1、raising standards worldwide NO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAW BSI Standards Publication BS ISO/IEC 20000-1:2011 Information technology Service management Part 1: Service management system requirementsBS ISO/IEC 20000-1:2011 BRITISH STANDARD National foreword This
2、 British Standard is the UK implementation of ISO/IEC 20000-1:2011. It supersedes BS ISO/IEC 20000-1:2005 which is withdrawn. The UK participation in its preparation was entrusted to Technical Committee IST/15/-/8, IT service management. A list of organizations represented on this committee can be o
3、btained on request to its secretary. This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. BSI 2011 ISBN 978 0 580 63607 3 ICS 03.080.99; 03.100.99; 35.020 Compliance with a British Standard cannot confer immunity
4、from legal obligations. This British Standard was published under the authority of the Standards Policy and Strategy Committee on 31 May 2011. Amendments issued since publication Date Text affectedBS ISO/IEC 20000-1:2011Reference number ISO/IEC 20000-1:2011(E) ISO/IEC 2011INTERNATIONAL STANDARD ISO/
5、IEC 20000-1 Second edition 2011-04-15 Information technology Service management Part 1: Service management system requirements Technologies de linformation Gestion des services Partie 1: Exigences du systme de gestion des services BS ISO/IEC 20000-1:2011 ISO/IEC 20000-1:2011(E) COPYRIGHT PROTECTED D
6、OCUMENT ISO/IEC 2011 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs memb
7、er body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO/IEC 2011 All rights reservedBS ISO/IEC 20000-1:2011 ISO/IEC 20000-1:2011(E) ISO/IEC 201
8、1 All rights reserved iiiContents Page Foreword .v Introduction.vii 1 Scope1 1.1 General .1 1.2 Application .2 2 Normative references2 3 Terms and definitions .3 4 Service management system general requirements .7 4.1 Management responsibility 7 4.1.1 Management commitment 7 4.1.2 Service management
9、 policy .8 4.1.3 Authority, responsibility and communication8 4.1.4 Management representative.8 4.2 Governance of processes operated by other parties 8 4.3 Documentation management .9 4.3.1 Establish and maintain documents.9 4.3.2 Control of documents .9 4.3.3 Control of records .10 4.4 Resource man
10、agement.10 4.4.1 Provision of resources10 4.4.2 Human resources 10 4.5 Establish and improve the SMS.10 4.5.1 Define scope 10 4.5.2 Plan the SMS (Plan).11 4.5.3 Implement and operate the SMS (Do)11 4.5.4 Monitor and review the SMS (Check) 11 4.5.5 Maintain and improve the SMS (Act).13 5 Design and t
11、ransition of new or changed services .13 5.1 General .13 5.2 Plan new or changed services .14 5.3 Design and development of new or changed services .14 5.4 Transition of new or changed services.15 6 Service delivery processes 15 6.1 Service level management .15 6.2 Service reporting.16 6.3 Service c
12、ontinuity and availability management .16 6.3.1 Service continuity and availability requirements.16 6.3.2 Service continuity and availability plans 16 6.3.3 Service continuity and availability monitoring and testing 17 6.4 Budgeting and accounting for services17 6.5 Capacity management 18 6.6 Inform
13、ation security management.18 6.6.1 Information security policy 18 6.6.2 Information security controls.19 6.6.3 Information security changes and incidents19 7 Relationship processes 19 7.1 Business relationship management19 7.2 Supplier management.20 8 Resolution processes .21 BS ISO/IEC 20000-1:2011
14、 ISO/IEC 20000-1:2011(E) iv ISO/IEC 2011 All rights reserved8.1 Incident and service request management.21 8.2 Problem management .22 9 Control processes .22 9.1 Configuration management22 9.2 Change management 23 9.3 Release and deployment management .24 Bibliography 26 Figures Figure 1 PDCA method
15、ology applied to service management . viii Figure 2 Service management system.2 Figure 3 Example of supply chain relationships 20 BS ISO/IEC 20000-1:2011 ISO/IEC 20000-1:2011(E) ISO/IEC 2011 All rights reserved vForeword ISO (the International Organization for Standardization) and IEC (the Internati
16、onal Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields
17、 of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joi
18、nt technical committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of the joint technical committee is to prepare International Standards. Draft International Standards adopted by the joint technical committe
19、e are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall n
