ISO/IEC 20000-1:2011
(Main)Information technology - Service management - Part 1: Service management system requirements
Information technology - Service management - Part 1: Service management system requirements
ISO/IEC 20000-1:2011 is a service management system (SMS) standard. It specifies requirements for the service provider to plan, establish, implement, operate, monitor, review, maintain and improve an SMS. The requirements include the design, transition, delivery and improvement of services to fulfil agreed service requirements. ISO/IEC 20000-1:2011 can be used by: an organization seeking services from service providers and requiring assurance that their service requirements will be fulfilled; an organization that requires a consistent approach by all its service providers, including those in a supply chain; a service provider that intends to demonstrate its capability for the design, transition, delivery and improvement of services that fulfil service requirements; a service provider to monitor, measure and review its service management processes and services; a service provider to improve the design, transition, delivery and improvement of services through the effective implementation and operation of the SMS; an assessor or auditor as the criteria for a conformity assessment of a service provider's SMS to the requirements in ISO/IEC 20000-1:2011.
Technologies de l'information — Gestion des services — Partie 1: Exigences du système de management des services
L'ISO/CEI 20000-1:2011 est une norme de système de management des services (SMS). Elle spécifie les exigences destinées au fournisseur de services pour planifier, établir, implémenter, exécuter, surveiller, passer en revue, maintenir et améliorer un SMS. Les exigences incluent la conception, la transition, la fourniture et l'amélioration des services afin de satisfaire aux exigences de services. L'ISO/CEI 20000-1:2011 peut être utilisée par: un organisme attendant des services de la part de fournisseurs de services et exigeant d'avoir la garantie que les exigences de services de ces derniers seront satisfaites; un organisme qui exige une approche cohérente de la part de tous ses fournisseurs de services, y compris ceux qui sont compris dans une chaîne logistique; un fournisseur de services qui souhaite démontrer son efficience dans la conception, la transition, la fourniture et l'amélioration des services qui satisfont aux exigences de services; un fournisseur de services pour surveiller, mesurer et passer en revue ses processus de gestion des services ainsi que ses services; un fournisseur de services pour améliorer la conception, la transition et la fourniture des services par l'implémentation et le fonctionnement effectifs d'un SMS; un évaluateur ou un auditeur comme critère d'évaluation de conformité du SMS d'un fournisseur de services par rapport aux exigences figurant dans l'ISO/CEI 20000-1:2011.
General Information
- Status
- Withdrawn
- Publication Date
- 11-Apr-2011
- Withdrawal Date
- 11-Apr-2011
- Technical Committee
- ISO/IEC JTC 1/SC 40 - IT service management and IT governance
- Drafting Committee
- ISO/IEC JTC 1/SC 40 - IT service management and IT governance
- Current Stage
- 9599 - Withdrawal of International Standard
- Start Date
- 14-Sep-2018
- Completion Date
- 30-Oct-2025
Relations
- Effective Date
- 23-Jan-2016
- Effective Date
- 26-Jan-2013
- Effective Date
- 20-Jun-2008
ISO/IEC 20000-1:2011 - Information technology -- Service management
REDLINE ISO/IEC 20000-1:2011 - Information technology -- Service management
ISO/IEC 20000-1:2011 - Technologies de l'information -- Gestion des services
Frequently Asked Questions
ISO/IEC 20000-1:2011 is a standard published by the International Organization for Standardization (ISO). Its full title is "Information technology - Service management - Part 1: Service management system requirements". This standard covers: ISO/IEC 20000-1:2011 is a service management system (SMS) standard. It specifies requirements for the service provider to plan, establish, implement, operate, monitor, review, maintain and improve an SMS. The requirements include the design, transition, delivery and improvement of services to fulfil agreed service requirements. ISO/IEC 20000-1:2011 can be used by: an organization seeking services from service providers and requiring assurance that their service requirements will be fulfilled; an organization that requires a consistent approach by all its service providers, including those in a supply chain; a service provider that intends to demonstrate its capability for the design, transition, delivery and improvement of services that fulfil service requirements; a service provider to monitor, measure and review its service management processes and services; a service provider to improve the design, transition, delivery and improvement of services through the effective implementation and operation of the SMS; an assessor or auditor as the criteria for a conformity assessment of a service provider's SMS to the requirements in ISO/IEC 20000-1:2011.
ISO/IEC 20000-1:2011 is a service management system (SMS) standard. It specifies requirements for the service provider to plan, establish, implement, operate, monitor, review, maintain and improve an SMS. The requirements include the design, transition, delivery and improvement of services to fulfil agreed service requirements. ISO/IEC 20000-1:2011 can be used by: an organization seeking services from service providers and requiring assurance that their service requirements will be fulfilled; an organization that requires a consistent approach by all its service providers, including those in a supply chain; a service provider that intends to demonstrate its capability for the design, transition, delivery and improvement of services that fulfil service requirements; a service provider to monitor, measure and review its service management processes and services; a service provider to improve the design, transition, delivery and improvement of services through the effective implementation and operation of the SMS; an assessor or auditor as the criteria for a conformity assessment of a service provider's SMS to the requirements in ISO/IEC 20000-1:2011.
ISO/IEC 20000-1:2011 is classified under the following ICS (International Classification for Standards) categories: 03.080.99 - Other services; 35.020 - Information technology (IT) in general. The ICS classification helps identify the subject area and facilitates finding related standards.
ISO/IEC 20000-1:2011 has the following relationships with other standards: It is inter standard links to ISO/IEC 20000-1:2018, ISO/IEC TR 90006:2013, ISO/IEC 20000-1:2005. Understanding these relationships helps ensure you are using the most current and applicable version of the standard.
You can purchase ISO/IEC 20000-1:2011 directly from iTeh Standards. The document is available in PDF format and is delivered instantly after payment. Add the standard to your cart and complete the secure checkout process. iTeh Standards is an authorized distributor of ISO standards.
Standards Content (Sample)
INTERNATIONAL ISO/IEC
STANDARD 20000-1
Second edition
2011-04-15
Information technology — Service
management —
Part 1:
Service management system
requirements
Technologies de l'information — Gestion des services —
Partie 1: Exigences du système de gestion des services
Reference number
©
ISO/IEC 2011
© ISO/IEC 2011
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2011 – All rights reserved
Contents Page
Foreword .v
Introduction.vii
1 Scope.1
1.1 General .1
1.2 Application .2
2 Normative references.2
3 Terms and definitions .3
4 Service management system general requirements .7
4.1 Management responsibility .7
4.1.1 Management commitment .7
4.1.2 Service management policy .8
4.1.3 Authority, responsibility and communication.8
4.1.4 Management representative.8
4.2 Governance of processes operated by other parties .8
4.3 Documentation management .9
4.3.1 Establish and maintain documents.9
4.3.2 Control of documents .9
4.3.3 Control of records .10
4.4 Resource management.10
4.4.1 Provision of resources.10
4.4.2 Human resources .10
4.5 Establish and improve the SMS.10
4.5.1 Define scope .10
4.5.2 Plan the SMS (Plan).11
4.5.3 Implement and operate the SMS (Do).11
4.5.4 Monitor and review the SMS (Check) .11
4.5.5 Maintain and improve the SMS (Act).13
5 Design and transition of new or changed services .13
5.1 General .13
5.2 Plan new or changed services .14
5.3 Design and development of new or changed services .14
5.4 Transition of new or changed services.15
6 Service delivery processes .15
6.1 Service level management .15
6.2 Service reporting.16
6.3 Service continuity and availability management .16
6.3.1 Service continuity and availability requirements.16
6.3.2 Service continuity and availability plans .16
6.3.3 Service continuity and availability monitoring and testing .17
6.4 Budgeting and accounting for services.17
6.5 Capacity management .18
6.6 Information security management.18
6.6.1 Information security policy .18
6.6.2 Information security controls.19
6.6.3 Information security changes and incidents.19
7 Relationship processes .19
7.1 Business relationship management.19
7.2 Supplier management.20
8 Resolution processes .21
© ISO/IEC 2011 – All rights reserved iii
8.1 Incident and service request management.21
8.2 Problem management .22
9 Control processes .22
9.1 Configuration management.22
9.2 Change management .23
9.3 Release and deployment management .24
Bibliography .26
Figures
Figure 1 — PDCA methodology applied to service management . viii
Figure 2 — Service management system.2
Figure 3 — Example of supply chain relationships .20
iv © ISO/IEC 2011 – All rights reserved
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members of
ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information
technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of the joint technical committee is to prepare International Standards. Draft International
Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as
an International Standard requires approval by at least 75 % of the national bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.
ISO/IEC 20000-1 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 7, Software and systems engineering. This second edition cancels and replaces the first
edition (ISO/IEC 20000-1:2005), which has been technically revised. The main differences are as follows:
⎯ closer alignment to ISO 9001;
⎯ closer alignment to ISO/IEC 27001;
⎯ change of terminology to reflect international usage;
⎯ addition of many more definitions, updates to some definitions and removal of two definitions;
⎯ introduction of the term “service management system”;
⎯ combining Clauses 3 and 4 of ISO/IEC 20000-1:2005 to put all management system requirements into
one clause;
⎯ clarification of the requirements for the governance of processes operated by other parties;
⎯ clarification of the requirements for defining the scope of the SMS;
⎯ clarification that the PDCA methodology applies to the SMS, including the service management
processes, and the services;
⎯ introduction of new requirements for the design and transition of new or changed services.
ISO/IEC 20000 consists of the following parts, under the general title Information technology — Service
management:
⎯ Part 1: Service management system requirements
1)
⎯ Part 2: Guidance on the application of service management systems
1) To be published. (Technical revision of ISO/IEC 20000-2:2005.)
© ISO/IEC 2011 – All rights reserved v
⎯ Part 3: Guidance on scope definition and applicability of ISO/IEC 20000-1 [Technical Report]
⎯ Part 4: Process reference model [Technical Report]
⎯ Part 5: Exemplar implementation plan for ISO/IEC 20000-1 [Technical Report]
A process assessment model for service management will form the subject of a future Part 8.
vi © ISO/IEC 2011 – All rights reserved
Introduction
The requirements in this part of ISO/IEC 20000 include the design, transition, delivery and improvement of
services that fulfil service requirements and provide value for both the customer and the service provider. This
part of ISO/IEC 20000 requires an integrated process approach when the service provider plans, establishes,
implements, operates, monitors, reviews, maintains and improves a service management system (SMS).
Co-ordinated integration and implementation of an SMS provides ongoing control and opportunities for
continual improvement, greater effectiveness and efficiency. The operation of processes as specified in this
part of ISO/IEC 20000 requires personnel to be well organized and co-ordinated. Appropriate tools can be
used to enable the processes to be effective and efficient.
The most effective service providers consider the impact on the SMS through all stages of the service lifecycle,
from strategy through design, transition and operation, including continual improvement.
This part of ISO/IEC 20000 requires the application of the methodology known as “Plan-Do-Check-Act”
(PDCA) to all parts of the SMS and the services. The PDCA methodology, as applied in this part of
ISO/IEC 20000, can be briefly described as follows.
Plan: establishing, documenting and agreeing the SMS. The SMS includes the policies, objectives, plans and
processes to fulfil the service requirements.
Do: implementing and operating the SMS for the design, transition, delivery and improvement of the services.
Check: monitoring, measuring and reviewing the SMS and the services against the policies, objectives, plans
and service requirements and reporting the results.
Act: taking actions to continually improve performance of the SMS and the services.
When used within an SMS, the following are the most important aspects of an integrated process approach
and the PDCA methodology:
a) understanding and fulfilling the service requirements to achieve customer satisfaction;
b) establishing the policy and objectives for service management;
c) designing and delivering services based on the SMS that add value for the customer;
d) monitoring, measuring and reviewing performance of the SMS and the services;
e) continually improving the SMS and the services based on objective measurements.
Figure 1 illustrates how the PDCA methodology can be applied to the SMS, including the service management
processes specified in Clauses 5 to 9, and the services. Each element of the PDCA methodology is a vital part
of a successful implementation of an SMS. The improvement process used in this part of ISO/IEC 20000 is
based on the PDCA methodology.
© ISO/IEC 2011 – All rights reserved vii
Plan
Service
Management
System
Service
Management
Act
Processes
Do
Services
Check
Figure 1 — PDCA methodology applied to service management
This part of ISO/IEC 20000 enables a service provider to integrate its SMS with other management systems in
the service provider's organization. The adoption of an integrated process approach and the PDCA
methodology enables the service provider to align or fully integrate multiple management system standards.
For example, an SMS can be integrated with a quality management system based on ISO 9001 or an
information security management system based on ISO/IEC 27001.
ISO/IEC 20000 is intentionally independent of specific guidance. The service provider can use a combination
of generally accepted guidance and its own experience.
Users of an International Standard are responsible for its correct application. An International Standard does
not purport to include all necessary statutory and regulatory requirements and contractual obligations of the
service provider. Conformity to an International Standard does not of itself confer immunity from statutory and
regulatory requirements.
For the purposes of research on service management standards, users are encouraged to share their views
on ISO/IEC 20000-1 and their priorities for changes to the rest of the ISO/IEC 20000 series. Click on the link
below to take part in the online survey.
