ISO20000新舊版標準差異概述
差異點 說明 新增部分 服務(wù)連續(xù)性與可用性需求方面,增加了以下要求:
應(yīng)評估和記錄服務(wù)連續(xù)性和可用性的風險;
服務(wù)提供者應(yīng)與客戶和相關(guān)各方協(xié)商確定服務(wù)連續(xù)性和可用性需求;
需求除考慮業(yè)務(wù)計劃、SLA和風險外,還應(yīng)考慮服務(wù)需求。
在服務(wù)連續(xù)性與可用性的監(jiān)控與測試環(huán)節(jié),ISO20000:2011版提出了“在每次測試之后和啟用服務(wù)連續(xù)性計劃之后,應(yīng)進行回顧”的要求。 優(yōu)化與完善部分
流程內(nèi)容組織上,ISO20000:2011版更加結(jié)構(gòu)化,重新組織為:
服務(wù)連續(xù)性與可用性需求;
服務(wù)連續(xù)性計劃與可用性計劃;
服務(wù)連續(xù)性與可用性的監(jiān)控與測試。
ISO20000:2011 版更明確和具體化了持續(xù)性計劃和可用性計劃的具體內(nèi)容。
刪除部分 ISO20000:2011 版刪除了“至少每年”對持續(xù)性和可用性計劃進行評審的要求。
ISO20000新舊版標準變化度
ISO20000:2011 版本 控制點 ISO20000:2005 版本 控制點 變化度 6.3 服務(wù)持續(xù)性和可用性管理 18 6.2 服務(wù)持續(xù)性和可用性管理 13 2
說明:變化度是指新版標準該條款相對舊版標準要求的變化程度,按分值計量,5 分指變化程度最大,0 分指沒有變化。
ISO20000新舊版標準差異分析
ISO20000:2011版 ISO20000:2005版 差異分析 文檔結(jié)構(gòu) 6.3.1 Service continuity and availability requirements
6.3.2 Service continuity and availability plans
6.3.3 Service continuity and availability monitoring and testing 6.3.1 服務(wù)連續(xù)性與可用性需求
6.3.2 服務(wù)連續(xù)性與可用性計劃
6.3.3 服務(wù)連續(xù)性與可用性的監(jiān)控與測試 無 ISO20000:2011版本將“服務(wù)連續(xù)性與可用性管理”的條款進行了結(jié)構(gòu)化,使讀者更易于理解條款內(nèi)容。本條款主要包括服務(wù)連續(xù)性與可用性的需求、服務(wù)連續(xù)性與可用性計劃、服務(wù)連續(xù)性與可用性的監(jiān)控和測試等管理要求等三部分。 服務(wù)連續(xù)性與可用性需求 The service provider shall assess and document the risks to service continuity and availability of services.
The service provider shall identify and agree with the customer and interested parties service continuity and availability requirements.
The agreed requirements shall take into consideration applicable business plans,service requirements, SLAs and risks. The agreed service continuity and availability requirements shall include at least:
a) access rights to the services;
b) service response times;
c) end to end availability of services. 務(wù)計劃、服務(wù)需求、SLA和風險。
協(xié)商確定的服務(wù)連續(xù)性和可用性
需求應(yīng)至少包括:
a) 服務(wù)的訪問權(quán)限;
b) 服務(wù)響應(yīng)時間;
c) 端到端的服務(wù)可用性。 Availability and service continuity requirements shall be identified on the basis of business plans, SLAs and risk assessments. Requirements shall include access rights and response times as well as end to end availability of system components.
ISO20000:2011版新增了以下要求:
應(yīng)評估和記錄服務(wù)連續(xù)性和可用性的風險
服務(wù)提供者應(yīng)與客戶和相關(guān)各方協(xié)商確定服務(wù)連續(xù)性和可用性需求
ISO20000:2011版要求服務(wù)連續(xù)性和可用性需求除了要考慮業(yè)務(wù)計劃、SLA和風險以外,還應(yīng)考慮服務(wù)需求。
服務(wù)連續(xù)性計劃與可用性計劃 The service provider shall create, implement and maintain a service continuity plan(s) and an availability plan(s).
