IEEE 20000-1-2013 en Adoption of ISO IEC 20000-1 2011 Information technology-Service management-Part 1 Service management system requirements (IEEE Computer Soc.pdf

1、 IEEE StandardAdoption of ISO/IEC 20000-1:2011, Information technologyService management Part 1: Service management system requirements Sponsored by the Software +1 978 750 8400. Permission to photocopy portions of any individual standard for educational classroom use can also be obtained through th

2、e Copyright Clearance Center. Copyright 2013 IEEE. All rights reserved. ivNotice to users Laws and regulations Users of IEEE Standards documents should consult all applicable laws and regulations. Compliance with the provisions of any IEEE Standards document does not imply compliance to any applicab

3、le regulatory requirements. Implementers of the standard are responsible for observing or referring to the applicable regulatory requirements. IEEE does not, by the publication of its standards, intend to urge action that is not in compliance with applicable laws, and these documents may not be cons

4、trued as doing so. Copyrights This document is copyrighted by the IEEE. It is made available for a wide variety of both public and private uses. These include both use, by reference, in laws and regulations, and use in private self-regulation, standardization, and the promotion of engineering practi

5、ces and methods. By making this document available for use and adoption by public authorities and private users, the IEEE does not waive any rights in copyright to this document. Updating of IEEE documents Users of IEEE Standards documents should be aware that these documents may be superseded at an

6、y time by the issuance of new editions or may be amended from time to time through the issuance of amendments, corrigenda, or errata. An official IEEE document at any point in time consists of the current edition of the document together with any amendments, corrigenda, or errata then in effect. In

7、order to determine whether a given document is the current edition and whether it has been amended through the issuance of amendments, corrigenda, or errata, visit the IEEE-SA Website at http:/standards.ieee.org/index.html or contact the IEEE at the address listed previously. For more information ab

8、out the IEEE Standards Association or the IEEE standards development process, visit IEEE-SA Website at http:/standards.ieee.org/index.html. Errata Errata, if any, for this and all other standards can be accessed at the following URL: http:/standards.ieee.org/findstds/errata/index.html. Users are enc

9、ouraged to check this URL for errata periodically. Patents Attention is called to the possibility that implementation of this standard may require use of subject matter covered by patent rights. By publication of this standard, no position is taken by the IEEE with respect to the existence or validi

10、ty of any patent rights in connection therewith. If a patent holder or patent applicant has filed a statement of assurance via an Accepted Letter of Assurance, then the statement is listed on the IEEE-SA Website at http:/standards.ieee.org/about/sasb/patcom/patents.html. Letters of Assurance may ind

11、icate whether the Submitter is willing or unwilling to grant licenses under patent rights without compensation or under reasonable rates, with reasonable terms and conditions that are demonstrably free of any unfair discrimination to applicants desiring to obtain such licenses. Copyright 2013 IEEE.

12、All rights reserved. vEssential Patent Claims may exist for which a Letter of Assurance has not been received. The IEEE is not responsible for identifying Essential Patent Claims for which a license may be required, for conducting inquiries into the legal validity or scope of Patents Claims, or dete

13、rmining whether any licensing terms or conditions provided in connection with submission of a Letter of Assurance, if any, or in any licensing agreements are reasonable or non-discriminatory. Users of this standard are expressly advised that determination of the validity of any patent rights, and th

14、e risk of infringement of such rights, is entirely their own responsibility. Further information may be obtained from the IEEE Standards Association. Copyright 2013 IEEE. All rights reserved. viParticipants At the time this standard was adopted, the P20000-1 Working Group had the following membershi

15、p: Annette Reilly, Chair for Adoption James Moore, Computer Society Liaison Representative to ISO/IEC JTC 1/SC 7 The following members of the individual balloting committee voted on this standard. Balloters may have voted for approval, disapproval, or abstention. Bakul Banerjee Pieter Botman Susan B

16、urgess William Byrd Juan Carreon Keith Chow Raul Colcher Scott Crawford Paul Croll Geoffrey Darnton Ray Davis Teresa Doran Andrew Fieldsend Eva Freund David Friscia David Fuschi Gregg Giesler Lewis Gray Randall Groves John Harauz Mark Henley Werner Hoelzl Bernard Homes Peter Hung Noriyuki Ikeuchi At

