admin 管理员组文章数量: 887021
2024年2月25日发(作者:网站特效的好处)
INTERNATIONAL
STANDARD
ISO/IEC
200000-1
Second edition
2011-04-15
信息技术----服务管理---
Part1: 服务管理体系要求
Reference number
ISO/IEC 200000-1:2011(E)
ISO/IEC 20000-1:2011 (中英文对照版) 版本:V1.0
前言
Foreword ..................................................................................................................... 6
介绍
Introduction ................................................................................................................ 8
1
范围
Scope ..................................................................................................................... 11
1.1
总则
General .......................................................................................................... 11
1.2
应用 11
2
引用标准
Normative references ..................................................................................... 13
3
术语和定义
Terms and definitions ................................................................................ 13
4
服务管理体系总要求
Service management system general requirements ..................... 18
4.1
管理职责
Management responsibility ..................................................................... 18
4.1.1
管理承诺
Management commitment ............................................................... 18
4.1.2
服务管理政策
Service management policy ...................................................... 18
4.1.3
权利、职责和沟通
Authority, responsibility and communication ................... 18
4.1.4
管理者代表
Management representative ......................................................... 18
4.2
对其他相关方所运营过程的管控
Governance of processes operated by other
parties ............................................................................................................................. 18
4.3
文件管理
Documentation management .................................................................. 19
4.3.1
建立和维护文件
Establish and maintain documents ....................................... 19
................................................................... 19
4.3.2
文件的控制
Control of documents
4.3.3
记录的控制Control of records ........................................................................ 20
4.4
资源管理
Resource management ............................................................................ 20
4.4.1
资源的提供
Provision of resources .................................................................. 20
4.4.2
人力资源
Human resources ............................................................................. 20
.................................................. 20
4.5
建立和改进SMS
Establish and improve the SMS
©ISO/IEC 2011-All rights reserved
ISO/IEC 20000-1:2011 (中英文对照版) 版本:V1.0
4.5.1
定义范围
Define scope ..................................................................................... 20
4.5.2
规划SMS Plan the SMS(Plan) ................................................................... 21
4.5.3
实施和执行SMS
Implement and operate the SMS(DO) ............................ 21
4.5.4
监控和回顾SMS
Monitor and review the SMS(Check) ............................. 22
4.5.4.1
总要求
General ........................................................................................ 22
4.5.4.2
内部审核
Internal audit ........................................................................... 22
4.5.4.3
管理评审
Management review ................................................................. 22
4.5.5
维护和改进SMS
Maintain and improve the SMS(ACT) ............................ 23
4.5.5.1
总要求
General ........................................................................................ 23
4.5.5.2
管理改进Management of improvements .................................................. 23
5
设计并转换新的或变更的服务
Design and transition of new or changed services ........ 24
5.1
总要求General ....................................................................................................... 24
5.2
规划新的或变更的服务
Plan new or changed services ........................................... 24
5.3
设计和开发新的或变更的服务Design and development of new or changed services ........................................................................................................................................ 25
5.4
新的或变更的服务的转换
Transition of new or changed services .......................... 26
6
服务交付过程
Service delivery processes ............................................................... 26
6.1
服务级别管理Service level management ........................................................ 26
6.2
服务报告Service reporting ..................................................................................... 26
6.3
服务连续性和可用性管理
Service continuity and availability management .......... 27
6.3.1
服务连续性和可用性需求
Service continuity and availability requirements .. 27
6.3.2
服务连续性和可用性计划
Service continuity and availability plans ............... 27
6.3.3
服务连续性和可用性的监控与测试
Service continuity and availability
©ISO/IEC 2011-All rights reserved
ISO/IEC 20000-1:2011 (中英文对照版) 版本:V1.0
monitoring and testing ................................................................................................. 28
6.4
服务的预算与核算
Budgeting and accounting for services ..................................... 28
6.5
容量管理 Capacity management ............................................................................ 29
6.6
信息安全管理Information security management ................................................... 29
6.6.1
信息安全方针
Information security policy ...................................................... 29
6.6.2
信息安全控制
Information security controls ................................................... 29
6.6.3
信息安全的变更和事件Information security changes and incidents ............... 30
7
关系过程 Relationship process ..................................................................................... 30
7.1
业务关系管理Business relationship management .................................................. 30
7.2
供应商管理
Supplier management ......................................................................... 31
8
解决过程
Resolution processes ...................................................................................... 32
8.1
事件和服务请求管理Incident and service request management ............................ 32
8.2
问题管理
Problem management ............................................................................. 33
9
控制过程
Control processes ........................................................................................... 34
9.1
配置管理
Configuration management .................................................................... 34
9.2
变更管理
Change management .............................................................................. 35
9.3
发布与部署管理
Release and deployment management ......................................... 36
©ISO/IEC 2011-All rights reserved
ISO/IEC 20000-1:2011 (中英文对照版) 版本:V1.0
申明:本套ISO20000-1:2011中文版翻译由专家团队翻译,因水平有限,其中错误和遗漏之处再所难免。欢迎各位同仁、专家批评指正。
本文仅供网上阅读学习之用,未均授权,不得用于任何商业目的。
关于ISO2000-1:2011标准的解析,请访问:
/?SpecialID=7
关于ISO2000-1:2011标准的培训,请访问:
/?SpecialID=8
关于实施ISO2000-1:2011标准的相关书籍,请访问:
/book_
2011-6-16 于北京
对ISO20000-1:2011标准的更多学习探讨,欢迎致信:research@
©ISO/IEC 2011-All rights reserved
ISO/IEC 20000-1:2011 (中英文对照版) 版本:V1.0
前言
Foreword
Foreword
ISO(国际标准化组织)和IEC(国际电工协会)构ISO (the International Organization for
成国际标准化的专业体系。制定国际标准工作通常Standardization) and IEC (the International
由ISO的技术委员会完成。各成员团体若对某技术Electrotechnical Commission) form the specialized
委员会确定的项目感兴趣,均有权参加该委员会的system for worldwide standardization. National bodies
工作。与ISO保持联系的各国际组织(官方的或非that are members of ISO or IEC participate in the
官方的)也可参加有关工作。在信息技术领域,ISOdevelopment of International Standards through
和IEC已经建立了一个联合技术委员会委员,ISO /
technical committees established by the respective
organization to deal with particular fields of technical
IEC JTC 1。
activity. ISO and IEC technical committees collaborate
国际标准是根据ISO/IEC导则第2部分的规则起草。
in fields of mutual interest. Other international
organizations, governmental and non-governmental, in
联合技术委员会的主要任务是制定国际标准。由技liaison with ISO and IEC, also take part in the work. In
术委员会通过的国际标准草案需提交各成员团体投the field of information technology, ISO and IEC have
票表决。国际标准草案需取得至少75%参加表决成established a joint technical committee, ISO/IEC JTC 1.
员团体的同意,才能作为国际标准正式发布。
International Standards are drafted in accordance with
本文件中的某些内容有可能涉及一些专利权问题,the rules given in the ISO/IEC Directives, Part 2.
对此应引起注意,ISO/IEC不负责识别任何这样的专利权问题。
The main task of the joint technical committee is to
prepare International Standards. Draft International
ISO20000-1由ISO/IEC JTC 1/SC 7 信息技术联合Standards adopted by the joint technical committee are
技术委员会软件和系统工程分会制定。第二版替代circulated to national bodies for voting. Publication as
第一版标准(ISO20000-1:2005),并对其进行an International Standard requires approval by at least
了的技术性修订。主要的不同点如下:
75 % of the national bodies casting a vote.
—— 与ISO9001 标准更为一致;
Attention is drawn to the possibility that some of the
—— 与ISO27001标准更为一致;
—— 对术语进行了变化,以保持和国际惯例的一致;
elements of this document may be the subject of patent
rights. ISO and IEC shall not be held responsible for
identifying any or all such patent rights.
ISO/IEC 20000-1 was prepared by Joint Technical
—— 新增了许多新的定义,更新了部分定义并删除Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 7, Software and systems engineering.
了两个旧的定义;
This second edition cancels and replaces the first
—— 引入了术语“服务管理体系(SMS)”概念;
edition (ISO/IEC 20000-1:2005), which has been
technically revised. The main differences are as
—— 将ISO/IEC20000-1:2005版中的条款3和4follows:
进行了合并,并将所有的管理体系要求纳入到同一个条款中;
——closer alignment to ISO 9001;
—— 进一步明确了由相关方所运营流程的管控要求;
—— 进一步明确了定义SMS 范围的要求;
—— 进一步明确了将PDCA方法应用于SMS中,包括服务管理过程和服务;
—— 对设计并转换新的或变更的服务引进了一些新的要求。
ISO/IEC 20000标准由下列名为“信息技术-服务管理”标准构成,包括:
——第1部分:服务管理体系要求
——第2部分:服务管理体系应用指南¹)
——第3部分:ISO/IEC20000-1范围定义和适用性指南【技术报告】
——第4部分:过程参考模型【技术报告】
——第5部分:ISO/IEC20000-1实施计划模型【技术报告】
服务管理的流程评估模型将在不久的将来推出,作为第8部分的一个章节。——closer alignment to ISO/IEC 27001;
——change of terminology to reflect international
usage;
——addition of many more definitions, updates to
some definitions and removal of two definitions;
——introduction of the term “service management
system”;
——combining Clauses 3 and 4 of ISO/IEC
20000-1:2005 to put all management system
requirements into one clause;
——clarification of the requirements for the
governance of processes operated by other parties;
——clarification of the requirements for defining the
scope of the SMS;
——clarification that the PDCA methodology applies
to the SMS, including the service management
processes, and the services;
——introduction of new requirements for the design
and transition of new or changed services.
ISO/IEC 20000 consists of the following parts, under
©ISO/IEC 2011-All rights reserved
ISO/IEC 20000-1:2011 (中英文对照版) 版本:V1.0
the general title Information technology — Service
management:
——Part 1: Service management system requirements
——Part 2: Guidance on the application of service
management systems¹)
——Part 3: Guidance on scope definition and
applicability of ISO/IEC 20000-1 [Technical Report]
——Part 4: Process reference model [Technical
Report]
——Part 5: Exemplar implementation plan for ISO/IEC
20000-1 [Technical Report]
A process assessment model for service management
will form the subject of a future Part 8.
1即将出版(对ISO/IEC20000-2的技术修订)。
©ISO/IEC 2011-All rights reserved
ISO/IEC 20000-1:2011 (中英文对照版) 版本:V1.0
介绍
Introduction
ISO/IEC20000-1要求包括设计、转换、交付和改进服务,以满足服务需求并向客户和服务提供者提供价值。ISO/IEC20000-1要求服务提供者在规划、确立、实施、运行、监控、回顾、维护和持续改进服务管理体系(SMS)时,采用整合的过程方法。
协调一致地整合与实施SMS可提供持续的控制和更有效、更高效的持续改进机会。运行ISO/IEC20000-1所定义的过程要求组织和协调好相应的人员。适当的工具可用于支持过程的有效和高效执行。
最有效的服务提供者需在服务全生命周期(战略、设计、转换、运行和持续改进)的所有阶段考虑对SMS的影响。
ISO/IEC20000-1要求SMS的所有部分和服务都采取业界知名的PDCA(规划、实施、检查、改进)方法论。ISO/IEC20000-1采用的PDCA方法论,可以简单描述为:
Introduction
The requirements in this part of ISO/IEC 20000 include
the design, transition, delivery and improvement of
services that fulfil service requirements and provide
value for both the customer and the service provider.
This part of ISO/IEC 20000 requires an integrated
process approach when the service provider plans,
establishes, implements, operates, monitors, reviews,
maintains and improves a service management system
(SMS).
Co-ordinated integration and implementation of an
SMS provides ongoing control and opportunities for
continual improvement, greater effectiveness and
efficiency. The operation of processes as specified in
this part of ISO/IEC 20000 requires personnel to be
well organized and co-ordinated. Appropriate tools can
be used to enable the processes to be effective and
efficient.
The most effective service providers consider the
impact on the SMS through all stages of the service
P-规划(Plan):建立、文件化和协商确定SMS。lifecycle, from strategy through design, transition and
SMS包括满足服务需求的政策、目标、计划和过程;
operation, including continual improvement.
D-实施(Do):实施和执行SMS以设计、转换、This part of ISO/IEC 20000 requires the application of
交付和改进服务;
the methodology known as “Plan-Do-Check-Act”
C-检查(Check):根据政策、目标、计划和服务(PDCA) to all parts of the SMS and the services. The
测量和回顾,并报告结果;
需求,对SMS进行监控、PDCA methodology, as applied in this part of ISO/IEC
A-改进(Act):采取措施,以持续改进SMS和服20000, can be briefly described as follows.
务的绩效。
Plan: establishing, documenting and agreeing the SMS.
