Overview
The organization profile is the first step in any ISO/IEC 20000-1:2011 certification engagement. It captures the foundational facts about your organization — service provider type, locations, departments, key roles, technology stack, interested parties, and current service management maturity — in a structured JSON file that every downstream SMS skill references.
By establishing a single source of truth early, you avoid the inconsistency that comes from re-collecting organizational context in each skill. When you complete the organization profile first, the SMS scope definition automatically knows your locations and departments, the gap assessment understands your current maturity, and the service management plan can reference your governance structure and resource commitments.
For a step-by-step walkthrough, see the ISO 20000 SMS workspace tutorial .
What It Covers
- Organization facts — legal name, industry sector, size, and a description of the business
- Service provider classification — Type I (internal), Type II (external), or Type III (both) per Clause 4.1
- Locations — headquarters, offices, data centers, and remote workforce locations
- Key SMS roles — SMS manager, top management sponsor, process owners, and service owners
- Management commitment — certification drivers, resource allocation, target timeline, and governance structure
- Interested parties — customers, users, suppliers, regulators, and internal stakeholders with their requirements
- Technology and ITSM tools — service delivery platforms, monitoring systems, and ITSM tooling
- Service management maturity — ITIL adoption level, existing SMS processes, and current tooling
Example Conversation
You: We need to create an organization profile for our ISO 20000 certification. We’re a managed service provider with about 120 staff, providing IT infrastructure and support services to mid-market clients.
Agent: I’ll help you build the organization profile. Let me walk through each section. First, the basics:
- What is the legal name of the organization?
- What specific IT services do you provide? (managed hosting, helpdesk, network management, etc.)
- Where are your offices and data centers located?
- How is the company structured — what departments or teams exist?
You: Apex IT Services Ltd. We provide managed hosting, network management, helpdesk, and cloud migration services. HQ in Manchester, a secondary operations center in Birmingham, and two co-located data centers in London. Departments: Service Desk, Infrastructure Operations, Network Engineering, Cloud Services, Security, Finance, and HR.
Agent: Good. Since you provide services to external clients, I’ll classify you as a Type II (external) service provider per Clause 4.1. Now the key SMS roles — ISO 20000 requires these to be clearly assigned:
- SMS manager — who is responsible for the management system day-to-day?
- Top management sponsor — who in the executive team sponsors the SMS?
- Process owners — who owns incident management, change management, etc.?
You: Our IT Service Manager, Sarah Chen, will be SMS manager. The Managing Director sponsors it. Process owners: Service Desk Manager owns incident and service request management, our Infrastructure Lead owns change and release management, and the Network Engineering Lead owns configuration management.
Agent: Now let me capture your management commitment. Why is Apex pursuing ISO 20000 certification?
You: Three of our largest clients now require it in their procurement criteria. We also want to standardize our processes — we’ve grown fast and some teams run things differently.
Agent: Understood. What resources are allocated — budget, dedicated staff, external support?
You: We’ve set aside a dedicated budget, Sarah is 80% allocated to this, and we’ve engaged an external consultant for Stage 1 readiness. Target is Stage 1 audit in 6 months, Stage 2 three months after.
Agent: Now let me capture your current service management maturity and ITSM tooling.
You: We use Jira Service Management for ticketing, Nagios for monitoring, and a spreadsheet-based CMDB. We adopted ITIL v3 informally about two years ago — incident and change management are reasonably mature, but problem management and capacity management are mostly ad hoc.
Agent: Got it. Let me run the
profile_completeness_checkeron the profile…Result: 7/8 sections complete. Missing: Interested parties — you need to document who has requirements on your SMS: key customers, end users, suppliers, and any regulators.
You: Our top three clients are NorthBank plc, Greenfield Healthcare, and Metro Logistics. Key suppliers are AWS for cloud hosting and Cisco for network hardware. We’re subject to UK GDPR and, through our healthcare client, some NHS Digital requirements.
