How To Understand The Differences Between The 2005 And 2011 Editions Of Itil 20000

Similar documents
Introduction to the ISO/IEC Series

This is a sample chapter from A Manager's Guide to Service Management. To read more and buy, visit BSI British

Understanding the New ISO Management System Requirements

ISO/IEC/IEEE The New International Software Testing Standards

ITIL V3 and ISO/IEC 20000

The Translation Service Provider s Guide to BS EN 15038

IT service management

ISO/IEC Part 1 the next edition. Lynda Cooper project editor for ISO20000 part 1

Foundation Bridge in IT Service Management (ITSM) according to ISO/IEC Specification Sheet. ISO/IEC Foundation Bridge TÜV SÜD Akademie

Frameworks for IT Management

Preparation Guide. EXIN IT Service Management Associate Bridge based on ISO/IEC 20000

Preparation Guide. EXIN IT Service Management Associate based on ISO/IEC 20000

ISO/IEC Part 1 the next edition

Status of the ISO Asset Management System Standard

SC7-ISO20000 Alignment issues Aligning ITIL to existing ISO JTC1- SC7 Software Engineering Standards

Information for Schools and Colleges. So you want to. Know more about the BS EN ISO 9000:2000 family of quality management system standards

This document is a preview generated by EVS

Name: Lynda Cooper Date: November 24th. Revising ISO/IEC to fit the future of service management

Metallic products Types of inspection documents

Preparation Guide. Side entry to the EXIN Expert in IT Service Management based on ISO/IEC 20000

Introduction: ISO and the ITIL - ISO Bridge

Australian Standard. Information technology Service management. Part 2: Guidance on the application of service management systems

Moving from BS to ISO The new international standard for business continuity management systems. Transition Guide

The value of accredited certification

Systems and software engineering Lifecycle profiles for Very Small Entities (VSEs) Part 5-6-2:

IFS ApplIcAtIonS For Document management

CHArTECH BOOkS MANAgEMENT SErIES INTrODuCINg ITSM AND ITIL A guide TO IT SErvICE MANAgEMENT

HKCS RESPONSE COMMONLY ACCEPTED AUDIT OR ASSESSMENT MECHANISM TO CERTIFY INFORMATION SECURITY STANDARDS

ISO/IEC 27001:2013 webinar

Preparation Guide. IT Service Management Foundation Bridge based on ISO/IEC 20000

EXIN Foundation in IT Service Management based on ISO/IEC 20000

EMBEDDING BCM IN THE ORGANIZATION S CULTURE

-Blue Print- The Quality Approach towards IT Service Management

Quality Management Standard BS EN ISO 9001:

Navigating ISO 9001:2015

ca IT Leaders Forum Working in the Cloud using the new ISO/IEC/ITU-T Cloud Computing Standards Dr David Ross, Chief Information Security Officer,

BCS Specialist Certificate in Change Management Syllabus

Sample Exam. IT Service Management Foundation based on ISO/IEC 20000

Preparing yourself for ISO/IEC

IRCA Briefing note ISO/IEC : 2011

ITIL V3 - The Future Is Here

ISO/TC 258, ISO Technical Committee for Project, Program, and Portfolio Management, convenes in Pretoria, South Africa

HL7 Mobile Health Standards Transforming Healthcare

EPCglobal RFID standards & regulations. Henri Barthel OECD Paris, 5 October 2005

ISO20000: What it is and how it relates to ITIL v3

International Organization for Standardization TC 215 Health Informatics. Audrey Dickerson, RN MS ISO/TC 215 Secretary

360 o View of. Global Immigration

ISO/IEC 90003:2004 covers all aspects

The ITIL Story. Pink Elephant. The contents of this document are protected by copyright and cannot be reproduced in any manner.

