ISO/IEC 20000:2011 - A Pocket Guide (eBook)
107 Seiten
van Haren Publishing (Verlag)
978-94-018-0057-0 (ISBN)
Colophon 5
Acknowledgements 6
Foreword 8
1 Introduction 12
1.1 Purpose of this book 12
1.2 Structure of this book 13
1.3 Audience for this book 15
2 Overview of ISO/IEC 20000 18
2.1 The ISO/IEC 20000 Series 18
2.2 History of ISO/IEC 20000 19
2.3 Purpose of ISO/IEC 20000 24
2.4 Contributions and benefits 27
3 Development of ISO standards 36
4 Accreditation, certification and assessment 40
4.1 Accreditation 40
4.2 Certification training for individuals 41
4.3 Assessments and audits 44
4.4 Certification 47
4.5 Scoping and applicability 50
5 Relationships to frameworks 54
5.1 Relationship to ITIL® 54
5.2 Relationship to risk management 57
6 Alignment with other standards 62
6.1 Alignment with ISO 9001 62
6.2 Alignment with ISO/IEC 27001 63
7 ISO/IEC 20000 and communication 72
8 ISO/IEC 20000-1:2011 78
8.1 Management in general 78
8.2 Scope – clause 1 of ISO/IEC 20000-1 78
8.3 Application – clause 1.2 of ISO/IEC 20000-1 79
8.4 (4) Service management system general requirements 81
8.5 (5) Design and transition of new or changed services 95
8.6 (5.2) Plan new or changed services 97
8.7 (5.3) Design and development of new or changed services 98
8.8 (5.4) Transition of new or changed services 99
8.9 (6) Service delivery processes 100
8.10 (7) Relationship processes 113
8.11 (8) Resolution processes 118
8.12 (9) Control processes 121
9 ISO/IEC 20000 self-assessment 128
9.2 Assessment and reporting 129
9.3 Review and act 129
Annex A Glossary: terminology and definitions 132
Annex B ISO/IEC 20000-1:2011 changes 140
B.1 Name change 140
B.2 Changes in structure and size 140
B.3 Integrated Management System 143
B.4 Other noticeable changes 145
B.5 Major non-process-specific differences 145
B.6 Changes in terms and definitions 147
B.7 New requirements of ISO/IEC 20000-1:2011 149
Appendix C: ISO/IEC 20000-2:2012 156
2 Overview of ISO/IEC 20000
This chapter introduces ISO/IEC 20000. It outlines the structure of ISO/IEC 20000, its history, and its purpose; and explains the contributions and benefits of the standard to IT organizations.
2.1 The ISO/IEC 20000 Series
The core of the ISO/IEC 20000 standard consists of several documents:
1. ISO/IEC 20000-1:2011 Service management system requirements. This is the formal specification of the standard. It describes the required activities, documents and records defined in 256 ‘shall’ statements.
2. ISO/IEC 20000-2 Guidance on the application of service management systems describes the best practices in detail and provides guidance to auditors and recommendations for service providers planning for service improvements defined in ‘should’ statements.
3. ISO/IEC TR1 20000-3 Guidance on scope definition and applicability of ISO/IEC 20000-1 provides guidance on determining the scope of certification and the applicability of the standard.
4. ISO/IEC TR 20000-4 Process Reference Model facilitates the development of a process assessment model that will be described in ISO/IEC TR 15504-8 Information Technology – Process Assessment.
5. 5. ISO/IEC TR 20000-5 Exemplar Implementation Plan for ISO/IEC 20000-1 provides guidance on the implementation of the standard’s requirements.
Other parts of the standard are currently being planned.
More details of each document will be described in the upcoming chapters.
2.2 History of ISO/IEC 20000
The IT Infrastructure Library (ITIL) is accepted all over the world as a de facto reference for best practice processes in IT Service Management. Inherently, because ITIL is a framework and not a standard, showing compliance with ITIL is impossible for service providers2. This changed in the year 2000 when a formally documented standard became available. It was BSI (the British Standards Institution) who officially determined the requirements for the effective delivery of services to the business and its customers in a British Standard: BS 15000.
