IEC20000服务管理体系应用指南中文版

SecondeditionPart2:服务管理体系应用指南ReferencenumberISO/IEC20000-2:2012(E)©ISO/IEC©ISO/IEC©ISO/IEC2012-Allrights范围 总则 应用 引用标准Normative 术语和定义Termsand 管理职责Management 管理承诺Management 服务管理方针Servicemanagement 职责、权限和沟通Authority,responsibilityand 管理者代表Management 其他相关方的流程治理Governanceofprocessesoperatedbyother 其他相关方流程治理指引Guidanceonprocessesoperatedbyother 其他相关方OTHER 职责和权限的示例Demonstrationofaccountabilityand 流程绩效和合规性Processperformanceand 确定流程的绩效和合规性Determiningprocessperformanceand 对流程改进的规划和优先级实施控制Controllingtheplanningandprioritizationofprocess 文件管理Documentation 建立和维护文件Establishandmaintain 文件控制Controlof 记录控制Controlof 资源管理Resource 资源的提供Provisionof 人力资源Human 建立和改进SMSEstablishandimprovethe 定义范围DEFINE SMS的计划PLANTHESMS SMS的实施和运维Implementandoperatethe SMS的监视和评审Monitorandreviewthe SMS的维护与改进MAINTAINANDIMPROVETHESMS 前言合技术委员会委员，ISO/IECJTC1。ISO20000-2由ISO/IECJTC1/SC7信息技术与ISO9001标准和ISO27001ISO/IEC20000标准由下列名为“信息技术-第1第2

ISO(theInternationalOrganizationforStandardization)andIEC(theInternationalElectrotechnicalCommission)formthespecializedsystemforworldwidestandardization.NationalbodiesthataremembersofISOorIECparticipateinthedevelopmentofInternationalStandardsthroughtechnicalcommitteesestablishedbytherespectiveorganizationtodealwithparticularfieldsoftechnicalactivity.ISOandIECtechnicalcommitteescollaborateinfieldsofmutualinterest.Otherinternationalorganizations,governmentalandnon-governmental,inliaisonwithISOandIEC,alsotakepartinthework.Inthefieldofinformationtechnology,ISOandIEChaveestablishedajointtechnicalcommittee,ISO/IECJTC1.InternationalStandardsaredraftedinaccordancewiththerulesgivenintheISO/IECDirectives,Part2.ThemaintaskofthejointtechnicalcommitteeistoprepareInternationalStandards.DraftInternationalStandardsadoptedbythejointtechnicalcommitteearecirculatedtonationalbodiesforvoting.PublicationasanInternationalStandardrequiresapprovalbyatleast75%ofthenationalbodiescastingavote.Attentionisdrawntothepossibilitythatsomeoftheelementsofthisdocumentmaybethesubjectofpatentrights.ISOandIECshallnotbeheldresponsibleforidentifyinganyorallsuchpatentrights.ISO/IEC20000-2waspreparedbyJointTechnicalCommitteeISO/IECJTC1,Informationtechnology,SubcommitteeSC7,Softwareandsystemsengineering.Thissecondeditioncancelsandreplacesthefirstedition(ISO/IEC20000-1:2005),whichhasbeentechnicallyrevised.Themaindifferencesareasfollows:closeralignmenttoISO9001andISO/IECchangeofterminologytoreflectinternationalnewguidanceongovernanceofprocessesoperatedbyotherparties;moreguidanceondefiningthescopeofthemoreguidanceoncontinualimprovementoftheSMSandservices;moreguidanceonthedesignandtransitionofneworchangedservices.ISO/IEC20000consistsofthefollowingparts,underthegeneraltitleInformationtechnology—Servicemanagement:——Part1:Servicemanagementsystem——Part2:Guidanceontheapplicationofservicemanagementsystems——Part3:GuidanceonscopedefinitionandapplicabilityofISO/IEC20000-1[TechnicalReport]——Part4:Processreferencemodel[Technical——Part5:ExemplarimplementationplanforISO/IEC20000-1[TechnicalReport]©ISO/IEC©ISO/IEC2012-Allrights介绍ISO/IEC20000-1并非旨在包括所有必要合同义务。符合ISO/IEC20000-1本身并

