ISO/IEC 20000-1:2011
(Main)Information technology — Service management — Part 1: Service management system requirements
Information technology — Service management — Part 1: Service management system requirements
ISO/IEC 20000-1:2011 is a service management system (SMS) standard. It specifies requirements for the service provider to plan, establish, implement, operate, monitor, review, maintain and improve an SMS. The requirements include the design, transition, delivery and improvement of services to fulfil agreed service requirements. ISO/IEC 20000-1:2011 can be used by: an organization seeking services from service providers and requiring assurance that their service requirements will be fulfilled; an organization that requires a consistent approach by all its service providers, including those in a supply chain; a service provider that intends to demonstrate its capability for the design, transition, delivery and improvement of services that fulfil service requirements; a service provider to monitor, measure and review its service management processes and services; a service provider to improve the design, transition, delivery and improvement of services through the effective implementation and operation of the SMS; an assessor or auditor as the criteria for a conformity assessment of a service provider's SMS to the requirements in ISO/IEC 20000-1:2011.
Technologies de l'information — Gestion des services — Partie 1: Exigences du système de management des services
L'ISO/CEI 20000-1:2011 est une norme de système de management des services (SMS). Elle spécifie les exigences destinées au fournisseur de services pour planifier, établir, implémenter, exécuter, surveiller, passer en revue, maintenir et améliorer un SMS. Les exigences incluent la conception, la transition, la fourniture et l'amélioration des services afin de satisfaire aux exigences de services. L'ISO/CEI 20000-1:2011 peut être utilisée par: un organisme attendant des services de la part de fournisseurs de services et exigeant d'avoir la garantie que les exigences de services de ces derniers seront satisfaites; un organisme qui exige une approche cohérente de la part de tous ses fournisseurs de services, y compris ceux qui sont compris dans une chaîne logistique; un fournisseur de services qui souhaite démontrer son efficience dans la conception, la transition, la fourniture et l'amélioration des services qui satisfont aux exigences de services; un fournisseur de services pour surveiller, mesurer et passer en revue ses processus de gestion des services ainsi que ses services; un fournisseur de services pour améliorer la conception, la transition et la fourniture des services par l'implémentation et le fonctionnement effectifs d'un SMS; un évaluateur ou un auditeur comme critère d'évaluation de conformité du SMS d'un fournisseur de services par rapport aux exigences figurant dans l'ISO/CEI 20000-1:2011.
General Information
Relations
Buy Standard
Standards Content (Sample)
INTERNATIONAL ISO/IEC
STANDARD 20000-1
Second edition
2011-04-15
Information technology — Service
management —
Part 1:
Service management system
requirements
Technologies de l'information — Gestion des services —
Partie 1: Exigences du système de gestion des services
Reference number
©
ISO/IEC 2011
© ISO/IEC 2011
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2011 – All rights reserved
Contents Page
Foreword .v
Introduction.vii
1 Scope.1
1.1 General .1
1.2 Application .2
2 Normative references.2
3 Terms and definitions .3
4 Service management system general requirements .7
4.1 Management responsibility .7
4.1.1 Management commitment .7
4.1.2 Service management policy .8
4.1.3 Authority, responsibility and communication.8
4.1.4 Management representative.8
4.2 Governance of processes operated by other parties .8
4.3 Documentation management .9
4.3.1 Establish and maintain documents.9
4.3.2 Control of documents .9
4.3.3 Control of records .10
4.4 Resource management.10
4.4.1 Provision of resources.10
4.4.2 Human resources .10
4.5 Establish and improve the SMS.10
4.5.1 Define scope .10
4.5.2 Plan the SMS (Plan).11
4.5.3 Implement and operate the SMS (Do).11
4.5.4 Monitor and review the SMS (Check) .11
4.5.5 Maintain and improve the SMS (Act).13
5 Design and transition of new or changed services .13
5.1 General .13
5.2 Plan new or changed services .14
5.3 Design and development of new or changed services .14
5.4 Transition of new or changed services.15
6 Service delivery processes .15
6.1 Service level management .15
6.2 Service reporting.16
6.3 Service continuity and availability management .16
6.3.1 Service continuity and availability requirements.16
6.3.2 Service continuity and availability plans .16
6.3.3 Service continuity and availability monitoring and testing .17
6.4 Budgeting and accounting for services.17
6.5 Capacity management .18
6.6 Information security management.18
6.6.1 Information security policy .18
6.6.2 Information security controls.19
6.6.3 Information security changes and incidents.19
7 Relationship processes .19
7.1 Business relationship management.19
7.2 Supplier management.20
8 Resolution processes .21
© ISO/IEC 2011 – All rights reserved iii
8.1 Incident and service request management.21
8.2 Problem management .22
9 Control processes .22
9.1 Configuration management.22
9.2 Change management .23
9.3 Release and deployment management .24
Bibliography .26
Figures
Figure 1 — PDCA methodology applied to service management . viii
Figure 2 — Service management system.2
Figure 3 — Example of supply chain relationships .20
iv © ISO/IEC 2011 – All rights reserved
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members of
ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information
technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of the joint technical committee is to prepare International Standards. Draft International
Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as
an International Standard requires approval by at least 75 % of the national bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.
ISO/IEC 20000-1 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 7, Software and systems engineering. This second edition cancels and replaces the first
edition (ISO/IEC 20000-1:2005), which has been technically revised. The main differences are as follows:
⎯ closer alignment to ISO 9001;
⎯ closer alignment to ISO/IEC 27001;
⎯ change of terminology to reflect international usage;
⎯ addition of many more definitions, updates to some definitions and removal of two definitions;
⎯ introduction of the term “service management system”;
⎯ combining Clauses 3 and 4 of ISO/IEC 20000-1:2005 to put all management system requirements into
one clause;
⎯ clarification of the requirements for the governance of processes operated by other parties;
⎯ clarification of the requirements for defining the scope of the SMS;
⎯ clarification that the PDCA methodology applies to the SMS, including the service management
processes, and the services;
⎯ introduction of new requirements for the design and transition of new or changed services.
ISO/IEC 20000 consists of the following parts, under the general title Information technology — Service
management:
⎯ Part 1: Service management system requirements
1)
⎯ Part 2: Guidance on the application of service management systems
1) To be published. (Technical revision of ISO/IEC 20000-2:2005.)
© ISO/IEC 2011 – All rights reserved v
⎯ Part 3: Guidance on scope definition and applicability of ISO/IEC 20000-1 [Technical Report]
⎯ Part 4: Process reference model [Technical Report]
⎯ Part 5: Exemplar implementation plan for ISO/IEC 20000-1 [Technical Report]
A process assessment model for service management will form the subject of a future Part 8.
vi © ISO/IEC 2011 – All rights reserved
Introduction
The requirements in this part of ISO/IEC 20000 include the design, transition, delivery and improvement of
services that fulfil service requirements and provide value for both the customer and the service provider. This
part of ISO/IEC 20000 requires an integrated process approach when the service provider plans, establishes,
implements, operates, monitors, reviews, maintains and improves a service management system (SMS).
Co-ordinated integration and implementation of an SMS provides ongoing control and opportunities for
continual improvement, greater effectiveness and efficiency. The operation of processes as specified in this
part of ISO/IEC 20000 requires personnel to be well organized and co-ordinated. Appropriate tools can be
used to enable the processes to be effective and efficient.
The most effective service providers consider the impact on the SMS through all stages of the service lifecycle,
from strategy through design, transition and operation, including continual improvement.
This part of ISO/IEC 20000 requires the application of the methodology known as “Plan-Do-Check-Act”
(PDCA) to all parts of the SMS and the services. The PDCA methodology, as applied in this part of
ISO/IEC 20000, can be briefly described as follows.
Plan: establishing, documenting and agreeing the SMS. The SMS includes the policies, objectives, plans and
processes to fulfil the service requirements.
Do: implementing and operating the SMS for the design, transition, delivery and improvement of the services.
Check: monitoring, measuring and reviewing the SMS and the services against the policies, objectiv
...
INTERNATIONAL ISO/IEC
STANDARD 20000-1
Redline version
compares second edition
to first edition
Information technology — Service
management —
Part 1:
Service management system
requirements
Technologies de l’information — Gestion des services —
Partie 1: Exigences du système de management des services
Reference number
ISO/IEC 20000-1:redline:2014(E)
©
ISO/IEC 2014
ISO/IEC 20000-1:redline:2014(E)
IMPORTANT — PLEASE NOTE
This is a mark-up copy and uses the following colour coding:
Text example 1 — indicates added text (in green)
Text example 2 — indicates removed text (in red)
— indicates added graphic figure
— indicates removed graphic figure
1.x . — Heading numbers containg modifications are highlighted in yellow in
the Table of Contents
DISCLAIMER
This Redline version provides you with a quick and easy way to compare the main changes
between this edition of the standard and its previous edition. It doesn’t capture all single
changes such as punctuation but highlights the modifications providing customers with
the most valuable information. Therefore it is important to note that this Redline version is
not the official ISO standard and that the users must consult with the clean version of the
standard, which is the official standard, for implementation purposes.
© ISO 2014
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO 2014 – All rights reserved
ISO/IEC 20000-1:redline:2014(E)
Contents Page
Foreword .iv
Introduction .vi
1 Scope . 1
1.1 General . 1
1.2 Application . 2
2 Normative references . 3
2 3 Terms and definitions . 4
3 Requirements for a management system . 9
3.1 Management responsibility . 9
3.2 Documentation requirements. 9
3.3 Competence, awareness and training .10
4 Planning and implementing service management Service management system
general requirements.10
4.1 Plan service management (Plan) Management responsibility .10
4.2 Implement service management and provide the services (Do) Governance of processes
operated by other parties .12
4.3 Documentation management .13
4.4 Resource management .14
4.3 4.5 Monitoring, measuring and reviewing (Check) Establish and improve the SMS .14
4.4 Continual improvement (Act) .18
5 Planning and implementing Design and transition of new or changed services .18
5.1 General .18
5.2 Plan new or changed services .19
5.3 Design and development of new or changed services .19
5.4 Transition of new or changed services .20
6 Service delivery process processes .21
6.1 Service level management.21
6.2 Service reporting .22
6.3 Service continuity and availability management .22
6.4 Budgeting and accounting for IT services .24
6.5 Capacity management .24
6.6 Information security management .25
7 Relationship processes .26
7.1 General .26
7.2 7.1 Business relationship management .26
7.3 7.2 Supplier management .27
8 Resolution processes .29
8.1 Background .29
8.2 8.1 Incident and service request management .29
8.3 8.2 Problem management.30
9 Control processes .31
9.1 Configuration management .31
9.2 Change management .32
9.3 Release and deployment management .33
10 Release process .34
10.1 Release management process .34
Bibliography
.............................................................................................................................................................................................................................35
ISO/IEC 20000-1:redline:2014(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work. In the field of information technology, ISO and IEC have established a joint technical committee,
ISO/IEC JTC 1.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of the joint technical committee is to prepare International Standards. Draft International
Standards adopted by the joint technical committee are circulated to national bodies for voting.
Publication as an International Standard requires approval by at least 75 % of the national bodies
casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.
ISO/IEC 20000-1 was prepared by BSI (as BS 15000-1) and was adopted, under a special “fast-track
procedure”, by Joint Technical Committee ISO/IEC JTC 1, Information technology, in parallelSubcommittee
SC 7, with its approval bySoftware and systems engineering national bodies of ISO and IEC. This second
edition cancels and replaces the first edition (ISO/IEC 20000-1:2005.), which has been technically
revised. The main differences are as follows:
— closer alignment to ISO 9001;
— closer alignment to ISO/IEC 27001;
— change of terminology to reflect international usage;
— addition of many more definitions, updates to some definitions and removal of two definitions;
— introduction of the term “service management system”;
— combining Clauses 3 and 4 of ISO/IEC 20000-1:2005 to put all management system requirements
into one clause;
— clarification of the requirements for the governance of processes operated by other parties;
— clarification of the requirements for defining the scope of the SMS;
— clarification that the PDCA methodology applies to the SMS, including the service management
processes, and the services;
— introduction of new requirements for the design and transition of new or changed services.
ISO/IEC 20000 consists of the following parts, under the general title Information technology —
Service management:
— Part 1: SpecificationService management system requirements
1)
— Part 2: Code of practiceGuidance on the application of service management systems
— Part 3: Guidance on scope definition and applicability ofISO/IEC 20000-1 [Technical Report]
— Part 4: Process reference model [Technical Report]
1) To be published. (Technical revision of ISO/IEC 20000-2:2005.)
iv © ISO 2014 – All rights reserved
ISO/IEC 20000-1:redline:2014(E)
— Part 5: Exemplar implementation plan forISO/IEC 20000-1 [Technical Report]
A process assessment model for service management will form the subject of a future Part 8.
ISO/IEC 20000-1:redline:2014(E)
Introduction
The requirements in this part of ISO/IEC 20000 include the design, transition, delivery and improvement
of services that fulfil service requirements and provide value for both the customer and the service
provider. This part of ISO/IEC 20000 promotes the adoption ofrequires an integrated process approach
to effectively deliver managed services to meet the business and customer requirements. For an
organization to function effectively it has to identify and manage numerous linked activities. An activity
using resources, and managed in order to enable the transformation of inputs into outputs, can be
considered as
...