The first edition of BS 15000 was published in November 2000, based on an earlier publication - DISC PD0005: 1998 - the Code of Practice for IT Service Management. BS 15000-1:2002 became the second edition, which was the result of experience and feedback from early adopters of the first edition. The development of a certification strategy gave a major boost to the acceptance of BS 15000 as a formal standard.
On 15 December 2005, ISO, the International Organization for Standardization, accepted BS 15000 as an international ISO standard: ISO/IEC 20000:2005, the first edition of the standard.
There are two ways to create an ISO standard:
1. A cooperative creation by involved countries, or
2. The fast-track route based upon a national standard.
For the acceptation of this British Standard, ISO followed the fast-track route. Preceding its acceptance as an ISO standard, BS 15000 was already copied and accepted in the national standards bodies of Australia and South Africa.
More information about the ISO organization, its processes and procedures can be found in Chapter 3.
Besides ITIL, many IT Service Management frameworks are available. Some are public domain and freely available and others can be acquired at a fee or cost. Furthermore, several vendors have developed their own framework in support of their IT Service Management solutions and offerings. It is a misperception that ISO/IEC 20000 is solely based on ITIL or that the adoption of ITIL is a prerequisite to comply with the requirements of ISO/IEC 20000. A service provider is free to choose the IT Service Management framework, or a combination of frameworks, that it prefers in support of its endeavors to benefit from the standard. ITIL is not known for its strengths in areas like IT governance, project and program management, risk management, information security management, quality management, and business analysis. These are areas for which widely accepted complementary frameworks and standards exist, all contributing to becoming ISO/IEC 20000 certified as a service provider.
The first edition of the standard, ISO/IEC 20000:2005, in particular the Specification, ISO/IEC 20000-1:2005, was a slightly adapted version of BS 15000-1. The BS 15000 Code of Practice (BS 15000-2) was upgraded to ISO/IEC 20000-2 (Code of Practice) on December 15, 2005. In late 2011 or early 2012 the new edition is expected on this document.
ISO/IEC 20000-1:2005, the Specification, was the formal specification of the standard’s initial release. It described the required activities defined in 170 ‘shall’ statements.
Part Two of the standard, ISO/IEC 20000-2:2005, the Code of Practice, provides guidance and recommendations for the interpretation of the requirements of ISO/IEC 20000-1. It provides guidance to auditors and offers assistance to service providers who are planning service improvements. It lists guidelines and suggestions that service providers ‘should’ address when wishing to be audited against the ISO/IEC 20000-1 requirements and become certified. The Code of Practice is not part of the requirements. It supports the efforts to meet the requirements described in ISO/IEC 20000-1.
Three additional parts of the standard, parts 3, 4 and 5, have been released in 2009 and 2010 as described in section 2.1.
There are three parts of the standard that have yet to be released: ISO/IEC 20000-6, -7, and -8.
The diagram below depicts the relationship between part 1 and part 2 of the ISO/IEC 20000 standard and the many ITSM frameworks available in the market:
Figure 2.1 Relationship between ISO/IEC 20000 part 1 and 2 and ITSM frameworks
The second edition of the standard, ISO/IEC 20000-1:2011 Service management system requirements, was released on April 15, 2011. It describes the required activities defined in 256 ‘shall’ statements. The reasons for publishing a new version of the standard were:
• All ISO standards must be reviewed every five years; this is an ISO requirement
• Comments deferred from the ISO/IEC 2000:2005 publication have been addressed in this new version
• Many improvements have been suggested over the years
• The Joint Technical Committee of ISO responsible for the standard has grown to more than 20 countries; this increase in popularity has resulted in many suggestions for improvements
• A closer alignment with ISO 9001, the Quality Management standard
• The publication of ITILv3 in 2007
• A closer alignment with ISO/IEC 27001, the Information Security Management standard
• A stronger emphasis of interfaces between processes
• Improved consistency of international ITSM terminology
The benefits of the new version of the standard are:
• Easier integration with Management Systems of standards such as ISO 9001 and ISO/IEC 27001
• Improved clarity of interpretation of requirements
• Improved clarity of terminology
• Increased quality, consistency, and productivity of service delivery due to the additional requirements of ISO/IEC 20000:2011 compared to the 2005 edition
More information about the main differences between the 2005 and the 2011 edition of the standard is addressed in Appendix B.
