Bsi bip 0134 2013

Natio al f orew ord... edition to the 2011 edition... Activity Refer ences... T is now shows th... Changes to suppor the defnition of s ope... Clause 4.2, ‘Gov rnance of pr oces es opera

BSI Standar ds P ublic ation

This c le tio in lu es th folowin sta d rds a d b oks:

BS ISO/IEC 2000 - :201 ,Information te h ology S rvic ma a eme t p r 1:S rvic ma a eme t

system re uireme ts

BS ISO/IEC 2000 -2:2012, Information te h ology S rvic ma a eme t p r 2 Guid n e on th a plc tion of

servic ma a eme t systems

A Ma a er’s Guid to S rvic Ma a eme t 6the ition

A Guid to th n

A Guid to th n w ISO/IEC 20 00- : Th dif fere c s b twe n th 2005 a d 201 e itions

T he IT Serv iceManageme t Col ection

th

These in tr uction r elate to A do e Re der 9.3.2 an it s ould b noted that other v er sion of

Navigatio

Find

Inf ormation technology —

Natio al f orew ord

ISO/ IEC 2 0 0- 1:2 1 (E)

ISO/ IEC 2 0 0- 1:2 1 (E)

Foreword .v

Int rod c on .vi

1 Sco e 1

1.1 Ge eral 1

1.2 Ap l c t ion 2

2 Norma v refere c s .2

3 Terms a d d finition 3

4 Servic ma a eme t sy stem g n ral req ireme t s .7

4.1 Ma a eme t re p n ibi t y 7

4.1.1 Ma a eme t commit me t 7

4.1.2 Servic ma a eme t p l c 8

4.1.3 Authority, re p n ibi ty a d commu ic t ion 8

4.1.4 Ma a eme t repre e t at i e 8

4.2 Gov rn n e of proc s e o erat ed by ot her part i s 8

4.3 Doc me tation ma a eme t 9

4.3.1 Est abl s a d maint ain doc me t s 9

4.3.2 Cont rol of doc me t s 9

4.3.3 Cont rol of re ord 10 4.4 R esourc ma a eme t 10 4.4.1 Provision of re ourc s 10 4.4.2 Huma re ourc s 10 4.5 Est abl s a d improv t he SMS 10 4.5.1 Defin s o e .10 4.5.2 Pla t he SMS (Pla ) 1

4.5.3 Impleme t a d o erat e t he SMS (Do) 1

4.5.4 Monitor a d re iew t he SMS (Che k ) 1

4.5.5 Maintain a d improv e t he SMS (Act ) .13 5 De ig a d tra sit ion of new or c a g d s rvic s .13 5.1 Ge eral 13 5.2 Pla n w or c a g d s rvic s 14 5.3 De ig a d de elo me t of n w or c a g d s rvic s .14 5.4 Tra sit ion of new or c a g d s rvic s 15 6 Servic d l v ry proc s e 15 6.1 Servic le el ma a eme t 15 6.2 Servic rep rt i g 16 6.3 Servic con nuity a d a aiabi ty ma a eme t 16 6.3.1 Servic con nuity a d a aiabi ty re uireme t s 16 6.3.2 Servic con nuity a d a aiabi ty pla s 16 6.3.3 Servic cont i uity a d a ai abi ty monit orin a d te t i g 17 6.4 Bu ge n a d a cou t i g for s rvic s 17 6.5 Capa ity ma a eme t 18 6.6 Informa on s c rity ma a eme t 18 6.6.1 Informa on s c rity p lc 18 6.6.2 Informa on s c rity cont rols .19 6.6.3 Informa on s c rity c a g s a d incid nt s 19 7 R ela on hip proc s e 19 7.1 Bu in s rela on hip ma a eme t 19 7.2 Suppler ma a eme t .2

ISO/ IEC 2 0 0- 1:2 1 (E)

8.1 In id nt a d s rvic re u st ma a eme t 21

8.2 Pro lem ma a eme t .2

9 Cont rol proc s e 2

9.1 Config ration ma a eme t .2

9.2 Ch ng ma a eme t .2

9.3 R ele s a d d ploy me t ma a eme t 2

Biblograph 2

Fig re Fig re 1 — PDCA met hodolog ap le t o s rvic ma a eme t .vi

Figure 2 — Servic ma a eme t s st em 2

Figure 3 — Ex ample of s p ly c ain rela on hips .2

ISO/ IEC 2 0 0- 1:2 1 (E)

Foreword

1

ISO/ IEC 2 0 0- 1:2 1 (E)

ISO/ IEC 2 0 0- 1:2 1 (E)

ISO/ IEC 2 0 0- 1:2 1 (E)

ISO/IEC 2 0 0-1 onlne s r v ey

INT ER NATIONAL STANDAR D ISO/ IEC 20 0 -1:201 (E)

ISO/ IEC 2 0 0- 1:2 1 (E)

2)

ISO/ IEC 2 0 0- 1:2 1 (E)

3.1

3.2

3.5

3.6

3.7

3.8

ISO/ IEC 2 0 0- 1:2 1 (E)

inv olv ed

ISO/ IEC 2 0 0- 1:2 1 (E)

ISO/ IEC 2 0 0- 1:2 1 (E)

ris

ISO/ IEC 2 0 0- 1:2 1 (E)

3.3

3.3

3.3

3.3

ISO/ IEC 2 0 0- 1:2 1 (E)

serv ices

ISO/ IEC 2 0 0- 1:2 1 (E)

ISO/ IEC 2 0 0- 1:2 1 (E)

ret riev able

ISO/ IEC 2 0 0- 1:2 1 (E)

ISO/ IEC 2 0 0- 1:2 1 (E)

serv ices:

ISO/ IEC 2 0 0- 1:2 1 (E)

ISO/ IEC 2 0 0- 1:2 1 (E)

ISO/ IEC 2 0 0- 1:2 1 (E)

ISO/ IEC 2 0 0- 1:2 1 (E)

ISO/ IEC 2 0 0- 1:2 1 (E)

service;

ISO/ IEC 2 0 0- 1:2 1 (E)

ISO/ IEC 2 0 0- 1:2 1 (E)

ISO/ IEC 2 0 0- 1:2 1 (E)

ISO/ IEC 2 0 0- 1:2 1 (E)

serv ic es

ISO/ IEC 2 0 0- 1:2 1 (E)

ISO/ IEC 2 0 0- 1:2 1 (E)

ISO/ IEC 2 0 0- 1:2 1 (E)

ISO/ IEC 2 0 0- 1:2 1 (E)

ISO/ IEC 2 0 0- 1:2 1 (E)

model

ISO/ IEC 2 0 0- 1:2 1 (E)

Inf ormation technology —

Natio al f orew ord

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

Forew ord

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

INTER NA TIONA L STA NDA R D ISO/IEC 2 00 - 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

req uirem ents

ISO/IEC 2 0 0- 2:2 12(E)

ac t ion

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

programme

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

prov ider

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

serv ices;

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

serv ices

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

v olumes

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

sy st ems

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

Ex ternal serv ic e prov ider

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ac t ion

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

programmes

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

managemen

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

model

ass ess m ent

ISO/IEC 2 0 0- 2:2 12(E)

ISO/IEC 2 0 0- 2:2 12(E)

JennyDugmore

Secon e itionpublsh din19 8

Ap lyin PDCAtoan es ablsh d SMS 3

A ppe dixF IT IL sup or f orPar 1 req ireme t 9

T hisg id hasbe n d v elo e togiv eu biase adv iceon th manag me tofserv ices tisinte d df or

etc

T hispublc tion is oh lpserv icemanag r w hoareresp nsibleformanagin th e d-to-e d lf e cycle

T hisb okhasbe n w rite w ith th inputan as is ance ofpeo leinv olv ed inth pra tic l aspect of

W hydo w e ne d this guide?

• user ofCOBITforanasesme tofth irserv icemanag me tc pabi tybase on Par 1 tosup or

Conte ts of this guide

Int roduct ion

ex ample:

onth lead r hipofan organiz tion Ton glectthisresp nsibi tyhasbe n show n tobea seriousmis ak ,

T heto -downap roa h re uire f orgov ernanceofITiscompatiblew ithth to -dow n ap roa h

T hesco eofth SMSw il beinf lu nce byth serelationships,asd scribe belowan in th Int od ction to

Int roduct ion

ISO/IEC 20 0 w it h ot her best practices

Oth rCOBITg idancethatisusef ulf orserv iceprov id r inclu es:

outcomes

– S r v iceDesig : e suresthatea h ITserv iceisw el d sig e tome tth cus omer’d sire busin s

T ble1 –Diferencesbet w ee ISO/IEC2 0 0a d IT IL

T heIT ILServ iceDesig an Serv iceTransition publc tionssup or Par 1,Clause5.

Int roduct ion

T hesere uireme t should cov er:

• serv iced v elo me t;

Ser v ice prov ider ’s requirements

chan es.T heIT ILServ iceState yprov id sadv iceon howthishap e san howa serv iceprov id rc n

W hat is an SMS?