IAEA 2015 INTERNATIONAL CONFERENCE ON COMPUTER SECURITY IN A NUCLEAR WORLD

Thermo Scientific ClinQuan MD Software For In Vitro Diagnostic Use. Confidence in Results With Data Integrity

CMMI for SCAMPI SM Class A Appraisal Results 2011 End-Year Update

General requirements for bodies operating assessment and certificationlregistration of quality systems (ISOIIEC Guide 6ZA996)

Quick Guide: Meeting ISO Requirements for Asset Management

The ITIL Story White Paper

Introduction: ITIL Version 3 and the ITIL Process Map V3

iso20000templates.com

Image Lab Software for the GS-900 Densitometer

FINDING MEANINGFUL PERFORMANCE MEASURES FOR HIGHER EDUCATION A REPORT FOR EXECUTIVES

Software and IT Asset Management Standards: Benefits for Organizations and Individuals

AS/NZS 4801:2001. Occupational health and safety management systems. Specification with guidance for use. Australian/New Zealand Standard

PCI Policy Compliance Using Information Security Policies Made Easy. PCI Policy Compliance Information Shield Page 1

ISO/IEC 17021:2011 Conformity assessment Requirements for bodies providing audit and certification of management systems

CERTIFICATION REQUIREMENTS COMPETENCY-BASED OCCUPATIONAL HEALTH AND SAFETY MANAGEMENT SYSTEM (OHSMS) AUDITOR CERTIFICATION PROGRAM

Quality Management Present and Future

Emerging Trends and The Role of Standards in Future Health Systems. Nation-wide Healthcare Standards Adoption: Working Groups and Localization

Global AML Resource Map Over 2000 AML professionals

Agile Project Management White Paper

Workplace first aid kits

Project Management Salary Survey Ninth Edition Project Management Institute Newtown Square, Pennsylvania, USA

Outdoor furniture Seating and tables for camping, domestic and contract use

EDUCORE ISO Expert Training

Information Security ISO Standards. Feb 11, Glen Bruce Director, Enterprise Risk Security & Privacy

IT SERVICE MANAGEMENT. An Overview

How To Control A Record System

PA: a force for transformation in Defence

G Cloud III Framework Lot 4 (SCS) Project Management

Certification criteria for. Internal QMS Auditor Training Course

Tax Initiatives The Common Reporting Standard

EXIN IT Service Management Foundation based on ISO/IEC 20000

Preparation for ISO OH&S Management Systems

Information Security Standards by Dr. David Brewer Gamma Secure Systems Limited Diamond House, 149 Frimley Road Camberley, Surrey, GU15 2PS

Welding coordination Tasks and responsibilities

Australian/New Zealand Standard

Contents. viii. 4 Service Design processes 57. List of figures. List of tables. OGC s foreword. Chief Architect s foreword. Preface.

TOWARDS PUBLIC PROCUREMENT KEY PERFORMANCE INDICATORS. Paulo Magina Public Sector Integrity Division

Transcription:

A Guide to the new ISO/IEC 20000-1 The differences between the 2005 and the 2011 editions

A Guide to the new ISO/IEC 20000-1 The differences between the 2005 and the 2011 editions Lynda Cooper

First published in the UK in 2011 by BSI 389 Chiswick High Road London W4 4AL British Standards Institution 2011 All rights reserved. Except as permitted under the Copyright, Designs and Patents Act 1988, no part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means electronic, photocopying, recording or otherwise without prior permission in writing from the publisher. Whilst every care has been taken in developing and compiling this publication, BSI accepts no liability for any loss or damage caused, arising directly or indirectly in connection with reliance on its contents except to the extent that such liability may not be excluded in law. While every effort has been made to trace all copyright holders, anyone claiming copyright should get in touch with the BSI at the above address. BSI has no responsibility for the persistence or accuracy of URLs for external or third-party internet websites referred to in this book, and does not guarantee that any content on such websites is, or will remain, accurate or appropriate. Typeset in Frutiger by Monolith, www.monolith.uk.com Printed in Great Britain by Berforts Group, www.berforts.co.uk British Library Cataloguing in Publication Data A catalogue record for this book is available from the British Library ISBN 978-0-580-72850-1

Contents Acknowledgements vii 1. Introduction 1 1.1. What is ISO/IEC 20000? 1 1.2. The ISO/IEC 20000 series 2 1.3. The author 2 1.4. Audience and intended use 2 1.5. What changes are being compared in this book? 3 1.6. What is a key change? 3 2. Summary of the key changes made from the 2005 edition to the 2011 edition 5 3. How to move from the 2005 edition to the 2011 edition 6 3.1. Certification scheme changes 6 3.2. Qualification scheme changes 6 3.3. Moving certification from the 2005 edition to the 2011 edition 6 4. Guidance on the key changes made to ISO/IEC 20000-1 9 4.1. Introduction 9 4.2. Structural changes 10 4.3. Changes to figures 12 4.4. Changes to terms and definitions and use of English 15 4.5. Changes to support the definition of scope 31 4.6. Changes to the management of new or changed services 36 4.7. Changes to roles and documents 38 4.8. Changes made to align with other standards 44 Appendix A Relationships with best practice guidance 47 Appendix B Bibliography and further information 51 Appendix C Mapping and differences between the 2005 edition and the 2011 edition (2005 baseline) 53 (The tables in this appendix are given in full on the CD accompanying this book) Appendix D Mapping and differences between the 2011 edition and the 2005 edition (2011 baseline) 54 (The tables in this appendix are given in full on the CD accompanying this book) A Guide to the new ISO/IEC 20000-1 v

Acknowledgements The work during 2006 2010 on updating ISO/IEC 20000-1 has involved many national standards bodies and the International Standards committee as well as the BSI committee that originally produced the 2005 edition and BS 15000 before that. I would like to thank them for sharing their views and providing constructive criticism and suggestions in the development of the 2011 edition. It is not possible to acknowledge all those who have been involved but I would like in particular to thank those involved in the redrafting of the standard and the review of this book: Graham Cox for his work in reviewing this book and his exceptional skills in English grammar; Nick Fright for his work in reviewing this book and his knowledge of other standards; Shirley Lacy for her work in reviewing this book and her knowledge as an ITIL 1 author; Anita Myrberg (Sweden) for her work as co-editor of the standard and for bringing a calm, reasoned, knowledgeable approach to our work; Professor Pierre Thory (France) for his work as co-editor of the standard and bringing his management thinking to the standard; Peter Restell of BSI for guiding us all through the complexities of the BSI and ISO processes and directives; Jack Robertson-Worsfold for his additions to the book on operational issues, which are shown in boxes throughout the text; Dr Alastair Walker (South Africa) for his analysis tool from SPI Laboratory (Pty) Ltd, which helps to identify the differences in editions; All members of the BSI and ISO committees (you know who you are) for their parts in commenting on, resolving and supporting the production of the 2011 edition of Part 1. The standard is managed through working group 25 (WG25) of the SC7 subcommittee of ISO/IEC JTC1. The convenor of WG25 during the revision of Part 1 was Dr Jenny Dugmore. The project editor for Part 1 was Lynda Cooper (UK), with co-editors Anita Myrberg (Sweden) and Professor Pierre Thory (France). Many countries are represented on WG25 and have played an active part in the development of the 2011 edition. They include Australia, Canada, China, Cote d Ivoire, Czech Republic, Finland, France, Germany, India, Italy, Japan, Korea, Luxembourg, New Zealand, South Africa, Spain, UK and USA. Also, I would like to thank Dr Jenny Dugmore (UK) for her role as convenor for the BSI and ISO committees, which has steered the ISO/IEC 20000 series to what it is today. Finally, I would like to thank Julia Helmsley and Jenny Cranwell of BSI for their support during the production of this book. 1 ITIL is a registered trademark of the Office of Government Commerce in the United Kingdom and other countries. A Guide to the new ISO/IEC 20000-1 vii

1. Introduction 1.1. What is ISO/IEC 20000? ISO/IEC 20000-1:2011 is a service management system (SMS) standard. It specifies requirements for the service provider to plan, establish, implement, operate, monitor, review, maintain and improve an SMS. The requirements include the design, transition, delivery and improvement of services to fulfil agreed service requirements. The first edition of ISO/IEC 20000-1 was published in 2005. The title was Information technology Service management Part 1: Specification. The second edition of ISO/IEC 20000-1 was published in 2011 with a revised title. The title is Information technology Service management Part 1: Service management system requirements. This reflects the emphasis on the SMS and alignment with the title of ISO 9001. It also moves away from the term specification, which is reserved for use with software standards. The new edition has been developed with the involvement of the international community through its national standards organizations and the International Organization for Standardization (ISO). The 2011 edition should lead to improvements in IT efficiency and business productivity. The changes will impact organizations certified to this standard, or working towards certification, that use the standard in contracts, or that use the standard as guidance. It will also impact the auditors, trainers and consultants who use the standard for their customers. ISO/IEC 20000 is used internationally and by many organizations to guide their service management, many being certified to ISO/IEC 20000-1. A service management system also provides support for corporate governance, which is often reliant on information from IT services and the support of the processes in ISO/IEC 20000-1. There are many benefits from using ISO/IEC 20000-1. Certification to ISO/IEC 20000-1 by an accredited certification body shows that a service provider is committed to delivering value to customers and continual service improvement. ISO/IEC 20000-1 is driven by the continual improvement of processes and services, so a service provider will normally find that implementing the requirements in Part 1 gives an improved service that adds much greater value to the customer. In turn, this enables the customers and their businesses to be more effective. Whilst implementing best practice service management principles supplies obvious benefits, organizations sometimes find themselves not continuing on towards certification, citing the reason that it is unnecessary to prove beyond the customer experience that things are improving. This is a false premise. Whilst policies can direct vision and processes can supply a working structure, people may look for a route of least resistance to getting things done; indeed in certain cases expediency is often seen as a means of subjugating agreed policy by taking short cuts through processes. Whilst this can deliver short-term benefits, in the longer term it increases cost and risk and reduces operational effectiveness. With conformity comes reduced management overheads; managers are more proactive as they stop having to fight fires, and service management is more effective. A Guide to the new ISO/IEC 20000-1 1

