APMG buys itSMF-UK's ISO20000 certification scheme

Posted October 6th, 2010 by editor

APMG extends its interest in the ITSM market by buying the ISO20000 certification scheme that was developed and exploited by itSMF-UK.
This certifcation scheme was used by the first Registered Certification Bodies (RCBs) that audited organizations against the ISO20000 standard.

The Scheme was used to audit the first several hundreds of organizations. Later, other schemes were developed and used for the same purpose, by organizations that didn't follow the itSMF-UK approach.

The certification of ISO20000, the acceptance of the standard, and the role of itSMF-UK, are much debated. Some recent comments from one of ITSM Portal's LinkedIn groups:

Ralph Gray: "If we were in any other industry, compliance with (and possibly certification to) that industry’s international standards would be regarded as a mandatory requirement."

Michael Imhoff Nielsen: "Since customers don't demand a ISO/IEC 20000 certificate from the service providers there is no business case for getting it. Once customers or regulators (EU etc.) demands a certificate you'll see every service provider pursuing it."

Sally Smoczynski: "In 2009, the U.S. Federal Government began mandating ISO 20000 for specific contract vehicles. The government suppliers who intended to PRIME these contracts all acheived ISO 20000 certification. These Prime Suppliers are now beginning to request certification of their supply chain, thus making the US market very active. I believe that ISO 20K and soon to follow, ISO 27001 will have a strong uptick in the next few years within the US."

Tariq Elsadik: " We are seeing a big push in the GCC market for ISO20K and for all the good reasons. In some countries, it has become or in the process of becoming a regulatory requirement. It maybe a while before the true business benefits the standard brings are really clear. "

Johann Botha: "...we also see a upward trend of customers who asks us about 20K although there is currently only two companies in our country that is certified (one, one of our customers). "

Jan van Bon: "the individual influence of the auditor is high here. First of all, these auditors have very little experience in IT Service Management, and second - they hardly have any reference material. The only published certification stories are the ones in the Road book: http://www.vanharen.net/implementing_isoiec_20000_certification_roadmap_english_version-p199.html "

Geoff Harmer: "Very interesting to see that Spanish site showing organisations with ISO 20K certification mainly audited by AENOR. http://www.aenor.es/desarrollo/certificacion/sistemas/descripcion.asp ";
and an interesting conclusion from Geoff:
"Britain no longer rules the world ;-) and others set up their own schemes in competition and now we have certificates that are incompatible. If you are a business in a country, then a certificate awarded by a body in that country seems fine, but internationally it may be very weak. To draw an analogy. A masters degree from Harvard University has the reputation of being a lot better than a masters from most other universities in the world. Universities have an international scheme that compares academic qualifications so that they can assess whether to take on a prospective student. So shouldn't we have an international scheme to compare ISO 20K certificates?"

The organizations certified against the itSMF-UK scheme are listed at the ISOIEC20000certification website. This list is definitely outdated. And more and more organizations are audited against other schemes. For example, check http://www.itil-iso20000.com/ . It provides a list of 65 Spanish companies that were certified against ISO20000, most of them by AENOR and EQA. Probably only a handful was using the itSMF-UK scheme....
It's just like in any other country: each RCB can set their own requirements. The result however, is that the certificates are fundamentally uncomparable. And another reason to make this even harder: the scope of certifications is so widely varying that it is not so clear what 'a certificate' means....

itSMF-UK was an unofficial body in terms of certification, but this was repaired some time ago. Relationships are still complex, however. itSMF-UK accredits RCBs using the itSMF UK scheme. itSMF-UK is accredited by UKAS and UKAS is accredited by IAF. Will APMG be accredited by UKAS? If not, they won't be able to exploit the scheme. This would mean that yet another non-auditing company woud be accredited amongst regular professional auditing organizations.

Which would make the meaning of 'an ISO200000 certificate' even more mystified.

More information on the certification against ISO20000: read the ISO200000 Roadmap, an instructive guide including several cases.
More information on ISO20000: read the Introduction to ISO20000, including the full text of the standard Parts 1 and 2.

You are not watching this post, click to start watching

Tags:

Comments

Geoff Harmer (08/10/2010)

David
Interesting to hear the background to AENOR, thanks.

