ISO20000-1:2011标准 4.1 服务管理体系总要求
添加时间:2012-12-19 09:43:26 浏览:
4.1.1 新旧版标准差异概述
| 差异点 | 说明 |
| 新增部分 | 1、ISO20000:2011版提出了“定义范围”这一新的要求。这为组织明确其认证范围提出了更加具体的要求和参考。 2、考虑到并非所有ISO20000要求的流程都有服务提供者自身所全部承担,故ISO20000:2011版增加了该条款的要求,也更加符合实际需要。 3、新增了“文件控制”、“记录控制”的具体要求,更好地融合了ISO9001的相关要求 |
| 优化与完善部分 |
1、ISO20000:2011版将ISO20000:2005版关于管理体系要求、服务管理规划和实施(PDCA)两个章节的内容合并为了一章内容(管理职责)。 |
4.1.2 新旧版标准变化度
| ISO20000:2011 版本 | 控制点 | ISO20000:2005 版本 | 控制点 | 变化度 |
| 4 服务管理体系总要求 4.1 管理职责 4.2 对其他相关方所运营流程的管控 4.3 文件管理 4.4 资源管理 4.5 建立和改进 SMS -定义范围、规划、实施、监控和维护 |
60 | 3 管理体系要求 3.1 管理职责 3.2 文件要求 3.3 能力、意识和培训 4 策划和实施服务管理 -策划、实施、检查和处置 |
30 | 3.6 |
说明:变化度是指新版标准该条款相对旧版标准要求的变化程度,按分值计量,5 分指变化程度最大,0 分指没有变化。
4.1.3 新旧版标准差异分析
| ISO20000:2011版 | ISO20000:2005版 | 差异分析 | ||
| 章节方面 | 4 Service management system general requirements 服务管理体系总体要求 |
3 管理体系要求 4 服务管理规划和实施 |
ISO20000:2011版将ISO20000:2005版关于管理体系要求、服务管理规划和实施(PDCA)两个章节的内容合并为一章内容。 | |
| 管理职责 | 4.1 Management responsibility 4.1.1 Management commitment Top management shall provide evidence of its commitment to planning, establishing, implementing, operating, monitoring, reviewing, maintaining, and improving the SMS and the services by: a) establishing and communicating the scope, policy and objectives for service management; b) ensuring that the service management plan is created, implemented and maintained in order to adhere to the policy, achieve the objectives for service management and fulfil the service requirements; c) communicating the importance of fulfilling service requirements; d) communicating the importance of fulfilling statutory and regulatory requirements and contractual obligations; e) ensuring the provision of resources; f) conducting management reviews at planned intervals; g) ensuring that risks to services are assessed and managed. 4.1.2 Service management policy Top management shall ensure that the service management policy: a) is appropriate to the purpose of the service provider; b) includes a commitment to fulfill service requirements; c) includes a commitment to continually improve the effectiveness of the SMS and the services through the policy on continual improvementin Clause 4.5.5.1; d) provides a framework for establishing and reviewing service management objectives; e) is communicated and understood by the service provider's personnel; f) is reviewed for continuing suitability. 4.1.3 Authority, responsibility and communication Top management shall ensure that: a) service management authorities and responsibilities are defined and maintained; b) documented procedures for communication are established and implemented. 4.1.4 Management representative Top management shall appoint a member of the service provider's management who, irrespective of other responsibilities, has the authorities and responsibilities that include: a) ensuring that activities are performed to identify, document and fulfill service requirements; b) assigning authorities and responsibilities for ensuring that service management processes are designed, implemented and improved in accordance with the policy and objectives for service management; c) ensuring that service management processes are integrated with the other components of the SMS; d) ensuring that assets, including licences, used to deliver services are managed according to statutory and regulatory requirements and contractual obligations; e) reporting to top management on the performance and opportunities for improvement to the SMS and the services. |
4.1 管理职责 4.1.1 管理承诺 高管层应通过以下活动,提供对规划、确立、实施、运行、监控、回顾、维护和改进 SMS 与服务所做承诺的证据: a) 建立和沟通服务管理的范围、政策和目标; b) 确保服务管理计划被创建、实施和维护,以遵循服务管理政策、实现服务管理目标和满足服务需求; c) 沟通满足服务需求的重要性; d) 沟通满足法律法规要求和合同义务的重要性; e) 确保资源的提供; f) 按规定的时间间隔执行管理评审; g) 确保服务的风险被评估和管理。 4.1.2 服务管理政策高管层应确保服务管理政策: a) 符合服务提供者的目标; b) 包括对满足服务需求的承诺; c) 包括按照条款 4.5.5.1 的持续改进政策对持续改进 SMS 和服务有效性的承诺; d) 提供制定和回顾服务管理目标的机制; e) 被传达,并得到员工理解; f) 被回顾以持续适用。 4.1.3 权利、职责和沟通高管层应确保: a) 服务管理的权利和职责被定义和维护; b) 文件化的沟通程序被确立和实施。 4.1.4 管理者代表 高管层应任命一名管理人员,无论其其他方面的职责如何,承担以下职责和权利: a) 确保识别、记录和满足服务需求的活动被执行; b) 分配权利和职责,以确保服务管理流程遵循服务管理政策和目标进行设计、实施和改进; c) 确保服务管理流程和 SMS 其他部分进行整合; d) 确保用于交付服务的资产(包括许可证)遵循法律法规要求和合同义务进行管理; e) 向高管层报告 SMS 和服务的执行情况和改进机会。 |