Introduction 1.2. The ISO/IEC 20000 series ISO/IEC 20000 specifies the requirements for a series of standards. In 2005, the series consisted of Parts 1 and 2. The series has changed and grown as the standard has matured. The Parts of the ISO/IEC 20000 series are: Part 1: Service management system requirements. Part 1 specifies requirements to be fulfilled in the form of shall statements and can be the basis of a conformity assessment; Part 2: Code of practice (2005). Part 2 specifies recommendations to support the implementation of Part 1. Part 2 is currently being updated and will be published with a new title of Guidance on the application of service management systems. This revision of Part 2 will align with the 2011 edition of Part 1; Part 3: Guidance on scope definition and applicability of ISO/IEC 20000-1 (Technical Report). Part 3 is a guidance document covering two specific areas that are complex for ISO/IEC 20000. This document can support those who wish to demonstrate conformity to Part 1; Part 4: Process reference model (Technical Report). Part 4 is a process reference model that will support the development of the process assessment model that will be published as ISO/IEC 15504-8; Part 5: Exemplar implementation plan for ISO/IEC 20000-1 (Technical Report). Part 5 is a guidance document to support organizations that are implementing ISO/IEC 20000-1 for the first time or that are improving their existing service management system; Part 10: Concepts and terminology. Part 10 is not yet published. It will be a document to pull together the concepts and terminology used in the ISO/IEC 20000 series. The next edition of Part 1 will not need to include terms and definitions as these will be in Part 10. Parts 6 to 9 are under consideration, subject to research on what is required by the service management industry. Proposals include mapping the requirements in Part 1 to best practice advice in the Information Technology Infrastructure Library (ITIL), and, if this is agreed, other standards, methods and frameworks, such as COBIT (Control Objectives for IT). A new related standard is being developed but is not yet published: ISO/IEC TR 90006: Guideline on the application of ISO 9001 to IT service management. This new standard will be based on the 2011 edition of ISO/IEC 20000-1. A further new related standard is being developed but is not yet published: ISO/IEC 27013: Guidelines on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1. The new standard will be based on the 2011 edition of ISO/IEC 20000-1. 1.3. The author This book is written by Lynda Cooper, the project editor of ISO/IEC 20000-1 who represents the UK on the ISO/IEC committee responsible for the ISO/IEC 20000 series. Lynda also sits on the BSI committee that first developed BS 15000, which was fast-tracked to become ISO/IEC 20000-1 in 2005. She has worked on comment resolution with BSI and ISO committees throughout the five years it has taken to draft the 2011 edition and knows every change and the reason for it. Lynda is an independent consultant and trainer who is one of the first people in the world to be qualified to ITIL Master level 2. She has supported many organizations to implement service management and to achieve ISO/IEC 20000 certification. 1.4. Audience and intended use This publication is for the many organizations that have used the 2005 edition of ISO/IEC 20000-1 as the basis for service delivery. It is also intended for people involved in the preparation for certification, audits, self-assessments and training. It will also be very useful for trainers, consultants and managers responsible for continual service improvement, procurement and supplier management. Certification bodies will find the book useful for changing their audit practice documentation. The target audience also includes those who use ISO/IEC 20000-1 with other standards, such as ISO 9001 and ISO/IEC 27001. For this audience, there is information about how the standard relates to these other standards. The user community includes those who use best practices to support the implementation of ISO/IEC 20000-1, including ITIL. The book includes information about how ITIL can help them to achieve the requirements of the standard, in Appendix A. 2 ITIL is a registered trademark of the Office of Government Commerce in the United Kingdom and other countries. 2 A Guide to the new ISO/IEC 20000-1

