ISO IEC 20000-6-2017 PDF

Full title and description

ISO/IEC 20000-6:2017 — Information technology — Service management — Part 6: Requirements for bodies providing audit and certification of service management systems. This part specifies requirements and guidance for certification bodies that audit and certify Service Management Systems (SMS) against ISO/IEC 20000-1 and can be used by accreditation bodies when accrediting such certification bodies.

Abstract

ISO/IEC 20000-6:2017 defines the specific requirements and guidance applicable to third‑party bodies that perform audits and issue certification for service management systems (SMS). It complements ISO/IEC 17021‑1 by adding SMS‑specific expectations (for example, competence criteria, impartiality considerations and information requirements) and aligns certification practice with the ISO/IEC 20000 series. The standard is intended to ensure consistent, impartial and competent certification of SMS in accordance with ISO/IEC 20000‑1.

General information

• Status: Published (confirmed in ISO systematic review 2022; remains current).
• Publication date: June 2017 (Edition 1, published 2017-06-06).
• Publisher: ISO and IEC (joint international standard published by the International Organization for Standardization and the International Electrotechnical Commission).
• ICS / categories: 03.080.99, 03.120.20, 35.020 (Information technology; Conformity assessment; IT service management).
• Edition / version: Edition 1 (2017).
• Number of pages: 13.

Scope

Specifies requirements and provides guidance for bodies providing audit and certification of service management systems (SMS) in accordance with ISO/IEC 20000‑1. It does not change the requirements of ISO/IEC 20000‑1; rather it supplements ISO/IEC 17021‑1 with SMS‑specific application and expectations. It can also be used by accreditation bodies when accrediting certification bodies for SMS certification.

Key topics and requirements

• Application of ISO/IEC 17021‑1 principles to SMS certification and SMS‑specific guidance where applicable.
• General requirements for legal, contractual, impartiality, liability and financing matters for certification bodies.
• Structural requirements for certification bodies (organization of certification activities, segregation of duties, independence).
• Resource and competence requirements for personnel involved in certification (auditors, technical experts): SMS domain knowledge, auditing skills and continual professional development.
• Rules for use of external auditors and experts, outsourcing and personnel records.
• Information requirements: public information, certification documents, reference to certification and use of marks, confidentiality and data handling.
• Guidance on avoiding conflicts of interest and permitted non‑conflicting activities (e.g., generic training, publicly available guidance).
• Alignment and normative references to ISO/IEC 20000‑1 and other parts of the ISO/IEC 20000 family.

Typical use and users

Primary users are accreditation bodies and certification bodies that audit and certify service management systems. Secondary users include auditors, conformity assessment personnel, service providers seeking certification (organizations implementing an SMS), consultants, trainers, and procurement or compliance functions that rely on third‑party certification of SMS.

Related standards

Key related documents include ISO/IEC 20000‑1 (Service management system requirements), other parts of the ISO/IEC 20000 family (guidance and implementation parts such as Parts 2, 3 and TR 20000‑10), and ISO/IEC 17021‑1 (Conformity assessment — Requirements for bodies providing audit and certification of management systems). The standard should be read and applied together with ISO/IEC 20000‑1 and ISO/IEC 17021‑1 when establishing certification schemes for SMS.

Keywords

service management, SMS, certification, audit bodies, certification bodies, impartiality, competence, ISO/IEC 20000, ISO/IEC 17021, accreditation, conformity assessment.

FAQ

Q: What is this standard?

A: ISO/IEC 20000‑6:2017 is the part of the ISO/IEC 20000 series that sets out requirements and guidance specifically for bodies that audit and certify Service Management Systems (SMS).

Q: What does it cover?

A: It covers requirements for certification bodies’ legal and contractual arrangements, impartiality, liability and financing, structural and resource arrangements, competence of personnel, use of external auditors and experts, information and confidentiality, and other SMS‑specific application of ISO/IEC 17021‑1.

Q: Who typically uses it?

A: Accreditation bodies and certification bodies are the primary users. Organizations seeking SMS certification, auditors, consultants and trainers also use it to understand how certification activities should be conducted.

Q: Is it current or superseded?

A: The edition is ISO/IEC 20000‑6:2017 (first edition, published June 2017). It was reviewed and confirmed during ISO’s systematic review process in 2022 and remains current as of March 3, 2026.

Q: Is it part of a series?

A: Yes — it is Part 6 of the ISO/IEC 20000 family on IT service management. It is intended to be used alongside Part 1 (requirements for an SMS) and other parts of the series.

Q: What are the key keywords?

A: Service management, SMS, certification, audit, certification body, impartiality, competence, ISO/IEC 20000, conformity assessment, accreditation.