ISO/IEC 20000-1 online survey
viii © ISO/IEC 2011 – All rights reserved
INTERNATIONAL STANDARD ISO/IEC 20000-1:2011(E)
Information technology — Service management —
Part 1:
Service management system requirements
1 Scope
1.1 General
This part of ISO/IEC 20000 is a service management system (SMS) standard. It specifies requirements for the
service provider to plan, establish, implement, operate, monitor, review, maintain and improve an SMS. The
requirements include the design, transition, delivery and improvement of services to fulfil service requirements.
This part of ISO/IEC 20000 can be used by:
a) an organization seeking services from service providers and requiring assurance that their service
requirements will be fulfilled;
b) an organization that requires a consistent approach by all its service providers, including those in a supply
chain;
c) a service provider that intends to demonstrate its capability for the design, transition, delivery and
improvement of services that fulfil service requirements;
d) a service provider to monitor, measure and review its service management processes and services;
e) a service provider to improve the design, transition and delivery of services through effective
implementation and operation of an SMS;
f) an assessor or auditor as the criteria for a conformity assessment of a service provider's SMS to the
requirements in this part of ISO/IEC 20000.
Figure 2 illustrates an SMS, including the service management processes. The service management
processes and the relationships between the processes can be implemented in different ways by different
service providers. The nature of the relationship between a service provider and the customer will influence
how the service management processes are implemented.
© ISO/IEC 2011 – all rights reserved 1
ServServServiiiccceee MMMaaannnaaagggeeemmmeeennnttt Sy Sy Sysssttteeemmm ( ( (SSSMMMSSS)))
CuCussttoommeerrss CuCussttoommeerrss
MMMaaannnaaagegegemmmeeennnttt r r reeesssppponononsssiiibbbiiillliiitttyyy
((aandnd o ottheher r GGGooovernvernvernaaancencence of of of ppprrrooocccessessesseseses ((aandnd o ottheher r
oooppperereratedatedated by o by o by otttheheher par par partrtrtiesiesies
inintteerreesstteedd iinnttereeresstteedd
DDDooocccuuummmeeennntttaaatttiiion mon mon maaanananagggeeemmmeeennnttt
paparrttiieess)) EstEstEstaaablblbliiisssh th th thhhe SMe SMe SMSSS paparrttiieess))
RRReeesososouuurrrcecece m m maaannnaaagegegemmmeeennnttt
SeSeSerrrvvviiiccceee
DDDeeesssiiigngngn an an anddd t t trrrananansssiiitttiiiooonnn ooofff nnneeewww or or or c c chhhaaannngegegeddd s s seeerrrvvviiiccceeesss SeSeSerrrvvviiiccceeesss
ReReReqqquuuiiirrreeemmmenenentttsss
ServServService deliice deliice delivvveryeryery ppprrrooocccesesessessesses
CCCaaapapapaccciiitttyyy m m maaannnaaagegegemmmeeennnttt SSSeeerrrvvviciciceee le le levvveeel l l mmmaaannnaaagggeeemmmeeennnttt IIInnnfofoformrmrmaaatttiiiooonnn s s seeecccuuurrriiitytyty
mmmaaanananagggeeemmmeeentntnt
SSSeeerrrvvviciciceee c c cooonnntttinininuuuiiitttyyy &&& SSSeeervrvrviiiccceee re re repppooortrtrtiiinnnggg BBBudgudgudgeeetttiiinnng &g &g &
avavavaiaiailllaaabbbiiillliiitttyyy m m maaannnaaagggeeemmmeeennnttt acacaccococouuunnntititinnnggg f f fooorrr ssseeervirvirviccceeesss
CCCooonnntttrororol prl prl prooocescescesssseeesss
CCCooonnnfffiiigggurururaaatttiiiooonnn m m maaanananagggeeemmmeeentntnt
CCChhhaaannngegege m m maaanananagggeeemmmeeentntnt
RRReeellleeeaaassseee a a annnddd dddeeeplplployoyoymmmeeentntnt
mamamannnaaagggeeemememennnttt
RelaRelaRelatititiooonnnssshhhipipip p p prrroooccceeesssssseeesss
RRReeesssooollluuutttiiiononon p p prrrocococeeesssssseeesss
IIInnnccciiidddeeennnttt anananddd se se serrrvvviiiccce re re reeeqqquuuesesesttt BBBuuusisisinnneeessssss r r reeelllaaatttiiiooonnnssshhhiiippp
mmmaaanananagggeeemmmeeentntnt mamamannnaaagggeeemmmeeennnttt
PPPrrrobobobllleeemmm m m maaannnaaagegegemmmeeennnttt SuSuSuppppppllliiieeerrr m m maaanananagggeeemmmeeentntnt
Figure 2 — Service management system
1.2 Application
All requirements in this part of ISO/IEC 20000 are generic and are intended to be applicable to all service
providers, regardless of type, size and the nature of the services delivered. Exclusion of any of the
requirements in Clauses 4 to 9 is not acceptable when a service provider claims conformity to this part of
ISO/IEC 20000, irrespective of the nature of the service provider's organization.
Conformity to the requirements in Clause 4 can only be demonstrated by a service provider showing evidence
of fulfilling all of the requirements in Clause 4. A service provider cannot rely on evidence of the governance of
processes operated by other parties for the requirements in Clause 4.
Conformity to the requirements in Clauses 5 to 9 can be demonstrated by the service provider showing
evidence of fulfilling all requirements. Alternatively, the service provider can show evidence of fulfilling the
majority of the requirements themselves and evidence of the governance of processes operated by other
parties for those processes, or parts of processes, that the service provider does not operate directly.
The scope of this part of ISO/IEC 20000 excludes the specification for a product or tool. However,
organizations can use this part of ISO/IEC 20000 to help them develop products or tools that support the
operation of an SMS.
NOTE ISO/IEC TR 20000-3 provides guidance on scope definition and applicability of this part of ISO/IEC 20000.
This includes further explanation about the governance of processes operated by other parties.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.
No normative references are cited. This clause is included in order to ensure clause numbering is identical
with ISO/IEC 20000-2:—, Information technology — Service management — Part 2: Guidance on the
2)
application of service management systems .
2) To be published.
2 © ISO/IEC 2011 – All rights reserved
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1
availability
ability of a service or service component to perform its required function at an agreed instant or over an
agreed period of time
NOTE Availability is normally expressed as a ratio or percentage of the time that the service or service component is
actually available for use by the customer to the agreed time that the service should be available.
3.2
configuration baseline
configuration information formally designated at a specific time during a service or service component's life
NOTE 1 Configuration baselines, plus approved changes from those baselines, constitute the current configuration
information.
NOTE 2 Adapted from ISO/IEC/IEEE 24765:2010.
3.3
configuration item
CI
element that needs to be controlled in order to deliver a service or services
3.4
configuration management database
CMDB
data store used to record attributes of configuration items, and the relationships between configuration items,
throughout their lifecycle
3.5
continual improvement
recurring activity to increase the ability to fulfil service requirements
NOTE Adapted from ISO 9000:2005.
3.6
corrective action
action to eliminate the cause or reduce the likelihood of recurrence of a detected nonconformity or other
undesirable situation
NOTE Adapted from ISO 9000:2005.
3.7
customer
organization or part of an organization that receives a service or services
NOTE 1 A customer can be internal or external to the service provider's organization.
NOTE 2 Adapted from ISO 9000:2005.
3.8
document
information and its supporting medium
[ISO 9000:2005]
EXAMPLES Policies, plans, process descriptions, procedures, service level agreements, contracts or records.
© ISO/IEC 2011 – All rights reserved 3
NOTE 1 The documentation can be in any form or type of medium.
NOTE 2 In ISO/IEC 20000, documents, except for records, state the intent to be achieved.
3.9
effectiveness
extent to which planned activities are realized and planned results achieved
[ISO 9000:2005]
3.10
incident
unplanned interruption to a service, a reduction in the quality of a service or an event that has not yet
impacted the service to the customer
3.11
information security
preservation of confidentiality, integrity and accessibility of information
NOTE 1 In addition, other properties such as authenticity, accountability, non-repudiation and reliability can also be
involved.
NOTE 2 The term “availability” has not been used in this definition because it is a defined term in this part of
ISO/IEC 20000 which would not be appropriate for this definition.
NOTE 3 Adapted from ISO/IEC 27000:2009.
3.12
information security incident
single or a series of unwanted or unexpected information security events that have a significant probability of
compromising business operations and threatening information security
[ISO/IEC 27000:2009]
3.13
interested party
person or group having a specific interest in the performance or success of the service provider's activity or
activities
EXAMPLES Customers, owners, management, people in the service provider's organization, suppliers, bankers,
unions or partners.
NOTE 1 A group can comprise an organization, a part thereof, or more than one organization.
NOTE 2 Adapted from ISO 9000:2005.
3.14
internal group
part of the service provider's organization that enters into a documented agreement with the service provider
to contribute to the design, transition, delivery and improvement of a service or services
NOTE The internal group is outside the scope of the service provider's SMS.
3.15
known error
problem that has an identified root cause or a method of reducing or eliminating its impact on a service by
working around it
3.16
nonconformity
non-fulfilment of a requirement
4 © ISO/IEC 2011 – All rights reserved
[ISO 9000:2005]
3.17
organization
group of people and facilities with an arrangement of responsibilities, authorities and relationships
EXAMPLES Company, corporation, firm, enterprise, institution, charity, sole trader, association, or parts or
combination thereof.
NOTE 1 The arrangement is generally orderly.
NOTE 2 An organization can be public or private.
[ISO 9000:2005]
3.18
preventive action
action to avoid or eliminate the causes or reduce the likelihood of occurrence of a potential nonconformity or
other potential undesirable situation
NOTE Adapted from ISO 9000:2005.
3.19
problem
root cause of one or more incidents
NOTE The root cause is not usually known at the time a problem record is created and the problem management
process is responsible for further investigation.
3.20
procedure
specified way to carry out an activity or a process
[ISO 9000:2005]
NOTE Procedures can be documented or not.
3.21
process
set of interrelated or interacting activities which transforms inputs into outputs
[ISO 9000:2005]
3.22
record
document stating results achieved or providing evidence of activities performed
[ISO 9000:2005]
EXAMPLES Audit reports, incident reports, training records or minutes of meetings.
3.23
release
collection of one or more new or changed configuration items deployed into the live environment as a result of
one or more changes
3.24
request for change
proposal for a change to be made to a service, service component or the service management system
© ISO/IEC 2011 – All rights reserved 5
NOTE A change to a service includes the provision of a new service or the removal of a service which is no longer
required.
3.25
risk
effect of uncertainty on objectives
NOTE 1 An effect is a deviation from the expected — positive and/or negative.
NOTE 2 Objectives can have different aspects (such as financial, health and safety, and environmental goals) and can
apply at different levels (such as strategic, organization-wide, project, product and process).
NOTE 3 Risk is often characterized by reference to potential events and consequences, or a combination of these.
NOTE 4 Risk is often expressed in terms of a combination of the consequences of an event (including changes in
circumstances) and the associated likelihood of occurrence.
[ISO 31000:2009]
3.26
service
means of delivering value for the customer by facilitating results the customer wants to achieve
NOTE 1 Service is generally intangible.
NOTE 2 A service can also be delivered to the service provider by a supplier, an internal group or a customer acting as
a supplier.
3.27
service component
single unit of a service that when combined with other units will deliver a complete service
EXAMPLES Hardware, software, tools, applications, documentation, information, processes or supporting services.
NOTE A service component can consist of one or more configuration items.
3.28
service continuity
capability to manage risks and events that could have serious impact on a service or services in order to
continually deliver services at agreed levels
3.29
service level agreement
SLA
documented agreement between the service provider and customer that identifies services and service
targets
NOTE 1 A service level agreement can also be established between the service provider and a supplier, an internal
group or a customer acting as a supplier.
NOTE 2 A service level agreement can be included in a contract or another type of documented agreement.
3.30
service management
set of capabilities and processes to direct and control the service provider's activities and resources for the
design, transition, delivery and improvement of services to fulfil the service requirements
3.31
service management system
SMS
management system to direct and control the service management activities of the service provider
6 © ISO/IEC 2011 – All rights reserved
NOTE 1 A management system is a set of interrelated or interacting elements to establish policy and objectives and to
achieve those objectives.
NOTE 2 The SMS includes all service management policies, objectives, plans, processes, documentation and
resources required for the design, transition, delivery and improvement of services and to fulfil the requirements in this part
of ISO/IEC 20000.
NOTE 3 Adapted from the definition of “quality management system” in ISO 9000:2005.
3.32
service provider
organization or part of an organization that manages and delivers a service or services to the customer
NOTE A customer can be internal or external to the service provider's organization.
3.33
service request
request for information, advice, access to a service or a pre-approved change
3.34
service requirement
needs of the customer and the users of the service, including service level requirements, and the needs of the
service provider
3.35
supplier
organization or part of an organization that is external to the service provider's organization and enters into a
contract with the service provider to contribute to the design, transition, delivery and improvement of a service
or services or processes
NOTE Suppliers include designated lead suppliers but not their sub-contracted suppliers.
3.36
top management
person or group of people who direct and control the service provider at the highest level
NOTE Adapted from ISO 9000:2005.