20、ot be held responsible for identifying any or all such patent rights. ISO/IEC 20000-1 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 7, Software and systems engineering. This second edition cancels and replaces the first edition (ISO/IEC 20000-1:2005
21、), which has been technically revised. The main differences are as follows: closer alignment to ISO 9001; closer alignment to ISO/IEC 27001; change of terminology to reflect international usage; addition of many more definitions, updates to some definitions and removal of two definitions; introducti
22、on of the term “service management system”; combining Clauses 3 and 4 of ISO/IEC 20000-1:2005 to put all management system requirements into one clause; clarification of the requirements for the governance of processes operated by other parties; clarification of the requirements for defining the sco
23、pe of the SMS; clarification that the PDCA methodology applies to the SMS, including the service management processes, and the services; introduction of new requirements for the design and transition of new or changed services. ISO/IEC 20000 consists of the following parts, under the general title I
24、nformation technology Service management: Part 1: Service management system requirements Part 2: Guidance on the application of service management systems 1)1) To be published. (Technical revision of ISO/IEC 20000-2:2005.) BS ISO/IEC 20000-1:2011 ISO/IEC 20000-1:2011(E) vi ISO/IEC 2011 All rights re
25、served Part 3: Guidance on scope definition and applicability of ISO/IEC 20000-1 Technical Report Part 4: Process reference model Technical Report Part 5: Exemplar implementation plan for ISO/IEC 20000-1 Technical Report A process assessment model for service management will form the subject of a fu
26、ture Part 8. BS ISO/IEC 20000-1:2011 ISO/IEC 20000-1:2011(E) ISO/IEC 2011 All rights reserved viiIntroduction The requirements in this part of ISO/IEC 20000 include the design, transition, delivery and improvement of services that fulfil service requirements and provide value for both the customer a
27、nd the service provider. This part of ISO/IEC 20000 requires an integrated process approach when the service provider plans, establishes, implements, operates, monitors, reviews, maintains and improves a service management system (SMS). Co-ordinated integration and implementation of an SMS provides
28、ongoing control and opportunities for continual improvement, greater effectiveness and efficiency. The operation of processes as specified in this part of ISO/IEC 20000 requires personnel to be well organized and co-ordinated. Appropriate tools can be used to enable the processes to be effective and
29、 efficient. The most effective service providers consider the impact on the SMS through all stages of the service lifecycle, from strategy through design, transition and operation, including continual improvement. This part of ISO/IEC 20000 requires the application of the methodology known as “Plan-
30、Do-Check-Act” (PDCA) to all parts of the SMS and the services. The PDCA methodology, as applied in this part of ISO/IEC 20000, can be briefly described as follows. Plan: establishing, documenting and agreeing the SMS. The SMS includes the policies, objectives, plans and processes to fulfil the servi
31、ce requirements. Do: implementing and operating the SMS for the design, transition, delivery and improvement of the services. Check: monitoring, measuring and reviewing the SMS and the services against the policies, objectives, plans and service requirements and reporting the results. Act: taking ac
32、tions to continually improve performance of the SMS and the services. When used within an SMS, the following are the most important aspects of an integrated process approach and the PDCA methodology: a) understanding and fulfilling the service requirements to achieve customer satisfaction; b) establ
33、ishing the policy and objectives for service management; c) designing and delivering services based on the SMS that add value for the customer; d) monitoring, measuring and reviewing performance of the SMS and the services; e) continually improving the SMS and the services based on objective measure
34、ments. Figure 1 illustrates how the PDCA methodology can be applied to the SMS, including the service management processes specified in Clauses 5 to 9, and the services. Each element of the PDCA methodology is a vital part of a successful implementation of an SMS. The improvement process used in thi
35、s part of ISO/IEC 20000 is based on the PDCA methodology. BS ISO/IEC 20000-1:2011 ISO/IEC 20000-1:2011(E) viii ISO/IEC 2011 All rights reservedSe r v i c e s Se r v i c e Manag ement Sy s t e m Se r v i c e Manag ement Pr o ce sse s Pl an Ch e ck Do ActFigure 1 PDCA methodology applied to service ma
