What is the primary objective of ISO 20000?

The primary objective of ISO/IEC 20000-1:2018 is to specify requirements for establishing, implementing, maintaining, and continually improving a service management system (SMS). This ensures organizations deliver services across their full lifecycle—planning, design, transition, delivery, and improvement—while meeting agreed requirements through structured processes in Clauses 4–10, aligned with Annex SL and the Plan-Do-Check-Act (PDCA) cycle.

Who is legally or professionally required to comply with ISO 20000?

No organizations are legally required to comply with ISO 20000, as it is a voluntary international standard. Professionally, service providers in IT, cloud, managed services, facilities, or business processes adopt it for certification to demonstrate SMS maturity, particularly where customers, tenders, or contracts demand evidence of reliable service delivery via Clauses 4 (context) and 8 (operation).

Does ISO 20000 require an external audit or third-party certification?

ISO 20000 requires third-party certification through accredited bodies for formal SMS conformity claims. This involves Stage 1 (readiness review) and Stage 2 (effectiveness audit) per general ISO practice, followed by annual surveillance audits and triennial recertification to verify Clauses 4–10 implementation and PDCA-driven improvement.

How often should an assessment for ISO 20000 be performed?

Internal assessments for ISO 20000 must be performed at planned intervals via mandatory internal audits (Clause 9.2). Management reviews occur as needed but typically at least annually (Clause 9.3), with continual monitoring of KPIs, service reporting, and nonconformities (Clauses 9.1, 10) to support PDCA; external surveillance audits follow certification annually.

What are the consequences of non-compliance with ISO 20000?

Non-compliance with ISO 20000 results in certification denial, suspension, or withdrawal by accredited bodies. Internally, it leads to ineffective SMS, higher service risks (e.g., outages, SLA breaches), and lost market trust; no direct legal penalties apply, but it exposes organizations to contractual disputes or procurement disqualifications.

An ISO 20000 be mapped to other international frameworks?

Yes, ISO 20000-1:2018 uses Annex SL High-Level Structure, enabling direct mapping to compatible management systems. Clause alignments facilitate integration with standards sharing Clauses 4–10, supporting unified governance without violating ISO 20000's standalone SMS requirements.

What is the first step to begin implementing ISO 20000?

The first step to implement ISO 20000 is determining the context of the organization and defining SMS scope (Clause 4). This includes identifying internal/external issues, interested parties, and boundaries, followed by leadership commitment (Clause 5) and a gap analysis against Clauses 4–10 to establish a service management plan.

What is the primary objective of EN 1090?

EN 1090 ensures controlled execution and conformity assessment of structural steel and aluminium components for CE marking under the Construction Products Regulation (CPR). It comprises EN 1090-1 (conformity assessment via certified Factory Production Control (FPC) and Declaration of Performance (DoP)), EN 1090-2 (technical requirements for steel structures including welding, tolerances, and inspection), and EN 1090-3 (parallel requirements for aluminium). Risk scales via Execution Classes (EXC1–EXC4) based on consequence class (CC1–CC3), service category (SC1–SC2), and production category (PC1–PC2), enforcing traceability, NDT, and ISO 3834 welding alignment.

Who is legally or professionally required to comply with EN 1090?

Manufacturers of load-bearing steel and aluminium structural components and kits for permanent incorporation in EU/EEA construction works must comply with EN 1090 to affix CE marking. This includes fabricators, steelwork contractors, and welding shops supplying to buildings, bridges, or industrial plants. Scope excludes non-structural elements; EXC determination dictates rigor, with FPC certification by a Notified Body mandatory for market placement.

Does EN 1090 require an external audit or third-party certification?

Yes, EN 1090-1 mandates third-party certification of the Factory Production Control (FPC) system by a Notified Body under AVCP systems. This involves initial inspection, ITT/ITC review, certificate issuance, and continuous surveillance audits to verify performance constancy, enabling legal CE marking and DoP issuance.

How often should an assessment for EN 1090 be performed?

EN 1090 requires initial Notified Body certification followed by ongoing surveillance audits, typically annually for the first year then per EN 1090-1 Table B.3 based on Execution Class. Higher EXC3/EXC4 trigger more frequent or intensive audits; internal FPC audits are continuous, with changes (e.g., processes, rWC) prompting re-assessments.

