Secure Your Business


The International Standard for Service Quality and Availability in the Cloud
directly builds on the contents of IT Service Management acc. to ISO 20000-1.



On the market and towards each single customer, reliability

and quality of IT services count. This particularly refers to

the offers “from the cloud”, which are increasing enormously. Therefore, the Technical Rule ISO/IEC TR 20000-9 has been developed as a practicable guide for cloud service providers.

This TR can be implemented in combination with the Base Standard ISO/IEC 20000-1 for IT Service Management. In addition, it can - due to accreditation of CIS for this

subordinate Standard - be certified. Thus Certificates

acc. to ISO/IEC TR 20000-9, which are issued by CIS, can

be regarded as being documents recognized on a national and international scale. The target group includes organizations providing cloud-based services as providers or within their service management.


From IaaS to SaaS
ISO/IEC TR 20000-9 can be used for many different kinds of cloud services as they are defined in ISO/IEC 17788 and 17789. These two Standards establish uniform terms and definitions for all ISO Standards where cloud services are dealt with. This means that ISO/IEC TR 20000-9 addresses all the common cloud services, such as infrastructure as a service (IaaS), platform as a service (PaaS) or software as a service (SaaS). From a different perspective, ISO/IEC TR 20000-9 is usable for public, private, community and hybrid cloud services.


Service lifecycle for cloud services
On 30 pages, ISO/IEC TR 20000-9 uses a tabular form that is easy to grasp to show 15 scenarios that have been taken from the service lifecycle of ISO 20000-1 and describe the typical processes and activities in the course of a lifecycle of cloud services: The start is made by identifying the context for service management of cloud services and elaborating a strategy and an implementation plan. This leads up to the preparation of a catalogue of the cloud services, including the commensurate service requirements. This is followed by such items as the development of new cloud services, the build-up of service relationships with cloud customers and the drawing up of cloud service agreements. Ultimately scenarios for delivery and operation, monitoring and reporting, resource management as well as reviewing and optimization of cloud services are modelled. By way of conclusion, ISO/IEC TR 20000-9 discusses scenarios for putting an end to cloud service contracts and transferring and removing cloud services. Each of these scenarios is supported by referencing the relevant requirements of ISO 20000-1 and giving recommendations and examples.


Experts and users rate ISO/IEC TR 20000-9 as being a successful specification of ISO 20000-1 for the operation of high-quality cloud services.


CIS - Certification & Information Security Services GmbH T +43 (0)1 532 98 90 office@cis-cert.com