Transition for Certified Organizations
Organizations who are already certified and wish to move to the 2011 edition of the standard should discuss the timescales with their Registered Certification Body.
2.3 Purpose of ISO/IEC 20000
The purpose of ISO/IEC 20000 is to provide a common reference standard for any enterprise offering IT services to internal or external customers.
Given that communication plays an essential role in IT Service Management3, one of the most important goals of the standard is to create a common terminology for service providers, their suppliers and their customers.
The standard promotes the adoption of an integrated process approach for the management of IT services. With a high number of the standard’s requirements referring to process integration or process interfaces, a strong emphasis is given to this “integrated process approach”4. By making process integration such high priority the standard inherently makes communication play a central role in enabling effective IT Service Management.
The standard’s processes have been positioned in a process model, representing the minimal activities mandatory for quality IT Service Management - things that are common to and required by every service provider. ISO/IEC 20000 does not address local requirements or specific regulatory or statutory requirements, although the standard requires that these are considered in the service requirements.
ISO/IEC 20000 represents a set of minimum requirements to audit an organization against effective IT Service Management. The standard has enabled service providers globally to determine formal compliance to these IT Service...
Erscheint lt. Verlag | 10.6.2020 |
---|---|
Verlagsort | Hertogenbosch |
Sprache | englisch |
Themenwelt | Schulbuch / Wörterbuch ► Schulbuch / Allgemeinbildende Schulen |
Mathematik / Informatik ► Informatik ► Programmiersprachen / -werkzeuge | |
Mathematik / Informatik ► Informatik ► Software Entwicklung | |
Sozialwissenschaften ► Pädagogik | |
Technik ► Architektur | |
Wirtschaft ► Betriebswirtschaft / Management ► Finanzierung | |
Wirtschaft ► Betriebswirtschaft / Management ► Marketing / Vertrieb | |
Wirtschaft ► Betriebswirtschaft / Management ► Personalwesen | |
Wirtschaft ► Betriebswirtschaft / Management ► Planung / Organisation | |
Wirtschaft ► Betriebswirtschaft / Management ► Projektmanagement | |
Wirtschaft ► Betriebswirtschaft / Management ► Unternehmensführung / Management | |
Schlagworte | It Management |
ISBN-10 | 94-018-0057-X / 940180057X |
ISBN-13 | 978-94-018-0057-0 / 9789401800570 |
Haben Sie eine Frage zum Produkt? |
Größe: 2,1 MB
Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: PDF (Portable Document Format)
Mit einem festen Seitenlayout eignet sich die PDF besonders für Fachbücher mit Spalten, Tabellen und Abbildungen. Eine PDF kann auf fast allen Geräten angezeigt werden, ist aber für kleine Displays (Smartphone, eReader) nur eingeschränkt geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Zusätzliches Feature: Online Lesen
Dieses eBook können Sie zusätzlich zum Download auch online im Webbrowser lesen.
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
Größe: 2,8 MB
Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: EPUB (Electronic Publication)
EPUB ist ein offener Standard für eBooks und eignet sich besonders zur Darstellung von Belletristik und Sachbüchern. Der Fließtext wird dynamisch an die Display- und Schriftgröße angepasst. Auch für mobile Lesegeräte ist EPUB daher gut geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Zusätzliches Feature: Online Lesen
Dieses eBook können Sie zusätzlich zum Download auch online im Webbrowser lesen.
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich