Accredited ISO/IEC 20000-1:2018 certification issued by TNV Global Limited (India) under United Accreditation Foundation (UAF) accreditation, with local representation in Doha by Guardian Middle East LLC.
Demonstrate your IT service organisation’s commitment to systematic service management, customer-focused service delivery, and continual service improvement. Aligned with ITIL framework principles, Qatar Vision 2030 digital transformation priorities, and the substantial IT service expectations of Qatar’s banking, telecommunications, healthcare, government, and energy sectors.
Stable Standard with Active Maintenance. ISO/IEC 20000-1:2018 was updated by Amendment 1:2024 (Climate action changes) which is now in effect (no transition period — applicable from publication on 23 February 2024). The 2018 edition remains the current certifiable edition. Active family supplements include ISO/IEC TS 20000-16:2025 (sustainability guidance) and ISO/IEC TR 20000-17:2024 (scenarios). No successor edition is in formal development.
ISO/IEC 20000-1:2018 is the international standard for IT Service Management Systems (SMS). It specifies requirements for an organisation to establish, implement, maintain and continually improve a service management system, with the intended outcome of consistently delivering services that meet customer requirements and create value for stakeholders.
ISO/IEC 20000-1:2018 was developed by ISO/IEC JTC 1/SC 40 (IT Service Management and IT Governance). The 2018 edition (third edition) introduced significant changes from the 2011 edition — adoption of the Harmonised Structure, removal of explicit PDCA references, integration with broader business management, and modernised service management concepts.
ISO/IEC 20000 family overview:
Key concepts of ISO/IEC 20000-1:2018:
Qatar’s substantial digital transformation under Vision 2030, combined with the country’s role as a regional financial and logistics hub, creates significant demand for systematic IT service management. ISO/IEC 20000-1 provides the international framework most relevant to organisations delivering or consuming IT services at scale.
Qatar Digital Government, Tasmu Smart Qatar, and broader digital transformation initiatives create substantial demand for reliable IT service delivery. Government agencies, public-sector technology providers, and private-sector IT vendors benefit from ISO/IEC 20000-1 evidence of systematic service management.
Qatar Central Bank (QCB) regulatory expectations, QFC operational risk frameworks, and broader financial sector technology resilience requirements increasingly reference IT service management standards. Banks, payment processors, fintech providers, and core banking system vendors gain credible compliance evidence through ISO/IEC 20000-1.
Ooredoo and Vodafone Qatar manage substantial service portfolios. Network operators, managed service providers, and IT outsourcing firms rely on systematic service management. ISO/IEC 20000-1 certification is increasingly expected by major customers and partners.
Hamad Medical Corporation, Sidra Medicine, and emerging digital health providers depend on reliable IT services for clinical and operational continuity. ISO/IEC 20000-1 supports systematic service delivery in healthcare IT contexts where service interruption has patient-safety implications.
Qatar government and major private-sector procurement increasingly references ISO/IEC 20000-1 in IT service procurement specifications. Service providers without certification face exclusion from significant tender opportunities.
ISO/IEC 20000-1:2018 follows the Harmonised Structure (Clauses 4-10), with extensive service management-specific requirements throughout:
Clause | Title | Key Requirements |
4 | Context of the Organisation | Internal/external issues · Stakeholder needs and expectations · SMS scope and services · Climate change relevance (Amd 1:2024) |
5 | Leadership | Top management commitment · Service management policy · Roles, responsibilities, authorities · Customer focus |
6 | Planning | Risk and opportunity treatment · Service management objectives · Service portfolio planning · Planning of changes |
7 | Support of the Service Management System | Resources · Competence · Awareness · Communication · Documented information · Knowledge management |
8 | Operation of the Service Management System | Operational planning and control · Service portfolio (catalogue, asset, configuration) · Relationship and agreement · Supply and demand · Service design, build and transition · Resolution and fulfilment (incident, service request, problem) · Service assurance (availability, capacity, continuity, information security) |
9 | Performance Evaluation | Monitoring, measurement, analysis · Service reporting · Internal audit · Management review |
10 | Improvement | Nonconformity and corrective action · Continual improvement of the SMS and services |
Distinctive ISO/IEC 20000-1 service management requirements (Clause 8): The standard’s central differentiator is the comprehensive service management process framework — service portfolio (8.2), relationship and agreement (8.3), supply and demand (8.4), service design/build/transition (8.5), resolution and fulfilment including incident, service request, and problem management (8.6), and service assurance covering availability, capacity, continuity, and information security (8.7).