ThispartofISO/IEC20000providesguidanceontheapplicationofservicemanagementsystems(SMS)basedonISO/IEC20000-1.ThispartofISO/IEC20000doesnotaddanyrequirementstothosestatedinISO/IEC20000-1anddoesnotstateexplicitlyhowevidencecanbeprovidedtoanassessororauditor.TheintentofthispartofISO/IEC20000istoenableorganizationsandindividualstointerpretISO/IEC20000-1moreaccurately,andthereforeuseitmoreeffectively.AnSMSisdefinedinISO/IEC20000-1asamanagementsystemtodirect,monitorandcontroltheservicemanagementactivitiesoftheserviceprovider.TheSMSshouldincludewhatisrequiredfortheplanning,design,transition,deliveryandimprovementofservices.Ataminimumthisincludesservicemanagementpolicies,objectives,plans,processes,processinterfaces,documentationandresources.TheSMSencompassesalltheprocessesasanover-archingmanagementsystem,withtheservicemanagementprocessesaspartoftheCoordinatedintegrationandimplementationofanSMSprovidesongoingcontrol,greatereffectiveness,efficiencyandopportunitiesforcontinualimprovement.Itenablesanorganizationtoworkeffectivelywithasharedvision.TheoperationofprocessesasspecifiedinClauses5to9requirespersonneltobewellorganizedandcoordinated.Appropriatetoolsmaybeusedtoenabletheservicemanagementprocessestobeeffectiveandefficient.ThemosteffectualorganizationsconsidertheimpactoftheSMSthroughallstagesoftheservicelifecycle,fromplanninganddesigntotransitionandoperation,includingcontinualimprovement.ThispartofISO/IEC20000providesexamplesandsuggestionstoenableorganizationstointerpretandapplyISO/IEC20000-1,includingreferencestootherpartsofISO/IEC20000andotherrelevantstandards.UsersofInternationalStandardsareresponsiblefortheircorrectapplication.ItisimportantfororganizationsandindividualsusingISO/IEC20000tounderstandthepointslistedbelow.ISO/IEC20000-1doesnotpurporttoincludeallnecessarystatutoryandregulatoryrequirements,orallcontractualobligationsoftheserviceprovider.ConformitytoISO/IEC20000-1doesnotofitselfconferimmunityfromstatutoryobligations.ISO/IEC20000-1isapplicabletointernalandexternal,largeandsmall,andcommercialandnoncommercialserviceproviders.ISO/IEC20000-1promotestheadoptionofanintegratedprocessapproachwhenplanning,establishing,Implementing,operating,monitoring,measuring,reviewing,maintainingandimprovinganSMSforthedesign,transition,improvementand0（PDCA方法论应用于SMS和服务。PDCA的方法，如图1所示，可以简单描述为：

deliveryofservicesthatfulfillserviceISO/IEC20000promotestheapplicationofthemethodologyknownas“Plan-Do-Check-Act”(PDCA)totheSMSandtheservices.ThePDCAmethodology,showninFigure1,canbebrieflydescribedasfollows:Plan:establishing,documentingandagreeingtheSMSincludingthepolicies,objectives,plansandprocessesnecessarytodesignanddeliverservicesinaccordancewithbusinessneeds,customerrequirementsandtheserviceprovider'spolicies.Do:implementingandoperatingtheSMSforthedesign,transition,deliveryandimprovementoftheservices.Check:monitoring,measuringandreviewingtheSMSandtheservicesagainsttheplans,policies,objectives,andrequirementsandreportingtheresults.Act:takingactionstocontinuallyimproveperformanceoftheSMS.Thisincludestheservicemanagementprocessesandtheservices.WhenusedwithinanSMS,thefollowingarethemostimportantaspectsofanintegratedprocessapproachandthePDCAmethodology:understandingandfulfillingtheservicerequirementstoachievecustomersatisfaction;establishingthepolicyandobjectivesforservicedesigninganddeliveringservicesbasedontheSMSthataddvalueforthecustomer;monitoring,measuringandreviewingperformanceoftheSMSandtheservices;continuallyimprovingtheSMSandtheservicesbasedonobjectivemeasurements.Whereothermanagementsystemsarepresent,theimplementationofanSMS,withtheadoptionofaprocessapproachandthePDCAmethodology,enablestheserviceprovidertoalignorfullyintegratetheorganization’smanagementsystems.Forexample,itispossibletointegrateISO/IEC20000withaqualitymanagementsystembaseduponISO9001and/oraninformationsecuritymanagementsystembaseduponISO/IEC27001.Anintegratedmanagementsystemapproachincreasesefficiency,establishesclearaccountabilityandtraceabilityandenhancesorganizationalplanning,communicationandcontrol.