当用于SMS时,下述是整合过程方法和PDCA方法论最重要的方面:
a)理解和满足服务需求以达到客户满意;
b)建立服务管理的政策和目标;
c)基于SMS为客户增加价值来设计和交付服务;
d)监控、测量和回顾SMS和服务;
e)基于客观的测量结果以持续改进SMS和服务。
图1 说明了PDCA方法论可被用于SMS,包括定义于条款5-9的服务管理过程和服务。每个PDCA方法论的元素是成功实施SMS的关键部分。用于ISO/IEC 20000-1的改进过程也是基于PDCA方法论。
ISO/IEC 20000-1允许服务提供者在组织中将SMS和其他管理体系整合。采用整合的过程方法论和PDCA方法论可以使服务提供者能一体化或完全整合多个管理体系标准。例如,SMS可以与基于ISO9001的质量管理体系和基于ISO27001的信息安全管理体系整合。
ISO/IEC20000是特定的独立指南。服务提供者可以结合使用其它普遍接受的指南和自身的经验。
国际标准的使用者对标准的正确应用负责。国际标准并不包括所有必需的法律法规要求和服务提供者的合同义务。对国际标准的遵守并不意味着免除对法律法规的遵从义务。
为促进对服务管理标准的研究,鼓励使用者分享对ISO/IEC20000-1的观点和ISO/IEC20000其它系列标准修改的优先顺序。
The SMS includes the policies, objectives, plans and
processes to fulfil the service requirements.
Do: implementing and operating the SMS for the
design, transition, delivery and improvement of the
services.
Check: monitoring, measuring and reviewing the SMS
and the services against the policies, objectives, plans
and service requirements and reporting the results.
Act: taking actions to continually improve performance
of the SMS and the services.
When used within an SMS, the following are the most
important aspects of an integrated process approach and
the PDCA methodology:
a) understanding and fulfilling the service requirements
to achieve customer satisfaction;
b) establishing the policy and objectives for service
management;
c) designing and delivering services based on the SMS
that add value for the customer;
d) monitoring, measuring and reviewing performance
of the SMS and the services;
e) continually improving the SMS and the services
based on objective measurements.
Figure 1 illustrates how the PDCA methodology can be
applied to the SMS, including the service management
processes specified in Clauses 5 to 9, and the services.
Each element of the PDCA methodology is a vital part
of a successful implementation of an SMS. The
©ISO/IEC 2011-All rights reserved
ISO/IEC 20000-1:2011 (中英文对照版) 版本:V1.0
请点击下面的链接参加在线的调查:
ISO/IEC20000-1 在线调查
improvement process used in this part of ISO/IEC
20000 is based on the PDCA methodology.
Figure 1 — PDCA methodology applied to service
management
This part of ISO/IEC 20000 enables a service provider
to integrate its SMS with other management systems in
the service provider's organization. The adoption of an
integrated process approach and the PDCA
methodology enables the service provider to align or
fully integrate multiple management system standards.
For example, an SMS can be integrated with a quality
management system based on ISO 9001 or an
information security management system based on
ISO/IEC 27001.
ISO/IEC 20000 is intentionally independent of specific
guidance. The service provider can use a combination
of generally accepted guidance and its own experience.
Users of an International Standard are responsible for
its correct application. An International Standard does
not purport to include all necessary statutory and
regulatory requirements and contractual obligations of
the service provider. Conformity to an International
Standard does not of itself confer immunity from
statutory and regulatory requirements.
For the purposes of research on service management
standards, users are encouraged to share their views on
ISO/IEC 20000-1 and their priorities for changes to the
rest of the ISO/IEC 20000 series. Click on the link
below to take part in the online survey.
ISO/IEC 20000-1 online survey
Figure 1 — PDCA methodology applied to service management
©ISO/IEC 2011-All rights reserved
ISO/IEC 20000-1:2011 (中英文对照版) 版本:V1.0
图1-应用到服务管理的PDCA方法
©ISO/IEC 2011-All rights reserved
ISO/IEC 20000-1:2011 (中英文对照版) 版本:V1.0
1
范围
Scope
1.1
总则
General
ISO/IEC 20000-1是服务管理体系(SMS)标准。它阐述了服务提供者规划、建立、实施、运行、监控、回顾、维护和持续改进SMS的具体要求。这些要求包括服务的设计、转换、交付和改进,以满足服务需求。ISO/IEC 20000-1适用于:
a) 从服务提供者处寻求服务,并需要确保其服务需求被满足的组织;
b) 要求其所有服务提供者(包括在一个供应链上的)采用一致性的方式的组织;
c) 希望展现其满足服务需求的服务设计、转换、交付和改进能力的服务提供者;
d) 为了监控、测量和回顾其服务管理流程与服务的服务提供者;
e) 通过SMS的有效实施与运行来持续改进服务设计、转换和交付的服务提供者;
f) 评估师或审核员,将其用于作为评估服务提供者的SMS是否满足ISO/IEC 20000-1要求的符合性评估标准。
图2 展示了服务管理体系(SMS),以及所包括的服务管理过程。不同的服务提供者可采用不同的方式执行服务管理过程及其过程之间的关联关系。服务提供者和客户之间关系的性质将影响服务管理过程如何被实施。
1.2
应用 Application
无论所交付服务的类型、规模和特性,ISO/IEC
20000-1的所有要求是通用的,适用于所有的服务提供者。无论服务提供者组织有任何特性,声明符合ISO/IEC 20000-1要求的服务提供者裁剪条款4-9的任何要求都是不可接受的。
对于条款4所要求的符合性只能由服务提供者展示满足条款4所有要求的证据。对于条款4,服务提供者不能依赖对其他相关方所运行过程的管控证据。
对条款5-9所要求的符合性可以由服务提供者展示其满足所有要求的证据。除此之外,服务提供者也可以展示其满足大多数要求的自身证据,和那些服务提供者不直接运行由其他相关方所运行过程(或过程的部分)的管控证据。
ISO/IEC 20000-1的范围不包括特定的产品或工具。然而,组织可以使用ISO/IEC 20000-1帮助他们开发支持SMS运行的产品或工具。
1 Scope
1.1 General
This part of ISO/IEC 20000 is a service management
system (SMS) standard. It specifies requirements for the
service provider to plan, establish, implement, operate,
monitor, review, maintain and improve an SMS. The
requirements include the design, transition, delivery and
improvement of services to fulfil service requirements.
This part of ISO/IEC 20000 can be used by:
a) an organization seeking services from service
providers and requiring assurance that their service
requirements will be fulfilled;
b) an organization that requires a consistent approach by
all its service providers, including those in a supply
chain;
c) a service provider that intends to demonstrate its
capability for the design, transition, delivery and
improvement of services that fulfil service requirements;
d) a service provider to monitor, measure and review its
service management processes and services;
e) a service provider to improve the design, transition
and delivery of services through effective
implementation and operation of an SMS;
f) an assessor or auditor as the criteria for a conformity
assessment of a service provider's SMS to the
requirements in this part of ISO/IEC 20000.
Figure 2 illustrates an SMS, including the service
management processes. The service management
processes and the relationships between the processes
can be implemented in different ways by different
service providers. The nature of the relationship
between a service provider and the customer will
influence how the service management processes are
implemented.
1.2 Application
All requirements in this part of ISO/IEC 20000 are
generic and are intended to be applicable to all service
providers, regardless of type, size and the nature of the
services delivered. Exclusion of any of the requirements
in Clauses 4 to 9 is not acceptable when a service
provider claims conformity to this part of ISO/IEC
20000, irrespective of the nature of the service
provider's organization.
Conformity to the requirements in Clause 4 can only be
demonstrated by a service provider showing evidence of
fulfilling all of the requirements in Clause 4. A service
provider cannot rely on evidence of the governance of
processes operated by other parties for the requirements
in Clause 4.
Conformity to the requirements in Clauses 5 to 9 can be
demonstrated by the service provider showing evidence
of fulfilling all requirements. Alternatively, the service
provider can show evidence of fulfilling the majority of
the requirements themselves and evidence of the
governance of processes operated by other parties for
those processes, or parts of processes, that the service
provider does not operate directly.
注: ISO/IEC TR 20000-3部分提供了ISO/IEC
20000-1范围定义和适用性的指南。这包括了关于 ©ISO/IEC 2011-All rights reserved
ISO/IEC 20000-1:2011 (中英文对照版) 版本:V1.0
对其他相关方所运营流程的管控的更多解释。
The scope of this part of ISO/IEC 20000 excludes the
specification for a product or tool. However,
organizations can use this part of ISO/IEC 20000 to help
them develop products or tools that support the
operation of an SMS.
NOTE ISO/IEC TR 20000-3 provides guidance on
scope definition and applicability of this part of
ISO/IEC includes further explanation about
the governance of processes operated by other parties.
Figure 2 – Service management system
图2 — 服务管理体系
©ISO/IEC 2011-All rights reserved
ISO/IEC 20000-1:2011 (中英文对照版) 版本:V1.0
2
引用标准
Normative references
以下引用的文件对于本文件的应用是必不可少的。对于有日期标注的引用文件,仅被引用的版本适用。对于没有日期标注的引用文件,被引用文件的最新版本(包括其任何修订)适用。
这里没有引用标准文献。本标准包括本条款仅仅为了确保条款号与ISO/IEC 20000-21(信息技术 —
服务管理 — 第2部分:服务管理体系应用指南)保持一致。
2 Normative references
The following referenced documents are indispensable for
the application of this document. For dated references, only
the edition cited applies. For undated references, the latest
edition of the referenced document (including any
amendments) applies.
No normative references are cited. This clause is included
in order to ensure clause numbering is identical with
ISO/IEC 20000-2:—, Information technology — Service
management — Part 2: Guidance on the application of
service management systems.
3 Terms and definitions
For the purposes of this document, the following terms and
definitions apply.
3.1 availability
ability of a service or service component to perform its
required function at an agreed instant or over an agreed
period of time
NOTE Availability is normally expressed as a ratio or
percentage of the time that the service or service component
is actually available for use by the customer to the agreed
time that the service should be available.
3.2 configuration baseline
configuration information formally designated at a specific
time during a service or service component's life
NOTE 1 Configuration baselines, plus approved changes
from those baselines, constitute the current configuration
information.
NOTE 2 Adapted from ISO/IEC/IEEE 24765:2010.
3.3 configuration item
CI
element that needs to be controlled in order to deliver a
service or services
3
术语和定义
Terms and definitions
下列术语和定义适用于本文件。
3.1 可用性 availability
在规定时刻或规定时间段内,组件或服务执行要求功能的能力
注:可用性通常用一段时间内的百分比计算,该计算通常基于服务或服务组件的用户实际可用时间和协定有效服务时间
3.2 配置基线 configuration baseline
在服务或服务组件的生命周期中,某一时间点被正式指定的配置信息
注1:配置基线,加上对配置基线的被授权变更,形成了当前的配置信息
注2:改编自ISO/IEC/IEEE 24765:2010
3.3 配置项 configuration item(CI)
为了交付一项或多项服务而需要被控制的组件
3.4 配置管理数据库 configuration
3.4 configuration management database
management database(CMDB)
CMDB
用于记录配置项全生命周期属性及配置项之间关系data store used to record attributes of configuration items,
的存储数据
and the relationships between configuration items,
3.5 持续改进 continual improvement
增强满足服务需求能力的循环活动
throughout their lifecycle
3.5 continual improvement
recurring activity to increase the ability to fulfil service
requirements
NOTE Adapted from ISO 9000:2005.
3.6 corrective action
action to eliminate the cause or reduce the likelihood of
recurrence of a detected nonconformity or other undesirable
situation
注:改编自ISO 9000:2005
3.6 纠正措施 corrective action
为消除已发现的不合格或其他不期望情况的原因或降低其重复发生的可能性所采取的措施
注:改编自ISO 9000:2005
1 ISO/IEC 20000-2最新版将发布。
©ISO/IEC 2011-All rights reserved
ISO/IEC 20000-1:2011 (中英文对照版) 版本:V1.0
3.7 客户 customer
接受一项服务或多项服务的组织或组织的一部分
NOTE Adapted from ISO 9000:2005.
3.7 customer
organization or part of an organization that receives a
service or services
NOTE 1 A customer can be internal or external to the
service provider's organization.
NOTE 2 Adapted from ISO 9000:2005.
3.8 document
information and its supporting medium [ISO 9000:2005]
EXAMPLES Policies, plans, process descriptions,
procedures, service level agreements, contracts or records.
NOTE 1 The documentation can be in any form or type of
medium.
NOTE 2 In ISO/IEC 20000, documents, except for records,
state the intent to be achieved.