36、nagement This part of ISO/IEC 20000 enables a service provider to integrate its SMS with other management systems in the service providers organization. The adoption of an integrated process approach and the PDCA methodology enables the service provider to align or fully integrate multiple managemen
37、t system standards. For example, an SMS can be integrated with a quality management system based on ISO 9001 or an information security management system based on ISO/IEC 27001. ISO/IEC 20000 is intentionally independent of specific guidance. The service provider can use a combination of generally a
38、ccepted guidance and its own experience. Users of an International Standard are responsible for its correct application. An International Standard does not purport to include all necessary statutory and regulatory requirements and contractual obligations of the service provider. Conformity to an Int
39、ernational Standard does not of itself confer immunity from statutory and regulatory requirements. For the purposes of research on service management standards, users are encouraged to share their views on ISO/IEC 20000-1 and their priorities for changes to the rest of the ISO/IEC 20000 series. Clic
40、k on the link below to take part in the online survey. ISO/IEC 20000-1 online survey BS ISO/IEC 20000-1:2011 INTERNATIONAL STANDARD ISO/IEC 20000-1:2011(E) ISO/IEC 2011 all rights reserved 1Information technology Service management Part 1: Service management system requirements 1 Scope 1.1 General T
41、his part of ISO/IEC 20000 is a service management system (SMS) standard. It specifies requirements for the service provider to plan, establish, implement, operate, monitor, review, maintain and improve an SMS. The requirements include the design, transition, delivery and improvement of services to f
42、ulfil service requirements. This part of ISO/IEC 20000 can be used by: a) an organization seeking services from service providers and requiring assurance that their service requirements will be fulfilled; b) an organization that requires a consistent approach by all its service providers, including
43、those in a supply chain; c) a service provider that intends to demonstrate its capability for the design, transition, delivery and improvement of services that fulfil service requirements; d) a service provider to monitor, measure and review its service management processes and services; e) a servic
44、e provider to improve the design, transition and delivery of services through effective implementation and operation of an SMS; f) an assessor or auditor as the criteria for a conformity assessment of a service providers SMS to the requirements in this part of ISO/IEC 20000. Figure 2 illustrates an
45、SMS, including the service management processes. The service management processes and the relationships between the processes can be implemented in different ways by different service providers. The nature of the relationship between a service provider and the customer will influence how the service
46、 management processes are implemented. BS ISO/IEC 20000-1:2011 ISO/IEC 20000-1:2011(E) 2 ISO/IEC 2011 All rights reservedCustomers (and other interested parties) Service Requirements Services Customers (and other interested parties) Design and transition of new or changed services Resolution process
47、es Relationship processes Incident and service request management Problem management Business relationship management Supplier management Service delivery processes Capacity management Service continuity & availability management Service level management Service reporting Information security manage
48、ment Budgeting & accounting for services Management responsibility Governance of processes operated by other parties Establish the SMS Documentation management Resource management Service Management System (SMS) Control processes Configuration management Change management Release and deployment mana
49、gement Customers (and other interested parties) Service Requirements Service Requirements Services Services Customers (and other interested parties) Design and transition of new or changed services Resolution processes Relationship processes Incident and service request management Problem management Business relationship management Supplier management Service delivery processes Capacity management Service continuity & availability management Service level management Service reporting I
