000 Certification Process in India

The certification process follows a structured sequence. There are no shortcuts – each step builds on the previous one, and the external audit will look for evidence that your SMS has been operational for at least three months before Stage 2.

Step 1 – Understand the Standard and Conduct a Gap Analysis

Start by reading ISO/IEC 20000-1:2018 and mapping your current IT service management practices against its requirements. A gap analysis identifies where you’re already compliant and where work is needed. Most Indian organisations find gaps in formal documentation, defined measurement metrics, and supplier management controls.

Step 2 – Establish and Document the SMS

Based on the gap analysis, develop or update your SMS documentation. This includes drafting or formalising the service management policy, defining the scope, documenting all processes, creating the service catalogue, and establishing agreements with customers and suppliers. Don’t underestimate this step – documentation quality directly affects how smoothly your audit proceeds.

Step 3 – Implement and Train

Documentation alone doesn’t satisfy ISO 20000. Your team must actually follow the defined processes. Train all relevant staff on the SMS, run the processes in real operations, and start collecting records and metrics. The standard requires evidence of the SMS being “implemented and maintained,” not just written.

Step 4 – Internal Audit

Conduct a formal internal audit of the SMS at least once before the external audit. The internal audit checks whether your processes are being followed and whether they’re producing the required outcomes. Identify any non-conformities and close them before inviting the certification body.

Step 5 – Select an Accredited Certification Body

Choose a certification body accredited by a recognised accreditation body (such as NABCB in India, or UKAS or DAkkS internationally). In India, accredited bodies offering ISO 20000 certification include Bureau Veritas, TÜV SÜD, DNV, DQS India, and ISOQAR India. The certification body conducts the external audit in two stages.

Step 6 – Stage 1 Audit (Documentation Review)

The certification body reviews your SMS documentation to confirm it meets ISO/IEC 20000-1 requirements and that you’re ready for the on-site assessment. Stage 1 is typically done remotely or at your office. The auditor provides a written report identifying any major or minor gaps. You must address all major gaps before Stage 2.

Step 7 – Stage 2 Audit (On-Site Assessment)

The Stage 2 audit is the main certification assessment. Auditors visit your site, interview staff, observe processes, and sample records to confirm the SMS is implemented and effective. If non-conformities are found, you’ll have a defined period to address them and submit evidence of correction.

Step 8 – Certification Issued and Surveillance Audits

If your Stage 2 audit is successful, the certification body issues the ISO 20000 certificate, valid for three years. During this period, the certification body conducts surveillance audits at 6, 9, or 12-month intervals to verify ongoing compliance. A full recertification audit takes place at the end of the three-year cycle.

ISO 20000 Certification IT Service Management Process | LegalFidelity
ISO 20000 Certification IT Service Management Process | LegalFidelity

ISO 20000 Certification Cost in India

Cost varies based on organisation size, number of services in scope, number of sites, and the certification body chosen.

Timeline for ISO 20000 Certification

PhaseTypical Duration
Gap Analysis2–4 weeks
SMS Documentation4–8 weeks
Implementation & Training6–10 weeks
Internal Audit & Corrective Actions2–4 weeks
Stage 1 Audit (Scheduling + Execution)2–4 weeks
Stage 2 Audit (Scheduling + Execution)2–4 weeks
Certificate Issuance1–2 weeks after Stage 2

The total timeline from kickoff to certificate is typically 4–7 months for small to mid-size Indian IT companies. One factor that consistently extends timelines is underestimating the implementation phase – organisations that rush documentation without actually running processes for at least three months often face delays at Stage 2 when auditors find insufficient evidence of the SMS being “maintained.” Build in time to operate your processes before scheduling the audit.

ISO 20000 vs ISO 27001 vs ITIL – Key Differences

Indian IT companies often ask whether to pursue ISO 20000 or ISO 27001 information security certification first. Here’s how they compare:

AspectISO 20000-1:2018ISO 27001:2022ITIL 4
FocusIT service managementInformation securityIT service best practices
Certifiable?Yes (organisation)Yes (organisation)Yes (individual)
Mandatory?No (voluntary)No (voluntary, but often required by clients)No
Audit required?Yes (external)Yes (external)No
Best suited forIT service providersAll organisations handling dataIT teams seeking process guidance

If your clients are primarily concerned with data security and privacy, ISO 27001 may be the higher priority. If your contracts are SLA-driven and focus on service delivery quality, ISO 20000 is more directly relevant. Many Indian IT companies pursue both. The overlapping High Level Structure of the two standards means you can integrate both management systems and reduce audit duplication.

You might also want to consider ISO 14001 environmental management standard if your organisation has sustainability reporting obligations alongside service management goals.

LegalFidelity has helped 100,000+ businesses across India navigate complex compliance and certification processes. Our network of 500+ qualified professionals includes consultants experienced in ISO/IEC 20000-1 implementation, gap analysis, and audit preparation for IT companies of all sizes – from bootstrapped startups to mid-size IT services firms.

We handle the end-to-end process: from your initial gap analysis and SMS documentation to connecting you with the right accredited certification body. Our team knows what Indian auditors from bodies like Bureau Veritas and TÜV SÜD look for, which means fewer surprises during Stage 2. With a 4.8/5 star rating across 1,730+ reviews, transparent pricing, and no hidden fees, we make ISO 20000 certification achievable – not just for large IT firms, but for growing SMEs and Udyam MSME registration holders looking to qualify for government IT contracts.

Call us at +918368353855 or visit legalfidelity.com/contact-us to get a custom quote based on your organisation’s size and scope.

Conclusion

ISO 20000 certification validates that your organisation’s IT service management processes meet an internationally recognised standard, making it a practical requirement for IT companies that want to win enterprise contracts, satisfy government RFPs, and build client confidence in their service delivery. The process takes 4–7 months and requires genuine implementation of a Service Management System, not just documentation. Working with an experienced compliance partner shortens the path and reduces the risk of audit delays.

Who does the work

A verified network of CAs, CS and lawyers

Every filing is prepared and reviewed by a qualified professional — never a bot, never an intern.

CA

Chartered Accountants

GST, ITR, audits, bookkeeping and tax planning — handled by practising CAs with startup experience.

GST & returnsTax planningAudit support
CS

Company Secretaries

Incorporations, ROC filings, board resolutions and secretarial compliance, done right the first time.

IncorporationROC filingsGovernance
ADV

Lawyers & IP Attorneys

Trademarks, agreements, licences and legal notices — drafted and filed by experienced advocates.

Trademark & IPContractsLicences
Every professional on our panel is verified — membership numbers checked with ICAI, ICSI and Bar Council records.
Trusted by founders across India

What Our Clients Say

LegalFidelity made starting my business incredibly simple. Their step-by-step guidance and expert support were invaluable — from name approval to my first GST return, one team handled everything.

The most reliable legal service platform. They handled all our compliance needs efficiently and professionally.

Their expertise in business registration and compliance saved us countless hours. Highly recommended!

Free consultation · No obligation

Talk to a Startup Expert. Free. Today.

Tell us what you're building. We'll tell you exactly what you need, what it costs, and how long it takes — before you pay a rupee.

Fixed, all-inclusive quote upfront
Callback within 30 minutes, 9am–9pm
Advice from a qualified CA / CS — not a sales rep
Free Consultation

Get your free expert call

Our Startup Expert will connect with you for a detailed consultation.

Your info is safe. No spam, ever.