3.37
transition
activities involved in moving a new or changed service to or from the live environment
4 Service management system general requirements
4.1 Management responsibility
4.1.1 Management commitment
Top management shall provide evidence of its commitment to planning, establishing, implementing, operating,
monitoring, reviewing, maintaining, and improving the SMS and the services by:
a) establishing and communicating the scope, policy and objectives for service management;
b) ensuring that the service management plan is created, implemented and maintained in order to adhere to
the policy, achieve the objectives for service management and fulfil the service requirements;
c) communicating the importance of fulfilling service requirements;
d) communicating the importance of fulfilling statutory and regulatory requirements and contractual
obligations;
© ISO/IEC 2011 – All rights reserved 7
e) ensuring the provision of resources;
f) conducting management reviews at planned intervals;
g) ensuring that risks to services are assessed and managed.
4.1.2 Service management policy
Top management shall ensure that the service management policy:
a) is appropriate to the purpose of the service provider;
b) includes a commitment to fulfil service requirements;
c) includes a commitment to continually improve the effectiveness of the SMS and the services through the
policy on continual improvement in Clause 4.5.5.1;
d) provides a framework for establishing and reviewing service management objectives;
e) is communicated and understood by the service provider's personnel;
f) is reviewed for continuing suitability.
4.1.3 Authority, responsibility and communication
Top management shall ensure that:
a) service management authorities and responsibilities are defined and maintained;
b) documented procedures for communication are established and implemented.
4.1.4 Management representative
Top management shall appoint a member of the service provider's management who, irrespective of other
responsibilities, has the authorities and responsibilities that include:
a) ensuring that activities are performed to identify, document and fulfil service requirements;
b) assigning authorities and responsibilities for ensuring that service management processes are designed,
implemented and improved in accordance with the policy and objectives for service management;
c) ensuring that service management processes are integrated with the other components of the SMS;
d) ensuring that assets, including licences, used to deliver services are managed according to statutory and
regulatory requirements and contractual obligations;
e) reporting to top management on the performance and opportunities for improvement to the SMS and the
services.
4.2 Governance of processes operated by other parties
For the processes in Clauses 5 to 9, the service provider shall identify all processes, or parts of processes,
which are operated by other parties. Other parties can be an internal group, a customer or a supplier. The
service provider shall demonstrate governance of processes operated by other parties by:
a) demonstrating accountability for the processes and authority to require adherence to the processes;
b) controlling the definition of the processes, and interfaces to other processes;
c) determining process performance and compliance with process requirements;
8 © ISO/IEC 2011 – All rights reserved
d) controlling the planning and prioritizing of process improvements.
When a supplier is operating parts of the processes, the service provider shall manage the supplier through
the supplier management process. When an internal group or a customer is operating parts of the processes,
the service provider shall manage the internal group or the customer through the service level management
process.
NOTE ISO/IEC TR 20000-3 provides guidance on scope definition and applicability of this part of ISO/IEC 20000.
This includes further explanation about the governance of processes operated by other parties.
4.3 Documentation management
4.3.1 Establish and maintain documents
The service provider shall establish and maintain documents, including records, to ensure effective planning,
operation and control of the SMS. These documents shall include:
a) documented policy and objectives for service management;
b) documented service management plan;
c) documented policies and plans created for specific processes as required by this part of ISO/IEC 20000;
d) documented catalogue of services;
e) documented SLAs;
f) documented service management processes;
g) documented procedures and records required by this part of ISO/IEC 20000;
h) additional documents, including those of external origin, determined by the service provider as necessary
to ensure effective operation of the SMS and delivery of the services.
4.3.2 Control of documents
Documents required by the SMS shall be controlled. Records are a special type of document and shall be
controlled according to the requirements given in Clause 4.3.3.
A documented procedure, including the authorities and responsibilities, shall be established to define the
controls needed to:
a) create and approve documents prior to issue;
b) communicate to interested parties about new or changed documents;
c) review and maintain documents as necessary;
d) ensure that changes and the current revision status of documents are identified;
e) ensure that relevant versions of applicable documents are available at points of use;
f) ensure that documents are readily identifiable and legible;
g) ensure that documents of external origin are identified and their distribution controlled;
h) prevent the unintended use of obsolete documents and apply suitable identification to them if they are
retained.
© ISO/IEC 2011 – All rights reserved 9
4.3.3 Control of records
Records shall be kept to demonstrate conformity to requirements and the effective operation of the SMS.
A documented procedure shall be established to define the controls needed for the identification, storage,
protection, retrieval, retention and disposal of records. Records shall be legible, readily identifiable and
retrievable.
4.4 Resource management
4.4.1 Provision of resources
The service provider shall determine and provide the human, technical, information and financial resources
needed to:
a) establish, implement and maintain the SMS and the services, and continually improve their effectiveness;
b) enhance customer satisfaction by delivering services that fulfil service requirements.
4.4.2 Human resources
The service provider's personnel performing work affecting conformity to service requirements shall be
competent on the basis of appropriate education, training, skills and experience. The service provider shall:
a) determine the necessary competence for personnel;
b) where applicable, provide training or take other actions to achieve the necessary competence;
c) evaluate the effectiveness of actions taken;
d) ensure that its personnel are aware of how they contribute to the achievement of service management
objectives and the fulfilment of service requirements;
e) maintain appropriate records of education, training, skills and experience.
4.5 Establish and improve the SMS
4.5.1 Define scope
The service provider shall define and include the scope of the SMS in the service management plan. The
scope shall be defined by the name of the organizational unit providing the services, and the services to be
delivered.
The service provider shall also take into consideration other factors affecting the services to be delivered
including:
a) geographical location(s) from which the service provider delivers the services;
b) the customer and their location(s);
c) technology used to provide the services.
NOTE ISO/IEC TR 20000-3 provides guidance on scope definition and applicability of this part of ISO/IEC 20000.
10 © ISO/IEC 2011 – All rights reserved
4.5.2 Plan the SMS (Plan)
The service provider shall create, implement and maintain a service management plan. Planning shall take
into consideration the service management policy, service requirements and requirements in this part of
ISO/IEC 20000. The service management plan shall contain or include a reference to at least the following:
a) service management objectives that are to be achieved by the service provider;
b) service requirements;
c) known limitations which can impact the SMS;
d) policies, standards, statutory and regulatory requirements and contractual obligations;
e) framework of authorities, responsibilities and process roles;
f) authorities and responsibilities for plans, service management processes and services;
g) human, technical, information and financial resources necessary to achieve the service management
objectives;
h) approach to be taken for working with other parties involved in the design and transition of new or
changed services process;
i) approach to be taken for the interfaces between service management processes and their integration with
the other components of the SMS;
j) approach to be taken for the management of risks and the criteria for accepting risks;
k) technology used to support the SMS;
l) how the effectiveness of the SMS and the services will be measured, audited, reported and improved.
Plans created for specific processes shall be aligned with the service management plan. The service
management plan and plans created for specific processes shall be reviewed at planned intervals and, if
applicable, updated.
4.5.3 Implement and operate the SMS (Do)
The service provider shall implement and operate the SMS for the design, transition, delivery and
improvement of services according to the service management plan, through activities including at least:
a) allocation and management of funds and budgets;
b) assignment of authorities, responsibilities and process roles;
c) management of human, technical and information resources;
d) identification, assessment and management of risks to the services;
e) management of service management processes;
f) monitoring and reporting on performance of service management activities.
4.5.4 Monitor and review the SMS (Check)
4.5.4.1 General
The service provider shall use suitable methods for monitoring and measuring the SMS and the services.
These methods shall include internal audits and management reviews.
© ISO/IEC 2011 – All rights reserved 11
The objectives of all internal audits and management reviews shall be documented. The internal audits and
management reviews shall demonstrate the ability of the SMS and the services to achieve service
management objectives and fulfil service requirements. Nonconformities shall be ide
...
INTERNATIONAL ISO/IEC
STANDARD 20000-1
Redline version
compares second edition
to first edition
Information technology — Service
management —
Part 1:
Service management system
requirements
Technologies de l’information — Gestion des services —
Partie 1: Exigences du système de management des services
Reference number
ISO/IEC 20000-1:redline:2014(E)
©
ISO/IEC 2014
ISO/IEC 20000-1:redline:2014(E)
IMPORTANT — PLEASE NOTE
This is a mark-up copy and uses the following colour coding:
Text example 1 — indicates added text (in green)
Text example 2 — indicates removed text (in red)
— indicates added graphic figure
— indicates removed graphic figure
1.x . — Heading numbers containg modifications are highlighted in yellow in
the Table of Contents
DISCLAIMER
This Redline version provides you with a quick and easy way to compare the main changes
between this edition of the standard and its previous edition. It doesn’t capture all single
changes such as punctuation but highlights the modifications providing customers with
the most valuable information. Therefore it is important to note that this Redline version is
not the official ISO standard and that the users must consult with the clean version of the
standard, which is the official standard, for implementation purposes.
© ISO 2014
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO 2014 – All rights reserved
ISO/IEC 20000-1:redline:2014(E)
Contents Page
Foreword .iv
Introduction .vi
1 Scope . 1
1.1 General . 1
1.2 Application . 2
2 Normative references . 3
2 3 Terms and definitions . 4
3 Requirements for a management system . 9
3.1 Management responsibility . 9
3.2 Documentation requirements. 9
3.3 Competence, awareness and training .10
4 Planning and implementing service management Service management system
general requirements.10
4.1 Plan service management (Plan) Management responsibility .10
4.2 Implement service management and provide the services (Do) Governance of processes
operated by other parties .12
4.3 Documentation management .13
4.4 Resource management .14
4.3 4.5 Monitoring, measuring and reviewing (Check) Establish and improve the SMS .14
4.4 Continual improvement (Act) .18
5 Planning and implementing Design and transition of new or changed services .18
5.1 General .18
5.2 Plan new or changed services .19
5.3 Design and development of new or changed services .19
5.4 Transition of new or changed services .20
6 Service delivery process processes .21
6.1 Service level management.21
6.2 Service reporting .22
6.3 Service continuity and availability management .22
6.4 Budgeting and accounting for IT services .24
6.5 Capacity management .24
6.6 Information security management .25
7 Relationship processes .26
7.1 General .26
7.2 7.1 Business relationship management .26
7.3 7.2 Supplier management .27
8 Resolution processes .29
8.1 Background .29
8.2 8.1 Incident and service request management .29
8.3 8.2 Problem management.30
9 Control processes .31
9.1 Configuration management .31
9.2 Change management .32
9.3 Release and deployment management .33
10 Release process .34
10.1 Release management process .34
Bibliography
.............................................................................................................................................................................................................................35
ISO/IEC 20000-1:redline:2014(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work. In the field of information technology, ISO and IEC have established a joint technical committee,
ISO/IEC JTC 1.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of the joint technical committee is to prepare International Standards. Draft International
Standards adopted by the joint technical committee are circulated to national bodies for voting.
Publication as an International Standard requires approval by at least 75 % of the national bodies
casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.
ISO/IEC 20000-1 was prepared by BSI (as BS 15000-1) and was adopted, under a special “fast-track
procedure”, by Joint Technical Committee ISO/IEC JTC 1, Information technology, in parallelSubcommittee
SC 7, with its approval bySoftware and systems engineering national bodies of ISO and IEC. This second
edition cancels and replaces the first edition (ISO/IEC 20000-1:2005.), which has been technically
revised. The main differences are as follows:
— closer alignment to ISO 9001;
— closer alignment to ISO/IEC 27001;
— change of terminology to reflect international usage;
— addition of many more definitions, updates to some definitions and removal of two definitions;
— introduction of the term “service management system”;
— combining Clauses 3 and 4 of ISO/IEC 20000-1:2005 to put all management system requirements
into one clause;
— clarification of the requirements for the governance of processes operated by other parties;
— clarification of the requirements for defining the scope of the SMS;
— clarification that the PDCA methodology applies to the SMS, including the service management
processes, and the services;
— introduction of new requirements for the design and transition of new or changed services.
ISO/IEC 20000 consists of the following parts, under the general title Information technology —
Service management:
— Part 1: SpecificationService management system requirements
1)
— Part 2: Code of practiceGuidance on the application of service management systems
— Part 3: Guidance on scope definition and applicability ofISO/IEC 20000-1 [Technical Report]
— Part 4: Process reference model [Technical Report]
1) To be published. (Technical revision of ISO/IEC 20000-2:2005.)
iv © ISO 2014 – All rights reserved
ISO/IEC 20000-1:redline:2014(E)
— Part 5: Exemplar implementation plan forISO/IEC 20000-1 [Technical Report]
A process assessment model for service management will form the subject of a future Part 8.
ISO/IEC 20000-1:redline:2014(E)
Introduction
The requirements in this part of ISO/IEC 20000 include the design, transition, delivery and improvement
of services that fulfil service requirements and provide value for both the customer and the service
provider. This part of ISO/IEC 20000 promotes the adoption ofrequires an integrated process approach
to effectively deliver managed services to meet the business and customer requirements. For an
organization to function effectively it has to identify and manage numerous linked activities. An activity
using resources, and managed in order to enable the transformation of inputs into outputs, can be
considered as a process. Often the output from one process forms an input to anotherwhen the service
provider plans, establishes, implements, operates, monitors, reviews, maintains and improves a service
management system (SMS).