ISO/IEC 20000-1:2018 applies to organisations that deliver or manage IT services. In practice, certification is most relevant to:
ISO/IEC 20000-1 generally NOT directly applicable to: Software development organisations focused purely on product delivery without ongoing service responsibility · Hardware manufacturers without service operations · Pure IT consultancy firms without service delivery (but ISO 9001 may apply).
ISO/IEC 20000-1:2018 applies to organisations that deliver or manage IT services. In practice, certification is most relevant to:
ISO/IEC 20000-1 generally NOT directly applicable to: Software development organisations focused purely on product delivery without ongoing service responsibility · Hardware manufacturers without service operations · Pure IT consultancy firms without service delivery (but ISO 9001 may apply).
TNV (with Guardian local support) follows the ISO/IEC 17021-1:2015 certification process, with IT service management sector-specific competence requirements per ISO/IEC 17021-4 and ISO/IEC 20000-6:
Stage | Activity | Outcome |
1 | Application & Contract | Application form. TNV reviews scope (services in scope, customer base, geographic footprint, supplier dependencies), proposes audit plan. Contract signed with TNV. Guardian Middle East LLC coordinates locally. |
2 | Stage 1 Audit | On-site or remote readiness review. Auditor verifies SMS documentation, service catalogue, service-level agreements (SLAs), policy framework, internal audit, management review. |
3 | Stage 2 Audit | On-site full audit. Auditor samples evidence across all clauses, observes service operations, reviews incident/problem/change records, audits service portfolio management, validates service performance reporting. |
4 | Certification Decision | TNV’s certification committee reviews audit report. Certificate issued by TNV Global Limited (3-year validity) upon positive decision. Local distribution via Guardian. |
5 | Surveillance & Recertification | Annual surveillance audits. Recertification before Year 3. Cycle repeats. Local audit delivery via Guardian Doha. |
Auditor competence: ISO/IEC 20000-1 audits require auditors with substantive IT service management technical competence — typically ITIL-certified, sector experience, and SMS implementation backgrounds. Generic auditors without IT service management depth are insufficient.
Typical end-to-end implementation timeline is 8 to 14 months depending on organisation maturity and existing ITIL/ITSM capability:
Phase | Duration | Activities |
Gap Analysis | 4-6 weeks | Review existing ITSM capability against ISO/IEC 20000-1:2018 (with Amd 1:2024). Assess service catalogue completeness. Process maturity assessment. |
System Design | 8-12 weeks | Develop SMS Manual, service management policy, service catalogue, SLAs, service management plans, integration with ITIL processes. |
Implementation | 12-24 weeks | Roll out new processes. ITSM tool implementation/enhancement. Process integration (incident, problem, change, configuration, etc.). Training across IT operations. |
Internal Audit & Review | 4 weeks | Internal audit cycle covering all clauses. Service performance review. Management review. Address findings. |
Certification Audit | 3-5 weeks | Stage 1 readiness review. Stage 2 full audit. Address any nonconformities. |
Key implementation considerations: Organisations with mature ITIL implementation typically achieve 8-month timelines. Service catalogue definition often the foundation step. ITSM tool capability significantly affects achievable timeline. Organisations without existing ITSM tooling face extended implementation.
Indicative pricing range: QAR 6,000 – 24,000 depending on organization size, service portfolio breadth, geographic spread, and integration with other certifications. The figure above is the indicative range for the initial certification audit (Stage 1 + Stage 2 combined) for typical small-to-medium IT service organizations.
Audit time and corresponding fee is calculated per IAF Mandatory Document 5 (IAF MD 5) with IT service management sector adjustments which consider:
For an exact quotation, contact Guardian Middle East LLC. We coordinate with TNV’s certification operations to provide accurate quotations based on your service profile and integration plans.