3.1 Management responsibility Through leadership and actions, top/executive management shall provide evidence of its commitment to developing, implementing and improving its service management capability within the context of the organization’s business and customers’ requirements. Management shall: a) establish the service management policy, objectives and plans; b) communicate the importance of meeting the service management objectives and the need for continual improvement; c) ensure that customer requirements are determined and are met with the aim of improving customer satisfaction; d) appoint a member of management responsible for the co-ordination and management of all services; e) determine and provide resources to plan, implement, monitor, review and improve service delivery and management e.g. recruit appropriate staff, manage staff turnover; f) manage risks to the service management organization and services; and g) conduct reviews of service management, at planned intervals, to ensure continuing suitability, adequacy and effectiveness. |
ISO20000:2011版本将管理 职责分为了:管理 承诺;服务管理政 策;权利、职责和 沟通;管理者代表 等几个方面。 对服务管理政策、 权利、职责和沟 通、管理者代表、 资源管理(见4.4) 提出了更加细化 的要求。 新增了对高管层 关于“建立和沟通 服务管理的范围” 的要求。 |
| 对其他相关方所运营流程的管控 | 4.2 Governance of processes operated by other parties For the processes in Clauses 5 to 9, the service provider shall identify all processes, or parts of processes, which are operated by other parties. Other parties can be an internal group, a customer or a supplier. The service provider shall demonstrate governance of processes operated by other parties by: a) demonstrating accountability for the processes and authority to require adherence to the processes; b) controlling the definition of the processes, and interfaces to other processes; c) determining process performance and compliance with process requirements; d) controlling the planning and prioritizing of process improvements. When a supplier is operating parts of the processes, the service provider shall manage the supplier through the supplier management process. When an internal group or a customer is operating parts of the processes, the service provider shall manage the internal group or the customer through the service level managementprocess. NOTE ISO/IEC TR 20000-3 provides guidance on scope definition and applicability of this part of ISO/IEC 20000. This includes further explanation about the governance of processes operated by other parties. |
4.2 对其他相关方所运营过程的管控 对于条款5-9所包含的过程,服务提供者应识别那些由其他相关方所运营的所有过程或部分过程。其他相关方可能是内部团队、某一客户或某一供方。 服务提供者应通过以下活动体现对其他相关方运营过程的管控: a) 表明对过程的最终负责,并拥有要求相关方遵循过程的权利; b) 控制过程的定义以及过程与其他过程的接口; c) 确定过程的执行效果和对过程需求的遵循情况; d) 控制过程改进的计划和优先级。当供应商执行部分过程时,服务提供者应通过供应商管理流程管理外部供应商。当内部团队或客户执行部分过程时,服务提供者应通过服务级别管理流程管理内部团队和客户。 注:ISO/IECTR20000-3提供了对于 ISO/IEC20000本部分关于范围的定义和适用性的指导。这包括了对其他相关方所运营过程的管控的进一步解释。 |
无 | ISO20000:2011版新增的内容。ISO20000:2011版考虑到并非所有ISO20000体系所要求的流程都由服务提供者自己全部承担,故增加了该条款要求,也更加符合实际。 |
| 文件管理 | 4.3 Documentation management 4.3.1 Establish and maintain documents The service provider shall establish and maintain documents, including records, to ensure effective planning, operation and control of the SMS. These documents shall include: a) documented policy and objectives for service management; b) documented service management plan; c) documented policies and plans created for specific processes as required by this part of ISO/IEC 20000; d) documented catalogue of services; e) documented SLAs; f) documented service management processes; g) documented procedures and records required by this part of ISO/IEC 20000; h) additional documents, including those of external origin, determined by the service provider as necessary to ensure effective operation of the SMS and delivery of the services. 