Co-ordinated integration and implementation of the service management processes provides the
ongoing control, greater efficiencyan SMS provides ongoing control and opportunities for continual
improvement. Performing the activities and processes requires people in the service desk, service,
greater effectiveness and efficiency. The operation of processes as specified in this part of ISO/IEC 20000
support, service delivery and operations teamsrequires personnel to be well organized and co-ordinated.
Appropriate tools are also required to ensure that the processes arecan be used to enable the processes
to be effective and efficient.
The most effective service providers consider the impact on the SMS through all stages of the service
lifecycle, from strategy through design, transition and operation, including continual improvement.
It is assumed thatThis part of ISO/IEC 20000 requires the execution of the provisions ofapplication of
the methodology known as “Plan-Do-Check-Act” (PDCA) to all parts of the SMS and the services. The
PDCA methodology, as applied in this part of ISO/IEC 20000 is entrusted to appropriately qualified and
competent people, can be briefly described as follows.
Plan: establishing, documenting and agreeing the SMS. The SMS includes the policies, objectives, plans
and processes to fulfil the service requirements.
Do: implementing and operating the SMS for the design, transition, delivery and improvement of the services.
Check: monitoring, measuring and reviewing the SMS and the services against the policies, objectives,
plans and service requirements and reporting the results.
Act: taking actions to continually improve performance of the SMS and the services.
When used within an SMS, the following are the most important aspects of an integrated process
approach and the PDCA methodology:
a) understanding and fulfilling the service requirements to achieve customer satisfaction;
b) establishing the policy and objectives for service management;
c) designing and delivering services based on the SMS that add value for the customer;
d) monitoring, measuring and reviewing performance of the SMS and the services;
e) continually improving the SMS and the services based on objective measurements.
Figure 1 illustrates how the PDCA methodology can be applied to the SMS, including the service
management processes specified in Clauses 5 to 9, and the services. Each element of the PDCA
methodology is a vital part of a successful implementation of an SMS. The improvement process used in
this part of ISO/IEC 20000 is based on the PDCA methodology.
vi © ISO 2014 – All rights reserved
ISO/IEC 20000-1:redline:2014(E)
Figure 1 — PDCA methodology applied to service management
This part of ISO/IEC 20000 enables a service provider to integrate its SMS with other management
systems in the service provider’s organization. The adoption of an integrated process approach and the
PDCA methodology enables the service provider to align or fully integrate multiple management system
standards. For example, an SMS can be integrated with a quality management system based on ISO 9001
or an information security management system based on ISO/IEC 27001.
ISO/IEC 20000 is intentionally independent of specific guidance. The service provider can use a
combination of generally accepted guidance and its own experience.
Users of an International Standard are responsible for its correct application. An International Standard
does not purport to include all necessary provisions of a contract. Users of International Standards
are responsible for their correct applicationstatutory and regulatory requirements and contractual
obligations of the service provider. Conformity to an International Standard does not of itself confer
immunity from statutory and regulatory requirements.
Compliance with an International Standard does notFor the purposes of research on service management
standards, users are encouraged to share their views on ISO/IEC 20000-1of itself confer and their
priorities for changes to the rest of the ISO/IEC 20000 immunity from legal obligationsseries. Click on
the link below to take part in the online survey.
ISO/IEC 20000-1 online survey
INTERNATIONAL STANDARD ISO/IEC 20000-1:redline:2014(E)
Information technology — Service management —
Part 1:
Service management system requirements
1 Scope
This part of ISO/IEC 20000 defines the requirements for a service provider to deliver managed services
of an acceptable quality for its customers.
1.1 General
This part of ISO/IEC 20000 is a service management system (SMS) standard. It specifies requirements
for the service provider to plan, establish, implement, operate, monitor, review, maintain and improve
an SMS. The requirements include the design, transition, delivery and improvement of services to fulfil
service requirements. This part of ISO/IEC 20000 can be used by:
a) an organization seeking services from service providers and requiring assurance that their service
requirements will be fulfilled;
b) an organization that requires a consistent approach by all its service providers, including those in a
supply chain;
c) a service provider that intends to demonstrate its capability for the design, transition, delivery and
improvement of services that fulfil service requirements;
d) a service provider to monitor, measure and review its service management processes and services;
e) a service provider to improve the design, transition and delivery of services through effective
implementation and operation of an SMS;
f) an assessor or auditor as the criteria for a conformity assessment of a service provider’s SMS to the
requirements in this part of ISO/IEC 20000.
Figure 2 illustrates an SMS, including the service management processes. The service management
processes and the relationships between the processes can be implemented in different ways by
different service providers. The nature of the relationship between a service provider and the customer
will influence how the service management processes are implemented.
ISO/IEC 20000-1:redline:2014(E)
Figure 2 — Service management system
It may be used:
1.2 Application
All requirements in this part of ISO/IEC 20000 are generic and are intended to be applicable to all
service providers, regardless of type, size and the nature of the services delivered. Exclusion of any of
the requirements in Clauses 4 to 9 is not acceptable when a service provider claims conformity to this
part of ISO/IEC 20000, irrespective of the nature of the service provider’s organization.
Conformity to the requirements in Clause 4 can only be demonstrated by a service provider showing
evidence of fulfilling all of the requirements in Clause 4. A service provider cannot rely on evidence of
the governance of processes operated by other parties for the requirements in Clause 4.
Conformity to the requirements in Clauses 5 to 9 can be demonstrated by the service provider showing
evidence of fulfilling all requirements. Alternatively, the service provider can show evidence of fulfilling
the majority of the requirements themselves and evidence of the governance of processes operated by
other parties for those processes, or parts of processes, that the service provider does not operate directly.
The scope of this part of ISO/IEC 20000 excludes the specification for a product or tool. However,
organizations can use this part of ISO/IEC 20000 to help them develop products or tools that support
the operation of an SMS.
NOTE ISO/IEC TR 20000-3 provides guidance on scope definition and applicability of this part of
ISO/IEC 20000. This includes further explanation about the governance of processes operated by other parties.
a) by businesses that are going out to tender for their services;
b) by businesses that require a consistent approach by all service providers in a supply chain;
c) by service providers to benchmark their IT service management;
d) as the basis for an independent assessment;
e) by an organization which needs to demonstrate the ability to provide services that meet customer
requirements; and
2 © ISO 2014 – All rights reserved
ISO/IEC 20000-1:redline:2014(E)
f) by an organization which aims to improve service through the effective application of processes to
monitor and improve service quality.
Figure 1 — Service management processes
This part of ISO/IEC 20000 specifies a number of closely related service management processes, as
shown in Figure 1.
The relationships between the processes depend on the application within an organization and are generally
too complex to model and therefore relationships between processes are not shown in this diagram.
The list of objectives and controls contained in this part of ISO/IEC 20000 are not exhaustive, and an
organization may consider that additional objectives and controls are necessary to meet their particular
business needs. The nature of the business relationship between the service provider and business will
determine how the requirements in this part of ISO/IEC 20000 are implemented in order to meet the
overall objective.
As a process based standard this part of ISO/IEC 20000 is not intended for product assessment. However,
organizations developing service management tools, products and systems may use both this part of
ISO/IEC 20000 and the code of practice to help them develop tools, products and systems that support
best practice service management.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.
ISO/IEC 20000-1:redline:2014(E)
No normative references are cited. This clause is included in order to ensure clause numbering is
identical with ISO/IEC 20000-2:—, Information technology — Service management — Part 2: Guidance
2)
on the application of service management systems .
2 3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
2.1 3.1
availability
ability of a component service or service component to perform its required function at a stated an
agreed instant or over a stated an agreed period of time
Note 1 to entry: Availability is usually normally expressed as a ratio or percentage of the time that the service or
service component is actually available for use by the business customer to the agreed service hours time that the
service should be available.
3.2
configuration baseline
configuration information formally designated at a specific time during a service or service component’s life
Note 1 to entry: Configuration baselines, plus approved changes from those baselines, constitute the current
configuration information.
Note 2 to entry: Adapted from ISO/IEC/IEEE 24765:2010.
2.2 3.3
baseline configuration item
CI
snapshot of the state of a service or individual configuration items at a point in time (see element that
needs to be controlled in order to deliver a service or services2.4)
2.3 3.4
change record configuration management database
CMDB
record containing details of which configuration items (see data store used to record attributes
of configuration items, 2.4) are affected and how they are affected by an authorized change and the
relationships between configuration items, throughout their lifecycle
3.5
continual improvement
recurring activity to increase the ability to fulfil service requirements
Note 1 to entry: Adapted from ISO 9000:2005.
2.4 3.6
configuration item (CI) corrective action
component of an infrastructure or an item which is, or will be, under the control of configuration
management action to eliminate the cause or reduce the likelihood of recurrence of a detected
nonconformity or other undesirable situation
Note 1 to entry: Configuration items may vary widely in complexity, size and type, ranging from an Adapted from
ISO 9000:2005 entire system including all hardware, software and documentation, to a single module or a minor
hardware component .
2) To be published.
4 © ISO 2014 – All rights reserved
ISO/IEC 20000-1:redline:2014(E)
2.5 3.7
configuration management database (CMDB) customer
database containing all the relevant details of each configuration item and details of the important
relationships between them organization or part of an organization that receives a service or services
Note 1 to entry: A customer can be internal or external to the service provider’s organization.
Note 2 to entry: Adapted from ISO 9000:2005.
2.6 3.8
document
information and its supporting medium
[SOURCE: ISO 9000:2005]
EXAMPLE Policies, plans, process descriptions, procedures, service level agreements, contracts or records.
Note 1 to entry: In this standard, records (see The documentation can be in 2.9) are distinguished from documents
by the fact that they function as evidence of activities, rather than evidence of intentions any form or type of medium.
Note 2 to entry: Examples of In ISO/IEC 20000 documents include policy statements, plans, procedures, service
level agreements and contracts , documents, except for records, state the intent to be achieved.
3.9
effectiveness
extent to which planned activities are realized and planned results achieved
[SOURCE: ISO 9000:2005]
3.10
incident
unplanned interruption to a service, a reduction in the quality of a service or an event that has not yet
impacted the service to the customer
3.11
information security
preservation of confidentiality, integrity and accessibility of information
Note 1 to entry: In addition, other properties such as authenticity, accountability, non-repudiation and reliability
can also be involved.
Note 2 to entry: The term “availability” has not been used in this definition because it is a defined term in this part
of ISO/IEC 20000 which would not be appropriate for this definition.
Note 3 to entry: Adapted from ISO/IEC 27000:2009.
3.12
information security incident
single or a series of unwanted or unexpected information security events that have a significant
probability of compromising business operations and threatening information security
[SOURCE: ISO/IEC 27000:2009]
3.13
interested party
person or group having a specific interest in the performance or success of the service provider’s activity
or activities
EXAMPLE Customers, owners, management, people in the service provider’s organization, suppliers,
bankers, unions or partners.
Note 1 to entry: A group can comprise an organization, a part thereof, or more than one organization.
Note 2 to entry: Adapted from ISO 9000:2005.
ISO/IEC 20000-1:redline:2014(E)
2.7 3.14
incident internal group
any event which is not part of the standard operation of a service and which causes or may cause an
interruption to, or a reduction in, the quality of that service service provider’s organization that enters
into a documented agreement with the service provider to contribute to the design, transition, delivery
and improvement of a service or services
Note 1 to entry: This may include request questions such as “How do I.?” calls The internal group is outside the
scope of the service provider’s SMS.
3.15
known error
problem that has an identified root cause or a method of reducing or eliminating its impact on a service
by working around it
3.16
nonconformity
non-fulfilment of a requirement
[SOURCE: ISO 9000:2005]
3.17
organization
group of people and facilities with an arrangement of responsibilities, authorities and relationships
EXAMPLE Company, corporation, firm, enterprise, institution, charity, sole trader, association, or parts or
combination thereof.
Note 1 to entry: The arrangement is generally orderly.
Note 2 to entry: An organization can be public or private.
[SOURCE: ISO 9000:2005]
3.18
preventive action
action to avoid or eliminate the causes or reduce the likelihood of occurrence of a potential nonconformity
or other potential undesirable situation
Note 1 to entry: Adapted from ISO 9000:2005.
2.8 3.19
problem
unknown underlying root cause of one or more incidents
Note 1 to entry: The root cause is not usually known at the time a problem record is created and the problem
management process is responsible for further investigation.
3.20
procedure
specified way to carry out an activity or a process
[SOURCE: ISO 9000:2005]
Note 1 to entry: Procedures can be documented or not.
3.21
process
set of interrelated or interacting activities which transforms inputs into outputs
[SOURCE: ISO 9000:2005]
6 © ISO 2014 – All rights reserved
ISO/IEC 20000-1:redline:2014(E)
2.9 3.22
record
document stating results achieved or providing evidence of activities performed
Note 1 to entry: In this standard, records are distinguished from documents by the fact that they function as
evidence of activities, rather than evidence of intentions.
[SOURCE: ISO 9000:2005]
Note 2 to entry: Examples of records include audit reports, requests for change, incident reports, individual
training records and invoices sent to customers.
EXAMPLE Audit reports, incident reports, training records or minutes of meetings.
2.10 3.23
release
collection of new and/ one or more new or changed configuration items which are tested and
introduced deployed into the live environment together as a result of one or more changes
2.11 3.24
request for change
form or screen used to record details of a request proposal for a change to any configuration item within
a service or infrastructure be made to a service, service component or the service management system
Note 1 to entry: A change to a service includes the provision of a new service or the removal of a service which is
no longer required.
