ISO20000新舊版標準差異概述

　　差異點 說明 新增部分 ISO20000:1-2011 版新增了“建立變更管理策略”的要求;

　　ISO20000:1-2011 版要求所有的變更應提交變更請求;

　　ISO20000:1-2011 版新增了“變更的開發和測試”的要求。 優化與完善部分

　　ISO20000:1-2011 版明確提出了變更管理的范圍，而 ISO20000:1-2005 版相對模糊;

　　ISO20000:1-2011 版強調要與客戶要就“緊急變更的定義”達成一致;

　　ISO20000:1-2011 版強調變更實施后要更新 CMDB 記錄;

　　對變更請求的分類要求上，ISO20000:1-2011 新版標準去除了 ISO20000:1-2005 版的分類舉例說明(緊迫、緊急、重大、輕微);

　　對變更請求的評估標準方面，ISO20000:1-2011 新版標準，除“風險、影響和業務利益”外，增加了“服務要求、技術可行性和財務影響”等三個方面。

　　ISO20000新舊版標準變化度

　　ISO20000:1-2011 版本 控制點 ISO20000:1-2005 版本 控制點 變化度 9.2 變更管理 24 9.2 變更管理 14 4

　　說明：變化度是指新版標準該條款相對舊版標準要求的變化程度，按分值計量，5 分指變化程度最大，0 分指沒有變化。

　　ISO20000新舊版標準差異分析

　　ISO20000:1-2011版 ISO20000:1-2005版 差異分析 變更范圍 A change management policy shall be established that defines:

　　a) CIs which are under the control of change management;

　　b) criteria to determine changes with potential to have a major impact on services or the customer.

　　Removal of a service shall be classified as a change to a service with the potential to have a major impact.

　　Transfer of a service from the service provider to the customer or a different party shall be classified as a change with potential to have a major impact.

　　Requests for change classified as having the potential to have a major impact on the services or the customer shall be managed using the design and transition of new or changed services process.

　　All other requests for change to CIs defined in the change management policy shall be managed using the change management process. 應建立變更管理策略，以定義：

　　a) 變更管理控制下的CI;

　　b) 對服務或客戶有潛在重大影響的變更的判斷標準。

　　服務的撤銷應歸類為對服務有潛在的重大影響的變更。

　　將服務從服務提供者轉移到客戶或不同方應被歸類為對服務有潛在的重大影響的變更。

　　對服務或客戶有潛在重大影響的變更請求應通過設計和轉換新或變更的服務流程進行管理。

　　變更管理策略中定義的CI 的所有其他變更請求應采用變更管理流程進行管理。 Service and infrastructure changes shall have a clearly defined and documented scope. ISO20000:1-2011版對變更管理的范圍有了更清晰的描述

　　ISO20000:1-2011版新增了“應建立變更管理策略”的要求，并提出了具體的要求。 變更請求的管理 There shall be a documented procedure to record, classify, assess and approve requests for change.

　　All changes to a service or service component shall be raised using a request for change. Requests for change shall have a defined scope.

　　All requests for change shall be recorded and classified.

　　Requests for change shall be assessed using information from the change management process and other processes.

　　The service provider and interested parties shall make decisions on the acceptance of requests for change.

　　Decision-making shall take into consideration the risks, the potential impacts to services and the customer, service requirements, business benefits, technical feasibility and financial impact. 應有文件化的程序以記錄、分類、評估和批準變更請求。

　　對服務或服務組件的所有變更應通過變更請求發起。變更請求應有明確的范圍。

　　所有的變更請求應被記錄和分類。

　　變更請求應采用來自變更管理流程和其他流程的信息進行評估。

　　服務提供者和利益相關方應對變更請求是否接受做出決策。決策應考慮風險、對服務和客戶的潛在影響、服務需求、業務利益、技術可行性和財務影響。 All requests for change shall be recorded and classified, e.g. urgent, emergency, major, minor.