4.3.2 Control of documents Documents required by the SMS shall be controlled. Records are a special type of document and shall be controlled according to the requirements given in Clause 4.3.3. A documented procedure, including the authorities and responsibilities, shall be established to define the controls needed to: a) create and approve documents prior to issue; b) communicate to interested parties about new or changed documents; c) review and maintain documents as necessary; d) ensure that changes and the current revision status of documents are identified; e) ensure that relevant versions of applicable documents are available at points of use; f) ensure that documents are readily identifiable and legible; g) ensure that documents of external origin are identified and their distribution controlled; h) prevent the unintended use of obsolete documents and apply suitable identification to them if they are retained. 4.3.3 Control of records Records shall be kept to demonstrate conformity to requirements and the effective operation of the SMS. A documented procedure shall be established to define the controls needed for the identification, storage, protection, retrieval, retention and disposal of records. Records shall be legible, readily identifiable and retrievable. |
4.3 文件管理 4.3.1 建立和维护文件 服务提供者应建立和维护文件(包括记录),以确保对SMS进行有效的规划、执行和控制。文件应包括: a) 文件化的服务管理政策和目标; b) 文件化的服务管理计划; c) 本标准所要求的各流程文件化的策略和计划; d) 文件化的服务目录; e) 文件化的SLA; f) 文件化的服务管理流程; g) 本标准所要求的文件化程序和记录; h) 服务提供者认为为确保SMS有效运行和服务交付所需要的其他文件(包括外来文件)。 4.3.2 文件的控制 SMS所要求的文件应被控制。记录是特定类型的文件也应依照4.3.3条款进行控制。 应建立文件化的程序(包括权利和职责)用于定义以下所需的控制: a) 在发布前,创建和批准文件; b) 与相关方沟通关于新的或变更的文件; c) 需要时回顾和维护文件; d) 确保文件的更改和当前的修订状态得到识别; e) 确保适用文件的有关版本在使用时可获得; f) 确保文件清晰,易于识别; g) 确保外来文件得到识别和控制其分发; h) 防止作废文件的非预期使用,若作废文件需要被保留,应使用适当的标识。 4.3.3 记录的控制 记录应被保存,以证实符合要求和SMS的有效运行。 应建立文件化的程序用于定义记录所需的控制:标识、存储、保护、检索、保持和废止。记录应清晰、易于识别和检索。 |
3.2 Documentation requirements Service providers shall provide documents and records to ensure effective planning, operation and control of service management. This shall include: a) documented service management policies and plans; b) documented service level agreements; c) documented processes and procedures required by this standard; and d) records required by this standard. Procedures and responsibilities shall be established for the creation, review, approval, maintenance, disposal and control of the various types of documents and records. NOTE: The documentation can be in any form or type of medium. |
ISO20000:2011版较ISO20000:2005版新增了以下内容: 文件化的服务管理目标、文件化的服务目录、服务提供者认为为确保SMS有效运行和服务交付所需要的其他文件(包括外来文件)等 新增了“文件控制”、“记录控制”的具体要求。 |
| 资源管理 | 4.4 Resource management 4.4.1 Provision of resources The service provider shall determine and provide the human, technical, information and financial resources needed to: a) establish, implement and maintain the SMS and the services, and continually improve their effectiveness; b) enhance customer satisfaction by delivering services that fulfill service requirements. 4.4.2 Human resources The service provider's personnel performing work affecting conformity to service requirements shall be competent on the basis of appropriate education, training, skills and experience. The service provider shall: a) determine the necessary competence for personnel; b) where applicable, provide training or take other actions to achieve the necessary competence; c) evaluate the effectiveness of actions taken; d) ensure that its personnel are aware of how they contribute to the achievement of service management objectives and the fulfillment of service requirements; e) maintain appropriate records of education, training, skills and experience. |
4.4 资源管理 4.4.1 资源的提供 服务提供者应决定并提供所需的人员、技术、信息和财务资源,用以: a) 建立、实施和维护SMS和服务,并持续改进其有效性; b) 通过交付满足需求的服务,提升客户满意度。 4.4.2 人力资源 服务提供者的员工应有能力胜任所承担的工作,以满足服务需求。这些能力应基于适当的教育、培训、技能和经验。服务提供者应: a) 确定人员所需的必要能力; b) 根据需要提供培训或采取其他措施以获得所需的能力; c) 评估采取措施的有效性; d) 确保人员能意识到他们如何对服务管理目标的达成和服务需求的满足做出贡献; e) 维护教育、培训、技能和经验的适当记录。 |
3.3 Competence, awareness and training All service management roles and responsibilities shall be defined and maintained together with the competencies required to execute them effectively. Staff competencies and training needs shall be reviewed and managed to enable staff to perform their role effectively. Top management shall ensure that its employees are aware of the relevance and importance of their activities and how they contribute to the achievement of the service management objectives. |
