ISO20000-1:2011标准 9.1 配置管理
添加时间:2013-01-08 09:08:46 浏览:
ISO20000新旧版标准差异概述
| 差异点 | 说明 |
| 新增部分 | ISO20000:2011 版新增了配置项应记录的具体信息要求。 |
| 优化与完善部分 |
ISO20000:2011 版用“对每一 CI 类型应有文件化的定义”取代了 ISO20000:2005 版对“配置项和组成要素的策略”要求。 |
| 删除部分 | ISO20000:2011 版删除了“应把变更和配置管理关联在一起进行规划”的要求。 |
ISO20000新旧版标准变化度
| ISO20000:2011 版本 | 控制点 | ISO20000:2005 版本 | 控制点 | 变化度 |
| 9.1 配置管理 | 13 | 9.1 配置管理 | 17 | 3 |
说明:变化度是指新版标准该条款相对旧版标准要求的变化程度,按分值计量,5 分指变化程度最大,0 分指没有变化。
ISO20000新旧版标准差异分析
| ISO20000:2011版 | ISO20000:2005版 | 差异分析 | ||
| 配置项的信息 | There shall be a documented definition of each type of CI. The information recorded for each CI shall ensure effective control and include at least: a) description of the CI; b) relationship(s) between the CI and other CIs; c) relationship(s) between the CI and service components; d) status; e) version; f) location; g) associated requests for change; h) associated problems and known errors. |
每一类型的 CI 应有文件化的定义。每个 CI所记录的信息应确保做到有效控制,且至少包括: a) CI 的描述; b) CI 和其他 CI 之间的关系; c) CI 和服务组件之间的关系; d) 状态; e) 版本; f) 位置; g) 相关的变更请求; h) 相关的问题和已知错误。 |
There shall be a policy on what is defined as a configuration item and its constituent components. | ISO20000:2011版对配置项CI进行明确的要求,取代了ISO20000:2005版对配置项要有相关定义的原则性策略要求。 ISO20000:2011版对配置项信息定义了具体、、明确的要求。 |
| 配置信息的记录和维护 | CIs shall be uniquely identified and recorded in a CMDB. The CMDB shall be managed to ensure its reliability and accuracy, including control of update access. There shall be a documented procedure for recording, controlling and tracking versions of CIs. The degree of control shall maintain the integrity of services and service components taking into consideration the service requirements and the risks associated with the CIs. |
CI应被唯一识别并记CI 应被唯一识别并记录到 CMDB 中。 应管理 CMDB,包括对数据更新的访问控制,以确保其可靠性和准确性。 应有文件化的程序来记录、控制和跟踪CI的版本。 基于服务需求和CI相关风险的考虑,控制程度应能保持服务和服务组件的完整性。 |
The information to be recorded for each item shall be defined and shall include the relationships and documentation necessary for effective service management. All configuration items shall be uniquely identifiable and recorded in a CMDB to which update access shall be strictly controlled. The CMDB shall be actively managed and verified to ensure its reliability and accuracy. The status of configuration items, their versions, location, related changes and problems and associated documentation shall be visible to those who require it. Configuration management shall provide the mechanisms for identifying, controlling and tracking versions of identifiable components of the service and infrastructure. It shall be ensured that the degree of control is sufficient to meet the business needs, risk of failure and service criticality. Configuration control procedures shall ensure that the integrity of systems, services and service components are maintained. |
ISO20000:2011版将ISO20000:2005版“识别、控制和跟踪服务和服务组件的版本的机制”和“配置控制程序”要求纳入到了应有“文件化的程序来记录、控制和跟踪CI的版本”要求中。 |
| 配置信息的 存储 |
Master copies of CIs recorded in the CMDB shall be stored in secure physical or electronic libraries referenced by the configuration records. This shall include at least documentation, licence information, software and, where available, images of the hardware configuration. |
记录在CMDB中的CI项原始拷贝应保存在可由配置记录所引用的、安全的物理或电子库中。 原始拷贝至少应包括文档、许可证信息、软件,如有可能,还包括硬件配置图。 |
Master copies of digital configuration items shall be controlled in secure physical or electronic libraries and referenced to the configuration records, e.g. software, testing products, support documents. | ISO20000:2011版对存储信息的描述做了适当的修改,包括文档、许可证信息、软件,如有可能,还包括硬件配置图。 |
| 配置审核 | The service provider shall audit the records stored in the CMDB, at planned intervals. Where deficiencies are found, the service provider shall take necessary actions and report on the actions taken. |
服务提供者应按照计划的时间间隔审核存储在CMDB中的记录。 当发现缺陷时,服务提供者应采取必要的行动并报告所采取的行动。 |
Configuration audit procedures shall include recording deficiencies, initiating corrective actions and reporting on the outcome. | 新旧版本要求基本一致。 |
| 与其他流程的关系 | Information from the CMDB shall be provided to the change management process, to support the assessment of requests for change. Changes to CIs shall be traceable and auditable to ensure integrity of the CIs and the data in the CMDB. There shall be a defined interface between the configuration management process and financial asset management process. |
CMDB的信息应提供给变更管理流程,以便支撑对变更请求的评估。 CI的变更应可追踪和可审核,以确保CI和CMDB数据的完整性。 配置管理流程和财务资产管理流程之间应有清晰的接口。 |
There shall be an integrated approach to change and configuration management planning. The service provider shall define the interface to financial asset accounting processes. Configuration management shall provide information to the change management process on the impact of a requested change on the service and infrastructure configurations. Changes to configuration items shall be traceable and auditable where appropriate, e.g. for changes and movements of software and hardware. A baseline of the appropriate configuration items shall be taken before a release to the live environment. |
ISO20000:2011版删除了“应有一套整合的方法进行变更管理和配置管理的规划”的要求。 在与发布管理、变更管理、财务管理等流程之间的关联关系方面,新旧版本要求基本一致。 |