1-应用到服务管理的PDCA供者的SMS是否满足ISO/IEC20000-1要ISOIEC20000标准本

Figure1—PDCAmethodologyappliedtoserviceAsstatedinISO/IEC20000-“ISO/IEC20000canbeusedanorganizationseekingservicesfromserviceprovidersandrequiringassurancethattheirservicerequirementswillbefulfilled;anorganizationthatrequiresaconsistentapproachbyalltheirserviceproviders,includingthoseinasupplytheserviceproviderthatintendstodemonstrateitscapabilityforthedesign,transition,deliveryandimprovementofservicesthatfulfillservicerequirements;aserviceprovidertomonitor,measureandreviewitsservicemanagementprocessesandservices;aserviceprovidertoimprovethedesign,transition,deliveryandimprovementofservicesthroughtheeffectiveimplementationandoperationoftheSMS;anassessorasthecriteriaforaconformityassessmentofaserviceprovider’sSMStotherequirementsinThispartofISO/IEC20000canbeusedbyanorganizationlookingforguidanceonhowtoimproveservicemanagement,whetherornotitisinterestedinseekingcertification.信息技术—Part2:©ISO/IEC©ISO/IEC2012-Allrights1范围11.1总则1.1图2展示的流程是：中央框里是条款6-9的流程。围绕条款6-9的流程是条款5设计与转换新的服于条款5的新的服务或变更的服务时，所有服务SMS如何实施以符合ISOIEC20000-1的要求。ThispartofISO/IEC20000providesguidanceontheapplicationofanSMSbasedonISO/IEC20000-1.ThispartofISO/IEC20000providesexamplesandsuggestionstoenableorganizationstointerpretandapplyISO/IEC20000-1,includingreferencestootherpartsofISO/IEC20000andotherrelevantstandards.ThispartofISO/IEC20000isindependentofspecificbestpracticeframeworksandtheserviceprovidercanapplyacombinationofgenerallyacceptedguidanceandtheirowntechniques.Figure2showstheprocessesfromClauses6to9inthecentralbox.TheClause5designandtransitionofneworchangedservicesprocesssurroundstheClause6to9processes.Thisshowsthattheneworchangedservicesareoperatedbytheprocessesinthecentralbox.WhentherearenoneworchangedservicestowhichClause5applies,allservicescanbedelivereddirectlybyClauses6to9.TheinterfacesbetweentheservicemanagementprocessesandtherelationshipsbetweendifferentcomponentsoftheSMSmaybeimplementeddifferentlybydifferentserviceproviders.ThenatureoftherelationshipbetweentheserviceproviderandthecustomercanalsoinfluencehowtheSMSisimplementedtofulfilltherequirementsofISO/IEC20000-1.ForthesereasonstheinterfacesbetweenprocessesarenotrepresentedinFigure方履行ISO/IEC20000-1:2011标准条款4的要TheserviceproviderisaccountablefortheSMSandthereforecannotaskanotherpartytofulfilltherequirementsofClause4ofISO/IEC20000-1:2011.Forexample,theserviceprovidercannotaskanotherpartytoprovidethetopmanagementanddemonstratetopmanagementcommitmentortodemonstratethegovernanceofprocessesoperatedbyotherparties.由另一方执行。例如，服务提供者可以请其他各SomeactivitiesinClause4maybeperformedbyanotherpartyunderthemanagementoftheserviceprovider.Forexample,serviceproviderscanengageotherpartiestoconductinternalauditsontheirbehalf.Anotherexampleiswhereaserviceproviderasksanotherpartytocreatetheinitialservicemanagementplan.Theplan,oncecreatedandagreed,isthedirectresponsibilityofandismaintainedbytheserviceprovider.Intheseexamples,theserviceproviderisusingotherpartiesforspecificshort-termactivities.Theserviceproviderhasaccountability,authoritiesandresponsibilitiesfortheSMS.TheserviceprovidercanthereforedemonstrateevidenceoffulfillingalloftherequirementsofClause4ofISO/IEC20000-赖于其他各方执行条款5-9提供者是不太可能能够证明其对流程的管控。然而，如果只有少数流程由其他各方执行，服务提供者是可以正常履行ISO/IEC20000-1规定的要求。