Tier 3 Disclosure — Issued by TNV Global Limited under UAF Accreditation. Certificates for ISO/IEC 20000-1:2018 are issued by TNV Global Limited (India) under United Accreditation Foundation (UAF) accreditation, recognized under IAF MLA. TNV Global Limited is the parent group of Guardian Assessment Pvt Ltd. Local representation, audit coordination, and customer support in Qatar by Guardian Middle East LLC (QFC 03870). IAF MLA Recognized under transition to GAC MRA. UAF aligning with GAC Inc. operational from 01 January 2026.
ISO/IEC 20000-1 certifications under the Guardian/TNV group are currently issued by TNV Global Limited (the parent group entity) under UAF accreditation. Guardian Assessment Pvt Ltd’s UAF/IAS scope does not currently include ISO/IEC 20000-1 — however, TNV Global Limited’s UAF Management System Certification Body accreditation covers this standard. This arrangement preserves the international IAF MLA recognition while leveraging the appropriate group-entity accreditation scope.
Tier | Issuing Body & Standards |
Tier 1 | Guardian Assessment Pvt Ltd certificate · QS Certification Body Reg RB066-26 + UAF/IAS · Standards: ISO 9001/14001/45001 |
Tier 2 | Guardian Assessment Pvt Ltd certificate · UAF/IAS only · Standards: ISO 21001/27001/37001/27701/55001/13485 |
Tier 3 (this standard) | TNV Global Limited certificate · UAF only · Standards: ISO/IEC 20000-1, ISO 50001, and others where TNV holds the relevant scope |
Note: Group-entity branding does not affect international recognition. UAF accreditation under IAF MLA provides the same global recognition regardless of which group entity issues the certificate.
View Guardian’s recognition and accreditation details for more information about applicable recognition marks and registrations
ISO/IEC 20000-1:2018 is the current third edition (replacing 2005 first edition and 2011 second edition). The 2018 edition introduced significant changes including adoption of the Harmonised Structure, integration with broader business management, and modernised service management framework.
ISO/IEC 20000-1:2018 / Amendment 1:2024 — Climate action changes was published on 23 February 2024 as part of the IAF/ISO joint Climate Action initiative applied to all Annex SL-based ISO management system standards. No transition period applies — the amendment is effective from publication. The 2018 edition with this amendment is the current certifiable edition.
No formal revision project for ISO/IEC 20000-1 is currently active. ISO/IEC JTC 1/SC 40 systematic review activity is ongoing but has not initiated a successor edition project. The 2018 edition with Climate Amendment 1:2024 is expected to remain current for the foreseeable future. Family supplements (TS, TR documents) continue to be developed to support 2018 edition implementation.
Reality: ISO/IEC 20000-1 is a certifiable management system standard. ITIL is a framework of best practices for IT service management. They are complementary — ITIL provides ‘how to do’ service management; ISO/IEC 20000-1 provides ‘what your SMS must demonstrate’ for certification. Most ISO/IEC 20000-1 certified organisations also adopt ITIL practices.
Reality: Internal IT departments providing services to internal business units are also eligible and benefit. The ‘service provider’ role exists wherever IT services are delivered to defined customers — whether external or internal.
Reality: ISO/IEC 20000-1 includes information security as an aspect of service assurance (Clause 8.7.3) but is not a comprehensive information security management standard. ISO/IEC 27001 provides the comprehensive ISMS. Many organisations certify both — they integrate naturally.
Reality: ISO/IEC 20000-1 specifies SMS requirements but is technology- and framework-agnostic in implementation. Organisations may use ITIL, COBIT, or hybrid approaches to meet the requirements. The standard prescribes outcomes and process integration, not specific methodologies.
Reality: No separate audit. Climate Amendment 1:2024 adds two requirements within Clause 4.1 and 4.2 — climate change relevance assessment and interested party climate requirements. These are integrated into the standard SMS audit. Most IT service organisations identify climate change as a relevant issue (energy consumption, data centre emissions, business continuity climate-related disruption) and document this within their context analysis.