3.9 effectiveness
extent to which planned activities are realized and planned
results achieved [ISO 9000:2005]
3.10 incident
Incident unplanned interruption to a service, a reduction in
the quality of a service or an event that has not yet impacted
the service to the customer
3.11 information security
注1:客户可以是服务供应者的内部或外部组织
注2:改编自ISO 9000:2005
3.8 文件 document
信息及其承载媒体 [ISO 9000:2005]
示例:策略、计划、流程描述、程序文件、服务水平协议、合同、记录
注1:文件可以通过不同类型的媒体进行存储
注2:在ISO/IEC 20000中,除记录外,文件所描述的目的应该达到
3.9 有效性 effectiveness
计划的活动被实现的程度,以及计划的结果的达成程度[ISO 9000:2005]
3.10事件 incident
计划外的服务中断,服务质量下降或还未影响服务的事态(Event)
3.11 信息安全 information security
保持信息的机密性、完整性和可访问性
preservation of confidentiality, integrity and accessibility of
注1:此外,其他属性还可包括真实性,可核查性,information
抗抵赖性和可靠性
注2:可用性没有被用在这个定义。因为在ISO/IEC20000-1 可用性是一个已定义的词,其用于信息安全的定义不适当。
注3:改编自 ISO/IEC 27000:2009
NOTE 1 In addition, other properties such as authenticity,
accountability, non-repudiation and reliability can also be
involved.
NOTE 2 The term “availability” has not been used in this
definition because it is a defined term in this part of
ISO/IEC 20000 which would not be appropriate for this
definition.
NOTE 3 Adapted from ISO/IEC 27000:2009.
3.12 信息安全事件 information security
3.12 information security incident
incident
single or a series of unwanted or unexpected information
一个信息安全事件由单个或一系列的有害或意外信security events that have a significant probability of
息安全事态组成,它们具有损害业务运作和威胁信compromising business operations and threatening
information security [ISO/IEC 27000:2009]
息安全的极大的可能性[ISO/IEC 27000:2009]
3.13 相关方 interested party
与服务提供者活动的业绩或成就有利益关系的个人或团体
3.13 interested party
person or group having a specific interest in the
performance or success of the service provider's activity or
activities
示例:用户、所有者、管理层、服务组织中的员工、EXAMPLES Customers, owners, management, people in
供应商、银行、工会或合作伙伴。
the service provider's organization, suppliers, bankers,
注1:一个团体可由一个组织或其一部分或多个组unions or partners.
织构成。
注2:改编自ISO 9000:2005
NOTE 1 A group can comprise an organization, a part
thereof, or more than one organization.
NOTE 2 Adapted from ISO 9000:2005.
©ISO/IEC 2011-All rights reserved
ISO/IEC 20000-1:2011 (中英文对照版) 版本:V1.0
3.14 内部团队 internal group
服务提供者组织的一部分,其与服务提供者签署协议,共同参与到服务或服务流程的设计、转换、交付和改进中
3.14 internal group
part of the service provider's organization that enters into a
documented agreement with the service provider to
contribute to the design, transition, delivery and
improvement of a service or services
NOTE The internal group is outside the scope of the service
provider's SMS.
3.15 known error
problem that has an identified root cause or a method of
reducing or eliminating its impact on a service by working
around it
3.16 nonconformity
non-fulfilment of a requirement
3.17 organization
group of people and facilities with an arrangement of
responsibilities, authorities and relationships
注:内部团队是指服务提供者的SMS范围之外的组织
3.15 已知错误 known error
一个已被了解根本原因或可用变通解决方案降低或消除对服务影响的问题
3.16 不符合 nonconformity
未满足要求
[ISO 9000:2005]
3.17 组织 organization
职责、权限和相互关系得到安排的一组人员及设施
EXAMPLES Company, corporation, firm, enterprise,
示例:公司、集团、商行、企事业单位、研究机构、institution, charity, sole trader, association, or parts or
慈善机构、代理商、社团或上述组织的部分或组合。
combination thereof.
注1:安排通常是有序的
注2:组织可以是公有的或私有的
[ISO 9000:2005]
3.18 预防措施 preventive action
为避免或消除潜在不符合或其他潜在不期望情况的原因或降低其重复发生的可能性所采取的措施
NOTE 1 The arrangement is generally orderly.
NOTE 2 An organization can be public or private.
[ISO 9000:2005]
3.18 preventive action
action to avoid or eliminate the causes or reduce the
likelihood of occurrence of a potential nonconformity or
other potential undesirable situation
NOTE Adapted from ISO 9000:2005.
3.19 problem
root cause of one or more incidents
NOTE The root cause is not usually known at the time a
problem record is created and the problem management
process is responsible for further investigation.
3.20 procedure
specified way to carry out an activity or a process [ISO
9000:2005]
NOTE Procedures can be documented or not.
3.21 process
set of interrelated or interacting activities which transforms
inputs into outputs [ISO 9000:2005]
3.22 record
document stating results achieved or providing evidence of
activities performed [ISO 9000:2005]
EXAMPLES Audit reports, incident reports, training
records or minutes of meetings.
3.23 release
collection of one or more new or changed configuration
items deployed into the live environment as a result of one
注:改编自ISO 9000:2005
3.19 问题 problem
一个或多个事件的根本原因
注:在问题记录创建和问题管理流程进一步调查期间,根本原因通常是未知的。
3.20 程序 procedure
为进行某项活动或过程所规定的途径
[ISO 9000:2005]
注:程序可以形成文件,也可以不形成文件。
3.21 过程/流程 process
将输入转化为输出的相互关联的或相互作用的一组活动
[ISO 9000:2005]
3.22 记录 record
阐明所取得的结果或提供所完成活动的证据的文件
[ISO 9000:2005]
示例:审计报告、事件报告、培训记录或会会议记录
3.23 发布 release
作为一个或多个变更的结果,部署到实际生产环境 ©ISO/IEC 2011-All rights reserved
ISO/IEC 20000-1:2011 (中英文对照版) 版本:V1.0
的一个或多个新的或变更的配置项的集合
3.24 变更请求 request for change
对一项服务、服务组件或服务管理体系所做变更的提议
or more changes
3.24 request for change
proposal for a change to be made to a service, service
component or the service management system
NOTE A change to a service includes the provision of a
new service or the removal of a service which is no longer
required.
3.25 risk
effect of uncertainty on objectives
NOTE 1 An effect is a deviation from the expected —
positive and/or negative.
NOTE 2 Objectives can have different aspects (such as
financial, health and safety, and environmental goals) and
can apply at different levels (such as strategic,
organization-wide, project, product and process).
NOTE 3 Risk is often characterized by reference to
potential events and consequences, or a combination of
these.
NOTE 4 Risk is often expressed in terms of a combination
of the consequences of an event (including changes in
circumstances) and the associated likelihood of occurrence.
[ISO 31000:2009]
3.26 service
means of delivering value for the customer by facilitating
results the customer wants to achieve
NOTE 1 Service is generally intangible.
NOTE 2 A service can also be delivered to the service
provider by a supplier, an internal group or a customer
acting as a supplier.
3.27 service component
single unit of a service that when combined with other units
will deliver a complete service
EXAMPLES Hardware, software, tools, applications,
documentation, information, processes or supporting
services.
NOTE A service component can consist of one or more
configuration items.
3.28 service continuity
注:一项服务变更包括提供一项新服务或删除一项不需要的服务。
3.25 风险 risk
对目标不确定性的影响
注1:影响可能偏离预期-正面的和/或负面的
注2:目标可以有不同的方面(如财务、健康安全以及环境目标),并应用于不同的层次(如战略、组织整体、项目、产品和过程)
注3:风险常具有潜在事件、后果或二者结合的特征
注4:经常用一个事件的后果(包括情况变化)和对应的发生可能性这二者的结合来表示风险
[ISO 31000:2009]
3.26 服务 service
为了达成客户期望的结果,而向客户交付价值的一种方式
注1:服务通常是无形的
注2:一项服务也可以由服务提供者的供应商、内部团队或扮演供应商角色的客户所交付。
3.27 服务组件 service component
服务的单一单元,该单元与其他单元合并时将提供一个完整的服务
示例:硬件、软件、工具、应用、文件、信息、过程或支持的服务.
注:服务组件可以包括一个或多个配置项
3.28 服务连续性 service continuity
对风险和可能对一项或多项服务产生严重影响的事件进行管理的能力,以便以商定的水平持续提供服务
capability to manage risks and events that could have
serious impact on a service or services in order to
continually deliver services at agreed levels
3.29 服务级别协议 service level
3.29 service level agreement
agreement(SLA)
服务提供者和用户之间签署的协议,用以记录既定的服务和服务目标
SLA
documented agreement between the service provider and
customer that identifies services and service targets
注1:服务级别协议也可以在服务提供者与供应商、NOTE 1 A service level agreement can also be established
between the service provider and a supplier, an internal
内部组织或扮演供应商角色的客户之间签署
注2:服务级别协议可包括在一个合同中或其他类型的书面协议中
group or a customer acting as a supplier.
NOTE 2 A service level agreement can be included in a
©ISO/IEC 2011-All rights reserved
ISO/IEC 20000-1:2011 (中英文对照版) 版本:V1.0
3.30 服务管理 service management
一系列的能力和过程,用以指导和控制服务提供者设计、转换、交付和改进服务的活动和资源,以满足服务需求
contract or another type of documented agreement.
3.30 service management
set of capabilities and processes to direct and control the
service provider's activities and resources for the design,
transition, delivery and improvement of services to fulfil
the service requirements
3.31 服务管理体系 service management
system(SMS)
3.31 service management system
指导和控制服务提供者服务管理活动的管理体系
SMS
注1: 服务管理体系是由一系列相关或相互影响的元素组成,以建立策略和目标并促进实现目标
management system to direct and control the service
management activities of the service provider
NOTE 1 A management system is a set of interrelated or
interacting elements to establish policy and objectives and
to achieve those objectives.
policies, objectives, plans, processes, documentation and
resources required for the design, transition, delivery and
improvement of services and to fulfil the requirements in
this part of ISO/IEC 20000.
注2:服务管理体系包括所有用于设计、转换、交付和改进服务及满足ISO/IEC 20000-1要求所需要的服务管理策略,目标,计划、过程、文件和资源
NOTE 2 The SMS includes all service management
注3:改编自ISO 9000:2005“质量管理体系”的定义
3.32 服务提供者 service provider
一个组织或组织的一部分,其负责管理或交付一项或多项提供给用户的服务
NOTE 3 Adapted from the definition of “quality
management system” in ISO 9000:2005.
3.32 service provider
organization or part of an organization that manages and
delivers a service or services to the customer
NOTE A customer can be internal or external to the service
provider's organization.
3.33 service request
request for information, advice, access to a service or a
pre-approved change
3.34 service requirement
needs of the customer and the users of the service,
including service level requirements, and the needs of the
service provider
3.35 supplier
organization or part of an organization that is external to the
service provider's organization and enters into a contract
with the service provider to contribute to the design,
transition, delivery and improvement of a service or
services or processes
NOTE Suppliers include designated lead suppliers but not
their sub-contracted suppliers.
3.36 top management
person or group of people who direct and control the
service provider at the highest level
NOTE Adapted from ISO 9000:2005.
3.37 transition
activities involved in moving a new or changed service to
or from the live environment.
注:客户可以是服务供应者的内部或外部组织
3.33 服务请求 service request
用户对信息、建议、服务访问或预授权变更的请求
3.34 服务需求 service requirement
包括服务级别需求在内的用户和服务使用者的需求,以及服务提供者的需求
3.35 供应商 supplier
服务提供者之外的组织或组织的一部分,其与服务提供者签署协议,共同参与到服务或服务流程的设计、转换、交付和改进中
注:供应商包括指定的总包商,但不包括他们的分包商
3.36高管层 top management
指导和管控服务提供者的高层人员或团队
注:改编自 ISO 9000:2005
3.37 转换 transition
将一项新的或变更的服务移入或移出生产环境的活动
©ISO/IEC 2011-All rights reserved
ISO/IEC 20000-1:2011 (中英文对照版) 版本:V1.0
4 Service management system general requirements
4
服务管理体系总要求
Service management
4.1 Management responsibility
system general requirements
4.1.1 Management commitment
4.1
管理职责
Management responsibility
Top management shall provide evidence of its commitment
4.1.1
管理承诺
Management commitment
to planning, establishing, implementing, operating,
高管层应通过以下活动,提供对规划、确立、实施、monitoring, reviewing, maintaining, and improving the
运行、监控、回顾、维护和改进SMS与服务所做承SMS and the services by:
诺的证据:
a) establishing and communicating the scope, policy and
objectives for service management;
a) 建立和沟通服务管理的范围、政策和目标;
b) 确保服务管理计划被创建、实施和维护,以遵b) ensuring that the service management plan is created,
循服务管理政策、实现服务管理目标和满足服implemented and maintained in order to adhere to the
policy, achieve the objectives for service management and
务需求;
c) 沟通满足服务需求的重要性;
fulfil the service requirements;
d) 沟通满足法律法规要求和合同义务的重要性;
c) communicating the importance of fulfilling service
requirements;
e) 确保资源的提供;
f) 按规定的时间间隔执行管理评审;
d) communicating the importance of fulfilling statutory and
g) 确保服务的风险被评估和管理。
regulatory requirements and contractual obligations;
e) ensuring the provision of resources;
f) conducting management reviews at planned intervals;
g) ensuring that risks to services are assessed and managed.