Theserviceprovidercanshowevidenceoffulfillingallrequirementsdirectlyorcanshowevidenceoffulfillingmostoftherequirementsdirectlyaswellasthegovernanceofprocessesoperatedbyotherparties.IftheserviceproviderreliesonotherpartiesforoperationofthemajorityoftheprocessesinClauses5to9,theserviceproviderisunlikelytobeabletodemonstrategovernanceoftheprocesses.However,ifotherpartiesoperateonlyaminorityoftheprocesses,theserviceprovidercannormallyfulfilltherequirementsspecifiedininISO/IEC20000-Thedefined,agreedanddocumentedaccountability,authoritiesandresponsibilitiesfortheSMSarereadilyaccessibletoboththeserviceproviderandotherrelevantparties.TofulfilltherequirementsofISO/IEC20000-1theserviceprovidercanagreechangestothetermsofexistingcontractsorotherdocumentedISO/IEC20000excludesthespecificationof,orspecificguidanceabout,anyproductortool.However,organizationscanusethispartofISO/IEC20000tohelpthemuseordevelopproductsortoolsthatsupportoperationoftheSMS.ISO/IEC20000不包括任何产品或工具的规范或Figure2–Servicemanagement图2—服务管理体系2引用标准Normative（包括其任何修订）ISO/IEC20000-1，信息技术—服务管理—第2NormativeThefollowingdocumentsareindispensablefortheapplicationofthisdocument.Fordatedreferences,onlytheeditioncitedapplies.Forundatedreferences,thelatesteditionofthereferenceddocument(includinganyamendments)applies.ISO/IEC20000-1,Informationtechnology—Servicemanagement—Part1:Servicemanagementsystem3术语和定义Termsand3TermsandForthepurposesofthisdocument,thetermsanddefinitionsgiveninISO/IEC20000-1apply.服务管理体系总要求Servicemanagementsystemgeneralrequirements管理职责Management管理承诺Management最高管理层职责Topmanagement最高管理层应该意识到全面满足ISO/IEC20000-证明其管理承诺被贯穿于服务管理体系MS的各个阶段，从服务管理体系的规划和建立开始，继而贯穿服务管理体系的执行、最高管理层承诺的证据EvidenceoftopmanagementcommitmentServicemanagementsystemgeneralManagementManagementTopmanagementTopmanagementshouldbethemanagementwhodirect,monitorandcontroltheserviceprovideratthehighestTopmanagementshouldbeawarethatfulfillingtherequirementsofISO/IEC20000-1includes:demonstratingtheircommitmenttobeinvolvedatallstagesoftheSMS,startingwiththeplanningandestablishmentoftheSMSandcontinuingthroughtheoperation,monitoring,measurement,review,maintenanceandcontinualimprovementofthedemonstratingtheiraccountabilitiesandresponsibilitiesfortheSMS;ensuringthattheservicerequirements,scopeoftheSMS,servicemanagementpolicyandobjectivesareunderstoodandacknowledgedbyallinterestedpartiesoftheSMS;ensuringthattheservicemanagementplaniscreated,implemented,maintainedandalignedwithbusinessensuringtheprovisionofadequateresourcestofulfilltheservicemanagementobjectivesandtoadheretotheservicemanagementpolicy;ensuringthattheperformanceoftheSMSisreportedtothetopmanagementlevel;achievingtheobjectivesofservicemanagement,includingwhenthesevaryduetochangingbusinessneedsorservicerequirements;ensuringthatriskstoservicesareminimised,e.g.byassessingrisksassociatedwithchangesandtakingTopmanagementshouldalsoensurethatallservicelifecylestagesaredeliveredtotheagreedlevels,asdefinedintheservicerequirements.Theservicelifecycleincludesplanning,implementation,operation,monitoring,measurement,review,maintenanceandcontinualimprovement.Theservicelifecyclealsoincludestransferoftheservicetoacustomeroradifferentpartyoreventualremovaloftheservice.TopmanagementshouldbeawarethattheyareaccountableforensuringthattheSMSandtheservicesdeliveredbytheSMSareassessedandreviewed.Assessmentsshouldincludetheserviceprovider’sownreviewsandinternalaudits,aswellasexternalaudits.FurtherinformationaboutmanagementreviewscanbefoundinClause4.5ofthispartofISO/IEC2000.2EvidenceoftopmanagementWithoutmanagementcommitment,itispossiblethatmanagementdecisionscanbemadethatconflictwithrequirementsforaneffectiveSMS.Examplescaninclude©ISO/IEC©ISO/IEC2012-Allrights最高管理层沟通Topmanagement