T heIT ILC ntin alServ iceImprov eme t(CSI)publc tionusesth 7-sepimprov eme tproces thatis

T ble2–COBITa dIT ILimprov eme tap roach s

Changing t he serv ices

9;

Forex ample, th Par 1 re uireme t f orgov ernancec n onlybea hiev ed ifth serv iceprov id rhascontol

• serv icere u s manag me t.

• Usef ul satis icse abln beterd cision-makin

Int roduct ion

Manageme t direction and leadership

C nv erely, to manag me t’ thataresose iorthat h yhav eman oth rresp nsibi tiesareles

Intod cin v arietyintoth rolesofin iv id alsc nh lpmotiv ation, ev en if h rearesufficie tpeo leto

Int roduct ion

3

A ssesme t h lpse iormanag r tou d rtan areasofw eak es,riskan w hatc n bedon more

C mbinin th COBITas es me tlev elsan Par 1 procesesan re uireme t c nbeeff ectiv ef ora gap

Ifaserv iceprov id rdoesnothav eeasya ces toin usrynormscomparison c n s i beusef ulydon

T hecultureofth cus omer’sorganiz tion alsohasan inf lu nceon th result ofbe chmarkin orgap

Planning t he SMS

8

T hemanag me tteamn e toaskth mselv esth f olow in :

St r ate icper spect iv es

4 T amworkin , n iv id al compete cies,ski san be av iour.

th irperf ormance Serv iceprov id r maycho setoes ablsh perf ormancemeticsbase on th serv ice

A pply ing PDCA t o an establ shed SMS

Using automation

New or changed ser vices

Ser v ice management proces es

Resolution proces es

procesesinterf acew he docume tation isbein d v elo e retospectiv ely.Proces inte ration,re uire f or

Int roduct ion

A sd scribe in Chapter3,serv icere uireme t areth driv erf or h S Aconte t an s ructure T hetarg t

serv ices

serv ices

T heserv icesarenormalyinv isibletoth cusomerbutarees e tialcomp n nt ofth serv ice n Par 1

time

Scope

Serv icerep rsinclu e:

T heserv iceprov id rshould hav e,f orth irow n use,rep r sthath lpth mtomonitoran rep r

• Po rprese tation targ te atth w ron au ie ce.

Serv icecont inuity manageme t

ev entofa comp n ntf aiure.T helaterc n ofe bea hiev ed without h e d-userbein aw areofan

not

T he detai required

Budget ing

A ccounting

Capacit y management

Scope

Forex ample, fa retaierplanstoinsal self -serv icech ckout atlarg an smal sores, th inv es me tc se

Financialresourcesare th f un sbein av aiablewh nex pecte an re uire T hepre iction of

Scope

security;

General

w orkarou df orak ow n erorisp s ible,th incid ntd taisarepas e topro lemmanag me tf or

toinclu eresi e cetoc terf orthis.W hereresi e ceisinad q ate,th infasructurehastohan leth

Int roduct ion

Scope

Impleme tin BRM meansthatu d rtan in ofth cusomer’sre uireme t ,concernsan a tiv ities

Monitorin lev elsof atisa tion giv esearlyw arnin ofa gapd v elo in betw ee th serv ices

concerns

Conte t s ofa suppl er’scont act

Bas isforch rging

? Pos ible problems

Int roduct ion

types

? Benef its

T hecomplex itiesofa majorincid ntmeans hatitn e stobecont ole bya sin lemanag r,

Prompt esolutionofpro lemsisas is e byrefere cetosimiarincid nt an pro lems tisimp r ant o

ex ample:

Ser v ice request management /Request f ulf ilment

Int roduct ion

Scope

CI nf ormation isupdate w he :

Inf ormation ab utaCI nclu es:CI d ntity,d scription,type,purp se,v erion,size, oc tion,comp n nt,

Scope

resources

Mos serv icesan sysemsareh av ilyinterelate soa chan e mad in on par ofa serv icec nhav e

Useful nformation isprod ce bychan emanag me t,eith rv ia directa ces toth inf ormationbypeo le

Scope

T heproces isinte rate w ithchan e an conf ig rationmanag me ttoe sureth CMDB isupto

Secures orag areasarere uire f orsof tw arean hardware Remov alofre u dantprod ct ,serv icesan

? P s ible problems

Int roduct ion

? Be ef its

Pract ical suc es f act or s f or aut omat ion

T hetermsan d finitionsgiv en belowaremainlytak n f rom ISO/IEC2 0 0-1:2 1 ,Clause3.W here

CMDB

customer

eff ect iv en s

int ern lgroup

problem

proces ow ner

r isk

ser v ice

NOT E Aserv icecomp n ntca consis ofon ormoreconfig rationitems.