What are the consequences of non-compliance with EN 1090?

Non-compliance with EN 1090 prevents lawful CE marking, risking market exclusion, product recalls, certificate suspension/withdrawal by Notified Bodies, and CPR enforcement fines. Major non-conformities (e.g., traceability gaps, unauthorized changes) lead to public notices, liability for failures, and procurement bans.

An EN 1090 be mapped to other international frameworks?

EN 1090 integrates with standards like ISO 3834 (welding quality), ISO 9001 (QMS foundation for FPC), and Eurocodes (design alignment), but direct mappings vary by national annexes. It shares welding personnel (EN ISO 9606) and NDT principles, enabling leveraged implementation without formal equivalence.

What is the first step to begin implementing EN 1090?

Conduct a product scope and Execution Class (EXC) assessment to confirm CPR applicability and risk-based scaling. Document product families, determine CC/SC/PC matrix for EXC1–EXC4, then perform FPC gap analysis against EN 1090-1.

Standards Comparison

ISO 20000 vs EN 1090

ISO 20000

Voluntary

2018

International standard for service management systems

EN 1090

Mandatory

2009

EU standard for execution of steel and aluminium structures

Quick Verdict

ISO 20000 certifies voluntary service management systems for global providers, ensuring reliable ITSM via audits. EN 1090 mandates CE marking for EU structural steel/aluminium via FPC, guaranteeing safety. Companies adopt ISO 20000 for trust, EN 1090 for legal market access.

IT Service Management

ISO 20000

ISO/IEC 20000-1:2018 Service management system requirements

Cost

€€€€

Complexity

High

Implementation Time

12-18 months

Key Features

Annex SL structure enables integrated management systems
Full service lifecycle processes in Clause 8
PDCA cycle mandates continual improvement
Certifiable SMS demonstrates service reliability externally
Flexible for ITIL, DevOps, Agile methodologies

Structural Metalwork

EN 1090

EN 1090 Execution of steel and aluminium structures

Cost

€€€€

Complexity

High

Implementation Time

6-12 months

Key Features

Factory Production Control (FPC) certification
Risk-based Execution Classes (EXC1-4)
CE marking under CPR for market access
Welding coordination per ISO 3834
Material traceability and NDT inspection

Detailed Analysis

A comprehensive look at the specific requirements, scope, and impact of each standard.

ISO 20000 Details

What It Is

ISO/IEC 20000-1:2018 is the certifiable international standard for establishing and operating a service management system (SMS). It specifies auditable requirements for managing the full service lifecycle—planning, design, transition, delivery, and improvement—using a risk-based, PDCA (Plan-Do-Check-Act) approach aligned with Annex SL for integration with other ISO standards.

Key Components

Clauses 4-10 cover context, leadership, planning, support, operation, performance evaluation, and improvement.
Clause 8 details operational domains: service portfolio, relationships, supply/demand, design/transition, resolution/fulfilment, assurance.
Core processes include incident/problem management, change/release, configuration/asset, availability/continuity, security.
Built on management system principles; certifiable via accredited bodies with Stage 1/2 audits, surveillance.

Why Organizations Use It

Drives service reliability, customer trust, risk reduction (e.g., 50% certificate growth per ISO survey).
Enables market differentiation, procurement advantages, integration with ISO 9001/27001.
Voluntary but supports regulatory compliance, operational efficiency (e.g., 69% report trust gains).

Implementation Overview

Phased: gap analysis, design, deployment, audits (12-18 months typical).
Applies to all sizes/industries providing services; requires leadership, evidence, continual improvement.

EN 1090 Details

What It Is

EN 1090 is a harmonized European standard family (EN 1090-1, -2, -3) under the Construction Products Regulation (CPR). It governs conformity assessment and execution of structural steel and aluminium components/kits for construction works. Primary purpose: ensure safe fabrication, assembly, and CE marking via risk-based Execution Classes (EXC1-4).

Key Components

EN 1090-1: Factory Production Control (FPC), Declaration of Performance (DoP), AVCP systems with Notified Body certification.
EN 1090-2/-3: Technical rules for materials, welding (ISO 3834 alignment), tolerances, corrosion protection, NDT inspection.
Core principles: traceability, risk scaling, process control; no fixed control count, scales by EXC.