ISO20000:2011版提出了“资源管理”的概念,并明确了包括人员、技术、信息和财务等方面资源。 ISO20000:2011版用资源管理中的“人力资源”章节的内容代替了ISO20000:2005版的“能力、意识和培训”章节,增加了需“维护教育、培训、技能和经验的适当记录”的要求。 |
| 建立和改进SMS | 4.5 Establish and improve the SMS 4.5.1 Define scope The service provider shall define and include the scope of the SMS in the service management plan. The scope shall be defined by the name of the organizational unit providing the services, and the services to be delivered. The service provider shall also take into consideration other factors affecting the services to be delivered including: a) geographical location(s) from which the service provider delivers the services; b) the customer and their location(s); c) technology used to provide the services. NOTE ISO/IEC TR 20000-3 provides guidance on scope definition and applicability of this part of ISO/IEC 20000. 4.5.2 Plan the SMS (Plan) The service provider shall create, implement and maintain a service management plan. Planning shall take into consideration the service management policy, service requirements and requirements in this part of ISO/IEC 20000. The service management plan shall contain or include a reference to at least the following: a) service management objectives that are to be achieved by the service provider; b) service requirements; c) known limitations which can impact the SMS; d) policies, standards, statutory and regulatory requirements and contractual obligations; e) framework of authorities, responsibilities and process roles; f) authorities and responsibilities for plans, service management processes and services; g) human, technical, information and financial resources necessary to achieve the service management objectives; h) approach to be taken for working with other parties involved in the design and transition of new or changed services process; i) approach to be taken for the interfaces between service management processes and their integration with the other components of the SMS; j) approach to be taken for the management of risks and the criteria for accepting risks; k) technology used to support the SMS; l) how the effectiveness of the SMS and the services will be measured, audited, reported and improved. Plans created for specific processes shall be aligned with the service management plan. The service management plan and plans created for specific processes shall be reviewed at planned intervals and, if applicable, updated. 4.5.3 Implement and operate the SMS (Do) The service provider shall implement and operate the SMS for the design, transition, delivery and improvement of services according to the service management plan, through activities including at least: a) allocation and management of funds and budgets; b) assignment of authorities, responsibilities and process roles; c) management of human, technical and information resources; d) identification, assessment and management of risks to the services; e) management of service management processes; f) monitoring and reporting on performance of service management activities. 4.5.4 Monitor and review the SMS (Check) 4.5.4.1 General The service provider shall use suitable methods for monitoring and measuring the SMS and the services. These methods shall include internal audits and management reviews. The objectives of all internal audits and management reviews shall be documented. The internal audits and management reviews shall demonstrate the ability of the SMS and the services to achieve service management objectives and fulfil service requirements. Nonconformities shall be identified against the requirements in this part of ISO/IEC 20000, the SMS requirements identified by the service provider or the service requirements. The results of internal audits and management reviews, including nonconformities, concerns and actions identified, shall be recorded. The results and actions shall be communicated to interested parties. 