What is the primary objective of **ISO 20000**?

**The primary objective of ISO/IEC 20000-1:2018 is to specify requirements for establishing, implementing, maintaining, and continually improving a service management system (SMS).** This ensures organizations deliver services across their full lifecycle—planning, design, transition, delivery, and improvement—while meeting agreed requirements through structured processes in Clauses 4–10, aligned with Annex SL and the Plan-Do-Check-Act (PDCA) cycle.

Who is legally or professionally required to comply with **ISO 20000**?

**No organizations are legally required to comply with ISO 20000, as it is a voluntary international standard.** Professionally, service providers in IT, cloud, managed services, facilities, or business processes adopt it for certification to demonstrate SMS maturity, particularly where customers, tenders, or contracts demand evidence of reliable service delivery via Clauses 4 (context) and 8 (operation).

Does **ISO 20000** require an external audit or third-party certification?

**ISO 20000 requires third-party certification through accredited bodies for formal SMS conformity claims.** This involves Stage 1 (readiness review) and Stage 2 (effectiveness audit) per general ISO practice, followed by annual surveillance audits and triennial recertification to verify Clauses 4–10 implementation and PDCA-driven improvement.

How often should an assessment for **ISO 20000** be performed?

**Internal assessments for ISO 20000 must be performed at planned intervals via mandatory internal audits (Clause 9.2).** Management reviews occur as needed but typically at least annually (Clause 9.3), with continual monitoring of KPIs, service reporting, and nonconformities (Clauses 9.1, 10) to support PDCA; external surveillance audits follow certification annually.

What are the consequences of non-compliance with **ISO 20000**?

**Non-compliance with ISO 20000 results in certification denial, suspension, or withdrawal by accredited bodies.** Internally, it leads to ineffective SMS, higher service risks (e.g., outages, SLA breaches), and lost market trust; no direct legal penalties apply, but it exposes organizations to contractual disputes or procurement disqualifications.

An **ISO 20000** be mapped to other international frameworks?

**Yes, ISO 20000-1:2018 uses Annex SL High-Level Structure, enabling direct mapping to compatible management systems.** Clause alignments facilitate integration with standards sharing Clauses 4–10, supporting unified governance without violating ISO 20000's standalone SMS requirements.

What is the first step to begin implementing **ISO 20000**?

**The first step to implement ISO 20000 is determining the context of the organization and defining SMS scope (Clause 4).** This includes identifying internal/external issues, interested parties, and boundaries, followed by leadership commitment (Clause 5) and a gap analysis against Clauses 4–10 to establish a service management plan.

What is the primary objective of **EN 1090**?

**EN 1090 ensures controlled execution and conformity assessment of structural steel and aluminium components for CE marking under the Construction Products Regulation (CPR).** It comprises **EN 1090-1** (conformity assessment via certified **Factory Production Control (FPC)** and **Declaration of Performance (DoP)**), **EN 1090-2** (technical requirements for steel structures including welding, tolerances, and inspection), and **EN 1090-3** (parallel requirements for aluminium). Risk scales via **Execution Classes (EXC1–EXC4)** based on consequence class (CC1–CC3), service category (SC1–SC2), and production category (PC1–PC2), enforcing traceability, NDT, and ISO 3834 welding alignment.

Who is legally or professionally required to comply with **EN 1090**?

**Manufacturers of load-bearing steel and aluminium structural components and kits for permanent incorporation in EU/EEA construction works must comply with EN 1090 to affix CE marking.** This includes fabricators, steelwork contractors, and welding shops supplying to buildings, bridges, or industrial plants. Scope excludes non-structural elements; **EXC** determination dictates rigor, with **FPC** certification by a Notified Body mandatory for market placement.

Does **EN 1090** require an external audit or third-party certification?

**Yes, EN 1090-1 mandates third-party certification of the Factory Production Control (FPC) system by a Notified Body under AVCP systems.** This involves initial inspection, **ITT/ITC** review, certificate issuance, and continuous surveillance audits to verify performance constancy, enabling legal **CE marking** and **DoP** issuance.

How often should an assessment for **EN 1090** be performed?

**EN 1090 requires initial Notified Body certification followed by ongoing surveillance audits, typically annually for the first year then per EN 1090-1 Table B.3 based on Execution Class.** Higher **EXC3/EXC4** trigger more frequent or intensive audits; internal FPC audits are continuous, with changes (e.g., processes, rWC) prompting re-assessments.

What are the consequences of non-compliance with **EN 1090**?

**Non-compliance with EN 1090 prevents lawful CE marking, risking market exclusion, product recalls, certificate suspension/withdrawal by Notified Bodies, and CPR enforcement fines.** Major non-conformities (e.g., traceability gaps, unauthorized changes) lead to public notices, liability for failures, and procurement bans.