3.25
risk
effect of uncertainty on objectives
Note 1 to entry: An effect is a deviation from the expected — positive and/or negative.
Note 2 to entry: Objectives can have different aspects (such as financial, health and safety, and environmental
goals) and can apply at different levels (such as strategic, organization-wide, project, product and process).
Note 3 to entry: Risk is often characterized by reference to potential events and consequences, or a
combination of these.
Note 4 to entry: Risk is often expressed in terms of a combination of the consequences of an event (including
changes in circumstances) and the associated likelihood of occurrence.
[SOURCE: ISO 31000:2009]
2.12 3.26
service desk
customer facing support group who do a high proportion of the total support work means of delivering
value for the customer by facilitating results the customer wants to achieve
Note 1 to entry: Service is generally intangible.
Note 2 to entry: A service can also be delivered to the service provider by a supplier, an internal group or a
customer acting as a supplier.
3.27
service component
single unit of a service that when combined with other units will deliver a complete service
EXAMPLE Hardware, software, tools, applications, documentation, information, processes or supporting
services.
Note 1 to entry: A service component can consist of one or more configuration items.
ISO/IEC 20000-1:redline:2014(E)
3.28
service continuity
capability to manage risks and events that could have serious impact on a service or services in order to
continually deliver services at agreed levels
2.13 3.29
service level agreement (SLA)
SLA
written documented agreement between a the service provider and a customer that documents identifies
services and agreed service levels targets
Note 1 to entry: A service level agreement can also be established between the service provider and a supplier, an
internal group or a customer acting as a supplier.
Note 2 to entry: A service level agreement can be included in a contract or another type of documented agreement.
2.14 3.30
service management
management of services to meet the business set of capabilities and processes to direct and control
the service provider’s activities and resources for the design, transition, delivery and improvement of
services to fulfil the service requirements
2.15 3.31
service provider management system
SMS
the organization aiming to achieve ISO/IEC 20000 management system to direct and control the service
management activities of the service provider
Note 1 to entry: A management system is a set of interrelated or interacting elements to establish policy and
objectives and to achieve those objectives.
Note 2 to entry: The SMS includes all service management policies, objectives, plans, processes, documentation and
resources required for the design, transition, delivery and improvement of services and to fulfil the requirements
in this part of ISO/IEC 20000.
Note 3 to entry: Adapted from the definition of “quality management system” in ISO 9000:2005.
3.32
service provider
organization or part of an organization that manages and delivers a service or services to the customer
Note 1 to entry: A customer can be internal or external to the service provider’s organization.
3.33
service request
request for information, advice, access to a service or a pre-approved change
3.34
service requirement
needs of the customer and the users of the service, including service level requirements, and the needs
of the service provider
3.35
supplier
organization or part of an organization that is external to the service provider’s organization and
enters into a contract with the service provider to contribute to the design, transition, delivery and
improvement of a service or services or processes
Note 1 to entry: Suppliers include designated lead suppliers but not their sub-contracted suppliers.
8 © ISO 2014 – All rights reserved
ISO/IEC 20000-1:redline:2014(E)
3.36
top management
person or group of people who direct and control the service provider at the highest level
Note 1 to entry: Adapted from ISO 9000:2005.
3.37
transition
activities involved in moving a new or changed service to or from the live environment
3 Requirements for a management system
Objective: To provide a management system, including policies and a framework to enable the effective
management and implementation of all IT services.
3.1 Management responsibility
Through leadership and actions, top/executive management shall provide evidence of its commitment
to developing, implementing and improving its service management capability within the context of the
organization’s business and customers’ requirements.
Management shall:
a) establish the service management policy, objectives and plans;
b) communicate the importance of meeting the service management objectives and the need for
continual improvement;
c) ensure that customer requirements are determined and are met with the aim of improving customer
satisfaction;
d) appoint a member of management responsible for the co-ordination and management of all services;
e) determine and provide resources to plan, implement, monitor, review and improve service delivery
and management e.g. recruit appropriate staff, manage staff turnover;
f) manage risks to the service management organization and services; and
g) conduct reviews of service management, at planned intervals, to ensure continuing suitability,
adequacy and effectiveness.
3.2 Documentation requirements
Service providers shall provide documents and records to ensure effective planning, operation and
control of service management. This shall include:
a) documented service management policies and plans;
b) documented service level agreements;
c) documented processes and procedures required by this standard; and
d) records required by this standard.
Procedures and responsibilities shall be established for the creation, review, approval, maintenance,
disposal and control of the various types of documents and records.
NOTE The documentation can be in any form or type of medium.
ISO/IEC 20000-1:redline:2014(E)
3.3 Competence, awareness and training
All service management roles and responsibilities shall be defined and maintained together with the
competencies required to execute them effectively.
Staff competencies and training needs shall be reviewed and managed to enable staff to perform their
role effectively.
Top management shall ensure that its employees are aware of the relevance and importance of their
activities and how they contribute to the achievement of the service management objectives.
4 Planning and implementing service management Service management system
general requirements
NOTE The methodology known as “Plan-Do-Check-Act” (PDCA) can be applied to all processes. PDCA can be
described as follows:
a) Plan: establish the objectives and processes necessary to deliver results in accordance with customer
requirements and the organization’s policies;
b) Do: implement the processes;
c) Check: monitor and measure processes and services against policies, objectives and requirements
and report the results;
d) Act: take actions to continually improve process performance.
Figure 2 — Plan-Do-Check-Act methodology for service management processes
The model shown in Figure 2 illustrates the process and process linkages presented in clauses 4 to 10.
4.1 Plan service management (Plan) Management responsibility
Objective: To plan the implementation and delivery of service management.
10 © ISO 2014 – All rights reserved
ISO/IEC 20000-1:redline:2014(E)
4.1.1 Management commitment
Top management shall provide evidence of its commitment to planning, establishing, implementing,
operating, monitoring, reviewing, maintaining, and improving the SMS and the services by:
a) establishing and communicating the scope, policy and objectives for service management;
b) ensuring that the service management plan is created, implemented and maintained in order
to adhere to the policy, achieve the objectives for service management and fulfil the service
requirements;
c) communicating the importance of fulfilling service requirements;
d) communicating the importance of fulfilling statutory and regulatory requirements and
contractual obligations;
e) ensuring the provision of resources;
f) conducting management reviews at planned intervals;
g) ensuring that risks to services are assessed and managed.
Service management shall be planned. The plans shall at a minimum define:
4.1.2 Service management policy
Top management shall ensure that the service management policy:
a) is appropriate to the purpose of the service provider;
b) includes a commitment to fulfil service requirements;
c) includes a commitment to continually improve the effectiveness of the SMS and the services through
the policy on continual improvement in Clause 4.5.5.1;
d) provides a framework for establishing and reviewing service management objectives;
e) is communicated and understood by the service provider’s personnel;
f) is reviewed for continuing suitability.
a) the scope of the service provider’s service management;
b) the objectives and requirements that are to be achieved by service management;
c) the processes that are to be executed;
d) the framework of management roles and responsibilities, including the senior responsible owner,
process owner and management of suppliers;
e) the interfaces between service management processes and the manner in which the activities are to
be co-ordinated;
f) the approach to be taken in identifying, assessing and managing issues and risks to the achievement
of the defined objectives;
g) the approach for interfacing to projects that are creating or modifying services;
h) the resources, facilities and budget necessary to achieve the defined objectives;
i) tools as appropriate to support the processes; and
j) how the quality of the service will be managed, audited and improved.
ISO/IEC 20000-1:redline:2014(E)
4.1.3 Authority, responsibility and communication
Top management shall ensure that:
a) service management authorities and responsibilities are defined and maintained;
b) documented procedures for communication are established and implemented.
There shall be clear management direction and documented responsibilities for reviewing, authorising,
communicating, implementing and maintaining the plans.
4.1.4 Management representative
Top management shall appoint a member of the service provider’s management who, irrespective of
other responsibilities, has the authorities and responsibilities that include:
a) ensuring that activities are performed to identify, document and fulfil service requirements;
b) assigning authorities and responsibilities for ensuring that service management processes are designed,
implemented and improved in accordance with the policy and objectives for service management;
c) ensuring that service managemen
...
NORME ISO/CEI
INTERNATIONALE 20000-1
Deuxième édition
2011-04-15
Technologies de l'information — Gestion
des services —
Partie 1:
Exigences du système de management
des services
Information technology — Service management —
Part 1: Service management system requirements
Numéro de référence
ISO/CEI 20000-1:2011(F)
©
ISO/CEI 2011
ISO/CEI 20000-1:2011(F)
DOCUMENT PROTÉGÉ PAR COPYRIGHT
© ISO/CEI 2011
Droits de reproduction réservés. Sauf prescription différente, aucune partie de cette publication ne peut être reproduite ni utilisée sous
quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie et les microfilms, sans l'accord écrit
de l'ISO à l'adresse ci-après ou du comité membre de l'ISO dans le pays du demandeur.
ISO copyright office
Case postale 56 CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Publié en Suisse
ii © ISO/CEI 2011 – Tous droits réservés
ISO/CEI 20000-1:2011(F)
Sommaire Page
Avant-propos . v
Introduction . vii
1 Domaine d'application . 1
1.1 Généralités . 1
1.2 Application . 2
2 Références normatives . 3
3 Termes et définitions . 3
4 Exigences générales relatives au système de management des services . 8
4.1 Responsabilité de la direction . 8
4.1.1 Engagement de la direction . 8
4.1.2 Politique de gestion des services . 8
4.1.3 Autorité, responsabilité et communication . 9
4.1.4 Représentant de la direction . 9
4.2 Gouvernance des processus opérés par d'autres parties . 9
4.3 Management de la documentation . 10
4.3.1 Établir et maintenir les documents . 10
4.3.2 Contrôle des documents . 10
4.3.3 Contrôle des enregistrements . 10
4.4 Management des ressources . 11
4.4.1 Mise à disposition des ressources . 11
4.4.2 Ressources humaines . 11
4.5 Établir et améliorer le SMS . 11
4.5.1 Définir le domaine d'application . 11
4.5.2 Planifier le SMS (Planifier) . 11
4.5.3 Mettre en œuvre et exploiter le SMS (Faire) . 12
4.5.4 Surveiller et passer en revue le SMS (Vérifier) . 12
4.5.5 Maintenir et améliorer le SMS (Agir) . 14
5 Conception et transition de services nouveaux ou modifiés . 15
5.1 Généralités . 15
5.2 Planification des services nouveaux ou modifiés . 15
5.3 Conception et développement des services nouveaux ou modifiés . 16
5.4 Transition des services nouveaux ou modifiés . 16
6 Processus de fourniture des services . 17
6.1 Gestion des niveaux de services . 17
6.2 Fourniture des rapports de service . 17
6.3 Gestion de la continuité et de la disponibilité des services . 18
6.3.1 Exigences de continuité et de disponibilité des services . 18
6.3.2 Plans de continuité et de disponibilité des services . 18
6.3.3 Surveillance et test de la continuité et de la disponibilité des services . 19
6.4 Budgétisation et comptabilisation des services . 19
6.5 Gestion de la capacité . 20
6.6 Management de la sécurité de l'information . 20
6.6.1 Politique de sécurité de l'information . 20
6.6.2 Contrôles de la sécurité de l'information . 20
6.6.3 Changements et incidents concernant la sécurité de l'information . 21
7 Processus de gestion des relations . 21
7.1 Gestion des relations commerciales . 21
7.2 Gestion des fournisseurs . 22
© ISO/CEI 2011 – Tous droits réservés iii
ISO/CEI 20000-1:2011(F)
8 Processus de résolution .23
8.1 Gestion des incidents et des demandes de services .23
8.2 Gestion des problèmes .24
9 Processus de contrôle .25
9.1 Gestion des configurations .25
9.2 Gestion des changements .26
9.3 Gestion des mises en production et de leur déploiement.27
Bibliographie .28
Figures
Figure 1 — Méthodologie PDCA appliquée à la gestion des services . viii
Figure 2 — Système de management des services .2
Figure 3 — Exemple de relations dans la chaîne logistique .22
iv © ISO/CEI 2011 – Tous droits réservés
ISO/CEI 20000-1:2011(F)
Avant-propos
L'ISO (Organisation internationale de normalisation) et la CEI (Commission électrotechnique internationale)
forment le système spécialisé de la normalisation mondiale. Les organismes nationaux membres de l'ISO ou
de la CEI participent au développement de Normes internationales par l'intermédiaire des comités techniques
créés par l'organisation concernée afin de s'occuper des domaines particuliers de l'activité technique. Les
comités techniques de l'ISO et de la CEI collaborent dans des domaines d'intérêt commun. D'autres
organisations internationales, gouvernementales et non gouvernementales, en liaison avec l'ISO et la CEI
participent également aux travaux. Dans le domaine des technologies de l'information, l'ISO et la CEI ont créé
un comité technique mixte, l'ISO/CEI JTC 1.
Les Normes internationales sont rédigées conformément aux règles données dans les Directives ISO/CEI,
Partie 2.
La tâche principale du comité technique mixte est d'élaborer les Normes internationales. Les projets de
Normes internationales adoptés par le comité technique mixte sont soumis aux organismes nationaux pour
vote. Leur publication comme Normes internationales requiert l'approbation de 75 % au moins des
organismes nationaux votants.