4.5.4.2 Internal audit The service provider shall conduct internal audits, at planned intervals, to determine whether the SMS and the services: a) fulfil the requirements in this part of ISO/IEC 20000; b) fulfil the service requirements and the SMS requirements identified by the service provider; c) are effectively implemented and maintained. There shall be a documented procedure including the authorities and responsibilities for planning and conducting audits, reporting results and maintaining audit records. An audit programme shall be planned. This shall take into consideration the status and importance of the processes and areas to be audited, as well as the results of previous audits. The audit criteria, scope, frequency and methods shall be documented. The selection of auditors and conduct of audits shall ensure objectivity and impartiality of the audit. Auditors shall not audit their own work. Nonconformities shall be communicated, prioritized and responsibility allocated for actions. The management responsible for the area being audited shall ensure that any corrections and corrective actions are taken without undue delay to eliminate nonconformities and their causes. Follow-up activities shall include the verification of the actions taken and the reporting of results. NOTE See ISO 19011 for guidance on management systems auditing. 4.5.4.3 Management review Top management shall review the SMS and the services at planned intervals to ensure their continued suitability and effectiveness. This review shall include assessing opportunities for improvement and the need for changes to the SMS, including the policy and objectives for service management. The input to management reviews shall include at least information on: a) customer feedback; b) service and process performance and conformity; c) current and forecast human, technical, information and financial resource levels; d) current and forecast human and technical capabilities; e) risks; f) results and follow-up actions from audits; g) results and follow-up actions from previous management reviews; h) status of preventive and corrective actions; i) changes that could affect the SMS and the services; j) opportunities for improvement. Records of management reviews shall be maintained. The records from the management review shall include at least decisions and actions related to resources, improvement of the effectiveness of the SMS and improvement of the services. 4.5.5 Maintain and improve the SMS (Act) 4.5.5.1 General There shall be a policy on continual improvement of the SMS and the services. The policy shall include evaluation criteria for the opportunities for improvement. There shall be a documented procedure including the authorities and responsibilities for identifying, documenting, evaluating, approving, prioritizing, managing, measuring and reporting of improvements. Opportunities for improvement, including corrective and preventive actions, shall be documented. The cause of identified nonconformities shall be corrected. Corrective actions shall be taken to eliminate the cause of identified nonconformities in order to prevent recurrence. Preventive actions shall be taken in order to eliminate the cause of potential nonconformities in order to prevent occurrence. NOTE For more information on corrective and preventive action, see ISO 9001:2008, Clause 8.5. 4.5.5.2 Management of improvements Opportunities for improvement shall be prioritized. The service provider shall use the evaluation criteria in the policy on continual improvement, when making decisions on opportunities for improvement. Approved improvements shall be planned. The service provider shall manage improvement activities that include at least: a) setting targets for improvements in one or more of quality, value, capability, cost, productivity, resource utilization and risk reduction; b) ensuring that approved improvements are implemented; c) revising the service management policies, plans, processes and procedures, where necessary; d) measuring implemented improvements against the targets set and where targets are not achieved, taking necessary actions; e) reporting on implemented improvements. |