4.1.2
服务管理政策
Service management policy
4.1.2 Service management policy
Top management shall ensure that the service management
高管层应确保服务管理政策:
policy:
a) 符合服务提供者的目标;
a) is appropriate to the purpose of the service provider;
b) 包括对满足服务需求的承诺;
b) includes a commitment to fulfil service requirements;
c) 包括按照条款4.5.5.1的持续改进政策对持续c) includes a commitment to continually improve the
改进SMS和服务有效性的承诺;
effectiveness of the SMS and the services through the
d) 提供制定和回顾服务管理目标的机制;
policy on continual improvement in Clause 4.5.5.1;
e) 被传达,并得到员工理解;
d) provides a framework for establishing and reviewing
f) 被回顾以持续适用。
service management objectives;
e) is communicated and understood by the service
provider's personnel;
f) is reviewed for continuing suitability.
4.1.3
权利、职责和沟通
Authority, responsibility
4.1.3 Authority, responsibility and communication
Top management shall ensure that:
and communication
a) service management authorities and responsibilities are
defined and maintained;
高管层应确保:
b) documented procedures for communication are
a) 服务管理的权利和职责被定义和维护;
established and implemented.
b) 文件化的沟通程序被确立和实施。
4.1.4 Management representative
4.1.4
管理者代表
Management representative
Top management shall appoint a member of the service
provider's management who, irrespective of other
高管层应任命一名管理人员,无论其其他方面的职responsibilities, has the authorities and responsibilities that
责如何,承担以下职责和权利:
include:
a) 确保识别、记录和满足服务需求的活动被执行;
a) ensuring that activities are performed to identify,
b) 分配权利和职责,以确保服务管理流程遵循服document and fulfil service requirements;
务管理政策和目标进行设计、实施和改进;
b) assigning authorities and responsibilities for ensuring
c) 确保服务管理流程和SMS其他部分进行整合;
that service management processes are designed,
d) 确保用于交付服务的资产(包括许可证)遵循implemented and improved in accordance with the policy
法律法规要求和合同义务进行管理;
and objectives for service management;
e) 向高管层报告SMS和服务的执行情况和改进c) ensuring that service management processes are
机会。
integrated with the other components of the SMS;
d) ensuring that assets, including licences, used to deliver
services are managed according to statutory and regulatory
requirements and contractual obligations;
e) reporting to top management on the performance and
opportunities for improvement to the SMS and the services.
4.2
对其他相关方所运营过程的管控
4.2 Governance of processes operated by other parties
Governance of processes operated by other partiesFor the processes in Clauses 5 to 9, the service provider
对于条款5-9所包含的过程,服务提供者应识别那些shall identify all processes, or parts of processes, which are
由其他相关方所运营的所有过程或部分过程。其他operated by other parties. Other parties can be an internal
相关方可能是内部团队、某一客户或某一供应商。group, a customer or a supplier. The service provider shall
服务提供者应通过以下活动显示对其他相关方所运demonstrate governance of processes operated by other
营过程的管控:
parties by:
a) 表明对过程的最终负责,并拥有要求相关方遵a) demonstrating accountability for the processes and
©ISO/IEC 2011-All rights reserved
ISO/IEC 20000-1:2011 (中英文对照版) 版本:V1.0
循过程的权利;
b) 控制过程的定义以及过程与其他过程的接口;
c) 确定过程的执行效果和对过程需求的遵循情况;
d) 控制过程改进的计划和优先级。当供应商执行部分过程时,服务提供者应通过供应商管理流程管理供应商。当内部团队或客户执行部分过程时,服务提供者应通过服务级别管理流程管理内部团队和客户。
authority to require adherence to the processes;
b) controlling the definition of the processes, and interfaces
to other processes;
c) determining process performance and compliance with
process requirements;
d) controlling the planning and prioritizing of process
improvements. When a supplier is operating parts of the
processes, the service provider shall manage the supplier
through the supplier management process. When an internal
group or a customer is operating parts of the processes, the
service provider shall manage the internal group or the
customer through the service level management process.
NOTE ISO/IEC TR 20000-3 provides guidance on scope
definition and applicability of this part of ISO/IEC 20000.
This includes further explanation about the governance of
processes operated by other parties.
4.3 Documentation management
注:ISO/IEC TR 20000-3提供了对于ISO/IEC
20000-1关于范围的定义和适用性的指导。这包括了对其他相关方所运营过程的管控的进一步解释。
4.3
文件管理
Documentation management
4.3.1
建立和维护文件
Establish and maintain
4.3.1 Establish and maintain documents
documents
The service provider shall establish and maintain
服务提供者应建立和维护文件(包括记录),以确documents, including records, to ensure effective planning,
保对SMS进行有效的规划、执行和控制。文件应包operation and control of the SMS. These documents shall
括:
include:
a) 文件化的服务管理政策和目标;
b) 文件化的服务管理计划;
c) 本标准所要求的各流程文件化的策略和计划;
d) 文件化的服务目录;
e) 文件化的SLA;
f) 文件化的服务管理流程;
g) 本标准所要求的文件化程序和记录;
h) 服务提供者认为为确保SMS有效运行和服务交付所需要的其他文件(包括外来文件)。
a) documented policy and objectives for service
management;
b) documented service management plan;
c) documented policies and plans created for specific
processes as required by this part of ISO/IEC 20000;
d) documented catalogue of services;
e) documented SLAs;
f) documented service management processes;
g) documented procedures and records required by this part
of ISO/IEC 20000;
h) additional documents, including those of external origin,
determined by the service provider as necessary to ensure
effective operation of the SMS and delivery of the services.
4.3.2 Control of documents
Documents required by the SMS shall be controlled.
Records are a special type of document and shall be
controlled according to the requirements given in Clause
4.3.3.
A documented procedure, including the authorities and
responsibilities, shall be established to define the controls
needed to:
a) create and approve documents prior to issue;
b) communicate to interested parties about new or changed
documents;
c) review and maintain documents as necessary;
d) ensure that changes and the current revision status of
documents are identified;
e) ensure that relevant versions of applicable documents are
4.3.2
文件的控制
Control of documents
SMS所要求的文件应被控制。记录是特定类型的文件也应依照4.3.3条款进行控制。
应建立文件化的程序(包括权利和职责)用于定义以下所需的控制:
a) 在发布前,创建和批准文件;
b) 与相关方沟通关于新的或变更的文件;
c) 需要时回顾和维护文件;
d) 确保文件的更改和当前的修订状态得到识别;
e) 确保适用文件的有关版本在使用时可获得;
f) 确保文件清晰,易于识别;
g) 确保外来文件得到识别和控制其分发;
©ISO/IEC 2011-All rights reserved
ISO/IEC 20000-1:2011 (中英文对照版) 版本:V1.0
h) 防止作废文件的非预期使用,若作废文件需要被保留,应使用适当的标识。
4.3.3
记录的控制Control of records
available at points of use;
f) ensure that documents are readily identifiable and
legible;
g) ensure that documents of external origin are identified
and their distribution controlled;
h) prevent the unintended use of obsolete documents and
apply suitable identification to them if they are retained.
4.3.3 Control of records
记录应被保存,以证实符合要求和SMS的有效运行。
Records shall be kept to demonstrate conformity to
requirements and the effective operation of the SMS.
应建立文件化的程序用于定义记录所需的控制:标识、存储、保护、检索、保持和废止。记录应清晰、A documented procedure shall be established to define the
易于识别和检索。
controls needed for the identification, storage, protection,
retrieval, retention and disposal of records. Records shall be
legible, readily identifiable and retrievable.
4.4
资源管理
Resource management
4.4.1
资源的提供
Provision of resources
服务提供者应决定并提供所需的人员、技术、信息和财务资源,用以:
a) 建立、实施和维护SMS和服务,并持续改进其有效性;
b) 通过交付满足需求的服务,提升客户满意度。
4.4.2
人力资源
Human resources
4.4 Resource management
4.4.1 Provision of resources
The service provider shall determine and provide the
human, technical, information and financial resources
needed to:
a) establish, implement and maintain the SMS and the
services, and continually improve their effectiveness;
b) enhance customer satisfaction by delivering services that
fulfil service requirements.
4.4.2 Human resources
服务提供者的员工应有能力胜任所承担的工作,以The service provider's personnel performing work affecting
满足服务需求。这些能力应基于适当的教育、培训、conformity to service requirements shall be competent on
技能和经验。服务提供者应:
the basis of appropriate education, training, skills and
experience. The service provider shall:
a) 确定人员所需的必要能力;
a) determine the necessary competence for personnel;
b) 根据需要提供培训或采取其他措施以获得所需的能力;
b) where applicable, provide training or take other actions
to achieve the necessary competence;
c) 评估采取措施的有效性;
c) evaluate the effectiveness of actions taken;
d) 确保人员能意识到他们如何对服务管理目标的达成和服务需求的满足做出贡献;
d) ensure that its personnel are aware of how they
contribute to the achievement of service management
e) 维护教育、培训、技能和经验的适当记录。
objectives and the fulfilment of service requirements;
e) maintain appropriate records of education, training, skills
and experience.
4.5
建立和改进SMS
Establish and improve the
4.5 Establish and improve the SMS
SMS
4.5.1 Define scope
4.5.1
定义范围
Define scope
The service provider shall define and include the scope of
服务提供者应在服务管理计划中定义和包含SMS的the SMS in the service management plan. The scope shall
范围。范围应以提供服务的组织单位名称和所交付be defined by the name of the organizational unit providing
服务的名称加以界定。
the services, and the services to be delivered.
服务提供者也应考虑其他影响所交付服务的因素,包括:
a) 服务提供者交付服务的地理位置;
b) 客户和他们的所在地;
The service provider shall also take into consideration other
factors affecting the services to be delivered including:
a) geographical location(s) from which the service provider
delivers the services;
b) the customer and their location(s);
©ISO/IEC 2011-All rights reserved
ISO/IEC 20000-1:2011 (中英文对照版) 版本:V1.0
c) 提供服务所使用的技术。
c) technology used to provide the services.
NOTE ISO/IEC TR 20000-3 provides guidance on scope
definition and applicability of this part of ISO/IEC 20000.
4.5.2 Plan the SMS (Plan)
The service provider shall create, implement and maintain a
service management plan. Planning shall take into
consideration the service management policy, service
requirements and requirements in this part of ISO/IEC
20000. The service management plan shall contain or
include a reference to at least the following:
a) service management objectives that are to be achieved by
the service provider;
b) service requirements;
c) known limitations which can impact the SMS;
d) policies, standards, statutory and regulatory requirements
and contractual obligations;
e) framework of authorities, responsibilities and process
roles;
f) authorities and responsibilities for plans, service
management processes and services;
g) human, technical, information and financial resources
necessary to achieve the service management objectives;
h) approach to be taken for working with other parties
involved in the design and transition of new or changed
services process;
i) approach to be taken for the interfaces between service
management processes and their integration with the other
components of the SMS;
j) approach to be taken for the management of risks and the
criteria for accepting risks;
k) technology used to support the SMS;
l) how the effectiveness of the SMS and the services will be
measured, audited, reported and improved.
注:ISO/IEC TR 20000-3提供了对于ISO/IEC
20000-1关于范围的定义和适用性的指导。
4.5.2
规划SMS Plan the SMS(Plan)
服务提供者应创建、实施和维护服务管理计划。计划应考虑服务管理政策、服务需求和ISO/IEC
20000-1的要求。服务管理计划应具有或包括至少以下参考内容:
a) 服务提供者期望获得的服务管理目标;
b) 服务需求;
c) 可能影响SMS的已知限制;
d) 政策、标准、法律法规要求和合同义务;
e) 权利、职责和流程角色的框架;
f) 规划、服务管理流程和服务的权利和职责;
g) 实现服务管理目标所需的人员、技术、信息和财务资源;
h) 在设计并转换新的或变更的服务过程中,与其他相关方协同工作所采用的方法;
i) 服务管理流程和SMS其他组成部分集成所采用的方法;
j) 风险管理和风险接受标准所采用的方法;
k) 用于支持SMS所使用的技术;
l) 如何测量、审核、报告和改进SMS和服务的有效性。
为特定流程所创建的计划应与服务管理计划相一Plans created for specific processes shall be aligned with
致。服务管理计划和为特定流程所创建的计划应按the service management plan. The service management
照计划的时间间隔进行回顾和(若需要的话)更新。
plan and plans created for specific processes shall be
reviewed at planned intervals and, if applicable, updated.