L'attention est appelée sur le fait que certains des éléments du présent document peuvent faire l'objet de
droits de propriété intellectuelle ou de droits analogues. L'ISO et la CEI ne sauraient être tenues pour
responsables de ne pas avoir identifié de tels droits de propriété et averti de leur existence.
L'ISO/CEI 20000-1 a été élaborée par le comité technique mixte ISO/CEI JTC 1, Technologies de
l'information, sous-comité SC 7, Ingénierie du logiciel et des systèmes.
Cette deuxième édition annule et remplace la première édition (ISO/CEI 20000-1:2005), dont elle constitue
une révision technique. Les principales différences par rapport à la première édition sont les suivantes:
harmonisation avec l'ISO 9001;
harmonisation avec l'ISO/CEI 27001;
modification de la terminologie afin de refléter l'utilisation internationale;
ajout de nombreuses définitions, mises à jour de certaines définitions et suppression de deux définitions;
introduction du terme «Système de Management des Services»;
regroupement des Articles 3 et 4 de l'ISO/CEI 20000-1:2005 afin de faire apparaître toutes les exigences
d'un système de management dans un seul article;
clarification des exigences relatives à la gouvernance des processus opérés par d'autres parties;
clarification des exigences relatives à la définition du domaine d'application du système de management
de services;
clarification de l'application de la méthodologie du PDCA au système de management de services, y
compris aux processus de gestion des services, ainsi qu'aux services;
introduction de nouvelles exigences relatives à la conception et à la transition de services nouveaux ou
modifiés.
© ISO/CEI 2011 – Tous droits réservés v
ISO/CEI 20000-1:2011(F)
L'ISO/CEI 20000 comprend les parties suivantes, présentées sous le titre général Technologies de
l'information — Gestion des services:
Partie 1: Exigences du système de management des services
1)
Partie 2: Directives relatives à l'application des systèmes de management des services
Partie 3: Directives pour la définition du domaine d'application et l'applicabilité de l'ISO/CEI 20000-1
[Rapport technique]
Partie 4: Modèle de référence de processus [Rapport technique]
Partie 5: Exemple de plan de mise en application pour l'ISO/CEI 20000-1) [Rapport technique]
Un modèle d'évaluation de processus pour le management des services fera l'objet d'une future Partie 8.
1) À publier. (Révision technique de l'ISO/CEI 20000-2:2005)
vi © ISO/CEI 2011 – Tous droits réservés
ISO/CEI 20000-1:2011(F)
Introduction
Les exigences figurant dans la présente partie de l'ISO/CEI 20000 couvrent la conception, la transition, la
fourniture et l'amélioration des services qui satisfont aux exigences de services et apportent de la valeur pour
le client comme pour le fournisseur de services. La présente partie de l'ISO/CEI 20000 requiert l'adoption
d'une approche processus intégrés lorsque le fournisseur de services planifie, établit, implémente, exploite,
surveille, passe en revue, maintient et améliore un système de management des services (SMS, service
management system).
L'intégration et l'implémentation coordonnées d'un SMS présentent l'avantage d'offrir un contrôle des
opérations et des opportunités d'amélioration continue, ainsi qu'une efficacité et une efficience accrues. Il est
nécessaire, pour la mise en œuvre et l'exécution des processus spécifiés dans la présente partie de
l'ISO/CEI 20000, que le personnel soit bien organisé et coordonné. Des outils appropriés peuvent être utilisés
pour améliorer l'efficacité et l'efficience des processus.
Les fournisseurs de services les plus efficaces prennent en compte l'impact du SMS sur la totalité des étapes
du cycle de vie d'un service, de la stratégie à la conception, la transition et l'exploitation des services, en
incluant l'amélioration continue des services.
La présente partie de l'ISO/CEI 20000 requiert d'appliquer la méthodologie appelée «roue de Deming»
(PDCA, Plan-Do-Check-Act) à toutes les parties du SMS ainsi qu'aux services. La méthodologie PDCA, telle
qu'elle est appliquée dans la présente partie de l'ISO/CEI 20000, peut être brièvement décrite comme suit.
Planifier (Plan): établir, documenter et valider le SMS. Ce dernier comprend les politiques, objectifs, plans et
processus visant à satisfaire aux exigences de services.
Faire (Do): implémenter et exploiter le SMS pour la conception, la transition, la fourniture et l'amélioration des
services.
Vérifier (Check): surveiller, mesurer et passer en revue le SMS ainsi que les services en les comparant aux
politiques, objectifs, plans et exigences de services, puis rendre compte des résultats.
Agir (Act): mettre en œuvre les actions nécessaires à l'amélioration continue des performances du SMS ainsi
que des services.
Dans le cadre d'un SMS, les aspects les plus importants d'une approche processus intégrés et de la
méthodologie PDCA sont les suivants:
a) comprendre et mettre en œuvre les exigences de services afin d'obtenir la satisfaction du client;
b) établir la politique et les objectifs de management des services;
c) concevoir et fournir les services en se basant sur le SMS qui apporte de la valeur pour le client;
d) surveiller, mesurer et passer en revue les performances du SMS ainsi que des services;
e) assurer l'amélioration continue du SMS et des services sur la base de mesures objectives.
La Figure 1 illustre la manière dont la méthodologie PDCA peut être appliquée au SMS, y compris aux
processus de gestion des services spécifiés dans les Articles 5 à 9, ainsi qu'aux services. Chaque élément de
la méthodologie PDCA est une composante vitale pour une implémentation réussie d'un SMS. Le processus
d'amélioration continue utilisé dans la présente partie de l'ISO/CEI 20000 est basé sur la méthodologie PDCA.
© ISO/CEI 2011 – Tous droits réservés vii
ISO/CEI 20000-1:2011(F)
Figure 1 — Méthodologie PDCA appliquée à la gestion des services
La présente partie de l'ISO/CEI 20000 permet à un fournisseur de services d'intégrer son SMS à d'autres
systèmes de management de son organisme. L'adoption d'une approche processus intégrés et de la
méthodologie PDCA permet au fournisseur de services de se conformer à plusieurs normes de système de
management, ou de les intégrer entièrement. Par exemple, un SMS peut être intégré dans un système de
management de la qualité basé sur l'ISO 9001 ou dans un système de management de la sécurité de
l'information basé sur l'ISO/CEI 27001.
L'ISO/CEI 20000 est volontairement indépendante de tout guide ou référentiel spécifique. Le fournisseur de
services peut utiliser une combinaison de guides ou référentiels généralement admis et sa propre expérience.
Il incombe aux utilisateurs de Normes internationales de veiller à leur bonne application. Une Norme
internationale ne prétend pas couvrir toutes les exigences légales et réglementaires nécessaires ni les
obligations contractuelles du fournisseur de services. La conformité à une Norme internationale ne confère en
soi aucune exemption aux exigences légales et réglementaires.
À des fins de recherche sur les normes de gestion de services, les utilisateurs sont invités à partager leurs
points de vue sur l'ISO/CEI 20000-1 ainsi que leurs priorités en termes de modifications à apporter aux autres
parties de la série ISO/CEI 20000. Cliquez sur le lien ci-dessous pour participer à l'enquête en ligne.
Enquête en ligne ISO/CEI 20000-1
viii © ISO/CEI 2011 – Tous droits réservés
NORME INTERNATIONALE ISO/CEI 20000-1:2011(F)
Technologies de l'information — Gestion des services —
Partie 1:
Exigences du système de management des services
1 Domaine d'application
1.1 Généralités
La présente partie de l'ISO/CEI 20000 est une norme de système de management des services (SMS). Elle
spécifie les exigences destinées au fournisseur de services pour planifier, établir, implémenter, exécuter,
surveiller, passer en revue, maintenir et améliorer un SMS. Les exigences incluent la conception, la transition,
la fourniture et l'amélioration des services afin de satisfaire aux exigences de services. La présente partie de
l'ISO/CEI 20000 peut être utilisée par:
a) un organisme attendant des services de la part de fournisseurs de services et exigeant d'avoir la garantie
que les exigences de services de ces derniers seront satisfaites;
b) un organisme qui exige une approche cohérente de la part de tous ses fournisseurs de services, y
compris ceux qui sont compris dans une chaîne logistique;
c) un fournisseur de services qui souhaite démontrer son efficience dans la conception, la transition, la
fourniture et l'amélioration des services qui satisfont aux exigences de services;
d) un fournisseur de services pour surveiller, mesurer et passer en revue ses processus de gestion des
services ainsi que ses services;
e) un fournisseur de services pour améliorer la conception, la transition et la fourniture des services par
l'implémentation et le fonctionnement effectifs d'un SMS;
f) un évaluateur ou un auditeur comme critère d'évaluation de conformité du SMS d'un fournisseur de
services par rapport aux exigences figurant dans la présente partie de l'ISO/CEI 20000.
La Figure 2 illustre un SMS, incluant les processus de gestion des services. Les processus de gestion des
services et les relations entre les processus peuvent être mis en œuvre de différentes manières par différents
fournisseurs de services. La nature de la relation entre un fournisseur de services et le client aura une
influence sur la manière dont les processus de gestion des services sont mis en œuvre.
© ISO/CEI 2011 – Tous droits réservés 1
ISO/CEI 20000-1:2011(F)
Figure 2 — Système de management des services
1.2 Application
Toutes les exigences figurant dans la présente partie de l'ISO/CEI 20000 sont génériques et destinées à être
applicables à tous les fournisseurs de services, indépendamment du type, de la taille et de la nature des
services fournis. L'exclusion d'une partie des exigences spécifiées dans les Articles 4 à 9, quelle qu'elle soit,
n'est pas acceptable lorsqu'un fournisseur de services revendique la conformité à la présente partie de
l'ISO/CEI 20000, indépendamment de la nature de l'organisation du fournisseur de services.
Un fournisseur de services ne peut démontrer la conformité aux exigences spécifiées dans l'Article 4 qu'en
apportant la preuve qu'il satisfait à toutes les exigences dudit Article. Un fournisseur de services ne peut pas
s'appuyer sur la preuve de la gouvernance de processus opérés par d'autres parties pour les exigences
spécifiées dans l'Article 4.
Un fournisseur de services peut démontrer la conformité aux exigences spécifiées dans les Articles 5 à 9 en
apportant la preuve qu'il satisfait à toutes les exigences. Mais il peut aussi démontrer cette conformité en
apportant la preuve qu'il satisfait lui-même à la majorité des exigences requises et en apportant également la
preuve de la gouvernance des processus ou parties de processus opérés par d'autres parties, pour les
processus ou parties de processus qu'il n'opère pas lui-même directement.
Le domaine d'application de la présente partie de l'ISO/CEI 20000 ne couvre pas la spécification pour un
produit ou un outil. Cependant, les organismes peuvent utiliser la présente partie de l'ISO/CEI 20000 pour les
aider à développer des produits ou des outils qui soutiennent les activités d'un SMS.
NOTE L'ISO/CEI TR 20000-3 fournit des directives pour la définition du domaine d'application et l'applicabilité de la
présente partie de l'ISO/CEI 20000. Ces directives incluent des explications plus détaillées sur la gouvernance des
processus opérés par d'autres parties.
2 © ISO/CEI 2011 – Tous droits réservés
ISO/CEI 20000-1:2011(F)
2 Références normatives
Les documents de référence suivants sont indispensables à l'application du présent document. Pour les
références datées, seule l'édition citée s'applique. Pour les références non datées, la dernière édition du
document de référence s'applique (y compris les éventuels amendements).
Aucune référence normative n'est citée. Le présent Article est inclus afin de garantir que la numérotation des
articles est la même que pour l'ISO/CEI 20000-2:—, Technologies de l'information — Gestion des services —
2)
Partie 2: Directives relatives à l'application des systèmes de management des services .
3 Termes et définitions
Pour les besoins du présent document, les termes et définitions suivants s'appliquent.
3.1
disponibilité
aptitude d'un service ou d'un composant de service à remplir la fonction spécifiée à un instant donné ou
pendant une période de temps définie
NOTE En règle générale, la disponibilité s'exprime par le rapport ou le pourcentage entre, d'une part, la période
pendant laquelle le service ou le composant de service est réellement disponible pour le client et, d'autre part, la période
définie pendant laquelle le service devrait être disponible.
3.2
configuration de référence
informations de configuration formellement identifiées à un moment donné de la durée de vie d'un service ou
d'un composant de service
NOTE 1 Les configurations de référence, accompagnées des changements approuvés sur celles-ci, constituent les
informations de configuration actuelles.
NOTE 2 Adapté de l'ISO/CEI/IEEE 24765:2010.
3.3
élément de configuration
CI
élément qui doit être contrôlé afin de fournir un ou plusieurs services
3.4
base de données de gestion des configurations
CMDB
base de données utilisée pour enregistrer les attributs des éléments de configuration ainsi que les relations
entre les éléments de configuration, tout au long de leur cycle de vie
3.5
amélioration continue
activité régulière permettant d'accroître la capacité à satisfaire aux exigences de services
NOTE Adapté de l'ISO 9000:2005.
3.6
action corrective
action visant à éliminer la cause ou à réduire la probabilité de récurrence d'une non-conformité ou d'une autre
situation indésirable détectée
NOTE Adapté de l'ISO 9000:2005.