17、sushi Ito Mark Jaeger Cheryl Jones Piotr Karocki Yuri Khersonsky Thomas Kurihara Susan Land David Leciston Greg Luri Ahmad Mahinfallah James Moore Mark Paulk Ulrich Pohl Annette Reilly Robert Robinson Terence Rout Randall Safier Bartien Sayogo Robert Schaaf Stephen Schwarm Carl Singer Friedrich Stal

18、linger Thomas Starai Walter Struppler Marcy Stutzman John Vergis Charlene Walrad Jingxin Wang Oren Yuen Janusz Zalewski Daidi Zhong Copyright 2013 IEEE. All rights reserved. viiWhen the IEEE-SA Standards Board approved this standard on 3 May 2013, it had the following membership: John Kulick, Chair

19、David J. Law, Vice Chair Richard H. Hulett, Past Chair Konstantinos Karachalios, Secretary Masayuki Ariyoshi Peter Balma Farooq Bari Ted Burse Wael William Diab Stephen Dukes Jean-Philippe Faure Alexander Gelman Mark Halpin Gary Hoffman Paul Houz Jim Hughes Michael Janezic Joseph L. Koepfinger* Oleg

20、 Logvinov Ron Petersen Gary Robinson Jon Walter Rosdahl Adrian Stephens Peter Sutherland Yatin Trivedi Phil Winston Yu Yuan *Member Emeritus Also included are the following nonvoting IEEE-SA Standards Board liaisons: Richard DeBlasio, DOE Representative Michael Janezic, NIST Representative Catherine

21、 Berger IEEE Standards Senior Program Manager, Document Development Malia Zaman IEEE Standards Program Manager, Technical Program DevelopmentCopyright 2013 IEEE. All rights reserved. viiiContents of IEEE Adoption of ISO/IEC 20000-1:2011 ISO/IEC 20000-1:2011 . 1 Copyright 2013 IEEE. All rights reserv

22、ed. 1IEEE StandardAdoption of ISO/IEC 20000-1:2011, Information technologyService managementPart 1: Service management system requirements IMPORTANT NOTICE: IEEE Standards documents are not intended to ensure safety, health, or environmental protection, or ensure against interference with or from ot

23、her devices or networks. Implementers of IEEE Standards documents are responsible for determining and complying with all appropriate safety, security, environmental, health, and interference protection practices and all applicable laws and regulations. This IEEE document is made available for use su

24、bject to important notices and legal disclaimers. These notices and disclaimers appear in all publications containing this document and may be found under the heading “Important Notice” or “Important Notices and Disclaimers Concerning IEEE Documents.” They can also be obtained on request from IEEE o

25、r viewed at http:/standards.ieee.org/IPR/disclaimers.html. INTERNATIONAL STANDARDISO/IEC20000-1Second edition 2011-04-15Information technology Service management Part 1: Service management systemrequirementsTechnologies de linformation Gestion des services Partie 1: Exigences du systme de gestion de

26、s servicesReference numberISO/IEC 20000-1:2011(E) ISO/IEC 2011ISO/IEC 20000-1:2011(E)COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2011All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including ph

27、otocopying and microfilm, without permission in writing from either ISO at the address below orISOs member body in the country of the requester.ISO copyright office Case postale 56 CH-1211 Geneva 20Tel. + 41 22 749 01 11Fax + 41 22 749 09 47E-mail copyrightiso.orgWeb www.iso.orgPublished in Switzerl

28、andii ISO/IEC 2011 All rights reservedISO/IEC 20000-1:2011(E)Contents Page Foreword . vIntroduction. vii1 Scope 11.1 General . 11.2 Application . 22 Normative references 23 Terms and definitions . 34 Service management system general requirements . 74.1 Management responsibility 74.1.1 Management co

29、mmitment 74.1.2 Service management policy. 84.1.3 Authority, responsibility and communication 84.1.4 Management representative. 84.2 Governance of processes operated by other parties 84.3 Documentation management . 94.3.1 Establish and maintain documents. 94.3.2 Control of documents . 94.3.3 Control

30、 of records .104.4 Resource management.104.4.1 Provision of resources104.4.2 Human resources 104.5 Establish and improve the SMS.104.5.1 Define scope 104.5.2 Plan the SMS (Plan).114.5.3 Implement and operate the SMS (Do)114.5.4 Monitor and review the SMS (Check) 114.5.5 Maintain and improve the SMS