4.5.3
实施和执行SMS
Implement and operate
the SMS(DO)
4.5.3 Implement and operate the SMS (Do)
服务提供者应实施和执行SMS,依照服务管理计划进行设计、转换、交付和改进服务,其中的活动至少包括:
a) 资金和预算的分配和管理;
b) 责任、权利和流程角色的分配;
c) 人员、计划和信息资源的管理;
d) 识别、评估和管理服务的风险;
e) 服务管理流程的管理;
f) 监控和报告服务管理活动的执行情况。
The service provider shall implement and operate the SMS
for the design, transition, delivery and improvement of
services according to the service management plan, through
activities including at least:
a) allocation and management of funds and budgets;
b) assignment of authorities, responsibilities and process
roles;
c) management of human, technical and information
resources;
d) identification, assessment and management of risks to
the services;
e) management of service management processes;
©ISO/IEC 2011-All rights reserved
ISO/IEC 20000-1:2011 (中英文对照版) 版本:V1.0
f) monitoring and reporting on performance of service
management activities.
4.5.4
监控和回顾SMS
Monitor and review the
4.5.4 Monitor and review the SMS (Check)
SMS(Check)
4.5.4.1
总要求
General
4.5.4.1 General
The service provider shall use suitable methods for
monitoring and measuring the SMS and the services. These
methods shall include internal audits and management
reviews.
服务提供者应采用适宜的方法监控和测量SMS和服务。这些方法应包括内部审核和管理评审。
所有内部审核和管理评审的目标应被文档化。内部审核和管理评审应证实SMS和服务用以实现服务管理目标和满足服务需求的能力。不满足本标准要求、The objectives of all internal audits and management
服务提供者所提出的SMS要求或服务需求的不符合reviews shall be documented. The internal audits and
项应被识别。
management reviews shall demonstrate the ability of the
SMS and the services to achieve service management
objectives and fulfil service requirements. Nonconformities
shall be identified against the requirements in this part of
内部审核和管理评审的结果,包括不符合项、关注ISO/IEC 20000, the SMS requirements identified by the
点和识别的改进行动应被记录。结果和行动应与相service provider or the service requirements.
关方沟通。
The results of internal audits and management reviews,
including nonconformities, concerns and actions identified,
shall be recorded. The results and actions shall be
communicated to interested parties.
4.5.4.2
内部审核Internal audit4.5.4.2 Internal audit
服务提供者应按照计划的时间间隔执行内部审核,The service provider shall conduct internal audits, at
以确定SMS和服务是否:
planned intervals, to determine whether the SMS and the
services:
a) 满足本标准的要求;
b) 满足服务需求和服务提供者所提出的SMS要求;
c) 有效被实施和维护。
应有文件化的程序,包括权利和责任,用以计划和执行审核、报告结果和维护审核记录。
a) fulfil the requirements in this part of ISO/IEC 20000;
b) fulfil the service requirements and the SMS requirements
identified by the service provider;
c) are effectively implemented and maintained.
There shall be a documented procedure including the
authorities and responsibilities for planning and conducting
audits, reporting results and maintaining audit records.
审核方案应被策划。应考虑被审核的流程和领域的状态和重要程度,以及以往的审核结果。审核标准、An audit programme shall be planned. This shall take into
consideration the status and importance of the processes
范围、频率和方法应文件化。
and areas to be audited, as well as the results of previous
audits. The audit criteria, scope, frequency and methods
shall be documented.
审核人员的选择和审核的执行应确保客观性和公正性。审核人员不应审核自身的工作。
The selection of auditors and conduct of audits shall ensure
objectivity and impartiality of the audit. Auditors shall not
audit their own work.
不符合项应被沟通,进行优先级排序,改进活动应分配到责任人。负责被审核领域的管理者应确保任何改进行为和改进活动无延误地被执行以消除不符合项和其原因。后续活动应包括对所采取行为的验证和其结果的报告。
Nonconformities shall be communicated, prioritized and
responsibility allocated for actions. The management
responsible for the area being audited shall ensure that any
corrections and corrective actions are taken without undue
delay to eliminate nonconformities and their causes.
Follow-up activities shall include the verification of the
actions taken and the reporting of results.
NOTE See ISO 19011 for guidance on management
systems auditing.
4.5.4.3 Management review
Top management shall review the SMS and the services at
planned intervals to ensure their continued suitability and
effectiveness. This review shall include assessing
opportunities for improvement and the need for changes to
the SMS, including the policy and objectives for service
management.
注:参考ISO19011关于管理体系审核的指南。
4.5.4.3
管理评审
Management review
高管层应按照计划的时间间隔回顾SMS和服务,以确保其持续适用和有效。回顾应评估SMS的改进机会和变更需求,包括服务管理的政策和目标。
管理评审的输入应至少包括以下信息:
©ISO/IEC 2011-All rights reserved
ISO/IEC 20000-1:2011 (中英文对照版) 版本:V1.0
a) 客户反馈;
b) 服务和流程的执行情况和符合性;
c) 当前和预测的人员、技术、信息和财务资源水平;
d) 当前和预测的人员和技术能力;
e) 风险;
f) 来自审核的结果和后续行动;
g) 以往管理评审的结果和后续行动;
h) 预防和纠正措施的进展情况;
i) 可能影响SMS和服务的变更;
j) 改进的机会。
管理评审的记录应被维护。
管理评审的记录应至少包括相关资源、SMS有效性的改进和服务的改进的有关决策和行动。
The input to management reviews shall include at least
information on:
a) customer feedback;
b) service and process performance and conformity;
c) current and forecast human, technical, information and
financial resource levels;
d) current and forecast human and technical capabilities;
e) risks;
f) results and follow-up actions from audits;
g) results and follow-up actions from previous management
reviews;
h) status of preventive and corrective actions;
i) changes that could affect the SMS and the services;
j) opportunities for improvement.
Records of management reviews shall be maintained.
The records from the management review shall include at
least decisions and actions related to resources,
improvement of the effectiveness of the SMS and
improvement of the services.
4.5.5
维护和改进SMS
Maintain and improve the
4.5.5 Maintain and improve the SMS (Act)
SMS(ACT)
4.5.5.1 General
4.5.5.1
总要求
General
There shall be a policy on continual improvement of the
应有SMS和服务的持续改进政策。政策应包括对改SMS and the services. The policy shall include evaluation
进机会的评估标准。
criteria for the opportunities for improvement.
应有文件化的程序(包括权利和责任)用以识别、There shall be a documented procedure including the
记录、评估、批准、划分优先级、管理、测量和报authorities and responsibilities for identifying,
告改进措施。
documenting, evaluating, approving, prioritizing,
改进机会(包括改进和预防措施)应被文件化。
识别的不符合项的原因应被纠正。纠正措施应用以消除所识别的不符合项的原因,以防止再次发生。应采取预防措施,以消除潜在的不符合项的原因,以防止其发生。
managing, measuring and reporting of improvements.
Opportunities for improvement, including corrective and
preventive actions, shall be documented.
The cause of identified nonconformities shall be corrected.
Corrective actions shall be taken to eliminate the cause of
identified nonconformities in order to prevent recurrence.
Preventive actions shall be taken in order to eliminate the
cause of potential nonconformities in order to prevent
occurrence.
NOTE For more information on corrective and preventive
action, see ISO 9001:2008, Clause 8.5.
4.5.5.2 Management of improvements
Opportunities for improvement shall be prioritized. The
service provider shall use the evaluation criteria in the
policy on continual improvement, when making decisions
on opportunities for improvement.
注:了解更多关于改进和预防措施的信息,请参考ISO 9001:2008中的8.5条款。
4.5.5.2
管理改进Management of improvements
改进机会应划分优先级。当决策改进机会时,服务提供者应采用服务政策中持续改进的评估标准。
批准的改进应被规划。
服务提供者应管理改进活动,至少包括:
Approved improvements shall be planned.
a) 设定改进目标,包括质量、价值、能力、成本、生产力、资源使用和风险降低中的一项或几项;
The service provider shall manage improvement activities
that include at least:
b) 确保批准的改进活动被实施;
a) setting targets for improvements in one or more of
c) 需要的情况下,更新服务管理政策、计划、流quality, value, capability, cost, productivity, resource
程和程序;
utilization and risk reduction;
d) 基于设定的目标,测量已实施的改进活动,若 ©ISO/IEC 2011-All rights reserved
ISO/IEC 20000-1:2011 (中英文对照版) 版本:V1.0
未达到目标,采取必要的行动;
e) 报告被实施的改进活动。
b) ensuring that approved improvements are implemented;
c) revising the service management policies, plans,
processes and procedures, where necessary;
d) measuring implemented improvements against the
targets set and where targets are not achieved, taking
necessary actions;
e) reporting on implemented improvements.
5
设计并转换新的或变更的服务
Design and
5 Design and transition of new or changed services
transition of new or changed services
5.1 General
5.1
总要求General
The service provider shall use this process for all new
服务提供者应使用此过程来管理所有对服务或客户services and changes to services with the potential to have a
存在潜在的重大影响的新服务和服务的变更。条款5major impact on services or the customer. The changes that
范围内的变更应由协商确定的变更管理策略决定,are in the scope of Clause 5 shall be determined by the
变更管理策略作为变更管理流程的一部分。
change management policy agreed as part of the change
management process.
评估、批准、日程安排和回顾条款5范围内的新的和Assessment, approval, scheduling and reviewing of new or
变更的服务应由变更管理流程控制。条款5范围内新changed services in the scope of Clause 5 shall be
的或变更的服务所影响的配置项(CIs)应由配置管controlled by the change management process. The CIs
affected by new or changed services in the scope of Clause
理流程控制。
5 shall be controlled by the configuration management
process.
服务提供者应评审新服务或变更的服务的规划和设计活动的输出,评审应依据协商确定的服务需求和The service provider shall review outputs from the planning
and design activities for new or changed services against
条款5.2、5.3相关的要求。基于评审的结果,服务提供者应接受或拒绝规划和设计活动的输出。服务the agreed service requirements and the relevant
提供者应采取必要的行动以确保新服务或变更的服requirements given in Clauses 5.2 and 5.3. Based on the
务的开发和转换能被有效执行,并运用了已被接受review, the service provider shall accept or reject the
outputs. The service provider shall take necessary actions to
的规划和设计活动输出。
ensure that the development and transition of the new or
注:新服务或服务的变更需求来源于客户、服务提changed services can be performed effectively, using the
供者、内部团队或供应商,其目的是满足业务需求accepted outputs.
或者改进服务效果。
NOTE The need for a new service or a change to a service
can originate from the customer, the service provider, an
internal group or a supplier in order to satisfy business
needs or to improve the effectiveness of the services.
5.2
规划新的或变更的服务
Plan new or changed
5.2 Plan new or changed services
services
The service provider shall identify the service requirements
服务提供者应识别新的或变更的服务的需求。应对for the new or changed services. New or changed services
新的或变更的服务进行规划以满足服务需求。新的shall be planned to fulfill the service requirements.
或变更的服务的规划应同客户和利益相关方达成一Planning for the new or changed services shall be agreed
致。
with the customer and interested parties.
作为规划的输入,服务提供者应考虑交付新的或变As input to planning, the service provider shall take into
更的服务对财务、组织和技术的潜在影响。同时,consideration the potential financial, organizational, and
服务提供者也应考虑新的或变更的服务对服务管理technical impact of delivering the new or changed services.
体系(SMS)的潜在影响。
The service provider shall also take into consideration the
potential impact of the new or changed services on the
SMS.
新的或变更的服务规划应至少具有或者包括以下内容:
a) 设计、开发和转换活动的权利和职责;
b) 服务提供者以及其他相关方执行的活动,包括横跨服务提供者和其他相关方界面的活动;
c) 同利益相关方的沟通;
d) 人员、技术、信息以及财务资源;
e) 活动的时间进度;
Planning for the new or changed services shall contain or
include a reference to at least the following:
a) authorities and responsibilities for design,
development and transition activities;
b) activities to be performed by the service provider and
other parties including activities across interfaces from
the service provider to other parties;
c) communication to interested parties;
©ISO/IEC 2011-All rights reserved
ISO/IEC 20000-1:2011 (中英文对照版) 版本:V1.0
f) 风险的识别、评估和管理;
g) 同其他服务的依从关系;
h) 新的或变更的服务的测试需求;
i) 服务接受准则;
j) 以可测量的术语表述的交付新的或变更的服务的预期结果。
针对将要被撤销的服务,服务提供者应做好撤销计划。撤销计划应包括撤销日期、存档、数据文档以及服务组件的销毁或迁移。服务组件可以包括基础设施及具有授权许可的应用。
服务提供者应识别有助于为新的或变更的服务提供服务组件的其他相关方。服务提供者应评估他们满足服务需求的能力。评估结果应被记录并采取必要的行动。
d) human, technical, information and financial resources;
e) timescales for planned activities;
f) identification, assessment and management of risks;
g) dependencies on other services;
h) testing required for the new or changed services;
i)
j)
service acceptance criteria;
expected outcomes from delivering the new or
changed services, expressed in measurable terms.
For services that are to be removed, the service provider
shall plan for the removal of the service(s). Planning shall
include the date(s) for the removal, archiving, disposal or
transfer of data, documentation and service components.