　　Requests for changes shall be assessed for their risk, impact and business benefit.

　　ISO20000:1-2011版明確要求應有文件化的變更請求管理程序。

　　ISO20000:1-2011版要求所有的變更應提交變更請求。

　　新舊版對所有變更請求都要求被記錄與分類。

　　在變更請求的分類要求上，ISO20000:1-2011版去掉了ISO20000:1-2005版的分類舉例說明(緊迫、緊急、重大、輕微)等內容。

　　對變更請求的評估標準方面，ISO20000:1-2011版除“風險、影響和業務利益”外，增加了“服務要求、術可行性和財務影響”等三個方面的評估要素。

　　變更的實施 Approved changes shall be developed and tested.

　　A schedule of change containing details of the approved changes and their proposed deployment dates shall be established and communicated to interested parties.

　　The schedule of change shall be used as the basis for planning the deployment of releases.

　　The activities required to reverse or remedy an unsuccessful change shall be planned and, where possible, tested. The change shall be reversed or remedied if unsuccessful. 經批準的變更應被構建和測試。

　　應建立變更日程安排，內容包含被批準實施的變更詳細信息及其建議的實施日期，并與利益相關方進行溝通。變更日程安排應作為發布部署計劃的基礎。

　　應計劃在回退或補救不成功的變更時所必需的活動，可能的話，應進行測試。如果變更不成功，應進行變更回退或補救。 Changes shall be approved and then checked, and shall be implemented in a controlled manner.

　　The scheduled implementation dates of changes shall be used as the basis for change and release scheduling. A schedule that contains details of all the changes approved for implementation and their proposed implementation dates shall be maintained and communicated to relevant parties.

　　The change management process shall include the manner in which the change shall be reversed or remedied if unsuccessful. ISO20000:1-2011版增加了“通過批準的變更應被構建和測試”的要求。

　　關于變更的日程安排、不成功變更的回退或修復等方面的要求，新舊版本要求基本一致。 變更的回顧 Unsuccessful changes shall be investigated and agreed actions taken.

　　The service provider shall review changes for effectiveness and take actions agreed with interested parties.

　　Requests for change shall be analysed at planned intervals to detect trends.

　　The results and conclusions drawn from the analysis shall be recorded and reviewed to identify opportunities for improvement. 應調查不成功的變更并采取經協商確定的行動。

　　服務提供者應評審變更的有效性，并與相關方協商確定實施的行動。

　　應按照計劃的時間間隔分析變更請求，識別趨勢。分析所得的結果和結論應被記錄和回顧以能發現改進機會。 All changes shall be reviewed for success and any actions taken after implementation.

　　Change records shall be analysed regularly to detect increasing levels of changes, frequently recurring types, emerging trends and other relevant information. The results and conclusions drawn from change analysis shall be recorded. 關于變更回顧，新舊版標準要求基本一致。 緊急變更 The service provider shall document and agree with the customer the definition of an emergency change.

　　There shall be a documented procedure for managing emergency changes. 服務提供者應記錄和與客戶協商確定緊急變更的定義。

　　應有文件化的程序用于管理緊急變更。 There shall be policies and procedures to control the authorization and implementation of emergency changes. ISO20000:1-2011版強調要與客戶就“緊急變更的定義”達成一致。 與CMDB的關系 The CMDB records shall be updated following the successful deployment of changes. 變更成功部署后，應隨之更新CMDB記錄。 無 ISO20000:1-2011版強調變更實施后要更新CMDB記錄。 流程的改進 無 - Actions for improvement identified from change management shall be recorded and input into a plan for improving the service. ISO20000:1-2005版要求應記錄本流程定義的改進措施，并輸入服務改進計劃。

　　雖然ISO20000:1-2011版中去除此要求，但是在標準引言部分中已經明確提出了“將PDCA方法應用于SMS中，包括服務管理流程和服務”，故在此不再要求。