reallocationofresourcestootherprojects,lackofcommunicationabouttheSMSandunresolvedconflictsinprocessdesign.Thereshouldbeevidenceofmanagementcommitmentandaccountabilityavailableforreviewbyanassessor.Topmanagementshouldbeabletoprovideevidencebasedonrecordsoftheirinvolvementin:regularmeetingsabouttheSMS,e.g.chairingplanningmeetingssothattheSMSremainsalignedwithbusinessneedsandneworchangedservicerequirements;ensuringtheSMSincludesadefinitionofthescope,theservicemanagementpolicy,servicemanagementobjectivesandtheservicemanagementplan;approvaloftheservicemanagementpolicy,servicemanagementobjectivesandoftheservicemanagementapprovalofprocessesandproceduresconsistentwith,andsupportiveof,theSMSpolicies.Topmanagementapprovaloftheservicemanagementplanisimportantbecausetheplancanhaveimplicationsforcommitmentstothecustomer,planningactivitiesforsuppliersandtheallocationofresourcesforimprovementsandotherchanges.Thealignmentbetweenpolicies,processesandproceduresenablestopmanagementdirectiontobecascadedtoallserviceproviderpersonnel.Thisshouldalignmanagementdecisionswiththewaytheserviceprovider'spersonneloperateonadaytodaybasis.TopmanagementTopmanagementshouldbeactivelyinvolvedinanongoingprogrammeofcommunications.CommunicationsshouldbedirectedbyapprovedcommunicationsproceduresasdescribedinClause.TopmanagementshouldbeactivelyinvolvedinanongoingprogrammeofcommunicationstoexplainhowtheestablishedSMSisalignedwithbusinessobjectivesandcustomerexpectations.ThisisimportanttothesuccessoftheSMSbecausepersonnelwhounderstandthepurposeandimportanceoftheSMSarelesslikelytoresistchangesduetofearorlackofknowledge.TopmanagementcommunicationsabouttheSMScanbeanopportunityfortheserviceprovidertomotivatetheirownorganization.Additionally,anappreciationoftheimportanceoftheSMSbybothmanagementandpersonnel,shouldreducetheriskorlikelihoodthatdecisionswillbemadeorsolutionsdeliveredthatareincontradictionwiththeSMS.Theprogrammeofcommunicationsshouldexplaintheorganizationalchanges,policies,standards,visionandmissionaswellasbusinesstargets;businessneeds,e.g.therelationshipbetweentheSMSandtheservicesdelivered,aswellashowthesesupportthedefinedorganizationalgoalsandobjectives;howtheestablishedSMSisalignedwithbusinessobjectivesandcustomerexpectations;howtheservicemanagementpolicy,servicemanagementobjectivesandservicemanagementplan服务管理目标Servicemanagement

supportfulfillmentofservicecustomerrequirements,e.g.servicetargets,predictedcapacitybaseduponpredicteddemand,informationsecurityandservicecontinuitytosupportbusinessstatutoryrequirements,suchasworkinghours,healthandsafetyanddataprotection,whichvarybycountry;regulatoryrequirements,e.g.thatrecordsarekeptforaspecificperiodoftime;contractualrequirements,e.g.arequirementtosignanon-disclosureagreementbeforehavingaccesstotheserviceprovider'sinformation;documentedagreementswiththeregularanalysisofdatagatheredthroughmeasurementoftheSMSandcomponents,e.g.processmeasurements.Additionally,communicationscanbeanopportunityfortheserviceprovidertomotivatetheirownorganization.AprogrammeofcommunicationsisimportanttothesuccessoftheSMSbecausepersonnelwhounderstandthepurposeandimportanceoftheSMSarelesslikelytoresistchangesduetofearorlackofknowledge.CommunicationsshouldgenerateanappreciationoftheimportanceoftheSMSbybothmanagementandpersonnelandreducetheriskorlikelihoodthatdecisionswillbemadeorsolutionsdeliveredthatareincontradictionwiththeSMS.TheoutcomeofthesecommunicationsactivitiesshouldbethatpeopleunderstandtheirroleinservicemanagementandhowtheycontributetofulfillingtheservicerequirementsandmeetingtheservicemanagementServicemanagementTopmanagementshoulddefinetheagreedobjectivesforservicemanagement.ObjectivesshouldbealignedwiththebusinessobjectivesandwiththeservicemanagementForexample,genericservicemanagementobjectivescanincludethefollowing:enableincreasedbusinessagilitythroughfasterdeliveryofneworchangedservices;reduceunplannednon-availabilityforbusinesscriticaloptimizethecostoftheservicesdeliveredthroughoperationalefficiency;increasequalityofserviceswhilereducingActualservicemanagementobjectivesshouldbedefinedsothatachievementsagainsttheobjectivescanbeaccuratelymeasured.Measurementshouldalsoenableopportunitiesforimprovementtobeprioritized.Objectivesshouldbeakeyinputintotheservicemanagementplan.TheplanshouldidentifyactionsforachievementoftheobjectivesandalignmentwithothercomponentsoftheSMS.Servicemanagementobjectivesshouldbereviewedatregularintervalstoenabletopmanagementtodecidehow服务管理计划Servicemanagement

andwhentheyshouldbeTheserviceprovidershouldensurethattheeffectivenessofeachcomponentoftheSMSismeasuredtoassesstheeffectivenessofsupportfortheservicemanagementobjectives.Forexample,measurementoftheeffectivenessofthesupportoftheobjectivesbyaspecificprocess.ThemeasurementsshouldalsodemonstratevalueoftheSMSinsupportingthebusinessobjectives.Theserviceprovidercanfinditusefultomeasurethecontributionsofindividualstowardsachievementoftheobjectives.ThiswillfacilitatepersonnelsupportingtheSMStoworkinanintegratedwaytowardthesamegoals.ServicemanagementTheservicemanagementplanshouldfacilitatethecoordinationofallSMSinitiativestoensuretheachievementoftheservicemanagementobjectives.Theplanandpoliciesshouldalsobealigned.Theplancanbeapowerfulmechanismforenablingendtoendvisibilityandcontrol.Itshouldalsopreventincompatibleinitiativesfrombeingapprovedorimplemented.TheplanshouldenabletheutilizationofresourcesandcapabilitiestobeasefficientandeffectiveasTheplanshouldbecommunicatedtoallinterestedparties.Thisshouldensureacommonunderstandingofthescopeofinitiatives,thetasks,timeframesandallocatedresponsibilities.AllocatedresponsibilitiesshouldbeincludedintheperformancemeasurementsofeveryoneinvolvedintheSMS,includingthoseinvolvedininitiativesoftheservicemanagementplan.TheplanshouldnotbeconsideredtobecompletedwhentheSMSisimplemented.Itshouldexistindefinitelybybeingamendedtoaccommodatethechangingbusinessneeds,customerrequirementsorprioritiesoftheserviceTheservicemanagementplancanconsistofonesingleplanoraprogrammeofcoordinatedchangesmanagedcentrallywithsomechangesimplementedlocally.Theserviceprovidershouldalwaysbeawareoftheneedtokeepallchangesimplementedlocallyundertheoverallmanagementoftheservicemanagementplan.Forexample,animprovementtoaprocessmaybeperformedlocally,underthelocalcontrolprocessowner,butitisincludedinthecentrallymanagedoverallprogramme.Plansforaspecificpurpose,e.g.fortheservicecontinuityandavailabilitymanagementprocess,maybereferencedfromtheoverallservicemanagementplanratherthanincludedwithinit.Thespecialistplansandtheiralignmentwiththeoverallplanshouldbereviewedatafrequencythatissuitablefortherateofchange.ThisshouldbeatleastAnychangesresultingfromreviewsorchangestoservicerequirementsorindividualplansshouldbedocumentedintheoverallservicemanagementplan.Forexample,officehourschangingtofull24houroperation,replacementtechnologyorchangestoskills.Thecontentsoftheservicemanagementplanshouldan支持服务管理计划的资源Resourcestosupporttheservicemanagementplan服务要求的内容Contentsoftheservice