NORME ISO/CEI
INTERNATIONALE 20000-1
Deuxième édition
2011-04-15
Technologies de l'information — Gestion
des services —
Partie 1:
Exigences du système de management
des services
Information technology — Service management —
Part 1: Service management system requirements
Numéro de référence
ISO/CEI 20000-1:2011(F)
©
ISO/CEI 2011
ISO/CEI 20000-1:2011(F)
DOCUMENT PROTÉGÉ PAR COPYRIGHT
© ISO/CEI 2011
Droits de reproduction réservés. Sauf prescription différente, aucune partie de cette publication ne peut être reproduite ni utilisée sous
quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie et les microfilms, sans l'accord écrit
de l'ISO à l'adresse ci-après ou du comité membre de l'ISO dans le pays du demandeur.
ISO copyright office
Case postale 56 CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Publié en Suisse
ii © ISO/CEI 2011 – Tous droits réservés
ISO/CEI 20000-1:2011(F)
Sommaire Page
Avant-propos . v
Introduction . vii
1 Domaine d'application . 1
1.1 Généralités . 1
1.2 Application . 2
2 Références normatives . 3
3 Termes et définitions . 3
4 Exigences générales relatives au système de management des services . 8
4.1 Responsabilité de la direction . 8
4.1.1 Engagement de la direction . 8
4.1.2 Politique de gestion des services . 8
4.1.3 Autorité, responsabilité et communication . 9
4.1.4 Représentant de la direction . 9
4.2 Gouvernance des processus opérés par d'autres parties . 9
4.3 Management de la documentation . 10
4.3.1 Établir et maintenir les documents . 10
4.3.2 Contrôle des documents . 10
4.3.3 Contrôle des enregistrements . 10
4.4 Management des ressources . 11
4.4.1 Mise à disposition des ressources . 11
4.4.2 Ressources humaines . 11
4.5 Établir et améliorer le SMS . 11
4.5.1 Définir le domaine d'application . 11
4.5.2 Planifier le SMS (Planifier) . 11
4.5.3 Mettre en œuvre et exploiter le SMS (Faire) . 12
4.5.4 Surveiller et passer en revue le SMS (Vérifier) . 12
4.5.5 Maintenir et améliorer le SMS (Agir) . 14
5 Conception et transition de services nouveaux ou modifiés . 15
5.1 Généralités . 15
5.2 Planification des services nouveaux ou modifiés . 15
5.3 Conception et développement des services nouveaux ou modifiés . 16
5.4 Transition des services nouveaux ou modifiés . 16
6 Processus de fourniture des services . 17
6.1 Gestion des niveaux de services . 17
6.2 Fourniture des rapports de service . 17
6.3 Gestion de la continuité et de la disponibilité des services . 18
6.3.1 Exigences de continuité et de disponibilité des services . 18
6.3.2 Plans de continuité et de disponibilité des services . 18
6.3.3 Surveillance et test de la continuité et de la disponibilité des services . 19
6.4 Budgétisation et comptabilisation des services . 19
6.5 Gestion de la capacité . 20
6.6 Management de la sécurité de l'information . 20
6.6.1 Politique de sécurité de l'information . 20
6.6.2 Contrôles de la sécurité de l'information . 20
6.6.3 Changements et incidents concernant la sécurité de l'information . 21
7 Processus de gestion des relations . 21
7.1 Gestion des relations commerciales . 21
7.2 Gestion des fournisseurs . 22
© ISO/CEI 2011 – Tous droits réservés iii
ISO/CEI 20000-1:2011(F)
8 Processus de résolution .23
8.1 Gestion des incidents et des demandes de services .23
8.2 Gestion des problèmes .24
9 Processus de contrôle .25
9.1 Gestion des configurations .25
9.2 Gestion des changements .26
9.3 Gestion des mises en production et de leur déploiement.27
Bibliographie .28
Figures
Figure 1 — Méthodologie PDCA appliquée à la gestion des services . viii
Figure 2 — Système de management des services .2
Figure 3 — Exemple de relations dans la chaîne logistique .22
iv © ISO/CEI 2011 – Tous droits réservés
ISO/CEI 20000-1:2011(F)
Avant-propos
L'ISO (Organisation internationale de normalisation) et la CEI (Commission électrotechnique internationale)
forment le système spécialisé de la normalisation mondiale. Les organismes nationaux membres de l'ISO ou
de la CEI participent au développement de Normes internationales par l'intermédiaire des comités techniques
créés par l'organisation concernée afin de s'occuper des domaines particuliers de l'activité technique. Les
comités techniques de l'ISO et de la CEI collaborent dans des domaines d'intérêt commun. D'autres
organisations internationales, gouvernementales et non gouvernementales, en liaison avec l'ISO et la CEI
participent également aux travaux. Dans le domaine des technologies de l'information, l'ISO et la CEI ont créé
un comité technique mixte, l'ISO/CEI JTC 1.