The service components can include infrastructure and
applications with associated licences.
The service provider shall identify other parties who will
contribute to the provision of service components for the
new or changed services. The service provider shall
evaluate their ability to fulfil the service requirements. The
results of the evaluation shall be recorded and necessary
actions taken.
5.3
设计和开发新的或变更的服务Design and
5.3 Design and development of new or changed services
development of new or changed servicesThe new or changed services shall be designed and
应设计新的或变更的服务,设计文件至少包括以下documented to include at least:
内容:
a) authorities and responsibilities for delivery of the new
a) 交付新的或变更的服务的权力和职责;
or changed services;
b) 交付新的或变更的服务提供者、客户以及其他相关方执行的活动;
c) 新的或变更的服务对人力资源的需求,包括适当的教育、培训、技能和经验需求;
d) 交付新的或变更的服务的财务资源需求;
e) 支持新的或变更的服务交付所需要的新的或变更的技术;
f) 本标准所要求的新的或变更的计划和策略;
b) activities to be performed by the service provider,
customer and other parties for delivery of the new or
changed services;
c) new or changed human resource requirements,
including requirements for appropriate education,
training,skills and experience;
d) financial resource requirements for delivery of the new
or changed services;
e) new or changed technology to support the delivery of
the new or changed services;
f) new or changed plans and policies as required by this
part of ISO/IEC 20000;
g) 新的或变更的合同和其他文件化的协议,以保持与服务需求的变化一致;
h) 对SMS的变更;
i)
j)
新的或变更的SLAs;
服务目录的更新;
g) new or changed contracts and other documented
agreements to align with changes in service
requirements;
h) changes to the SMS;
i)
j)
new or changed SLAs;
updates to the catalogue of services;
k) 用于交付新的或变更的服务的程序、测量方式和信息。
服务提供者应确保所设计的新的或变更的服务能满足服务需求。
新的或变更的服务应依照设计文件进行开发。
k) procedures, measures and information to be used for
the delivery of the new or changed services.
The service provider shall ensure that the design enables the
new or changed services to fulfill the service requirements.
The new or changed services shall be developed in
accordance with the documented design.
注:关于服务设计的更多信息,请参照ISO9001:2008 条款7.3的“设计开发过程”内容,NOTE For further information about design, see the design
©ISO/IEC 2011-All rights reserved
ISO/IEC 20000-1:2011 (中英文对照版) 版本:V1.0
或参照ISO/IEC 15288:2008条款6.4.3的“架构设计流程”内容。
and development process in ISO 9001:2008, Clause 7.3 or
the architectural design process in ISO/IEC 15288:2008,
Clause 6.4.3.
5.4 Transition of new or changed services
5.4
新的或变更的服务的转换
Transition of new
The new or changed services shall be tested to verify that
or changed services
they fulfill the service requirements and documented
新的或变更的服务应被测试,以验证其能否满足服design.
务需求以及设计文件。
The new or changed services shall be verified against
新的或变更的服务应依照服务提供者和利益相关方service acceptance criteria agreed in advance by the service
事先确定的服务接受准则进行验证。如果不符合服provider and interested parties. If the service acceptance
务接受准则,服务提供者和利益相关方应决定采取criteria are not met, the service provider and interested
必要的行动和部署措施。
parties shall make a decision on necessary actions and
发布和部署管理流程应被用于部署已批准的新的或deployment.
变更的服务到实际运行环境中。
The release and deployment management process shall be
转换活动完成后,服务提供者应向利益相关方报告used to deploy approved new or changed services into the
live environment.
所取得的结果,并与预期结果进行对比。
Following the completion of the transition activities, the
service provider shall report to interested parties on the
outcomes achieved against the expected outcomes.
6
服务交付过程
Service delivery processes
6.1
服务级别管理Service level management
服务提供者应与客户协商确定所要交付的服务。
服务提供者应与客户协商确定服务目录。服务目录应包括服务与服务组件之间的依赖关系。
对于所交付的每项服务,应与客户协商确定一个或多个服务级别协议(SLAs)。当创建SLAs时,服务提供者应考虑服务需求。SLAs应包括协商确定的服务目标、工作量特性和例外。
服务提供者应按计划的时间间隔与客户回顾服务与SLAs。
对文件化的服务需求、服务目录、SLAs和其他文件化协议的变更都应在变更管理流程的控制之下。服务目录应随服务和SLAs的变更进行维护以确保相互间保持一致。
服务提供者应按计划的时间间隔对照服务目标监控趋势与效果。结果应被记录和回顾,以识别不符合的原因和改进机会。
对于由内部团队或客户提供的服务组件,服务提供者应开发、协商确定、回顾和维护一个文件化的协议,以确定双方间的活动与接口。服务提供者应按计划的时间间隔监控内部团队或客户相对服务约定目标和其他约定承诺的效果。结果应被记录和回顾,以识别不符合的原因与改进机会。
6 Service delivery processes
6.1 Service level management
The service provider shall agree the services to be delivered
with the customer.
The service provider shall agree a catalogue of services
with the customer. The catalogue of services shall include
the dependencies between services and service components.
For each service delivered, one or more SLAs shall be
agreed with the customer. When creating SLAs, the service
provider shall take into consideration the service
requirements. SLAs shall include agreed service targets,
workload characteristics and exceptions.
The service provider shall review services and SLAs with
the customer at planned intervals.
Changes to the documented service requirements, catalogue
of services, SLAs and other documented agreements shall
be controlled by the change management process. The
catalogue of services shall be maintained following changes
to services and SLAs to ensure that they are aligned.
The service provider shall monitor trends and performance
against service targets at planned intervals. Results shall be
recorded and reviewed to identify the causes of
nonconformities and opportunities for improvement.
For service components provided by an internal group or
the customer, the service provider shall develop, agree,
review and maintain a documented agreement to define the
activities and interfaces between the two parties. The
service provider shall monitor performance of the internal
group or the customer against agreed service targets and
other agreed commitments, at planned intervals. Results
shall be recorded and reviewed to identify the causes of
nonconformities and opportunities for improvement.
6.2 Service reporting
The description of each service report, including its
6.2
服务报告Service reporting
每一个服务报告的描述,包括报告的标识、目的、 ©ISO/IEC 2011-All rights reserved
ISO/IEC 20000-1:2011 (中英文对照版) 版本:V1.0
目标读者、频率和数据源的详细信息,应被文件化并在服务提供者和利益相关方间协商一致。
针对服务,应使用服务交付和SMS活动(包括服务管理过程)中产生的各类信息生成服务报告。服务报告应至少包括:
a) 相对服务目标的服务绩效;
b) 显著事态的相关信息,至少包括重大事件,新的或变更的服务的部署和被触发的服务连续性计划;
c) 工作量特征,包括容量和负载的周期性变化;
d) 相对于本标准的要求、SMS要求或服务需求所发现的不符合项以及识别出的原因;
e) 趋势信息;
f) 客户满意度测量、服务投诉以及满意度测量和投诉的分析结果。
服务提供者应基于服务报告的结果做出决定与采取行动。协商确定的行动应与利益相关方沟通。
identity, purpose, audience, frequency and details of the
data source(s), shall be documented and agreed by the
service provider and interested parties.
Service reports shall be produced for services using
information from the delivery of services and the SMS
activities, including the service management processes.
Service reporting shall include at least:
a) performance against service targets;
b) relevant information about significant events including at
least major incidents, deployment of new or changed
services and the service continuity plan being invoked;
c) workload characteristics including volumes and periodic
changes in workload;
d) detected nonconformities against the requirements in this
part of ISO/IEC 20000, the SMS requirements or the
service requirements and their identified causes;
e) trend information;
f) customer satisfaction measurements, service complaints
and results of the analysis of satisfaction measurements and
complaints.
The service provider shall make decisions and take actions
based on the findings in service reports. The agreed actions
shall be communicated to interested parties.
6.3
服务连续性和可用性管理
Service continuity
6.3 Service continuity and availability management
and availability management
6.3.1 Service continuity and availability requirements
6.3.1
服务连续性和可用性需求
Service
The service provider shall assess and document the risks to
continuity and availability requirements
service continuity and availability of services. The service
服务提供者应评估和记录服务连续性和可用性的风provider shall identify and agree with the customer and
险。服务提供者应与客户和相关各方识别和协商确interested parties service continuity and availability
定服务连续性和可用性需求。协商确定的需求应考requirements. The agreed requirements shall take into
consideration applicable business plans,service
虑适用的业务计划、服务需求、SLA和风险。
requirements, SLAs and risks.
The agreed service continuity and availability requirements
协商确定的服务连续性和可用性需求应至少包括:
shall include at least:
a) 服务的访问权限;
b) 服务响应时间;
c) 端到端的服务可用性。
6.3.2
服务连续性和可用性计划continuity and availability plans
a) access rights to the services;
b) service response times;
c) end to end availability of services.
Service
6.3.2 Service continuity and availability plans
The service provider shall create, implement and maintain a
service continuity plan(s) and an availability plan(s).
Changes to these plans shall be controlled by the change
management process.
The service continuity plan(s) shall include at least:
a) procedures to be implemented in the event of a major
loss of service, or reference to them;
b) availability targets when the plan is invoked;
c) recovery requirements;
d) approach for the return to normal working conditions.
The service continuity plan(s), contact lists and the CMDB
shall be accessible when access to normal service locations
服务提供者应建立、实施和维护服务连续性计划和可用性计划。这些计划的变更应在变更管理流程的控制之下。
服务连续性计划至少应包括:
a) 服务重大损失情况下执行的程序,或引用的程序;
b) 当计划被启用时的可用性目标;
c) 恢复要求;
d) 恢复到正常工作环境的方法。
当访问正常的服务地点受阻时,应能访问到服务连续性计划、联系人名单和CMDB。
©ISO/IEC 2011-All rights reserved
ISO/IEC 20000-1:2011 (中英文对照版) 版本:V1.0
可用性计划至少应包括可用性需求和目标。
服务提供者应评估变更请求对服务连续性计划和可用性计划的影响。
is prevented.
The availability plan(s) shall include at least availability
requirements and targets.
The service provider shall assess the impact of requests for
change on the service continuity plan(s) and the availability
plan(s).
NOTE The service continuity plan(s) and availability
plan(s) can be combined into one document.
注:服务连续性计划和可用性计划可以合并为一个文件。
6.3.3
服务连续性和可用性的监控与测试
Service continuity and availability monitoring and
6.3.3 Service continuity and availability monitoring and
testing
testing
应监控服务的可用性,记录其结果并与协商确定的目标进行比较。应调查非计划性的不可用并采取必要的行动。
应依据服务连续性需求来测试服务连续性计划。应依据可用性需求来测试可用性计划。在服务提供者运营的服务环境发生重大变更后,应重新测试服务连续性和可用性计划。
应记录测试结果。在每次测试之后和启用服务连续性计划之后,应进行回顾。发现不足时,服务提供者应采取必要的行动并报告所采取的行动。
Availability of services shall be monitored, the results
recorded and compared with agreed targets. Unplanned
non-availability shall be investigated and necessary actions
taken.
Service continuity plans shall be tested against the service
continuity requirements. Availability plans shall be tested
against the availability requirements. Service continuity and
availability plans shall be re-tested after major changes to
the service environment in which the service provider
operates.
The results of the tests shall be recorded. Reviews shall be
conducted after each test and after the service continuity
plan has been invoked. Where deficiencies are found, the
service provider shall take necessary actions and report on
the actions taken.
6.4
服务的预算与核算
Budgeting and accounting
6.4 Budgeting and accounting for services
for services
There shall be a defined interface between the budgeting
服务的预算与核算流程和其他财务管理流程应有明and accounting for services process and other financial
确的接口。
management processes.
对于下列内容,应有策略和文件化的程序:
a) 对服务组件的预算与核算至少应包括:
1) 用于提供服务的资产(包括许可证);
2) 共享的资源;
3) 管理费用;
4) 资本与运营支出;
5) 外部供应的服务;
6) 人员;
7) 设施。
b) 为服务分摊间接成本和分配直接成本,为每一项服务计算总成本;
c) 有效的财务控制与审批。
为了对交付服务进行有效的财务控制和制定决策,应对成本进行预算。
服务提供者应依据预算来监控和报告成本,审核财务预测并管理成本支出。
应向变更管理流程提供信息,以支持对变更请求的成本管控。
There shall be policies and documented procedures for:
a) budgeting and accounting for service components
including at least
1) assets — including licences — used to provide the
services,
2) shared resources,
3) overheads,
4) capital and operating expenses,
5) externally supplied services,
6) personnel,
7) facilities;
b) apportioning indirect costs and allocating direct costs to
services, to provide an overall cost for each service;
c) effective financial control and approval.
Costs shall be budgeted to enable effective financial control
and decision-making for services delivered.
The service provider shall monitor and report costs against
the budget, review the financial forecasts and manage costs.
Information shall be provided to the change management
process to support the costing of requests for change.