The service continuity plan(s) shall include at least:
a) procedures to be implemented in the event of a major loss of service, or reference to them;
b) availability targets when the plan is invoked;
c) recovery requirements;
d) approach for the return to normal working conditions.
The service continuity plan(s), contact lists and the CMDB shall be accessible when access to normal service locations is prevented.
The availability plan(s) shall include at least availability requirements and targets.
NOTE The service continuity plan(s) and availability plan(s) can be combined into one document. 服務(wù)提供者應(yīng)建立、實施和維護服務(wù)連續(xù)性計劃和可用性計劃。
服務(wù)連續(xù)性計劃至少應(yīng)包括:
a) 服務(wù)重大損失情況下執(zhí)行的程序,或引用的程序;
b) 當計劃被啟用時的可用性目標;
c) 恢復(fù)要求;
d) 恢復(fù)到正常工作環(huán)境的方法。
當訪問正常的服務(wù)地點受阻時,應(yīng)能訪問到服務(wù)連續(xù)性計劃、聯(lián)系人名單和CMDB。
可用性計劃至少應(yīng)包括可用性需求和目標。
注:服務(wù)連續(xù)性計劃和可用性計劃可以合并為一個文件。 Availability and service continuity plans shall be developed and reviewed at least annually to ensure that requirements are met as agreed in all circumstances from normal through to a major loss of service. These plans shall be maintained to ensure that they reflect agreed changes required by the business.
Service continuity plans, contact lists and the configuration management database shall be available when normal office access is prevented. The service continuity plan shall include the return to normal working. ISO20000:2011版標準明確了持續(xù)性計劃和可用性計劃的具體內(nèi)容。
ISO20000:2011版刪除了“至少每年”對持續(xù)性和可用性計劃進行評審的要求。 服務(wù)連續(xù)性與可用性的監(jiān)控與測試 Availability of services shall be monitored, the results recorded and compared with agreed targets. Unplanned non-availability shall be investigated and necessary actions taken.
Service continuity plans shall be tested against the service continuity requirements.
Availability plans shall be tested against the availability requirements. Service continuity and availability plans shall be re-tested after major changes to the service environment in which the service provider operates.
The results of the tests shall be recorded. Reviews shall be conducted after each test and after the service continuity plan has been invoked. Where deficiencies are found, the service provider shall take necessary actions and report on the actions taken. 應(yīng)監(jiān)控服務(wù)的可用性,記錄其結(jié)果并與協(xié)商確定的目標進行比較。應(yīng)調(diào)查非計劃性的不可用并采取必要的行動。
應(yīng)依據(jù)服務(wù)連續(xù)性需求來測試服務(wù)連續(xù)性計劃。應(yīng)依據(jù)可用性需求來測試可用性計劃。在服務(wù)提供者運營的服務(wù)環(huán)境發(fā)生重大變更后,應(yīng)重新測試服務(wù)連續(xù)性與可用性計劃。
應(yīng)記錄測試結(jié)果。在每次測試之后和啟用服務(wù)連續(xù)性計劃之后,應(yīng)進行回顧。發(fā)現(xiàn)不足時,服務(wù)提供者應(yīng)采取必要的行動并報告所采取的行動。 Availability shall be measured and recorded. Unplanned non-availability shall be investigated and appropriate actions taken.
The service continuity plan shall be tested in accordance with business needs.
All continuity tests shall be recorded and test failures shall be formulated into action plans. 新舊版本的要求基本一致,但ISO20000:2011版明確提出“在每次測試之后和啟用服務(wù)連續(xù)性計劃之后,應(yīng)進行回顧”的要求。 與變更管理流程的關(guān)系 Changes to these plans shall be controlled by the change management process.
The service provider shall assess the impact of requests for change on the service continuity plan(s) and the availability plan(s). 這些計劃的變更應(yīng)在變更管理流程的控制之下。
服務(wù)提供者應(yīng)評估變更請求對服務(wù)連續(xù)性計劃和可用性計劃的影響。 The availability and service continuity plans shall be re-tested at every major change to the business environment.
The change management process shall assess the impact of any change on the availability and service continuity plan. 新舊版本要求基本一致。
共有條評論 網(wǎng)友評論