adescriptionoftheorganizationalfunctionsoftheserviceprovider;prioritiesofexpectedoutcomesalignedtobusinessperformanceserviceprojecttasksandbenefitsrealizationachievedastheresultofpreviouslyimplementedimprovements;timeframesandpersonsresponsibleforcarryingouttheinitiativesoftheplan;risksandriskmitigationRiskstotheservicemanagementplanshouldbeidentified,assessedandmanagedbothinitiallyandaspartofthePDCAmethodology.Theriskassessmentshouldcovertheinputs,outputs,activitiesandtheresponsibilityandaccountabilityformitigationofrisks.Theplanshouldalsobedesignedtoensuretheagreedobjectivesandservicerequirementswillbeachieved.ResourcestosupporttheservicemanagementTheresourcesnecessarytoachievetheservicemanagementobjectivesshouldbedocumentedintheservicemanagementplan.Thefollowingshouldbeconsidered:humanresourcingshouldtakeintoaccounttheskillsandexperienceoftheindividualsandnotjustbebasedsolelyonthenumberofpeople;technicalresources,e.g.infrastructureandcapacitytoachievetherequiredperformance;toolstosupporttheprocessesintheofficeaccommodation,otherfacilitiesandfacilitiesforservicecontinuity;dataandinformation,e.g.detailsofcustomerrequirements,thecustomer’sbusinessplans,theserviceprovider’sbusinessneeds,servicemanagementpolicies,performancemeasurementsandotherreports;financialresources,budgetedatalevelofdetailsuitabletomanagetheplanning,implementation,operationandimprovementoftheSMS;quantityandavailabilityofthepersonneloftheserviceprovider,andtheirhoursworked;processes,proceduresandtimescalesfortheintroduction,retentionandsuccessionplanningofsuitablyskilledpersonnel.ContentsoftheserviceClause3.34ofISO/IEC20000-1includestheneedsofthebusiness,thecustomerandtheusersoftheserviceandneedsoftheserviceproviderinthedefinitionofservicerequirements.Topmanagementshouldberesponsibleforensuringthattheservicesdeliveredfulfilltheagreed用Theroleoftopmanagementinagreeingandmeetingservicerequirements从用户的角度来看服务的功能，包括用户对诺在由于重大中断或灾难所导致的服务级别下降例2例3

serviceBoththecustomer’srequirementsandthebusinessneedsshouldbedocumented,monitored,reviewedandmanagedtoensureongoingalignmentwithneworchangedservicesaswellaswithservicesintheliveenvironment.Servicerequirementsshouldincluderequiredservicetargetsandqualityexpectations.Theneedsoftheserviceprovidershouldincludedetailsofresourceandcapabilityrequirements.TheservicerequirementsareaninputintotheSMS,showninFigure2.Examplesofservicerequirementscanaserviceinuse,includingtheservicelevelqualitycriteriaforthedesignofneworchangedprioritiesforthebusinesscriticalityofrequirementsforregulatoryinformationsecurityTheroleoftopmanagementinagreeingandmeetingservicerequirementsTopmanagementshouldensurethattheservicerequirementsaredefinedintermsof:desiredresultsthatcustomersexpecte.g.improvedeffectiveness,efficiency,satisfaction;theconstraintsthattheservicewillfunctionalityofaservicefromthecustomer’sperspective,includingtheneedsoftheusersoftheservice,oftenreferredtoas'fitforpurpose';patternsofbusinessactivityanddemandthattheserviceshouldsupport;assurancethattheserviceandproductswillbeprovidedorwillmeetcertainagreedspecifications,oftenreferredtoaswarranty.Atypicalcharacteristicofwarrantyisthatitisdefinedintermsofservicecontinuity,availability,capacityandsecurity.Forexample,warranty