4.5 建立和改进SMS 4.5.1 定义范围 服务提供者应在服务管理计划中定义和包含SMS的范围。范围应以提供服务的组织单位名称和所交付服务的名称加以界定。 服务提供者也应考虑其他影响所交付服务的因素,包括: a) 服务提供者交付服务的地理位置; b) 客户和他们的所在地; c) 提供服务所使用的技术。 注:ISO/IECTR20000-3提供了对于ISO/IEC20000本部分关于范围的定义和适用性的指导。 4.5.2 规划SMS(Plan) 服务提供者应创建、实施和维护服务管理计划。计划应考虑服务管理政策、服务需求和ISO/IEC20000-1的要求。服务管理计划应具有或包括至少以下参考内容: a) 服务提供者期望获得的服务管理目标; b) 服务需求; c) 可能影响SMS的已知限制; d) 政策、标准、法律法规要求和合同义务; e) 权利、职责和流程角色的框架; f) 规划、服务管理流程和服务的权利和职责; g) 实现服务管理目标所需的人员、技术、信息和财务资源; h) 在设计和转换新的或变更的服务过程中,与其他相关方协同工作所采用的方法; i) 服务管理流程和SMS其他组成部分集成所采用的方法; j) 风险管理和风险接受标准所采用的方法; k) 用于支持SMS所使用的技术; l) 如何测量、审核、报告和改进SMS和服务的有效性。 为特定流程所创建的计划应与服务管理计划相一致。服务管理计划和为特定流程所创建的计划应按照计划的时间间隔进行回顾和(若需要的话)更新。 4.5.3 实施和执行SMS(Do) 服务提供者应实施和执行SMS,依照服务管理计划进行设计、转换、交付和改进服务,其中的活动至少包括: a) 资金和预算的分配和管理; b) 责任、权利和流程角色的分配; c) 人员、计划和信息资源的管理; d) 识别、评估和管理服务的风险; e) 服务管理流程的管理; f) 监控和报告服务管理活动的执行情况。 4.5.4 监控和回顾SMS(Check) 4.5.4.1 总要求 服务提供者应采用适宜的方法监控和测量SMS和服务。这些方法应包括内部审核和管理评审。 所有内部审核和管理评审的目标应被文档化。内部审核和管理评审应证实SMS和服务用以实现服务管理目标和满足服务需求的能力。不满足本标准要求、服务提供者所提出的SMS要求或服务需求的不符合项应被识别。 内部审核和管理评审的结果,包括不符合项、关注点和识别的改进行动应被记录。结果和行动应与相关方沟通。 4.5.4.2 内部审核 服务提供者应按照计划的时间间隔执行内部审核,以确定SMS和服务是否: a) 满足本标准的要求; b) 满足服务需求和服务提供者所提出的SMS要求; c) 有效被实施和维护。 应有文件化的程序,包括权利和责任,用以计划和执行审核、报告结果和维护审核记录。 审核方案应被策划。应考虑被审核的流程和领域的状态和重要程度,以及以往的审核结果。审核标准、范围、频率和方法应文件化。 审核人员的选择和审核的执行应确保客观性和公正性。审核人员不应审核自身的工作。 不符合项应被沟通,进行优先级排序,改进活动应分配到责任人。负责被审核领域的管理者应确保任何改进行为和改进活动无延误地被执行以消除不符合项和其原因。后续活动应包括对所采取行为的验证和其结果的报告。 注:参考ISO19011关于管理体系审核的指南。 4.5.4.3 管理评审 高管层应按照计划的时间间隔回顾SMS和服务,以确保其持续适用和有效。回顾应评估SMS的改进机会和变更需求,包括服务管理的政策和目标。 管理评审的输入应至少包括以下信息: a) 顾客反馈; b) 服务和流程的执行情况和符合性; c) 当前和预测的人员、技术、信息和财务资源水平; d) 当前和预测的人员和技术能力; e) 风险; f) 来自审核的结果和后续行动; g) 以往管理评审的结果和后续行动; h) 预防和纠正措施的进展情况; i) 可能影响SMS和服务的变更; j) 改进的机会。 管理评审的记录应被维护。 管理评审的记录应至少包括相关资源、SMS有效性的改进和服务的改进的有关决策和行动。 4.5.5 维护和改进SMS (Act) 4.5.5.1 总要求 应有SMS和服务的持续改进政策。政策应包括对改进机会的评估标准。应有文件化的程序(包括权利和责任)用以识别、记录、评估、批准、划分优先级、管理、度量和报告改进措施。 改进机会(包括改进和预防措施)应被文件化。 识别的不符合项的原因应被纠正。纠正措施应用以消除所识别的不符合项的原因,以防止再次发生。应采取预防措施,以消除潜在的不符合项的原因,以防止其发生。 注:了解更多关于改进和预防措施的信息,请参考ISO9001:2008中的8.5条款。 4.5.5.2 管理改进 改进机会应划分优先级。当决策改进机会时,服务提供者应采用服务政策中持续改进的评估标准。 批准的改进应被规划。 服务提供者应管理改进活动,至少包括: a) 设定改进目标,包括质量、价值、能力、成本、生产力、资源使用和风险降低中的一项或几项; b) 确保批准的改进活动被实施; c) 需要的情况下,更新服务管理政策、计划、流程和程序; d) 基于设定的目标,度量已实施的改进活动,若未达到目标,采取必要的行动; e) 报告被实施的改进活动。 |
4 Planning and implementing service management NOTE The methodology known as “Plan-Do-Check-Act” (PDCA) can be applied to all processes. PDCA can be described as follows: a) Plan: establish the objectives and processes necessary to deliver results in accordance with customer requirements and the organization’s policies; b) Do: implement the processes; c) Check: monitor and measure processes and services against policies, objectives and requirements and report the results; d) Act: take actions to continually improve process performance. 4.1 Plan service management (Plan) Objective: To plan the implementation and delivery of service management. Service management shall be planned. The plans shall at a minimum define: a) the scope of the service provider’s service management; b) the objectives and requirements that are to be achieved by service management; c) the processes that are to be executed; d) the framework of management roles and responsibilities, including the senior responsible owner, process owner and management of suppliers; e) the interfaces between service management processes and the manner in which the activities are to be co-ordinated f) the approach to be taken in identifying, assessing and managing issues and risks to the achievement of the defined objectives; g) the approach for interfacing to projects that are creating or modifying services; h) the resources, facilities and budget necessary to achieve the defined objectives; i) tools as appropriate to support the processes; and j) how the quality of the service will be managed, audited and improved. There shall be clear management direction and documented responsibilities for reviewing, authorising , communicating, implementing and maintaining the plans. Any process specific plans produced shall be compatible with this service management plan. 4.2 Implement service management and provide the services (Do) Objective: To implement the service management objectives and plan. The service provider shall implement the service management plan to manage and deliver the services, including: a) allocation of funds and budgets; b) allocation of roles and responsibilities; c) documenting and maintaining the policies, plans, procedures and definitions for each process or set of processes; d) identification and management of risks to the service; e) managing teams, e.g. recruiting and developing appropriate staff and managing staff continuity; f) managing facilities and budget; g) managing the teams including service desk and operations; h) reporting progress against the plans; and i) co-ordination of service management processes. 