ISO20000-1:2011标准 9.2 变更管理
添加时间:2013-01-13 16:06:40 浏览:
ISO20000新旧版标准差异概述
| 差异点 | 说明 |
| 新增部分 | ISO20000:1-2011 版新增了“建立变更管理策略”的要求; ISO20000:1-2011 版要求所有的变更应提交变更请求; ISO20000:1-2011 版新增了“变更的开发和测试”的要求。 |
| 优化与完善部分 |
ISO20000:1-2011 版明确提出了变更管理的范围,而 ISO20000:1-2005 版相对模糊; |
ISO20000新旧版标准变化度
| ISO20000:1-2011 版本 | 控制点 | ISO20000:1-2005 版本 | 控制点 | 变化度 |
| 9.2 变更管理 | 24 | 9.2 变更管理 | 14 | 4 |
说明:变化度是指新版标准该条款相对旧版标准要求的变化程度,按分值计量,5 分指变化程度最大,0 分指没有变化。
ISO20000新旧版标准差异分析
| ISO20000:1-2011版 | ISO20000:1-2005版 | 差异分析 | ||
| 变更范围 | A change management policy shall be established that defines: a) CIs which are under the control of change management; b) criteria to determine changes with potential to have a major impact on services or the customer. Removal of a service shall be classified as a change to a service with the potential to have a major impact. Transfer of a service from the service provider to the customer or a different party shall be classified as a change with potential to have a major impact. Requests for change classified as having the potential to have a major impact on the services or the customer shall be managed using the design and transition of new or changed services process. All other requests for change to CIs defined in the change management policy shall be managed using the change management process. |
应建立变更管理策略,以定义: a) 变更管理控制下的CI; b) 对服务或客户有潜在重大影响的变更的判断标准。 服务的撤销应归类为对服务有潜在的重大影响的变更。 将服务从服务提供者转移到客户或不同方应被归类为对服务有潜在的重大影响的变更。 对服务或客户有潜在重大影响的变更请求应通过设计和转换新或变更的服务流程进行管理。 变更管理策略中定义的CI 的所有其他变更请求应采用变更管理流程进行管理。 |
Service and infrastructure changes shall have a clearly defined and documented scope. | ISO20000:1-2011版对变更管理的范围有了更清晰的描述 ISO20000:1-2011版新增了“应建立变更管理策略”的要求,并提出了具体的要求。 |
| 变更请求的管理 | There shall be a documented procedure to record, classify, assess and approve requests for change. All changes to a service or service component shall be raised using a request for change. Requests for change shall have a defined scope. All requests for change shall be recorded and classified. Requests for change shall be assessed using information from the change management process and other processes. The service provider and interested parties shall make decisions on the acceptance of requests for change. Decision-making shall take into consideration the risks, the potential impacts to services and the customer, service requirements, business benefits, technical feasibility and financial impact. |
应有文件化的程序以记录、分类、评估和批准变更请求。 对服务或服务组件的所有变更应通过变更请求发起。变更请求应有明确的范围。 所有的变更请求应被记录和分类。 变更请求应采用来自变更管理流程和其他流程的信息进行评估。 服务提供者和利益相关方应对变更请求是否接受做出决策。决策应考虑风险、对服务和客户的潜在影响、服务需求、业务利益、技术可行性和财务影响。 |
All requests for change shall be recorded and classified, e.g. urgent, emergency, major, minor. Requests for changes shall be assessed for their risk, impact and business benefit. |
ISO20000:1-2011版明确要求应有文件化的变更请求管理程序。 |
| 变更的实施 | Approved changes shall be developed and tested. A schedule of change containing details of the approved changes and their proposed deployment dates shall be established and communicated to interested parties. The schedule of change shall be used as the basis for planning the deployment of releases. The activities required to reverse or remedy an unsuccessful change shall be planned and, where possible, tested. The change shall be reversed or remedied if unsuccessful. |
经批准的变更应被构建和测试。 应建立变更日程安排,内容包含被批准实施的变更详细信息及其建议的实施日期,并与利益相关方进行沟通。变更日程安排应作为发布部署计划的基础。 应计划在回退或补救不成功的变更时所必需的活动,可能的话,应进行测试。如果变更不成功,应进行变更回退或补救。 |
Changes shall be approved and then checked, and shall be implemented in a controlled manner. The scheduled implementation dates of changes shall be used as the basis for change and release scheduling. A schedule that contains details of all the changes approved for implementation and their proposed implementation dates shall be maintained and communicated to relevant parties. The change management process shall include the manner in which the change shall be reversed or remedied if unsuccessful. |
ISO20000:1-2011版增加了“通过批准的变更应被构建和测试”的要求。 关于变更的日程安排、不成功变更的回退或修复等方面的要求,新旧版本要求基本一致。 |
| 变更的回顾 | Unsuccessful changes shall be investigated and agreed actions taken. The service provider shall review changes for effectiveness and take actions agreed with interested parties. Requests for change shall be analysed at planned intervals to detect trends. The results and conclusions drawn from the analysis shall be recorded and reviewed to identify opportunities for improvement. |
应调查不成功的变更并采取经协商确定的行动。 服务提供者应评审变更的有效性,并与相关方协商确定实施的行动。 应按照计划的时间间隔分析变更请求,识别趋势。分析所得的结果和结论应被记录和回顾以能发现改进机会。 |
All changes shall be reviewed for success and any actions taken after implementation. Change records shall be analysed regularly to detect increasing levels of changes, frequently recurring types, emerging trends and other relevant information. The results and conclusions drawn from change analysis shall be recorded. |
关于变更回顾,新旧版标准要求基本一致。 |
| 紧急变更 | The service provider shall document and agree with the customer the definition of an emergency change. There shall be a documented procedure for managing emergency changes. |
服务提供者应记录和与客户协商确定紧急变更的定义。 应有文件化的程序用于管理紧急变更。 |
There shall be policies and procedures to control the authorization and implementation of emergency changes. | ISO20000:1-2011版强调要与客户就“紧急变更的定义”达成一致。 |
| 与CMDB的关系 | The CMDB records shall be updated following the successful deployment of changes. | 变更成功部署后,应随之更新CMDB记录。 | 无 | ISO20000:1-2011版强调变更实施后要更新CMDB记录。 |
| 流程的改进 | 无 | - | Actions for improvement identified from change management shall be recorded and input into a plan for improving the service. | ISO20000:1-2005版要求应记录本流程定义的改进措施,并输入服务改进计划。 虽然ISO20000:1-2011版中去除此要求,但是在标准引言部分中已经明确提出了“将PDCA方法应用于SMS中,包括服务管理流程和服务”,故在此不再要求。 |
