BS ISO IEC 20000-2-2012 Information technology Service management Guidance on the application of service management systems《信息技术 服务管理 服务管理系统应用指南》.pdf

1、raising standards worldwide NO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAW BSI Standards Publication BS ISO/IEC 20000-2:2012 Information technology Service management Part 2: Guidance on the application of service management systemsBS ISO/IEC 20000-2:2012 BRITISH STANDARD Nat

2、ional foreword This British Standard is the UK implementation of ISO/IEC 20000-2:2012. It supersedes BS ISO/IEC 20000-2:2005 which is withdrawn. The UK participation in its preparation was entrusted to Technical Committee IST/15/-/8, IT service management. A list of organizations represented on this

3、 committee can be obtained on request to its secretary. This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. The British Standards Institution 2012. Published by BSI Standards Limited 2012 ISBN 978 0 580 63608 0 I

4、CS 03.080.99; 35.020 Compliance with a British Standard cannot confer immunity from legal obligations. This British Standard was published under the authority of the Standards Policy and Strategy Committee on 31 March 2012. Amendments issued since publication Date Text affectedBS ISO/IEC 20000-2:201

5、2Reference number ISO/IEC 20000-2:2012(E) ISO/IEC 2012INTERNATIONAL STANDARD ISO/IEC 20000-2 Second edition 2012-02-15 Information technology Service management Part 2: Guidance on the application of service management systems Technologies de linformation Gestion des services Partie 2: Directives re

6、latives lapplication des systmes de management des services BS ISO/IEC 20000-2:2012 ISO/IEC 20000-2:2012(E) COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2012 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or

7、mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web ww

8、w.iso.org Published in Switzerland ii ISO/IEC 2012 All rights reservedBS ISO/IEC 20000-2:2012 ISO/IEC 20000-2:2012(E) ISO/IEC 2012 All rights reserved iiiContents Page Foreword . v Introduction vi 1 Scope 1 1.1 General . 1 1.2 Application . 2 2 Normative references 2 3 Terms and definitions . 2 4 Se

9、rvice management system general requirements . 2 4.1 Management responsibility 2 4.2 Governance of processes operated by other parties 13 4.3 Documentation management . 15 4.4 Resource management . 17 4.5 Establish and improve the SMS . 19 5 Design and transition of new or changed services . 24 5.1

10、General . 24 5.2 Plan new or changed services . 25 5.3 Design and development of new or changed services . 28 5.4 Transition of new or changed services . 31 5.5 Documents and records . 31 5.6 Authorities and responsibilities . 32 6 Service delivery processes 32 6.1 Service level management . 32 6.2

11、Service reporting . 37 6.3 Service continuity and availability management . 38 6.4 Budgeting and accounting for services 43 6.5 Capacity management 46 6.6 Information security management . 49 7 Relationship processes 53 7.1 Business relationship management 53 7.2 Supplier management . 56 8 Resolutio

12、n processes . 59 8.1 Incident and service request management 59 8.2 Problem management . 62 9 Control processes . 65 9.1 Configuration management 65 9.2 Change management 69 9.3 Release and deployment management . 72 Annex A (informative) Interfaces between processes and integration of processes wit

13、h SMS . 77 Bibliography 84 Figures and Tables Figure 1 PDCA methodology applied to service management . vii Figure 2 Service management system 1 Figure 3 Example of relationship with lead suppliers and sub-contracted suppliers 58 BS ISO/IEC 20000-2:2012 ISO/IEC 20000-2:2012(E) iv ISO/IEC 2012 All ri

14、ghts reservedTable 1 Example matrix of incident resolution target times based on priorities 60 Table A.1 Interfaces and integration for design and transition of new or changed services 77 Table A.2 Interfaces and integration for SLM 77 Table A.3 Interfaces and integration for service reporting 78 Ta