4.3 Monitoring, measuring and reviewing (Check) Objective: To monitor, measure and review that the service management objectives and plan are being achieved. The service provider shall apply suitable methods for monitoring and, where applicable, measurement of the service management processes. These methods shall demonstrate the ability of the processes to achieve planned results. Management shall conduct reviews at planned intervals to determine whether the service management requirements: a) conform with the service management plan and to the requirements of this standard; and b) are effectively implemented and maintained. An audit programme shall be planned, taking into consideration the status and importance of the processes and areas to be audited, as well as the results of previous audits. The audit criteria, scope, frequency and methods shall be defined in a procedure. The selection of auditors and conduct of audits shall ensure objectivity and impartiality of the audit process. Auditors shall not audit their own work. The objective of service management reviews, assessments and audits shall be recorded together with the findings of such audits and reviews and any remedial actions identified. Any significant areas of noncompliance or concern shall be communicated to relevant parties. 4.4 Continual improvement (Act) Objective: To improve the effectiveness and efficiency of service delivery and management. 4.4.1 Policy There shall be a published policy on service improvement. Any non-compliance with the standard or the service management plans shall be remedied. Roles and responsibilities for service improvement activities shall be clearly defined. 4.4.2 Management of improvements All suggested service improvements shall be assessed, recorded, prioritized and authorized. A plan shall be used to control the activity. The service provider shall have a process in place to identify, measure, report and manage improvement activities on an ongoing basis. This shall include: a) improvements to an individual process that can be implemented by the process owner with the usual staff resources, e.g. performing individual corrective and preventive actions; and b) improvements across the organization or across more than one process. 4.4.3 Activities The service provider shall perform activities to: a) collect and analyse data to baseline and benchmark the service provider’s capability to manage and deliver service and service management processes; b) identify, plan and implement improvements; c) consult with all parties involved; d) set targets for improvements in quality, costs and resource utilization; e) consider relevant inputs about improvements from all the service management processes; f) measure, report and communicate the service improvements; g) revise the service management policies, processes, procedures and plans where necessary; and h) ensure that all approved actions are delivered and that they achieve their intended objectives. |
PDCA循环在ISO20000:2005版中作为独立的一章,在ISO20000:2011版中被并入到“服务管理体系总体要求章节”中。 ISO20000:2011版新增了“定义范围”这一新的要求。这为组织明确其认证范围提出了更加具体的要求和参考。 对PDCA的解释在ISO20000:2011版中放到了引言中。 计划Plan部分: ISO20000:2011版在Plan内容中增加了 “可能影响SMS的已知限制”、“政策、标准、法律法规要求和合同义务”等两项内容。 实施Do部分: ISO20000:2011版去掉了“服务管理流程间的协作”的明确要求。 检查Check部分: ISO20000:2011版较ISO20000:2005版,将内部审核和管理评审进行了独立说明,明确了具体的要求,这更好地融合了ISO9001;此外,是否满足ISO20000-1标准的要求、服务需求和服务提供者所提出的SMS要求等三方面要求作为了审核的具体要求。 改进Act部分: ISO20000:2011版明确了“应有文件化的程序(包括权利和责任)用以识别、记录、评估、批准、划分优先级、管理、度量和报告改进措施”;此外,在改进目标的设定上,较ISO20000:2005版提出的“质量、成本和资源使用”三个方面,扩展为了“质量、价值、能力、成本、生产力、资源使用和风险降低”等7个方面。 |
