ISO/IEC 20000-1:2018

ISO/IEC 20000-1:2018 overview

ISO/IEC 20000-1:2018 is an international standard for IT service management that defines requirements for the development, implementation, monitoring, maintenance, and improvement of an IT service management system. A related standard ISO/IEC 20000-2:2019 provides guidance on the application of service management systems. Moreover, ISO/IEC 27013:2015 guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 was released for organizations planning to implement ISO/IEC 20000-1 when ISO/IEC 27001 is already implemented or planning to implement these two standards together. ISO/IEC 20000-1:2018 is the only standard in the ISO/IEC 20000 family that results in a formal certification.

The ISO/IEC 20000-1 certificate demonstrates that a cloud service provider has implemented the right IT service management procedures to deliver efficient and reliable IT services that are subject to regular monitoring, review, and improvement. It helps organizations provide assurance to customers that their service requirements will be fulfilled.

Applicability

  • Azure
  • Azure Government
  • Azure China (for more information, see Trust Center documentation)

Services in scope

For a list of Microsoft cloud services in audit scope, see the Azure ISO/IEC 20000-1 certificate or Cloud services in audit scope:

  • Azure
  • Dynamics 365
  • Microsoft 365
  • Power Platform

Audit reports and certificates

The Azure ISO/IEC 20000-1 certificate covers Azure, Dynamics 365, Power Platform, and select Microsoft 365 cloud services. You can access Azure ISO/IEC 20000-1 audit documents from the Service Trust Portal (STP) ISO reports section. For instructions on how to access audit reports and certificates, see Audit documentation.

Frequently asked questions

Why is ISO/IEC 20000-1 certification important?
An independent third-party auditing firm performed a rigorous examination of Azure and several Microsoft online services for adherence to the requirements established in the ISO/IEC 20000-1 standard. The available ISO/IEC 20000-1 certificate demonstrates that Azure and covered Microsoft online services have implemented the right IT service management procedures to deliver efficient and reliable IT services that are subject to regular monitoring, review, and improvement.

How can I get the Azure ISO/IEC 20000-1 audit documentation?
For links to audit documentation, see Audit reports and certificates.

Can I use the Azure ISO/IEC 20000-1 compliance assurances in my organization’s certification process?
Yes. If your business is seeking certification for an implementation deployed using in-scope services, you can use the relevant Azure certifications in your compliance assessment. However, you're responsible for engaging an assessor to evaluate your implementation for compliance and for the controls and processes within your own organization.

Resources