15、ble A.4 Interfaces and integration for service continuity and availability management 78 Table A.5 Interfaces and integration for budgeting and accounting for services .79 Table A.6 Interfaces and integration for capacity management .79 Table A.7 Interfaces and integration for ISM .80 Table A.8 Inte

16、rfaces and integration for BRM .80 Table A.9 Interfaces and integration for supplier management 81 Table A.10 Interfaces and integration for incident and service request management .81 Table A.11 Interfaces and integration for problem management 82 Table A.12 Interfaces and integration for configura

17、tion management .82 Table A.13 Interfaces and integration for change management .83 Table A.14 Interfaces and integration for release and deployment management .83 BS ISO/IEC 20000-2:2012 ISO/IEC 20000-2:2012(E) ISO/IEC 2012 All rights reserved vForeword ISO (the International Organization for Stand

18、ardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organizat

19、ion to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology,

20、ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of the joint technical committee is to prepare International Standards. Draft International Standards adopt

21、ed by the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of

22、patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. ISO/IEC 20000-2 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 7, Software and systems engineering. This second edition cancels and replaces the f

23、irst edition (ISO/IEC 20000-2:2005), which has been technically revised. The major differences are as follows: closer alignment to ISO 9001 and ISO/IEC 27001; changes in terminology to reflect international usage; new guidance on governance of processes operated by other parties; more guidance on de

24、fining the scope of the SMS; more guidance on continual improvement of the SMS and services; more guidance on the design and transition of new or changed services. ISO/IEC 20000 consists of the following parts, under the general title Information technology Service management: Part 1: Service manage

25、ment system requirements Part 2: Guidance on the application of service management systems Part 3: Guidance on scope definition and applicability of ISO/IEC 20000-1 Technical Report Part 4: Process reference model Technical Report Part 5: Exemplar implementation plan for ISO/IEC 20000-1 Technical Re

26、port BS ISO/IEC 20000-2:2012 ISO/IEC 20000-2:2012(E) vi ISO/IEC 2012 All rights reservedIntroduction This part of ISO/IEC 20000 provides guidance on the application of service management systems (SMS) based on ISO/IEC 20000-1. This part of ISO/IEC 20000 does not add any requirements to those stated

27、in ISO/IEC 20000-1 and does not state explicitly how evidence can be provided to an assessor or auditor. The intent of this part of ISO/IEC 20000 is to enable organizations and individuals to interpret ISO/IEC 20000-1 more accurately, and therefore use it more effectively. An SMS is defined in ISO/I

28、EC 20000-1 as a management system to direct, monitor and control the service management activities of the service provider. The SMS should include what is required for the planning, design, transition, delivery and improvement of services. At a minimum this includes service management policies, obje

29、ctives, plans, processes, process interfaces, documentation and resources. The SMS encompasses all the processes as an over-arching management system, with the service management processes as part of the SMS. Coordinated integration and implementation of an SMS provides ongoing control, greater effe

30、ctiveness, efficiency and opportunities for continual improvement. It enables an organization to work effectively with a shared vision. The operation of processes as specified in Clauses 5 to 9 requires personnel to be well organized and coordinated. Appropriate tools may be used to enable the servi

31、ce management processes to be effective and efficient. The most effectual organizations consider the impact of the SMS through all stages of the service lifecycle, from planning and design to transition and operation, including continual improvement. This part of ISO/IEC 20000 provides examples and

32、suggestions to enable organizations to interpret and apply ISO/IEC 20000-1, including references to other parts of ISO/IEC 20000 and other relevant standards. Users of International Standards are responsible for their correct application. It is important for organizations and individuals using ISO/I

33、EC 20000 to understand the points listed below. ISO/IEC 20000-1 does not purport to include all necessary statutory and regulatory requirements, or all contractual obligations of the service provider. Conformity to ISO/IEC 20000-1 does not of itself confer immunity from statutory obligations. ISO/IE

34、C 20000-1 is applicable to internal and external, large and small, and commercial and non- commercial service providers. ISO/IEC 20000-1 promotes the adoption of an integrated process approach when planning, establishing, implementing, operating, monitoring, measuring, reviewing, maintaining and imp

