ISO20000新旧版标准差异概述
差异点 说明 新增部分 服务连续性与可用性需求方面,增加了以下要求:
应评估和记录服务连续性和可用性的风险;
服务提供者应与客户和相关各方协商确定服务连续性和可用性需求;
需求除考虑业务计划、SLA和风险外,还应考虑服务需求。
在服务连续性与可用性的监控与测试环节,ISO20000:2011版提出了“在每次测试之后和启用服务连续性计划之后,应进行回顾”的要求。 优化与完善部分
流程内容组织上,ISO20000:2011版更加结构化,重新组织为:
服务连续性与可用性需求;
服务连续性计划与可用性计划;
服务连续性与可用性的监控与测试。
ISO20000:2011 版更明确和具体化了持续性计划和可用性计划的具体内容。
删除部分 ISO20000:2011 版删除了“至少每年”对持续性和可用性计划进行评审的要求。
ISO20000新旧版标准变化度
ISO20000:2011 版本 控制点 ISO20000:2005 版本 控制点 变化度 6.3 服务持续性和可用性管理 18 6.2 服务持续性和可用性管理 13 2
说明:变化度是指新版标准该条款相对旧版标准要求的变化程度,按分值计量,5 分指变化程度最大,0 分指没有变化。
ISO20000新旧版标准差异分析
ISO20000:2011版 ISO20000:2005版 差异分析 文档结构 6.3.1 Service continuity and availability requirements
6.3.2 Service continuity and availability plans
6.3.3 Service continuity and availability monitoring and testing 6.3.1 服务连续性与可用性需求
6.3.2 服务连续性与可用性计划
6.3.3 服务连续性与可用性的监控与测试 无 ISO20000:2011版本将“服务连续性与可用性管理”的条款进行了结构化,使读者更易于理解条款内容。本条款主要包括服务连续性与可用性的需求、服务连续性与可用性计划、服务连续性与可用性的监控和测试等管理要求等三部分。 服务连续性与可用性需求 The service provider shall assess and document the risks to service continuity and availability of services.
The service provider shall identify and agree with the customer and interested parties service continuity and availability requirements.
The agreed requirements shall take into consideration applicable business plans,service requirements, SLAs and risks. The agreed service continuity and availability requirements shall include at least:
a) access rights to the services;
b) service response times;
c) end to end availability of services. 务计划、服务需求、SLA和风险。
协商确定的服务连续性和可用性
需求应至少包括:
a) 服务的访问权限;
b) 服务响应时间;
c) 端到端的服务可用性。 Availability and service continuity requirements shall be identified on the basis of business plans, SLAs and risk assessments. Requirements shall include access rights and response times as well as end to end availability of system components.
ISO20000:2011版新增了以下要求:
应评估和记录服务连续性和可用性的风险
服务提供者应与客户和相关各方协商确定服务连续性和可用性需求
ISO20000:2011版要求服务连续性和可用性需求除了要考虑业务计划、SLA和风险以外,还应考虑服务需求。
服务连续性计划与可用性计划 The service provider shall create, implement and maintain a service continuity plan(s) and an availability plan(s).
The service continuity plan(s) shall include at least:
a) procedures to be implemented in the event of a major loss of service, or reference to them;
b) availability targets when the plan is invoked;
c) recovery requirements;
d) approach for the return to normal working conditions.
The service continuity plan(s), contact lists and the CMDB shall be accessible when access to normal service locations is prevented.
The availability plan(s) shall include at least availability requirements and targets.
NOTE The service continuity plan(s) and availability plan(s) can be combined into one document. 服务提供者应建立、实施和维护服务连续性计划和可用性计划。
服务连续性计划至少应包括:
a) 服务重大损失情况下执行的程序,或引用的程序;
b) 当计划被启用时的可用性目标;
c) 恢复要求;
d) 恢复到正常工作环境的方法。
当访问正常的服务地点受阻时,应能访问到服务连续性计划、联系人名单和CMDB。
可用性计划至少应包括可用性需求和目标。
注:服务连续性计划和可用性计划可以合并为一个文件。 Availability and service continuity plans shall be developed and reviewed at least annually to ensure that requirements are met as agreed in all circumstances from normal through to a major loss of service. These plans shall be maintained to ensure that they reflect agreed changes required by the business.
Service continuity plans, contact lists and the configuration management database shall be available when normal office access is prevented. The service continuity plan shall include the return to normal working. ISO20000:2011版标准明确了持续性计划和可用性计划的具体内容。
ISO20000:2011版删除了“至少每年”对持续性和可用性计划进行评审的要求。 服务连续性与可用性的监控与测试 Availability of services shall be monitored, the results recorded and compared with agreed targets. Unplanned non-availability shall be investigated and necessary actions taken.
Service continuity plans shall be tested against the service continuity requirements.
Availability plans shall be tested against the availability requirements. Service continuity and availability plans shall be re-tested after major changes to the service environment in which the service provider operates.
The results of the tests shall be recorded. Reviews shall be conducted after each test and after the service continuity plan has been invoked. Where deficiencies are found, the service provider shall take necessary actions and report on the actions taken. 应监控服务的可用性,记录其结果并与协商确定的目标进行比较。应调查非计划性的不可用并采取必要的行动。
应依据服务连续性需求来测试服务连续性计划。应依据可用性需求来测试可用性计划。在服务提供者运营的服务环境发生重大变更后,应重新测试服务连续性与可用性计划。
应记录测试结果。在每次测试之后和启用服务连续性计划之后,应进行回顾。发现不足时,服务提供者应采取必要的行动并报告所采取的行动。 Availability shall be measured and recorded. Unplanned non-availability shall be investigated and appropriate actions taken.
The service continuity plan shall be tested in accordance with business needs.
All continuity tests shall be recorded and test failures shall be formulated into action plans. 新旧版本的要求基本一致,但ISO20000:2011版明确提出“在每次测试之后和启用服务连续性计划之后,应进行回顾”的要求。 与变更管理流程的关系 Changes to these plans shall be controlled by the change management process.
The service provider shall assess the impact of requests for change on the service continuity plan(s) and the availability plan(s). 这些计划的变更应在变更管理流程的控制之下。
服务提供者应评估变更请求对服务连续性计划和可用性计划的影响。 The availability and service continuity plans shall be re-tested at every major change to the business environment.
The change management process shall assess the impact of any change on the availability and service continuity plan. 新旧版本要求基本一致。
共有条评论 网友评论