Introduction This book is intended to be used by readers who are already familiar with the 2005 edition of ISO/IEC 20000-1 as: a reference book for those who want to see the differences, and understand the reasoning behind the changes made, between the two editions of the standard without having to work these out in detail by looking at the standards themselves; guidance for those organizations wishing to move from certification to the 2005 edition to that of the 2011 edition as soon as possible, providing information to help them to make the transition simply and smoothly; an overview for those who want a broad view of the differences between the two editions of the standard; a guide for auditors who need to know the changes to requirements and how this will impact the evidence that is needed during the audit process; an individual purchase for trainers and consultants; an institutional purchase for companies that use the standard. 1.5. What changes are being compared in this book? This book primarily compares the 2005 edition to the 2011 edition of ISO/IEC 20000-1. Chapter 2 summarizes the key changes that have been made from the 2005 to the 2011 editions. Chapter 3 describes how to make the transition to the second edition, with reference to the relevant clauses in ISO/IEC 20000-1. Chapter 4 provides in-depth guidance on the key changes made. The book uses the 2005 edition as the reference point. The exception is Appendix D, which uses the 2011 edition as the reference point by providing a mapping of the 2011 edition to the 2005 edition. Some readers will only need to read Chapters 2, 3 and 4 to gain a broad understanding of the differences between the two editions. Those who require a mapping and detailed knowledge of the differences will also need to read Appendix C (if the 2005 edition is the baseline of the reader) or Appendix D (if the 2011 edition is the baseline of the reader). The details provided in Appendix C and Appendix D comprise the same information but from a different baseline. For ease of use, Appendix C and Appendix D are available on the CD provided. The introduction of the 2011 edition states ISO/IEC 20000 is intentionally independent of specific guidance. The service provider can use a combination of generally accepted guidance and its own experience. There are different guidance frameworks available for service management. A service provider may also use their own methods and techniques to support the implementation of ISO/IEC 20000-1. Appendix A gives information about the relationship of the standard with best practice guidance. As an example, it gives a high-level mapping of the 2011 edition of ISO/IEC 20000-1 and the 2011 edition of ITIL. Text from standards or other frameworks is presented in quotes. 1.6. What is a key change? The key question for those using the 2005 edition of the standard and either considering moving to the 2011 version, or indeed looking at the implications of moving, will be: what does it mean to me from an operational service delivery perspective?. Expert commentary has been added throughout the book to suggest the potential impact of changes on people, policy, process and technology. For example, consider: the current structures your organization works with; the various rules put in place by policy; the operational activities dictated by processes; and of course, the constraints and opportunities afforded by technology. Any change to the standards by which these components have been implemented could have an impact on one or more of the components. In reviewing the changes, a number of considerations are important: impact on the status quo (or current operability of the services); cost of making the changes versus the cost of not making them; risk of not making the changes and the impact upon the ability to maintain adherence to the standard; the cultural and operational impact upon the organization. A Guide to the new ISO/IEC 20000-1 3

Introduction The tables in Appendix C and Appendix D show the changes made using the categories below. More than one category can apply to a change, e.g. a new or deleted requirement is also shown as a minor, medium or major change. no change text is the same in both the 2005 and 2011 editions; deleted requirement or other text 2005 edition text is not in the 2011 edition; new requirement or other text text is in the 2011 edition that was not in the 2005 edition; editorial change text has changed for editorial reasons such as improved English or change of terms; the requirement or intent of the statement has not changed; minor change change to a requirement that is unlikely to affect an organization s ability to achieve certification or a change to text that is not a requirement but is more than an editorial change; medium change change to a requirement that may affect an organization s ability to achieve certification or a change that needs to be assessed for impact on the existing SMS; major change fundamental change to a requirement that will have a major impact on an organization s ability to achieve certification. 4 A Guide to the new ISO/IEC 20000-1

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information