Why Organizations Use It

Mandatory CE marking for EU/EEA market access; avoids legal penalties, market exclusion.
Reduces liability, rework; builds trust via certified quality.
Enables high-risk projects (EXC3/4), competitive bidding.

Implementation Overview

Phased: gap analysis, FPC build, welding quals, NB certification, surveillance.
Targets fabricators in construction; any size, EU-focused; requires ongoing audits.

Key Differences

Aspect	ISO 20000	EN 1090
Scope	Service management systems (SMS) lifecycle	Structural steel/aluminium execution & conformity
Industry	All service providers, global ITSM focus	Construction/metal fabrication, EU market
Nature	Voluntary certifiable management standard	Mandatory harmonized CPR standard for CE
Testing	Internal audits, management reviews, certification	FPC certification, ITT/ITC, NB surveillance
Penalties	Loss of certification, market trust	Market exclusion, fines, legal liability

Scope

ISO 20000

Service management systems (SMS) lifecycle

EN 1090

Structural steel/aluminium execution & conformity

Industry

ISO 20000

All service providers, global ITSM focus

EN 1090

Construction/metal fabrication, EU market

Nature

ISO 20000

Voluntary certifiable management standard

EN 1090

Mandatory harmonized CPR standard for CE

Testing

ISO 20000

Internal audits, management reviews, certification

EN 1090

FPC certification, ITT/ITC, NB surveillance

Penalties

ISO 20000

Loss of certification, market trust

EN 1090

Market exclusion, fines, legal liability

Frequently Asked Questions

Common questions about ISO 20000 and EN 1090

ISO 20000 FAQ

EN 1090 FAQ

You Might also be Interested in These Articles...

2026 GDPR Data Processing Blueprint: Implementing Consent Management in Semrush and Ahrefs Workflows

Implement GDPR Articles 6 & 7 in Semrush and Ahrefs workflows with our 2026 blueprint. Get checklists for audit-proof keyword tracking, backlinks, and data resi

Top 5 Reasons Automation Tools Like Vanta Slash SOC 2 Type 2 Timelines from Months to Weeks

Automation tools like Vanta cut SOC 2 Type 2 prep from 6 months to 6 weeks, saving 70% costs. See SignWell examples, AWS/Okta/GitHub integrations. CISOs: Get fi

You Guide on how to Start Implementing NIST CSF in Your Organization

Master NIST CSF implementation in your organization with this detailed guide. Learn core functions, key steps, best practices, and tips for cybersecurity succes

Run Maturity Assessments with GRADUM

Transform your compliance journey with our AI-powered assessment platform

Assess your organization's maturity across multiple standards and regulations including ISO 27001, DORA, NIS2, NIST, GDPR, and hundreds more. Get actionable insights and track your progress with collaborative, AI-powered evaluations.

100+ Standards & Regulations

AI-Powered Insights

Collaborative Assessments

Actionable Recommendations

Explore More Comparisons

See how ISO 20000 and EN 1090 compare against other standards

Other ISO 20000 Comparisons

Other EN 1090 Comparisons

What It Is

Key Components

Clauses 4-10 cover context, leadership, planning, support, operation, performance evaluation, and improvement.

Clause 8 details operational domains: service portfolio, relationships, supply/demand, design/transition, resolution/fulfilment, assurance.

Core processes include incident/problem management, change/release, configuration/asset, availability/continuity, security.

Built on management system principles; certifiable via accredited bodies with Stage 1/2 audits, surveillance.

What It Is

Key Components

EN 1090-1: Factory Production Control (FPC), Declaration of Performance (DoP), AVCP systems with Notified Body certification.

EN 1090-2/-3: Technical rules for materials, welding (ISO 3834 alignment), tolerances, corrosion protection, NDT inspection.

Core principles: traceability, risk scaling, process control; no fixed control count, scales by EXC.

Aspect

ISO 20000

EN 1090

Scope

Service management systems (SMS) lifecycle

Structural steel/aluminium execution & conformity

Industry

All service providers, global ITSM focus

Construction/metal fabrication, EU market

Nature

Voluntary certifiable management standard

Mandatory harmonized CPR standard for CE

Testing

Internal audits, management reviews, certification

FPC certification, ITT/ITC, NB surveillance

Penalties

Loss of certification, market trust

Market exclusion, fines, legal liability