Regarding your second comment.

My understanding is that both the Certification scheme and Qualification scheme have been sold to APMG by itSMF UK.
See:
http://www.itsmf.co.uk/web/FILES/Qualifications/ISOIEC20000-PressRelease...

itSMF UK was the owner of the Certification scheme (used by RCBs to grant ISO 20K certificates to organisations) and the Qualification scheme (used to accredit training companies and their trainers, set exams and award ISO 2k Auditor and ISO 20K Consultant certificates to individuals who passed the exams).

You're right about name confusion, although Certification and Qualification schemes are correctly named I feel.

I always tell delegates that:
RCB get accredited (by NABs)
Organisations get certified (by RCBs)
Individuals get qualified (by taking a course and exam)

But, of course, we say confusing things such as
"She gained a certificate for passing the exam",
"He is an accredited trainer with an accredited training company".

Geoff

David Bathiely (07/10/2010)

Another two things just caught my eye:

"It's just like in any other country: each RCB can set their own requirements."

This is not entirely correct, RCB's should (not an obligation as far as I'm aware, but for credibility purposes, end customers tend to ask for it) comply with the accreditation scheme their national accreditation entity provides, but if there's none, they can accredit companies without it or use an alternate one, for example AENOR is now accredited against the itSMF UK scheme since ENAC didn't put out theirs. The first companies AENOR certified in Spain have been so without AENOR being accredited agaisnt any scheme.

And what is entirely wrong, is that the certificates are fundamentally incomparable: "The result however, is that the certificates are fundamentally uncomparable".
Certificates delivered to companies ARE ALWAYS BASED ON THE ISO/IEC 20000 REQUIREMENTS, in order to obtain its certificate a company needs to comply with all the requirements in the standard and no matter who accredited the RCB performing the audit, the controls are the same.

The difference the Accreditation schemes sets have nothing to do with the standard itself, it sets requirements RCB's and their auditors have to comply with in order to be allowed to certify companies. The RCB needs to demonstrate they have all necessary processes and procedures in place to perform audits and that their auditors are capable, experienced and certified but that's it. RCB's accredited under different schemes can have slightly different procedures or their auditors can be asked to demonstrate more experience, but as far as the ISO/IEC 20000 certificate is concerned, nothing changes.

David Bathiely (07/10/2010)

I think there's a big misunderstanding (and it might be me that is mistaken) but from what I gather from the APMG's news item on their website (http://www.apmg-international.com/home/News_Events/05Oct2010ISOIEC20000E...) , it's the Certification and Qualification scheme they acquired and not the RCB's Accreditation scheme...

The RCB accreditation scheme (incorrectly called certification scheme on isoiec20000 website) is used by National Accreditation Bodies such as UKAS (UK), ENAC (SPAIN) or COFRAC (FRANCE) to entitle RCB's such as BSI, AENOR or AFNOR to audit and deliver certification under that scheme. Since there was none for BS15000, itSMF UK developed their own and if I'm not mistaken UKAS actually recognises it. Other National Accreditation Bodies can actually develop their own alternative for this scheme.

Now, in my understanding, what APMG acquired from itSMF UK are the trainings and certificates that relate to people: ISO20k Consultant and Auditor courses and certifications, the only relation these maintain with the accreditation scheme is that in the accreditation scheme the auditors are required to be certified, as a matter of fact the scheme should even be updated since there are other more recent certificates nowadays that didn't exist when the scheme was developed and that it fails to mention them. This might be corrected if independent National Accreditation Bodies develop their own...

Regards,
David Bathiely.

Anonymous (07/10/2010)

Regards,
David Bathiely.

Post new comment

Anonymous

topic: Why a “rules based” approach to Change Management always fails

post: Sounds somewhat like "Manage
Anonymous

topic: Is my ITIL V2 Service Master certification garbage now?

post: I wouldnt worry about the
editor

topic: New Post Graduate Certificates in ITSM coming up

post: Also read the column by Geoff
Anonymous

topic: Updated ITIL Pocket Guide now covers all of ITIL Foundation

post: so it can be used as very
editor

topic: After taking ITIL, APMG now takes control over EXIN's ASL/BiSL exams.

post: They sure had.... Many