2) À publier.
© ISO/CEI 2011 – Tous droits réservés 3
ISO/CEI 20000-1:2011(F)
3.7
client
organisme ou partie d'un organisme qui reçoit un ou plusieurs services
NOTE 1 Un client peut être interne ou externe à l'organisme du fournisseur de services.
NOTE 2 Adapté de l'ISO 9000:2005.
3.8
document
support d'information et l'information qu'il contient
[ISO 9000:2005]
EXEMPLES Politiques, plans, descriptions de processus, procédures, accords sur les niveaux de services, contrats
ou enregistrements.
NOTE 1 La documentation peut se présenter sous toute forme et sur tout type de support.
NOTE 2 Dans l'ISO/CEI 20000, les documents, à l'exception des enregistrements, font état de l'objectif à atteindre.
3.9
efficacité
niveau de réalisation des activités planifiées et d'obtention des résultats escomptés
[ISO 9000:2005]
3.10
incident
interruption non planifiée d'un service, altération de la qualité d'un service ou événement qui n'a pas encore
eu d'impact sur le service au client
3.11
sécurité de l'information
protection de la confidentialité, de l'intégrité et de l'accessibilité de l'information
NOTE 1 En outre, d'autres propriétés telles que l'authenticité, l'imputabilité, la non-répudiation et la fiabilité peuvent
également être concernées.
NOTE 2 Le terme «disponibilité» n'est pas utilisé dans la présente définition car il s'agit d'un terme défini dans la
présente partie de l'ISO/CEI 20000 qui ne serait pas adapté à la présente définition.
NOTE 3 Adapté de l'ISO/CEI 27000:2009.
3.12
incident lié à la sécurité de l'information
un ou plusieurs événements liés à la sécurité de l'information indésirables ou inattendus présentant une
probabilité forte de compromettre les opérations liées à l'activité de l'organisation et de menacer la sécurité de
l'information
[ISO/CEI 27000:2009]
3.13
partie intéressée
personne ou groupe de personnes ayant un intérêt particulier dans le fonctionnement ou le succès de l'activité
ou des activités du fournisseur de services
EXEMPLES Clients, propriétaires, direction, personnels de l'organisme fournisseur de services, fournisseurs,
banques, syndicats ou partenaires.
4 © ISO/CEI 2011 – Tous droits réservés
ISO/CEI 20000-1:2011(F)
NOTE 1 Un groupe peut être un organisme, une partie de celui-ci ou plusieurs organismes.
NOTE 2 Adapté de l'ISO 9000:2005.
3.14
groupe interne
partie de l'organisme fournisseur de services qui s'engage auprès du fournisseur de services, via un accord
documenté, à contribuer à la conception, la transition, la fourniture et l'amélioration d'un ou de plusieurs
services
NOTE Le groupe interne n'est pas couvert par le domaine d'application du SMS du fournisseur de services.
3.15
erreur connue
problème dont la cause est identifiée ou qui bénéficie d'une méthode pour limiter ou éliminer son impact sur
un service en le contournant
3.16
non-conformité
non-satisfaction d'une exigence
[ISO 9000:2005]
3.17
organisme
ensemble d'installations et de personnes avec des responsabilités, pouvoirs et relations
EXEMPLES Compagnie, société, firme, entreprise, institution, œuvre de bienfaisance, travailleur indépendant,
association ou parties ou combinaison de ceux-ci.
NOTE 1 Cet ensemble est généralement structuré.
NOTE 2 Un organisme peut être public ou privé.
[ISO 9000:2005]
3.18
action préventive
action visant à éviter ou éliminer les causes d'une non-conformité potentielle ou d'une autre situation
indésirable potentielle, ou à réduire la probabilité de leur survenue
NOTE Adapté de l'ISO 9000:2005.
3.19
problème
cause sous-jacente d'un ou de plusieurs incidents
NOTE La cause sous-jacente n'est en général pas connue au moment de l'enregistrement du problème et le
processus de gestion des problèmes est chargé des investigations plus approfondies.
3.20
procédure
manière spécifiée d'effectuer une activité ou un processus
[ISO 9000:2005]
NOTE Les procédures peuvent ou non faire l'objet de documents.
© ISO/CEI 2011 – Tous droits réservés 5
ISO/CEI 20000-1:2011(F)
3.21
processus
ensemble d'activités corrélées ou interactives qui transforme des éléments d'entrée en éléments de sortie
[ISO 9000:2005]
3.22
enregistrement
document faisant état de résultats obtenus ou apportant la preuve de la réalisation d'une activité
[ISO 9000:2005]
EXEMPLES Rapports d'audit, rapports d'incidents, rapports de formation ou comptes-rendus de réunions.
3.23
mise en production
ensemble d'un ou de plusieurs éléments de configuration, nouveaux ou modifiés, déployés dans
l'environnement de production en tant que résultat d'un ou de plusieurs changements
3.24
demande de changement
proposition de changement à apporter à un service, à un composant de service ou au système de
management des services
NOTE Un changement apporté à un service inclut la mise à disposition d'un nouveau service ou la suppression d'un
service qui n'est plus requis.
3.25
risque
effet de l'incertitude sur l'atteinte des objectifs
NOTE 1 Un effet est un écart, positif et/ou négatif, par rapport à une attente.
NOTE 2 Les objectifs peuvent avoir différents aspects (par exemple buts financiers, de santé et de sécurité, ou
environnementaux) et peuvent concerner différents niveaux (niveau stratégique, niveau d'un projet, d'un produit, d'un
processus ou d'un organisme tout entier).
NOTE 3 Un risque est souvent caractérisé en référence à des événements et des conséquences potentiels ou à une
combinaison des deux.
NOTE 4 Un risque est souvent exprimé en termes de combinaison des conséquences d'un événement (incluant des
changements de circonstances) et de sa vraisemblance.
[ISO 31000:2009]
3.26
service
moyen visant à fournir de la valeur au client en lui offrant les résultats qu'il souhaite atteindre
NOTE 1 Un service est en général intangible.
NOTE 2 Un service peut également être fourni au fournisseur de services par un fournisseur, un groupe interne ou un
client agissant en tant que fournisseur.
3.27
composant de service
élément simple d'un service qui, lorsqu'il est combiné à d'autres éléments, fournit un service complet
EXEMPLES Matériel, logiciel, outils, applications, documentation, informations, processus ou services de soutien.
NOTE Un composant de service peut comprendre un ou plusieurs éléments de configuration.
6 © ISO/CEI 2011 – Tous droits réservés
ISO/CEI 20000-1:2011(F)
3.28
continuité de service
capacité à gérer les risques et les événements susceptibles d'avoir de graves conséquences sur un ou
plusieurs services afin de fournir sans interruption les services prévus aux accords sur les niveaux de services
3.29
accord sur les niveaux de services
SLA
accord documenté entre le fournisseur de services et le client qui identifie les services et leurs objectifs
NOTE 1 Un accord sur les niveaux de services peut également être établi entre le fournisseur de services et un
fournisseur, un groupe interne ou un client agissant en tant que fournisseur.
NOTE 2 Un accord sur les niveaux de services peut être inclus dans un contrat ou un autre type d'accord documenté.
3.30
gestion des services
ensemble d'aptitudes efficientes et de processus permettant de diriger et de contrôler les activités et
ressources du fournisseur de services pour la conception, la transition, la fourniture et l'amélioration des
services afin de satisfaire aux exigences de services
3.31
système de management des services
SMS
système de management permettant d'orienter et de contrôler les activités de gestion des services du
fournisseur de services
NOTE 1 Un système de management est un ensemble d'éléments corrélés ou interdépendants visant à établir une
politique ainsi que des objectifs, et à atteindre ces objectifs.
NOTE 2 Le SMS inclut l'intégralité des politiques de gestion des services, les objectifs, plans, processus,
documentations et ressources requises pour la conception, la transition, la fourniture et l'amélioration des services, et pour
satisfaire aux exigences de la présente partie de l'ISO/CEI 20000.
NOTE 3 Adapté de la définition du «système de management de la qualité» de l'ISO 9000:2005.
3.32
fournisseur de services
organisme ou partie d'un organisme qui gère et fournit au client un ou plusieurs services
NOTE Un client peut être interne ou externe à l'organisme du fournisseur de services.
3.33
demande de service
demande d'informations, de conseils, d'accès à un service ou à un changement préalablement approuvé
3.34
exigence de service
besoins du client et des utilisateurs du service, comprenant les exigences de niveaux de service, et besoins
du fournisseur de services
3.35
fournisseur
organisme ou partie d'un organisme qui est externe à l'organisme du fournisseur de services et qui conclut un
contrat avec le fournisseur de services pour contribuer à la conception, la transition, la fourniture et
l'amélioration d'un ou de plusieurs services ou processus
NOTE Le terme «fournisseurs» inclut les principaux fournisseurs désignés, mais pas leurs sous-traitants.
© ISO/CEI 2011 – Tous droits réservés 7
ISO/CEI 20000-1:2011(F)
3.36
direction
personne ou groupe de personnes qui oriente et contrôle le fournisseur de services au plus haut niveau
NOTE Adapté de l'ISO 9000:2005.
3.37
transition
activités impliquées dans le déploiement d'un service nouveau ou modifié vers l'environnement de production,
ou dans le retrait d'un service de l'environnement de production
4 Exigences générales relatives au système de management des services
4.1 Responsabilité de la direction
4.1.1 Engagement de la direction
Afin de fournir la preuve de son engagement pour planifier, établir, implémenter, exécuter, surveiller, passer
en revue, maintenir et améliorer le SMS et les services, la direction doit:
a) établir et communiquer le domaine d'application, la politique et les objectifs de gestion des services;
b) garantir la création, la mise en œuvre et la maintenance du plan de gestion des services afin d'être en
conformité avec la politique, d'atteindre les objectifs de gestion des services et de satisfaire aux
exigences de services;
c) communiquer sur l'importance de satisfaire aux exigences de services;
d) communiquer sur l'importance de satisfaire aux exigences légales et réglementaires et aux obligations
contractuelles;
e) garantir la mise à disposition des ressources;
f) réaliser des revues de direction à intervalles planifiés;
g) garantir que les risques concernant les services sont évalués et gérés.
4.1.2 Politique de gestion des services
La direction doit garantir que la politique de gestion des services:
a) est adaptée à l'objectif du fournisseur de services;
b) inclut un engagement à satisfaire aux exigences de services;
c) inclut un engagement à améliorer continuellement l'efficacité du SMS et des services via la politique sur
l'amélioration continue définie en 4.5.5.1;
d) fournit un cadre pour l'établissement et le passage en revue des objectifs de gestion des services;
e) est communiquée au personnel du fournisseur de services et est comprise par le personnel;
f) est passée en revue pour s'assurer qu'elle demeure appropriée en permanence.
8 © ISO/CEI 2011 – Tous droits réservés
ISO/CEI 20000-1:2011(F)
4.1.3 Autorité, responsabilité et communication
La direction doit s'assurer que:
a) les autorités et responsabilités liées à la gestion des services sont définies et maintenues;
b) des procédures documentées pour la communication sont établies et mises en œuvre.
4.1.4 Représentant de la direction
La direction doit nommer un membre de l'encadrement du fournisseur de services qui, nonobstant d'autres
responsabilités, doit avoir l'autorité et la responsabilité en particulier pour:
a) s'assurer que des activités sont effectuées dans le but d'identifier, de documenter et de satisfaire aux
exigences de services;
b) attribuer les autorités et responsabilités afin de garantir que les processus de gestion des services sont
conçus, mis en œuvre et améliorés conformément à la politique et aux objectifs de gestion des services;
c) s'assurer que les processus de gestion des services sont intégrés avec les autres composants du SMS;
d) s'assurer que les actifs, notamment les licences, utilisés pour fournir les services sont gérés
conformément aux exigences légales et réglementaires et aux obligations contractuelles;
e) établir les rapports pour la direction sur les performances et les opportunités d'amélioration du SMS et
des services.
4.2 Gouvernance des processus opérés par d'autres parties
Pour les processus spécifiés dans les Articles 5 à 9, le fournisseur de services doit identifier tous les
processus, ou parties de processus, qui sont opérés par d'autres parties. Les autres parties peuvent être un
groupe interne, un client ou un fournisseur. Le fournisseur de services doit démontrer qu'il gouverne les
processus opérés par d'autres parties en:
a) démontrant qu'il reste responsable de ces processus et qu'il a l'autorité pour exiger l'adhésion aux
processus;
b) contrôlant la définition des processus et les interfaces avec d'autres processus;
c) déterminant les performances des processus et la conformité aux exigences concernant les processus;
d) contrôlant la planification et les niveaux de priorité des améliorations sur les processus.
Lorsqu'un fournisseur met en œuvre des parties de processus, le fournisseur de services doit gérer le
fournisseur via le processus de gestion des fournisseurs. Lorsqu'un groupe interne ou un client utilise des
parties de processus, le fournisseur de services doit gérer le groupe interne ou le client via le processus de
gestion des niveaux de services.
NOTE L'ISO/CEI TR 20000-3 fournit des directives pour la définition du domaine d'application et l'applicabilité de la
présente partie de l'ISO/CEI 20000. Ces directives incluent des explications plus détaillées sur la gouvernance des
processus opérés par d'autres parties.