An **EN 1090** be mapped to other international frameworks?

**EN 1090 integrates with standards like ISO 3834 (welding quality), ISO 9001 (QMS foundation for FPC), and Eurocodes (design alignment), but direct mappings vary by national annexes.** It shares welding personnel (EN ISO 9606) and NDT principles, enabling leveraged implementation without formal equivalence.

What is the first step to begin implementing **EN 1090**?

**Conduct a product scope and Execution Class (EXC) assessment to confirm CPR applicability and risk-based scaling.** Document product families, determine **CC/SC/PC** matrix for **EXC1–EXC4**, then perform FPC gap analysis against EN 1090-1.

ISO 20000 vs EN 1090

Standards Comparison

ISO 20000

Voluntary

2018

International standard for service management systems

EN 1090

Mandatory

2009

EU standard for execution of steel and aluminium structures

Quick Verdict

ISO 20000 certifies voluntary service management systems for global providers, ensuring reliable ITSM via audits. EN 1090 mandates CE marking for EU structural steel/aluminium via FPC, guaranteeing safety. Companies adopt ISO 20000 for trust, EN 1090 for legal market access.

IT Service Management

ISO 20000

ISO/IEC 20000-1:2018 Service management system requirements

Cost

€€€€

Complexity

High

Implementation Time

12-18 months

Key Features

Annex SL structure enables integrated management systems
Full service lifecycle processes in Clause 8
PDCA cycle mandates continual improvement
Certifiable SMS demonstrates service reliability externally
Flexible for ITIL, DevOps, Agile methodologies

Structural Metalwork

EN 1090

EN 1090 Execution of steel and aluminium structures

Cost

€€€€

Complexity

High

Implementation Time

6-12 months

Key Features

Factory Production Control (FPC) certification
Risk-based Execution Classes (EXC1-4)
CE marking under CPR for market access
Welding coordination per ISO 3834
Material traceability and NDT inspection

Detailed Analysis

A comprehensive look at the specific requirements, scope, and impact of each standard.

ISO 20000 Details

What It Is

ISO/IEC 20000-1:2018 is the certifiable international standard for establishing and operating a service management system (SMS). It specifies auditable requirements for managing the full service lifecycle—planning, design, transition, delivery, and improvement—using a risk-based, PDCA (Plan-Do-Check-Act) approach aligned with Annex SL for integration with other ISO standards.

Key Components

Clauses 4-10 cover context, leadership, planning, support, operation, performance evaluation, and improvement.
Clause 8 details operational domains: service portfolio, relationships, supply/demand, design/transition, resolution/fulfilment, assurance.
Core processes include incident/problem management, change/release, configuration/asset, availability/continuity, security.
Built on management system principles; certifiable via accredited bodies with Stage 1/2 audits, surveillance.

Why Organizations Use It

Drives service reliability, customer trust, risk reduction (e.g., 50% certificate growth per ISO survey).
Enables market differentiation, procurement advantages, integration with ISO 9001/27001.
Voluntary but supports regulatory compliance, operational efficiency (e.g., 69% report trust gains).

Implementation Overview

Phased: gap analysis, design, deployment, audits (12-18 months typical).
Applies to all sizes/industries providing services; requires leadership, evidence, continual improvement.

EN 1090 Details

What It Is

EN 1090 is a harmonized European standard family (EN 1090-1, -2, -3) under the Construction Products Regulation (CPR). It governs conformity assessment and execution of structural steel and aluminium components/kits for construction works. Primary purpose: ensure safe fabrication, assembly, and CE marking via risk-based Execution Classes (EXC1-4).

Key Components

EN 1090-1Factory Production Control (FPC)**, Declaration of Performance (DoP), AVCP systems with Notified Body certification.
**EN 1090-2/-3Technical rules for materials, welding (ISO 3834 alignment), tolerances, corrosion protection, NDT inspection.
Core principles: traceability, risk scaling, process control; no fixed control count, scales by EXC.

Why Organizations Use It

Mandatory CE marking for EU/EEA market access; avoids legal penalties, market exclusion.
Reduces liability, rework; builds trust via certified quality.
Enables high-risk projects (EXC3/4), competitive bidding.

Implementation Overview

Phased: gap analysis, FPC build, welding quals, NB certification, surveillance.
Targets fabricators in construction; any size, EU-focused; requires ongoing audits.