31、(Act).135 Design and transition of new or changed services .135.1 General .135.2 Plan new or changed services.145.3 Design and development of new or changed services .145.4 Transition of new or changed services.156 Service delivery processes 156.1 Service level management .156.2 Service reporting.16

32、6.3 Service continuity and availability management .166.3.1 Service continuity and availability requirements.166.3.2 Service continuity and availability plans 166.3.3 Service continuity and availability monitoring and testing 176.4 Budgeting and accounting for services176.5 Capacity management 186.6

33、 Information security management.186.6.1 Information security policy 186.6.2 Information security controls.196.6.3 Information security changes and incidents 197 Relationship processes 197.1 Business relationship management197.2 Supplier management.208 Resolution processes .21 ISO/IEC 2011 All right

34、s reserved iii ISO/IEC 20000-1:2011(E)8.1 Incident and service request management.218.2 Problem management .229 Control processes .229.1 Configuration management229.2 Change management 239.3 Release and deployment management .24Bibliography 26FiguresFigure 1 PDCA methodology applied to service manag

35、ement . viiiFigure 2 Service management system.2Figure 3 Example of supply chain relationships 20iv ISO/IEC 2011 All rights reservedISO/IEC 20000-1:2011(E)ForewordISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized sys

36、tem for worldwide standardization. National bodies that are members ofISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IECtechnical committees col

37、laborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.International Standard

38、s are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of the joint technical committee is to prepare International Standards. Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication a

39、san International Standard requires approval by at least 75 % of the national bodies casting a vote.Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent r

40、ights. ISO/IEC 20000-1 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,Subcommittee SC 7, Software and systems engineering. This second edition cancels and replaces the firstedition (ISO/IEC 20000-1:2005), which has been technically revised. The main differences are a

41、s follows: g1082 closer alignment to ISO 9001;g1082 closer alignment to ISO/IEC 27001;g1082 change of terminology to reflect international usage;g1082 addition of many more definitions, updates to some definitions and removal of two definitions; g1082 introduction of the term “service management sys

42、tem”; g1082 combining Clauses 3 and 4 of ISO/IEC 20000-1:2005 to put all management system requirements into one clause;g1082 clarification of the requirements for the governance of processes operated by other parties; g1082 clarification of the requirements for defining the scope of the SMS;g1082 c

43、larification that the PDCA methodology applies to the SMS, including the service management processes, and the services; g1082 introduction of new requirements for the design and transition of new or changed services. ISO/IEC 20000 consists of the following parts, under the general title Information

44、 technology Servicemanagement:g1082 Part 1: Service management system requirementsg1082 Part 2: Guidance on the application of service management systems1)1) To be published. (Technical revision of ISO/IEC 20000-2:2005.) ISO/IEC 2011 All rights reserved v ISO/IEC 20000-1:2011(E)g1082 Part 3: Guidanc

45、e on scope definition and applicability of ISO/IEC 20000-1 Technical Reportg1082 Part 4: Process reference model Technical Reportg1082 Part 5: Exemplar implementation plan for ISO/IEC 20000-1 Technical ReportA process assessment model for service management will form the subject of a future Part 8.v

46、i ISO/IEC 2011 All rights reservedISO/IEC 20000-1:2011(E)IntroductionThe requirements in this part of ISO/IEC 20000 include the design, transition, delivery and improvement of services that fulfil service requirements and provide value for both the customer and the service provider. This part of ISO

47、/IEC 20000 requires an integrated process approach when the service provider plans, establishes,implements, operates, monitors, reviews, maintains and improves a service management system (SMS). Co-ordinated integration and implementation of an SMS provides ongoing control and opportunities for cont

48、inual improvement, greater effectiveness and efficiency. The operation of processes as specified in thispart of ISO/IEC 20000 requires personnel to be well organized and co-ordinated. Appropriate tools can beused to enable the processes to be effective and efficient.The most effective service provid

49、ers consider the impact on the SMS through all stages of the service lifecycle, from strategy through design, transition and operation, including continual improvement.This part of ISO/IEC 20000 requires the application of the methodology known as “Plan-Do-Check-Act” (PDCA) to all parts of the SMS and the services. The PDCA methodology, as applied in this part ofISO/IEC 20000, can be briefly described as follows. Plan: establishing, documenting and agreeing the