Agent: Profile is now complete. All 8 sections validated — organization, locations, service provider type, key roles, management commitment, interested parties, technology, and service management maturity. The profile JSON is saved and ready to be referenced by the SMS scope, service catalog, and gap assessment skills.
Sample Output Excerpt
The skill produces a structured JSON organization profile. Here is a representative excerpt showing the service provider classification, roles, and maturity sections.
{
"organization": {
"name": "Apex IT Services Ltd",
"industry": "Managed IT Services",
"size": "120 employees",
"description": "Managed service provider for mid-market clients — hosting, network management, helpdesk, and cloud migration"
},
"service_provider_type": {
"classification": "Type II",
"rationale": "Provides IT services exclusively to external customers under contractual agreements"
},
"locations": [
{ "name": "Manchester HQ", "type": "headquarters", "country": "United Kingdom" },
{ "name": "Birmingham Operations", "type": "office", "country": "United Kingdom" },
{ "name": "London DC1", "type": "data_center", "country": "United Kingdom" },
{ "name": "London DC2", "type": "data_center", "country": "United Kingdom" }
],
"key_roles": {
"sms_manager": "Sarah Chen, IT Service Manager",
"top_management_sponsor": "James Wright, Managing Director",
"process_owners": [
{ "process": "Incident and service request management", "owner": "Mike Torres, Service Desk Manager" },
{ "process": "Change and release management", "owner": "Priya Patel, Infrastructure Lead" },
{ "process": "Configuration management", "owner": "David Liu, Network Engineering Lead" }
]
},
"management_commitment": {
"certification_drivers": [
"Client procurement requirements (NorthBank, Greenfield Healthcare, Metro Logistics)",
"Process standardization across teams after rapid growth"
],
"resource_allocation": {
"dedicated_personnel": "SMS manager at 80% allocation",
"external_support": "External consultant for Stage 1 readiness",
"budget": "Dedicated certification budget approved"
},
"target_timeline": {
"stage_1_audit": "6 months",
"stage_2_audit": "9 months"
}
},
"service_management_maturity": {
"itil_adoption": "ITIL v3 informal adoption — 2 years",
"mature_processes": ["Incident management", "Change management"],
"ad_hoc_processes": ["Problem management", "Capacity management"],
"itsm_tools": ["Jira Service Management", "Nagios", "Spreadsheet-based CMDB"]
}
}
Extension Tools
profile_completeness_checker
Validates the organization profile JSON for all required sections per ISO/IEC 20000-1:2011:
| Section | Required Fields | Severity |
|---|---|---|
| Organization | name, industry, size | ERROR if missing |
| Locations | At least one location | ERROR if missing |
| Service provider type | Classification is Type I, Type II, or Type III | ERROR if invalid |
| Key roles | sms_manager, top_management_sponsor | ERROR if missing |
| Technology | At least one entry with name and type | WARNING if empty |
| Service management maturity | ITIL adoption level, existing processes, ITSM tools | WARNING if missing |
| Interested parties | At least one entry with name, type, and requirements | WARNING if missing |
| Management commitment | Certification drivers and resource allocation | WARNING if missing |
The checker also rejects placeholder values like “TBD”, “N/A”, or bracket-wrapped template text, ensuring the profile contains real organizational data.
Getting Started
Start by activating the ISO 20000 Organization Profile skill. The agent will guide you through each section in order: organization basics, service provider classification, locations, key SMS roles, management commitment, interested parties, technology, and current maturity.
Have this information ready:
- Your organization’s legal name, industry, and headcount
- Office, data center, and operational locations
- Service provider classification (internal, external, or both)
- Names and titles for the SMS manager and top management sponsor
- Why the organization is pursuing ISO 20000 certification and what resources are allocated
- Key customers, suppliers, and any regulatory obligations
- Current ITSM tools and platforms in use
- Current ITIL adoption level and which SMS processes are already in place
The completed profile feeds directly into every other ISO 20000 skill — SMS scope, service catalog, gap assessment, and service management plan — so getting it right here saves significant rework later.