35、roving an SMS for the design, transition, improvement and delivery of services that fulfil service requirements. ISO/IEC 20000 promotes the application of the methodology known as “Plan-Do-Check-Act” (PDCA) to the SMS and the services. The PDCA methodology, shown in Figure 1, can be briefly describe

36、d as follows: Plan: establishing, documenting and agreeing the SMS including the policies, objectives, plans and processes necessary to design and deliver services in accordance with business needs, customer requirements and the service providers policies. Do: implementing and operating the SMS for

37、the design, transition, delivery and improvement of the services. Check: monitoring, measuring and reviewing the SMS and the services against the plans, policies, objectives and requirements and reporting the results. Act: taking actions to continually improve performance of the SMS. This includes t

38、he service management processes and the services. BS ISO/IEC 20000-2:2012 ISO/IEC 20000-2:2012(E) ISO/IEC 2012 All rights reserved viiWhen used within an SMS, the following are the most important aspects of an integrated process approach and the PDCA methodology: a) understanding and fulfilling the

39、service requirements to achieve customer satisfaction; b) establishing the policy and objectives for service management; c) designing and delivering services based on the SMS that add value for the customer; d) monitoring, measuring and reviewing performance of the SMS and the services; e) continual

40、ly improving the SMS and the services based on objective measurements. Where other management systems are present, the implementation of an SMS, with the adoption of a process approach and the PDCA methodology, enables the service provider to align or fully integrate the organizations management sys

41、tems. For example, it is possible to integrate ISO/IEC 20000 with a quality management system based upon ISO 9001 and/or an information security management system based upon ISO/IEC 27001. An integrated management system approach increases efficiency, establishes clear accountability and traceabilit

42、y and enhances organizational planning, communication and control. Services Service Management System Service Management Processes Plan Check Do ActFigure 1 PDCA methodology applied to service management As stated in ISO/IEC 20000-1: “ISO/IEC 20000 can be used by: a) an organization seeking services

43、 from service providers and requiring assurance that their service requirements will be fulfilled; b) an organization that requires a consistent approach by all their service providers, including those in a supply chain; c) the service provider that intends to demonstrate its capability for the desi

44、gn, transition, delivery and improvement of services that fulfil service requirements; d) a service provider to monitor, measure and review its service management processes and services; e) a service provider to improve the design, transition, delivery and improvement of services through the effecti

45、ve implementation and operation of the SMS; f) an assessor as the criteria for a conformity assessment of a service providers SMS to the requirements in this part of ISO/IEC 20000.” BS ISO/IEC 20000-2:2012 ISO/IEC 20000-2:2012(E) viii ISO/IEC 2012 All rights reservedThis part of ISO/IEC 20000 can be

46、 used by an organization looking for guidance on how to improve service management, whether or not it is interested in seeking certification. BS ISO/IEC 20000-2:2012 INTERNATIONAL STANDARD ISO/IEC 20000-2:2012(E) ISO/IEC 2012 All rights reserved 1Information technology Service management Part 2: Gui

47、dance on the application of service management systems 1 Scope 1.1 General This part of ISO/IEC 20000 provides guidance on the application of an SMS based on ISO/IEC 20000-1. This part of ISO/IEC 20000 provides examples and suggestions to enable organizations to interpret and apply ISO/IEC 20000-1,

48、including references to other parts of ISO/IEC 20000 and other relevant standards. This part of ISO/IEC 20000 is independent of specific best practice frameworks and the service provider can apply a combination of generally accepted guidance and their own techniques. Design and transition of new or

49、changed services Resolution processes Relationship processes Incident and service request management Problem management Business relationship management Supplier management Service delivery processes Capacity management Service continuity & availability management Service level management Service reporting Information security management Budgeting & accounting for services Customers (and other interested parties) Service Requirements Services Management resp