NOTE Many service providers charge for their services.
注:许多服务提供者会对服务进行计费。但服务的 ©ISO/IEC 2011-All rights reserved
ISO/IEC 20000-1:2011 (中英文对照版) 版本:V1.0
预算与核算流程的范围不包括计费。 The scope of the budgeting and accounting for services
process excludes charging.
6.5 Capacity management
The service provider shall identify and agree capacity and
performance requirements with the customer and interested
parties.
The service provider shall create, implement and maintain a
capacity plan taking into consideration human,technical,
information and financial resources. Changes to the
capacity plan shall be controlled by the change
management process.
The capacity plan shall include at least:
a) current and forecast demand for services;
b) expected impact of agreed requirements for availability,
service continuity and service levels;
c) time-scales, thresholds and costs for upgrades to service
capacity;
d) potential impact of statutory, regulatory, contractual or
organizational changes;
e) potential impact of new technologies and new
techniques;
f) procedures to enable predictive analysis, or reference to
them.
The service provider shall monitor capacity usage, analyse
capacity data and tune performance. The service provider
shall provide sufficient capacity to fulfil agreed capacity
and performance requirements.
6.5
容量管理 Capacity management
服务提供者应与客户和相关方识别和协商确定容量和性能要求。
服务提供者应创建、实施和维护一个容量计划,该计划考虑人员、技术、信息和财务等资源。容量计划的变更应由变更管理流程进行控制。
容量计划应至少包括:
a) 当前及预测的服务需求;
b) 协商确定的容量和性能要求对可用性、服务连续性和服务级别的预期影响;
c) 服务容量升级的时间跨度、阀值和成本;
d) 法律、法规、合同或组织变化的潜在影响;
e) 新技术和新工艺的潜在影响;
f) 使其能够进行预测性分析的方式方法,或者其引用。
服务提供者应监控容量的使用、分析容量数据并调整性能。服务提供者应提供充足的容量以满足协商确定的容量和性能需求。
6.6
信息安全管理management
Information security
6.6 Information security management
6.6.1
信息安全方针
Information security policy
6.6.1 Information security policy
Management with appropriate authority shall approve an
information security policy taking into consideration the
service requirements, statutory and regulatory requirements
and contractual obligations. Management shall:
a) communicate the information security policy and the
importance of conforming to the policy to appropriate
personnel within the service provider, customer and
suppliers;
b) ensure that information security management objectives
are established;
c) define the approach to be taken for the management of
information security risks and the criteria for accepting
risks;
d) ensure that information security risk assessments are
conducted at planned intervals;
e) ensure that internal information security audits are
conducted;
f) ensure that audit results are reviewed to identify
opportunities for improvement.
具有适当授权的管理者应在考虑服务需求、法律法规要求和合同要求的基础上审批信息安全方针,管理者应:
a) 与服务提供者、客户和供应商等相关人员沟通信息安全方针和人员遵守方针的重要性;
b) 确保信息安全管理目标被确立;
c) 定义信息安全风险管理和风险接受原则所采用的方法;
d) 确保定期执行信息安全风险评估;
e) 确保执行信息安全内部审计;
f) 确保对审计结果进行回顾以识别改进的机会。
6.6.2
信息安全控制controls
Information security
6.6.2 Information security controls
The service provider shall implement and operate physical,
服务提供者应实施和运行物理的、管理的和技术的 ©ISO/IEC 2011-All rights reserved
ISO/IEC 20000-1:2011 (中英文对照版) 版本:V1.0
信息安全控制以:
a) 保护信息资产的机密性、完整性和可访问性;
b) 履行信息安全方针的要求;
c) 实现信息安全管理目标;
d) 管理信息安全相关风险。
信息安全控制措施应文件化,同时应描述控制措施相关的风险,以及控制措施的运行和维护。
服务提供者应对信息安全控制的有效性进行评估。同时,应采取必要的改进措施,并报告所采取的措施。
服务提供者应识别具有访问、使用或管理服务提供者信息或服务需要的外部组织。服务提供者应记录、协商和实施对外部组织的信息安全控制。
administrative and technical information security controls
in order to:
a) preserve confidentiality, integrity and accessibility of
information assets;
b) fulfil the requirements of the information security policy;
c) achieve information security management objectives;
d) manage risks related to information security.
These information security controls shall be documented
and shall describe the risks to which the controls relate,
their operation and maintenance.
The service provider shall review the effectiveness of
information security controls. The service provider shall
take necessary actions and report on the actions taken.
The service provider shall identify external organizations
that have a need to access, use or manage the service
provider's information or services. The service provider
shall document, agree and implement information security
controls with these external organizations.
6.6.3
信息安全的变更和事件Information
security changes and incidents6.6.3 Information security changes and incidents
应对变更请求进行评估,以识别:
a) 新的或变更的服务的信息安全风险;
b) 对现有信息安全方针和控制的潜在影响。
信息安全事件应通过事件管理程序进行管理,并对信息安全风险进行适当的优先级排序。服务提供者应分析安全事件的类型、数量和影响。同时,信息安全事件应被报告和检查,以识别改进的机会。
Requests for change shall be assessed to identify:
a) new or changed information security risks;
b) potential impact on the existing information security
policy and controls.
Information security incidents shall be managed using the
incident management procedures, with a priority
appropriate to the information security risks. The service
provider shall analyse the types, volumes and impacts of
information security incidents. Information security
incidents shall be reported and reviewed to identify
opportunities for improvement.
NOTE The ISO/IEC 27000 family of standards specifies
requirements and provides guidance to support the
implementation and operation of an information security
management system.
注: ISO/IEC 27000标准家族描述了详细的要求并提供指南以支持信息安全管理体系的实施和运行。
7
关系过程 Relationship process
7.1
业务关系管理management7 Relationship processes
Business relationship
7.1 Business relationship management
The service provider shall identify and document the
customers, users and interested parties of the services.
For each customer, the service provider shall have a
designated individual who is responsible for managing the
customer relationship and customer satisfaction.
The service provider shall establish a communication
mechanism with the customer. The communication
mechanism shall promote understanding of the business
environment in which the services operate and requirements
for new or changed services. This information shall enable
the service provider to respond to these requirements.
服务提供者应识别并记录服务的客户、用户及相关方。
对于每一个客户,服务提供者应指定专职人员管理客户关系和客户满意度。
服务提供者应与客户建立沟通机制。沟通机制应促进对服务运行的业务环境的理解以及对新的或变更的服务需求的理解。相关信息应促使服务提供者响应这些需求。
服务提供者应与客户按照计划的时间间隔回顾所提供服务的执行情况。
对文件化的服务需求的变更应通过变更管理流程控The service provider shall review the performance of the
制。对SLAs的变更应与服务级别管理流程相协调。
services at planned intervals, with the customer.
服务投诉的定义应与客户协商确定。应有文件化的程序管理来自于客户的服务投诉。服务提供者应记录、调查、采取措施、报告和关闭服务投诉。当服务投诉不能通过常规渠道解决时,应向客户提供升Changes to the documented service requirements shall be
controlled by the change management process. Changes to
the SLAs shall be co-ordinated with the service level
©ISO/IEC 2011-All rights reserved
ISO/IEC 20000-1:2011 (中英文对照版) 版本:V1.0
级渠道。
management process.
服务提供者应按照计划的时间间隔,基于对服务的The definition of a service complaint shall be agreed with
客户和用户进行有代表性的抽样,调查客户满意度。the customer. There shall be a documented procedure to
应对结果进行分析和回顾以识别改进机会。
manage service complaints from the customer. The service
provider shall record, investigate, act upon, report and close
service complaints. Where a service complaint is not
resolved through the normal channels, escalation shall be
provided to the customer.
The service provider shall measure customer satisfaction at
planned intervals based on a representative sample of the
customers and users of the services. The results shall be
analysed and reviewed to identify opportunities for
improvement.
7.2
供应商管理
Supplier management
服务提供者可以将服务管理流程的一部分交由供应商去实施和运行。供应链关系示例如图3。
对于每一个供应商,服务提供者应有一个指定的人员负责管理供应商关系、合同和绩效。
服务提供者应与供应商签署文件化的合同。合同应具有或包括以下参考内容:
a)
b)
c)
d)
e)
f)
g)
h)
i)
j)
k)
l)
供应商所交付服务的范围;
服务、流程和相关方之间的依赖关系;
供应商所需满足的要求;
服务目标;
供应商和其他相关方所执行服务管理流程之间的接口;
将供应商活动整合到SMS中;
工作量特性;
合同例外及其如何处理;
服务提供者和供应商的权利和职责;
供应商所需提供的报告和交流信息;
收费依据;
合同预期结束或提前结束并向其他方转移服务的活动和职责。
7.2 Supplier management
The service provider may use suppliers to implement and
operate some parts of the service management processes.
An example of supply chain relationships is illustrated in
Figure 3.
For each supplier, the service provider shall have a
designated individual who is responsible for managing the
relationship, the contract and performance of the supplier.
The service provider and the supplier shall agree a
documented contract. The contract shall contain or include
a reference to:
a) scope of the services to be delivered by the supplier;
b) dependencies between services, processes and the
parties;
c) requirements to be fulfilled by the supplier;
d) service targets;
e) interfaces between service management processes
operated by the supplier and other parties;
f) integration of the supplier's activities within the SMS;
g) workload characteristics;
h) contract exceptions and how these will be handled;
i) authorities and responsibilities of the service provider and
the supplier;
j) reporting and communication to be provided by the
supplier;
k) basis for charging;
服务提供者应与供应商就服务级别达成一致,以支持和保证服务提供者和客户之间的服务级别协议。
服务提供者应确保主供应商与分包商之间的职责和关系文件化。服务提供者应核实主供应商为满足合同义务而对其分包商进行管理。
服务提供者应按照计划的时间间隔监控供应商的绩l) activities and responsibilities for the expected or early
效。绩效应依据服务目标和其他合同义务进行测量。termination of the contract and the transfer of services to a
结果应被记录和评审以识别不符合的原因和改进机different party.
会。评审也应确保合同反映了当前的要求。
The service provider shall agree with the supplier service
合同的变更应通过变更管理流程控制。
levels to support and align with the SLAs between the
应具备管理服务提供者和供应商之间合同纠纷的文service provider and the customer.
件化程序。
The service provider shall ensure that roles of, and
注1:供应商管理流程的范围不包括供应商的选择relationships between, lead and sub-contracted suppliers are
和服务的采购。
documented. The service provider shall verify that lead
suppliers are managing their sub-contracted suppliers to
注2:供应链关系的更进一步的示例在ISO/IEC TR
fulfil contractual obligations.
20000-3中展示。
The service provider shall monitor the performance of the
supplier at planned intervals. The performance shall be
©ISO/IEC 2011-All rights reserved
ISO/IEC 20000-1:2011 (中英文对照版) 版本:V1.0
measured against service targets and other contractual
obligations. Results shall be recorded and reviewed to
identify the causes of nonconformities and opportunities for
improvement. The review shall also ensure that the contract
reflects current requirements.
Changes to the contract shall be controlled by the change
management process.
There shall be a documented procedure to manage
contractual disputes between the service provider and the
supplier.
NOTE 1 The scope of the supplier management process
excludes the selection of suppliers and the procurement of
services.
NOTE 2 Further examples of supply chain relationships are
shown in ISO/IEC TR 20000-3.
Figure 3 —Example of supply chain relationships
图3-供应链关系示例
8
解决过程
Resolution processes
8 Resolution processes
8.1
事件和服务请求管理Incident and service
8.1 Incident and service request management
request managementThere shall be a documented procedure for all incidents to
对所有事件应有一套文件化的程序用于定义:
define:
a) 记录;
b) 优先级分配;
c) 分类;
d) 记录更新;
e) 升级;
f) 解决;
a) recording;
b) allocation of priority;
c) classification;
d) updating of records;
©ISO/IEC 2011-All rights reserved
ISO/IEC 20000-1:2011 (中英文对照版) 版本:V1.0
g) 关闭。
应有一个文件化的程序用于管理服务请求从记录到关闭的完成。事件和服务请求应遵循这些程序进行管理。
在确定事件和服务请求优先级时,服务提供者应考虑事件和服务请求的影响和紧急程度。
服务提供者应确保事件和服务请求管理流程相关的人员能够访问和使用相关信息。相关信息应包括服务请求管理程序、已知错误(Known Error)、问题解决方案和配置管理数据库(CMDB)。来自发布和部署管理流程的有关发布是否成功以及计划的发布日期等信息应用于事件和服务请求管理流程。
服务提供者应保持通知客户他们所报告的事件或服务请求的处理进展情况,如果服务的目标未达成,服务提供者应告知客户和利益相关方,并依照程序进行升级。
e) escalation;
f) resolution;
g) closure.
There shall be a documented procedure for managing the
fulfilment of service requests from recording to closure.
Incidents and service requests shall be managed according
to the procedures.
When prioritizing incidents and service requests, the
service provider shall take into consideration the impact
and urgency of the incident or service request.