Integration | Why & When |
20000-1 + 27001 | SMS + InfoSec — Most natural pairing. ISO/IEC 20000-1 service assurance (Clause 8.7.3) interfaces with ISO/IEC 27001 ISMS. Almost universally combined. |
20000-1 + 9001 | SMS + Quality — Useful for IT service organisations seeking broader quality framework. Both Harmonised Structure. |
20000-1 + 22301 | SMS + Business Continuity — Service continuity (Clause 8.7.2) interfaces with ISO 22301 BCMS. Common pairing for critical service providers. |
20000-1 + 27701 | SMS + Privacy — Important for cloud and SaaS providers handling personal data. Privacy-by-design in service management. |
20000-1 + 14001 | SMS + Environmental — Increasingly relevant for data centre operators and cloud providers managing environmental footprint. |
20000-1 + 50001 | SMS + Energy — Strong pairing for data centre operators and energy-intensive IT operations. |
20000-1 + 42001 | SMS + AI Management — Emerging pairing for AI-enabled service providers and AI-driven service operations. |
Integrated audit benefits: ISO/IEC 20000-1 + ISO/IEC 27001 + ISO 9001 triple integration delivers substantial savings (often 30-40% audit time reduction vs separate certifications) and is the most common combination in mature IT service organizations. Explore the full ISO standards library to compare related certification options for quality, environment, safety, energy, and sustainability.
Verify CB accreditation directly on UAF (or applicable AB) register for ISO/IEC 20000-1:2018. Confirm IAF MLA recognition for international acceptance.
ISO/IEC 20000-1 audits require auditors with substantive ITSM technical competence — typically ITIL Foundation or higher, sector experience, and SMS implementation backgrounds. Generic auditors without ITSM depth provide superficial audits.
Most ISO/IEC 20000-1 certifications are integrated with ISO/IEC 27001 and/or ISO 9001. Choose CB with integrated audit capability across these standards for efficiency. TNV’s integrated audit programme delivers this.
ISO/IEC 20000-1 audits typically require on-site presence for service operations observation. Local presence reduces travel costs. Guardian Middle East LLC provides local coordination, audit logistics, and customer support for TNV-issued certifications.
CB must not have provided ITSM consultancy services to the client within 2 years prior.
For Guardian/TNV group certifications, the same group provides ISO 9001/14001/45001 (Tier 1), other ISO MS standards (Tier 2), and ISO/IEC 20000-1/50001 (Tier 3). This consistency simplifies multi-standard portfolios while leveraging the appropriate group-entity accreditation scope.
Compare on full 3-year total cost (initial + 2 surveillance + recertification). Integration discounts often substantially reduce multi-standard total cost.
Audit | Timing & Scope |
Surveillance 1 | Within 12 months of Stage 2. ~30% of Stage 2 duration. Mandatory: management review, internal audit, service performance review, incident/problem trends, SLA performance, corrective actions. |
Surveillance 2 | Within 24 months of Stage 2. Same scope, different process sample. Includes any service portfolio changes. |
Recertification | Before 3-year anniversary. ~70% of Stage 2 duration. Re-evaluation of full SMS. Issues new 3-year certificate. |
Special audits triggered by: significant scope change, major service portfolio addition, certificate transfer, major customer disruption.
Certified IT service organisations may use TNV mark and UAF accreditation mark on documents, marketing, websites, tender submissions — subject to TNV’s Use of Marks Policy (Guardian Middle East LLC provides local guidance).
Permitted: Letterhead, marketing materials, websites, tender submissions, service portfolio documents.
Prohibited: Use that implies certification of products beyond SMS scope · Use on individual deliverables outside service scope · Continued use after suspension/withdrawal.
Full policy: → Use-of- Marks
TNV operates an independent complaints and appeals process compliant with ISO/IEC 17021-1:2015. Local intake and coordination via Guardian Middle East LLC.
Full process: → Complaints & appeals
Ready to begin your ISO/IEC 20000-1 certification journey? Contact Guardian Middle East LLC for a no-obligation initial consultation. We coordinate with TNV Global Limited’s certification operations to provide accurate quotations based on your service profile. Local audit logistics and customer support throughout the certification lifecycle.
Guardian Middle East LLC | Serving the Middle East
QFC Licence 03870 · Doha, Qatar
Location: Abo Hamour Area, Doha, Qatar
P.O. Box: 23277, Doha, Qatar
Mobile: +974 7770 2602 | +974 7213 7770
Email: info@guardian.qa
Website: www.guardian.qa
Or submit an enquiry: → Contact