SL A

SMS

sup ler

A ppendix B A greements with the customer

P r 1 Cla se A gre me t

Def ining the SL A st ruct ure

– protection ofsecurityid ntities;

Itisnotusef ultoprod cea larg n mberof ep rs, ev en ifa lotofdata isa tualyav aiablef rom

• Cusomer ,ap lc tionsan e uipme tre uirin th mos sup or

Change management repor t s

Def ining and maintaining the s ope stat ement

Par 1 isnotnormalyap ro riatef orserv iceprov id r whodoonlya minorityof h serv ice

A ppendix F IT IL support for Part 1 requirements

IT ILproces P r 1 Cla se C mme t

IT ILproces P r 1 Cla se C mme t

serv ices

IT ILproces P r 1 Cla se C mme t

IT ILproces P r 1 Cla se C mme t

proces

Standards

proces ses

ISO/IEC2 0 0:2 0 , In ormation tech olo y—S curitytech iq es—In ormation securityma ageme t

w w w.sa a.org

ITS erviceManag ementforS mal ITTe ms

practices

The differences between the 2005 and the 2011 editions

The dif ferences between the 2005 and the 2011 editions

T e work d rin 2 0 – 2010 on updatin ISO/IEC 2 0 0-1 has in olv d man national s an ards b dies an

®1

1.1 What is ISO/IEC 20000?

1.2 The ISO/IEC 20000 series

2

T his b ok is inte d dto be use by read r w ho are alread f ami ar w ith th 2 0 e ition of ISO/IEC 2 0 0-1 as:

T e tables in Ap e dix C an A ppe dix D show th chan es mad usin th c te ories below More than

edition to the 2011 edition

2011 edition

T ble 1 – Activities for movin cer ifcation fr om th 2 0 e ition to th 2 1 e ition

Activity Refer ences

ISO/IEC 20000-1

A smal n mber of re uireme t hav be n d lete , but al e cept on hav be n supere e by oth r

2 0 e ition 2 1 e ition C mme tary

2 0 e ition 2 1 e ition C mme tary

T is fg re has be n chan e in th 2 1 e ition to show al eleme t of th s an ard T is now shows th

14 A Guide to the new ISO/EC 20 0 0 0 -1

Guidance o the ke chan es made to ISO/EC 20 0 0 0 -1

2 1 e ition (Se Chapter 4, 4.7 for fur h r d tais ab ut th re uire proces es an proce ures.) T is

3.1

2 0 e ition 2 1 e ition C mme tary

2.2

3.2

2.3

2 0 e ition 2 1 e ition C mme tary

2 0 e ition 2 1 e ition C mme tary

3.6

‘3.6.5

3.7

customer

2 0 e ition 2 1 e ition C mme tary

2.6

3.9

2 0 e ition 2 1 e ition C mme tary

2.7

3.1

2 0 e ition 2 1 e ition C mme tary

‘3.3.7

2 0 e ition 2 1 e ition C mme tary

2 0 e ition 2 1 e ition C mme tary

2 0 e ition 2 1 e ition C mme tary

2.9

recor d

‘3.7.6

r ecord

3.2

3.2

2 0 e ition 2 1 e ition C mme tary

3.2

risk

this

this

2 0 e ition 2 1 e ition C mme tary

3.2

2 0 e ition 2 1 e ition C mme tary

2 0 e ition 2 1 e ition C mme tary

3.3

2 0 e ition 2 1 e ition C mme tary

3.3

4.5 Changes to suppor the defnition of s ope

T ble 4 – Ch n es to a d Cla se 1.2, ‘Ap lcation’

2 0 e ition 2 1 e ition C mme tary

SMS

2 0 e ition – P r s 1 a d 2 2 1 e ition – P r 1 C mme tary

services

4.5.4 Clause 4.2, ‘Gov rnance of pr oces es operate by other par ies’

2 0 e ition 2 1 e ition C mme tary

T e 2 1 e ition now cov r th d sig an d v lo me t of n w or chan e services as wel as th plan in

T he n w or chan e re uireme t n e to be docume te The plans to me t th n w or chan e re uir eme t

2 0 e ition 2 1 e ition C mme tary

3.3

T ble 8 – Docume ts in th 2 0 a d 2 1 e itions

conformity

2 0 e ition 2 1 e ition C mme tary

releases

2 0 e ition 2 1 e ition C mme tary

services;