Key Differences

Aspect	ISO 20000	EN 1090
Scope	Service management systems (SMS) lifecycle	Structural steel/aluminium execution & conformity
Industry	All service providers, global ITSM focus	Construction/metal fabrication, EU market
Nature	Voluntary certifiable management standard	Mandatory harmonized CPR standard for CE
Testing	Internal audits, management reviews, certification	FPC certification, ITT/ITC, NB surveillance
Penalties	Loss of certification, market trust	Market exclusion, fines, legal liability

Scope

ISO 20000

Service management systems (SMS) lifecycle

EN 1090

Structural steel/aluminium execution & conformity

Industry

ISO 20000

All service providers, global ITSM focus

EN 1090

Construction/metal fabrication, EU market

Nature

ISO 20000

Voluntary certifiable management standard

EN 1090

Mandatory harmonized CPR standard for CE

Testing

ISO 20000

Internal audits, management reviews, certification

EN 1090

FPC certification, ITT/ITC, NB surveillance

Penalties

ISO 20000

Loss of certification, market trust

EN 1090

Market exclusion, fines, legal liability

Frequently Asked Questions

Common questions about ISO 20000 and EN 1090

ISO 20000 FAQ

EN 1090 FAQ

You Might also be Interested in These Articles...

ISO 27701 Implementation Roadmap: Extending Your ISMS to PIMS in 12 Months or Less

Extend ISO 27001 ISMS to ISO 27701 PIMS in 12 months with our phased roadmap. Templates, checklists & infographics for RoPA, DSARs & audit-ready privacy complia

From SOC to AI-Native CDC: Redefining Triage and Response in 2026

Explore the shift from SOCs to AI-Native CDCs. Autonomous agents handle Tier 1 triage in 2026, empowering analysts for complex threats. Discover the future of c

Singapore PDPA Implementation Guide: Mastering Part 6A Breach Notification Thresholds and Timelines from Primary Statute

Master Singapore PDPA Part 6A breach notifications: statutory thresholds (risk of significant harm), 72-hour timelines, checklists, templates & frameworks. Comp

Run Maturity Assessments with GRADUM

Transform your compliance journey with our AI-powered assessment platform

Assess your organization's maturity across multiple standards and regulations including ISO 27001, DORA, NIS2, NIST, GDPR, and hundreds more. Get actionable insights and track your progress with collaborative, AI-powered evaluations.

100+ Standards & Regulations

AI-Powered Insights

Collaborative Assessments

Actionable Recommendations

Check out these other Gradum.io Standards Comparison Pages

NIS2 vs ISO 27017

Compare NIS2 vs ISO 27017: EU directive expands cyber scope, mandates 24h reporting & 2% fines. ISO 27017 boosts cloud controls in ISO 27001 ISMS. Align now!

ISO 13485 vs ISO 21001

Compare ISO 13485 vs ISO 21001: Medical device QMS meets education EOMS. Uncover key differences in risk, compliance & clauses for optimal certification strategy.

NIST 800-53 vs EMAS

Compare NIST 800-53 vs EMAS: Cybersecurity/privacy controls meet EU environmental mgmt standards. Key diffs, synergies & strategies for compliance mastery. Dive in!

ISO 20000

EN 1090

Quick Verdict

ISO 20000

Key Features

EN 1090

Key Features

Detailed Analysis

ISO 20000 Details

What It Is

Key Components

Why Organizations Use It

Implementation Overview

EN 1090 Details

What It Is

Key Components

Why Organizations Use It

Implementation Overview

Key Differences

Scope

Industry

Nature

Testing

Penalties

Frequently Asked Questions

ISO 20000 FAQ

What is the primary objective of ISO 20000?

Who is legally or professionally required to comply with ISO 20000?

Does ISO 20000 require an external audit or third-party certification?

How often should an assessment for ISO 20000 be performed?

What are the consequences of non-compliance with ISO 20000?

An ISO 20000 be mapped to other international frameworks?

What is the first step to begin implementing ISO 20000?

EN 1090 FAQ

What is the primary objective of EN 1090?

Who is legally or professionally required to comply with EN 1090?

Does EN 1090 require an external audit or third-party certification?

How often should an assessment for EN 1090 be performed?

What are the consequences of non-compliance with EN 1090?

An EN 1090 be mapped to other international frameworks?

What is the first step to begin implementing EN 1090?

You Might also be Interested in These Articles...

ISO 27701 Implementation Roadmap: Extending Your ISMS to PIMS in 12 Months or Less

From SOC to AI-Native CDC: Redefining Triage and Response in 2026

Singapore PDPA Implementation Guide: Mastering Part 6A Breach Notification Thresholds and Timelines from Primary Statute

Run Maturity Assessments with GRADUM

Check out these other Gradum.io Standards Comparison Pages

NIS2 vs ISO 27017

ISO 13485 vs ISO 21001

NIST 800-53 vs EMAS