The service provider shall ensure that personnel involved in
the incident and service request management process can
access and use relevant information. The relevant
information shall include service request management
procedures, known errors, problem resolutions and the
CMDB. Information about the success or failure of releases
and future release dates, from the release and deployment
management process, shall be used by the incident and
service request management process.
The service provider shall keep the customer informed of
the progress of their reported incident or service request. If
service targets cannot be met, the service provider shall
服务提供者应文件化并与客户就重大事件的定义达成一致。重大事件应进行分类并依照程序进行管理。inform the customer and interested parties and escalate
高管层应被告知重大事件。高管层应确保有指定的according to the procedure.
人员负责管理所分派的重大事件。在协商确定的服The service provider shall document and agree with the
务被恢复后,应对重大事件进行回顾以识别改进的customer the definition of a major incident. Major incidents
机会。
shall be classified and managed according to a documented
procedure. Top management shall be informed of major
incidents. Top management shall ensure that a designated
individual responsible for managing the major incident is
appointed. After the agreed service has been restored, major
incidents shall be reviewed to identify opportunities for
improvement.
8.2
问题管理
Problem management
8.2 Problem management
There shall be a documented procedure to identify
problems and minimize or avoid the impact of incidents and
problems. The procedure shall define:
a) identification;
b) recording;
c) allocation of priority;
d) classification;
e) updating of records;
f) escalation;
g) resolution;
h) closure.
Problems shall be managed according to the procedure.
The service provider shall analyse data and trends on
incidents and problems to identify root causes and their
potential preventive action.
Problems requiring changes to a CI shall be resolved by
raising a request for change.
Where the root cause has been identified, but the problem
应有文件化的程序以识别问题和最小化或避免事件和问题的影响。程序应定义:
a) 识别;
b) 记录;
c) 优先级分配;
d) 分类;
e) 记录更新;
f) 升级;
g) 解决;
h) 关闭。
问题应遵循程序进行管理。
服务提供者应分析事件和问题的数据和趋势,以识别根本原因(root causes)和潜在的预防措施。
需要对某一CI进行变更的问题应提交变更请求予以解决。
当已识别问题的根本原因,但还未被永久解决时, ©ISO/IEC 2011-All rights reserved
ISO/IEC 20000-1:2011 (中英文对照版) 版本:V1.0
服务提供者应识别降低或消除问题对服务影响的行动。已知错误应被记录。
问题解决方案的有效性应被监控、回顾和报告。
已知错误和问题解决方案的最新更新信息应提供给事件和服务请求管理流程。
has not been permanently resolved, the service provider
shall identify actions to reduce or eliminate the impact of
the problem on the services. Known errors shall be
recorded.
The effectiveness of problem resolution shall be monitored,
reviewed and reported.
Up-to-date information on known errors and problem
resolutions shall be provided to the incident and service
request management process.
9
控制过程
Control processes
9.1
配置管理
Configuration management
每一类型的CI应有文件化的定义。每个CI所记录的信息应确保做到有效控制,且至少包括:
a) CI的描述;
b) CI和其他CI之间的关系;
c) CI和服务组件之间的关系;
d) 状态;
e) 版本;
f) 位置;
9 Control processes
9.1 Configuration management
There shall be a documented definition of each type of CI.
The information recorded for each CI shall ensure effective
control and include at least:
a) description of the CI;
b) relationship(s) between the CI and other CIs;
c) relationship(s) between the CI and service components;
d) status;
e) version;
f) location;
g) associated requests for change;
h) associated problems and known errors.
CIs shall be uniquely identified and recorded in a CMDB.
The CMDB shall be managed to ensure its reliability and
accuracy, including control of update access.
There shall be a documented procedure for recording,
controlling and tracking versions of CIs. The degree of
control shall maintain the integrity of services and service
components taking into consideration the service
requirements and the risks associated with the CIs.
The service provider shall audit the records stored in the
CMDB, at planned intervals. Where deficiencies are found,
the service provider shall take necessary actions and report
on the actions taken.
Information from the CMDB shall be provided to the
change management process, to support the assessment of
requests for change.
Changes to CIs shall be traceable and auditable to ensure
integrity of the CIs and the data in the CMDB.
A configuration baseline of the affected CIs shall be taken
before deployment of a release into the live environment.
Master copies of CIs recorded in the CMDB shall be stored
in secure physical or electronic libraries referenced by the
configuration records. This shall include at least
documentation, licence information, software and, where
available, images of the hardware configuration.
There shall be a defined interface between the configuration
management process and financial asset management
process.
NOTE The scope of the configuration management process
g) 相关的变更请求;
h) 相关的问题和已知错误。
CI应被唯一识别并记录到CMDB中。应管理CMDB,包括对数据更新的访问控制,以确保其可靠性和准确性。
应有文件化的程序来记录、控制和跟踪CI的版本。基于服务需求和CI相关的风险的考虑,控制的程度应能维护服务和服务组件的完整性。
服务提供者应按照计划的时间间隔审核存储在CMDB中的记录。当发现缺陷时,服务提供者应采取必要的行动并报告所采取的行动。
CMDB的信息应提供给变更管理流程,以支持变更请求的评估。
CI的变更应可追踪和可审核,以确保CI和CMDB数据的完整性。
受影响的配置项的基线应在将发布部署到实际运行环境之前确定。
CMDB中被记录的CI的原始拷贝应存储在安全的物理库或电子库中,被配置记录所引用。原始拷贝至少应包括文件、许可证信息、软件,如有可能,还包括硬件配置图片。
配置管理流程和财务资产管理流程之间应有清晰的接口。
注:财务资产管理不属于配置管理流程的范围。
©ISO/IEC 2011-All rights reserved
ISO/IEC 20000-1:2011 (中英文对照版) 版本:V1.0
excludes financial asset management.
9.2
变更管理
Change management
9.2 Change management
A change management policy shall be established that
defines:
a) CIs which are under the control of change management;
b) criteria to determine changes with potential to have a
major impact on services or the customer.
Removal of a service shall be classified as a change to a
service with the potential to have a major impact. Transfer
of a service from the service provider to the customer or a
different party shall be classified as a change with potential
to have a major impact.
There shall be a documented procedure to record, classify,
assess and approve requests for change.
The service provider shall document and agree with the
customer the definition of an emergency change. There
shall be a documented procedure for managing emergency
changes.
All changes to a service or service component shall be
raised using a request for change. Requests for change shall
have a defined scope.
All requests for change shall be recorded and classified.
Requests for change classified as having the potential to
have a major impact on the services or the customer shall
be managed using the design and transition of new or
changed services process. All other requests for change to
CIs defined in the change management policy shall be
managed using the change management process.
应建立变更管理策略,以定义:
a) 变更管理控制下的CI;
b) 对服务或客户有潜在重大影响的变更的判断标准。
服务的撤销应归类为对服务有潜在的重大影响的变更。将服务从服务提供者转移到客户或不同方应被归类为对服务有潜在的重大影响的变更。
应有文件化的程序以记录、分类、评估和批准变更请求。
服务提供者应记录和与客户协商确定紧急变更的定义。应有文件化的程序用于管理紧急变更。
对服务或服务组件的所有变更应通过变更请求发起。变更请求应有明确的范围。
所有的变更请求应被记录和分类。对服务或客户有潜在重大影响的变更请求应通过设计和转换新或变更的服务流程进行管理。对在变更管理策略中所定义CI的所有其他变更请求应通过变更管理流程进行管理。
变更请求应被评估,使用来自变更管理流程和其他流程的信息进行评估。
服务提供者和利益相关方应对变更请求是否接受做Requests for change shall be assessed using information
出决策。决策应考虑风险、对服务和客户的潜在影from the change management process and other processes.
响、服务需求、业务利益、技术可行性和财务影响。
The service provider and interested parties shall make
decisions on the acceptance of requests for change.
Decision-making shall take into consideration the risks, the
经批准的变更应被开发和测试。
potential impacts to services and the customer, service
requirements, business benefits, technical feasibility and
应建立变更日程安排,内容包含被批准实施的变更financial impact.
详细信息及其建议的实施日期,并与利益相关方进行沟通。变更日程安排应作为部署规划的基础。
Approved changes shall be developed and tested.
回退或补救不成功变更所需的活动应被规划,可能的话,进行测试。如果变更不成功,应进行变更回退或补救。不成功的变更应被调查和采取协商确定的行动。
变更成功部署后,应随之更新CMDB记录。
服务提供者应评审变更的有效性,并实施与相关方协商确定的行动。
应按照计划的时间间隔分析变更请求以识别趋势。分析所得的结果和结论应被记录和回顾以识别改进机会。
A schedule of change containing details of the approved
changes and their proposed deployment dates shall be
established and communicated to interested parties. The
schedule of change shall be used as the basis for planning
the deployment of releases.
The activities required to reverse or remedy an unsuccessful
change shall be planned and, where possible, tested. The
change shall be reversed or remedied if unsuccessful.
Unsuccessful changes shall be investigated and agreed
actions taken.
The CMDB records shall be updated following the
successful deployment of changes.
The service provider shall review changes for effectiveness
and take actions agreed with interested parties.
Requests for change shall be analysed at planned intervals
to detect trends. The results and conclusions drawn from
the analysis shall be recorded and reviewed to identify
©ISO/IEC 2011-All rights reserved
ISO/IEC 20000-1:2011 (中英文对照版) 版本:V1.0
opportunities for improvement.
9.3
发布与部署管理
Release and deployment
9.3 Release and deployment management
management
The service provider shall establish and agree with the
服务提供者应建立并与客户协商确定发布策略,发customer a release policy stating the frequency and type of
布策略描述发布的频率和类型。
releases.
The service provider shall plan with the customer and
interested parties the deployment of new or changed
服务提供者应与客户和相关方对新的或变更的服务services and service components into the live environment.
和服务组件部署到实际运行环境进行规划。规划应Planning shall be coordinated with the change management
与变更管理流程协调一致,并包含对相关的变更请process and include references to the related requests for
求、已知错误和通过该发布所关闭问题的引用。规change, known errors and problems which are being closed
划应包括每个发布的部署日期、交付物和部署方式。
through the release. Planning shall include the dates for
deployment of each release, deliverables and methods of
服务提供者应记录并与客户协商确定紧急发布的定deployment.
义。紧急发布应通过文件化的程序进行管理,该程The service provider shall document and agree with the
序与紧急变更程序相关联。
customer the definition of an emergency release.
发布在部署前应被构建和测试。受控的验收测试环Emergency releases shall be managed according to a
境应被用于发布的构建和测试。
documented procedure that interfaces to the emergency
change procedure.
Releases shall be built and tested prior to deployment. A
发布的接受标准应与客户和利益相关方协商确定。controlled acceptance test environment shall be used for the
发布应依据协商确定的接受标准进行验证,并在部building and testing of releases.
署前被批准。如果未能满足验收标准,服务提供者应与利益相关方决定采取必要的行动和部署措施。
Acceptance criteria for the release shall be agreed with the
customer and interested parties. The release shall be
发布应部署到实际运行环境中,以使硬件、软件和verified against the agreed acceptance criteria and approved
其他服务组件的完整性在发布的部署过程中得到维before deployment. If the acceptance criteria are not met,
the service provider shall make a decision on necessary
护。
actions and deployment with interested parties.
回退或补救不成功的部署所需的活动应被规划,可能的话,进行测试。如果部署不成功,应进行回退The release shall be deployed into the live environment so
或补救。不成功的发布应被调查和采取协商确定的that the integrity of hardware, software and other service
components is maintained during deployment of the
行动。
release.
The activities required to reverse or remedy an unsuccessful
发布的成功或失败应被监控和分析。测量内容应包deployment of a release shall be planned and, where
括发布在部署之后某段时间内与发布有关的事件。possible, tested. The deployment of the release shall be
分析应包括发布对客户的影响评估。发布的结果和reversed or remedied if unsuccessful. Unsuccessful releases
分析所得的结论应被记录和回顾以识别改进机会。
shall be investigated and agreed actions taken.
应将发布成功与否和未来发布日期的信息传递给变更管理流程、事件和服务请求管理流程。
信息应提供给变更管理流程以支持评估变更请求对发布和部署计划的影响。
The success or failure of releases shall be monitored and
analysed. Measurements shall include incidents related to a
release in the period following deployment of a release.
Analysis shall include assessment of the impact of the
release on the customer. The results and conclusions drawn
from the analysis shall be recorded and reviewed to identify
opportunities for improvement.
Information about the success or failure of releases and
future release dates shall be provided to the change
management process, and incident and service request
management process.
Information shall be provided to the change management
process to support the assessment of the impact of requests
for change on releases and plans for deployment.
©ISO/IEC 2011-All rights reserved
版权声明:本文标题:ISOIEC 20000-1_2011《信息技术 Part1 服务管理体系 要求》中英文对照 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.freenas.com.cn/jishu/1708855528h532794.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论