© ISO/CEI 2011 – Tous droits réservés 9
ISO/CEI 20000-1:2011(F)
4.3 Management de la documentation
4.3.1 Établir et maintenir les documents
Le fournisseur de services doit établir et maintenir la documentation, y compris les enregistrements, afin de
garantir la planification, l'exploitation et le contrôle efficaces du SMS. Cette documentation doit inclure:
a) la politique et les objectifs de gestion des services documentés;
b) le plan de gestion des services documenté;
c) les politiques et plans documentés créés pour les processus particuliers requis par la présente partie de
l'ISO/CEI 20000;
d) le catalogue des services documenté;
e) les accords documentés sur les niveaux de services;
f) les processus de gestion des services documentés;
g) les procédures documentées et les enregistrements requis par la présente partie de l'ISO/CEI 20000;
h) des documents supplémentaires, notamment ceux d'origine externe, définis par le fournisseur de
services comme nécessaires à l'exploitation efficace du SMS et à la fourniture des services.
4.3.2 Contrôle des documents
Les documents requis par le SMS doivent être contrôlés. Les enregistrements constituent un type particulier
de documents et doivent être contrôlés conformément aux exigences figurant en 4.3.3.
Une procédure documentée, spécifiant notamment les autorités et responsabilités, doit être établie afin de
définir les contrôles nécessaires pour:
a) créer et approuver les documents avant leur diffusion;
b) communiquer aux parties intéressées les documents nouveaux ou modifiés;
c) effectuer la revue des documents et les maintenir tel que nécessaire;
d) s'assurer que les changements et le statut de la version en vigueur des documents sont identifiés;
e) s'assurer que les versions pertinentes des documents applicables sont disponibles sur les lieux de leur
utilisation;
f) s'assurer que les documents sont rapidement et facilement identifiables et lisibles;
g) s'assurer que les documents d'origine externe sont identifiés et que leur diffusion est contrôlée;
h) éviter que des documents obsolètes soient involontairement utilisés et leur appliquer une identification
adaptée s'ils sont conservés.
4.3.3 Contrôle des enregistrements
Les enregistrements doivent être conservés pour prouver la conformité aux exigences et l'exploitation efficace
du SMS.
Une procédure documentée doit être établie afin de définir les contrôles nécessaires pour l'identification, le
stockage, la protection, la récupération, la conservation et la destruction des enregistrements. Les
enregistrements doivent être lisibles, faciles à identifier et faciles d'accès.
10 © ISO/CEI 2011 – Tous droits réservés
ISO/CEI 20000-1:2011(F)
4.4 Management des ressources
4.4.1 Mise à disposition des ressources
Le fournisseur de services doit déterminer et fournir les ressources humaines, techniques, financières et
d'information nécessaires pour:
a) établir, implémenter et maintenir le SMS et les services, et améliorer continuellement leur efficacité;
b) accroître la satisfaction du client en fournissant des services qui satisfont aux exigences de services.
4.4.2 Ressources humaines
Le personnel du fournisseur de services effectuant un travail ayant une incidence sur la conformité aux
exigences de services doit être compétent. Cette compétence doit se baser sur la formation initiale et
professionnelle, les compétences individuelles et l'expérience personnelle appropriées. Le fournisseur de
services doit:
a) déterminer les compétences nécessaires pour le personnel;
b) le cas échéant, former le personnel ou entreprendre d'autres actions destinées à lui faire obtenir les
compétences nécessaires;
c) évaluer l'efficacité des actions entreprises;
d) s'assurer que le personnel a conscience de l'importance de sa contribution à la réalisation des objectifs
de gestion des services et au respect des exigences de services;
e) conserver les enregistrements appropriés concernant la formation initiale et professionnelle, les
compétences individuelles et l'expérience personnelle.
4.5 Établir et améliorer le SMS
4.5.1 Définir le domaine d'application
Le fournisseur de services doit définir le domaine d'application du SMS et l'inclure dans le plan de gestion des
services. Le domaine d'application doit être défini par le nom de l'unité organisationnelle fournissant les
services, ainsi que par les services à fournir.
Le fournisseur de services doit également prendre en considération les autres facteurs susceptibles d'avoir
une incidence sur les services à fournir, notamment:
a) la ou les localisations géographiques depuis lesquelles le fournisseur de services fournit les services;
b) le client et sa ou ses localisations géographiques;
c) les technologies utilisées pour fournir les services.
NOTE L'ISO/CEI TR 20000-3 fournit des directives pour la défi
...
Die Norm ISO/IEC 20000-1:2011 ist ein entscheidender Standard im Bereich des Service-Managements, der klare Anforderungen für ein Service-Management-System (SMS) definiert. Diese Norm richtet sich an Dienstleister und Organisationen, die sicherstellen möchten, dass ihre Serviceanforderungen durch eine strukturierte und konsistente Herangehensweise erfüllt werden. Der Geltungsbereich dieser Norm umfasst die Planung, Einrichtung, Implementierung, den Betrieb, die Überwachung, die Überprüfung, die Wartung und die Verbesserung eines SMS. Ein wesentlicher Vorteil der ISO/IEC 20000-1:2011 liegt in ihrer Fähigkeit, die Gestaltung, den Übergang, die Bereitstellung und die Verbesserung von Dienstleistungen zu standardisieren. Dies gewährleistet, dass alle vereinbarten Serviceanforderungen systematisch erfüllt werden. Die Stärken dieses Standards zeigen sich insbesondere in seiner Relevanz für verschiedene Akteure im Service-Management-Bereich. Organisationen, die Dienstleistungen von Dienstleistern in Anspruch nehmen, profitieren von der Gewissheit, dass ihre spezifischen Anforderungen effizient und professionell behandelt werden. Darüber hinaus ermöglicht die Norm den Dienstleistern, ihre Fähigkeiten zur effektiven Gestaltung, Übergabe, Bereitstellung und Verbesserung von Dienstleistungen nachzuweisen. Ein weiteres bemerkenswertes Merkmal der ISO/IEC 20000-1:2011 ist die Unterstützung von Dienstleistern und Auditoren bei der Überwachung, Messung und Überprüfung ihrer Service-Management-Prozesse und Dienstleitungen. Die Norm dient somit als wertvolles Kriterium für die Konformitätsbewertung von Service-Management-Systemen und fördert die kontinuierliche Verbesserung. Zusammenfassend lässt sich sagen, dass die ISO/IEC 20000-1:2011 eine umfassende und strukturierte Grundlage für die Entwicklung und Verbesserung von Service-Management-Systemen bietet und liefert wichtige Hinweise für Organisationen und Dienstleister, um die Qualität ihrer Services nachhaltig zu verbessern und sicherzustellen, dass alle Anforderungen erfüllt werden.
ISO/IEC 20000-1:2011 is a pivotal standard in the realm of service management systems (SMS), providing a comprehensive framework for organizations to cultivate and enhance their service management capabilities. The core strength of this standard lies in its well-defined requirements, which guide service providers in the planning, establishment, implementation, operation, monitoring, review, maintenance, and continual improvement of an SMS. This ensures that organizations can consistently deliver services that meet agreed-upon service requirements. The standard's relevance is evident across various contexts. For organizations seeking services from external providers, ISO/IEC 20000-1:2011 offers a structured approach to verify that service requirements will be met. Similarly, it facilitates a uniform methodology among multiple service providers, including those within a complex supply chain, thereby enhancing coherence and quality across service delivery. Furthermore, service providers benefit significantly from adhering to these standard requirements by demonstrating their capability in the design, transition, delivery, and ongoing improvement of services. This is instrumental for building trust with clients and stakeholders. Additionally, the standard equips service providers with the tools necessary for monitoring, measuring, and reviewing their service management processes, which is critical for identifying areas of improvement and implementing effective actions. In summary, ISO/IEC 20000-1:2011 stands as a crucial benchmark for service management, validating its significance through its ability to foster consistency, reliability, and continuous enhancement in service delivery. Its structured approach not only aids service providers in fulfilling their obligations but also reassures clients regarding the quality and dependability of the services they procure.
ISO/IEC 20000-1:2011は、サービスマネジメントシステム(SMS)のための国際的な標準であり、サービスプロバイダーがサービスを計画、設計、実施、運用、監視、レビュー、維持、そして改善するための要求事項を具体化しています。この標準の範囲は、合意されたサービス要件を満たすためのサービスの設計、移行、提供、改善にまで及びます。 ISO/IEC 20000-1:2011の強みは、その包括性と明確な要件にあります。これにより、サービスプロバイダーは一貫したアプローチを実現し、顧客の期待に応えることが可能です。また、サービスプロバイダーは、自らのサービス管理プロセスやサービスを監視、測定、レビューし、継続的な改善に向けた基準としてこの標準を活用できます。特に、供給チェーン内の全サービスプロバイダーが統一された手法を必要とする組織にとっても非常に有益です。 さらに、ISO/IEC 20000-1:2011は、サービスプロバイダーが自身の能力を示すための基準を提供しており、サービスの設計、移行、提供、改善における効果的な実施と運用の重要性を再確認させる内容となっています。これにより、サービス提供の一貫性と質の向上が期待できるため、顧客満足度の向上にも寄与します。 このように、ISO/IEC 20000-1:2011は、サービスマネジメントのベストプラクティスを確立するための重要な指針となっており、サービスプロバイダーおよび顧客にとって不可欠な標準であると言えます。そのため、広範な適用性と高い関連性を持ち、多様な業界においても価値のあるフレームワークを提供しています。
La norme ISO/IEC 20000-1:2011 est un jalon essentiel dans le domaine de la gestion des services informatiques. En tant que norme pour le système de gestion de services (SMS), elle définit des exigences claires et précises que les fournisseurs de services doivent respecter pour planifier, établir, mettre en œuvre, exploiter, surveiller, examiner, maintenir et améliorer un SMS. L'un des principaux atouts de cette norme réside dans sa portée. ISO/IEC 20000-1:2011 s'adresse non seulement aux fournisseurs de services, mais également aux organisations qui recherchent des services auprès de ces fournisseurs. Cela permet d'assurer que les exigences de service convenues sont respectées, ce qui est crucial dans un environnement de service concurrentiel. De plus, cette norme favorise une approche cohérente entre tous les prestataires de services, y compris ceux présents dans une chaîne d'approvisionnement, garantissant ainsi une uniformité dans la qualité des services fournis. La norme met également un accent particulier sur la conception, la transition, la livraison et l'amélioration continue des services. En intégrant des processus de surveillance et d'examen, les fournisseurs de services peuvent systématiquement mesurer et améliorer leurs processus de gestion des services, ce qui conduit à une meilleure efficacité opérationnelle et à une amélioration de la satisfaction des clients. Enfin, ISO/IEC 20000-1:2011 fournit des critères précieux pour les évaluateurs et auditeurs lors de l'évaluation de la conformité des systèmes de gestion des services d'un fournisseur aux exigences établies. Cela renforce la transparence et la confiance des parties prenantes dans les capacités des fournisseurs de services à livrer des services de qualité. En somme, la norme ISO/IEC 20000-1:2011 se révèle être un outil indispensable pour toute organisation désirant améliorer sa gestion des services informatiques, garantir la qualité des services fournis et établir une base solide pour l'amélioration continue.
ISO/IEC 20000-1:2011은 정보 기술 서비스 관리 시스템(SMS)에 대한 표준으로, 서비스 제공자가 SMS를 계획하고 수립하며, 구현하고 운영하고 모니터링하며, 검토하고 유지 관리하고 개선하기 위한 요구 사항을 명시합니다. 이 표준은 서비스 요구 사항을 충족하기 위해 서비스의 설계, 전환, 제공 및 개선 과정을 포함한 포괄적인 요구 사항을 설정하고 있습니다. 이 표준의 강점 중 하나는 모든 서비스 제공자가 일관된 접근 방식을 제공하도록 요구함으로써, 서비스 공급망 내에서의 통일성을 확보할 수 있게 하는 것입니다. ISO/IEC 20000-1:2011은 서비스 요구 사항이 충족될 것이라는 확신을 필요로 하는 조직이나, 서비스 관리 프로세스의 모니터링 및 측정을 통해 개선을 도모하는 서비스 제공자에게 매우 유용합니다. 또한, 이 표준은 서비스 제공자가 자신의 서비스 요구 사항을 충족하기 위한 디자인, 전환, 제공 및 개선 능력을 입증할 수 있도록 돕습니다. 이는 서비스 제공자가 SMS의 효과적인 구현 및 운영을 통해 서비스의 질을 높일 수 있는 기회를 제공합니다. ISO/IEC 20000-1:2011은 또한 서비스 제공자의 SMS의 적합성을 평가하는 데 필요한 기준을 제공함으로써, 평가자나 감사자가 신뢰할 수 있는 기준을 갖출 수 있도록 지원합니다. 결론적으로, ISO/IEC 20000-1:2011 표준은 서비스 관리 시스템의 품질을 높이기 위한 필수적인 도구로서, 서비스 제공자의 역량을 강화하고 서비스 일관성을 확보하는 데 중요한 역할을 합니다. 이 표준을 통해 조직과 서비스 제공자는 서비스 관리 프로세스의 효과성을 향상시키고, 궁극적으로 고객의 요구를 충족시키는 데 기여할 수 있습니다.
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.
Loading comments...