Les Normes internationales sont rédigées conformément aux règles données dans les Directives ISO/CEI,
Partie 2.
La tâche principale du comité technique mixte est d'élaborer les Normes internationales. Les projets de
Normes internationales adoptés par le comité technique mixte sont soumis aux organismes nationaux pour
vote. Leur publication comme Normes internationales requiert l'approbation de 75 % au moins des
organismes nationaux votants.
L'attention est appelée sur le fait que certains des éléments du présent document peuvent faire l'objet de
droits de propriété intellectuelle ou de droits analogues. L'ISO et la CEI ne sauraient être tenues pour
responsables de ne pas avoir identifié de tels droits de propriété et averti de leur existence.
L'ISO/CEI 20000-1 a été élaborée par le comité technique mixte ISO/CEI JTC 1, Technologies de
l'information, sous-comité SC 7, Ingénierie du logiciel et des systèmes.
Cette deuxième édition annule et remplace la première édition (ISO/CEI 20000-1:2005), dont elle constitue
une révision technique. Les principales différences par rapport à la première édition sont les suivantes:
harmonisation avec l'ISO 9001;
harmonisation avec l'ISO/CEI 27001;
modification de la terminologie afin de refléter l'utilisation internationale;
ajout de nombreuses définitions, mises à jour de certaines définitions et suppression de deux définitions;
introduction du terme «Système de Management des Services»;
regroupement des Articles 3 et 4 de l'ISO/CEI 20000-1:2005 afin de faire apparaître toutes les exigences
d'un système de management dans un seul article;
clarification des exigences relatives à la gouvernance des processus opérés par d'autres parties;
clarification des exigences relatives à la définition du domaine d'application du système de management
de services;
clarification de l'application de la méthodologie du PDCA au système de management de services, y
compris aux processus de gestion des services, ainsi qu'aux services;
introduction de nouvelles exigences relatives à la conception et à la transition de services nouveaux ou
modifiés.
© ISO/CEI 2011 – Tous droits réservés v
ISO/CEI 20000-1:2011(F)
L'ISO/CEI 20000 comprend les parties suivantes, présentées sous le titre général Technologies de
l'information — Gestion des services:
Partie 1: Exigences du système de management des services
1)
Partie 2: Directives relatives à l'application des systèmes de management des services
Partie 3: Directives pour la définition du domaine d'application et l'applicabilité de l'ISO/CEI 20000-1
[Rapport technique]
Partie 4: Modèle de référence de processus [Rapport technique]
Partie 5: Exemple de plan de mise en application pour l'ISO/CEI 20000-1) [Rapport technique]
Un modèle d'évaluation de processus pour le management des services fera l'objet d'une future Partie 8.
1) À publier. (Révision technique de l'ISO/CEI 20000-2:2005)
vi © ISO/CEI 2011 – Tous droits réservés
ISO/CEI 20000-1:2011(F)
Introduction
Les exigences figurant dans la présente partie de l'ISO/CEI 20000 couvrent la conception, la transition, la
fourniture et l'amélioration des services qui satisfont aux exigences de services et apportent de la valeur pour
le client comme pour le fournisseur de services. La présente partie de l'ISO/CEI 20000 requiert l'adoption
d'une approche processus intégrés lorsque le fournisseur de services planifie, établit, implémente, exploite,
surveille, passe en revue, maintient et améliore un système de management des services (SMS, service
management system).
L'intégration et l'implémentation coordonnées d'un SMS présentent l'avantage d'offrir un contrôle des
opérations et des opportunités d'amélioration continue, ainsi qu'une efficacité et une efficience accrues. Il est
nécessaire, pour la mise en œuvre et l'exécution des processus spécifiés dans la présente partie de
l'ISO/CEI 20000, que le personnel soit bien organisé et coordonné. Des outils appropriés peuvent être utilisés
pour améliorer l'efficacité et l'efficience des processus.
Les fournisseurs de services les plus efficaces prennent en compte l'impact du SMS su
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.