1、 Reference number ISO/IEC TS 15504-8:2012(E) ISO/IEC 2012TECHNICAL SPECIFICATION ISO/IEC TS 15504-8 First edition 2012-09-15Information technology Process assessment Part 8: An exemplar process assessment model for IT service management Technologies de linformation valuation des procds Partie 8: Un
2、modle dvaluation des procds exemplaire pour le management des services IT ISO/IEC TS 15504-8:2012(E) COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2012 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechani
3、cal, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.o
4、rg Published in Switzerland ii ISO/IEC 2012 All rights reservedISO/IEC TS 15504-8:2012(E) ISO/IEC 2012 All rights reserved iiiContents Page Foreword . v Introduction vi 1 Scope 1 2 Normative references 2 3 Terms and definitions . 2 4 Overview of the exemplar Process Assessment Model 2 4.1 Introducti
5、on to Overview 2 4.2 Structure of the exemplar Process Assessment Model 3 4.2.1 Processes . 4 4.2.2 Process dimension 5 4.2.3 Capability dimension 5 4.3 Assessment Indicators . 6 4.3.1 Process Capability Indicators 8 4.3.2 Process Performance Indicators . 9 4.4 Measuring process capability 10 5 The
6、process dimension and process performance indicators (Level 1) . 11 5.1 General . 11 5.2 CON.1 Change management 12 5.3 CON.2 Configuration management 13 5.4 CON.3 Release and deployment management . 14 5.5 DTR.1 Service requirements 15 5.6 DTR.2 Service design 16 5.7 DTR.3 Service transition . 16 5
7、.8 DTR.4 Service planning 17 5.9 REL.1 Business relationship management. 18 5.10 REL.2 Supplier management 20 5.11 RES.1 Incident management 21 5.12 RES.2 Service request management . 21 5.13 RES.3 Problem management . 22 5.14 SDE.1 Budgeting and accounting for IT services 23 5.15 SDE.2 Capacity man
8、agement . 24 5.16 SDE.3 Information security management . 25 5.17 SDE.4 Service availability management 26 5.18 SDE.5 Service continuity management . 27 5.19 SDE.6 Service level management 28 5.20 SDE.7 Service reporting 28 5.21 SMS.1 Audit 29 5.22 SMS.2 Improvement 30 5.23 SMS.3 Information item ma
9、nagement . 31 5.24 SMS.4 Management review. 32 5.25 SMS.5 Resource management . 34 5.26 SMS.6 Risk management 34 5.27 SMS.7 Service measurement . 35 5.28 SMS.8 SMS Establishment and improvement 36 5.29 SMS.9 SMS Implementation and operation 37 6 Process capability indicators (Level 1 to 5) . 38 6.1
10、Level 1: Performed process . 39 6.1.1 PA 1.1 Process performance attribute. . 39 6.2 Level 2: Managed process 39 ISO/IEC TS 15504-8:2012(E) iv ISO/IEC 2012 All rights reserved6.2.1 PA 2.1 Performance management attribute 39 6.2.2 PA 2.2 Work product management attribute .42 6.3 Level 3: Established
11、process .44 6.3.1 PA 3.1 Process definition attribute 44 6.3.2 PA 3.2 Process deployment attribute 46 6.4 Level 4: Predictable process 48 6.4.1 PA 4.1 Process measurement attribute .49 6.4.2 PA 4.2 Process control attribute 51 6.5 Level 5: Optimizing process .53 6.5.1 PA 5.1 Process innovation attri
12、bute 53 6.5.2 PA 5.2 Process optimization attribute .55 6.6 Related Processes for Process Attributes 57 Annex A (informative) Conformity of the exemplar Process Assessment Model .58 Annex B (informative) Input and output characteristics .65 Annex C (informative) Process Capability for ISO/IEC 20000-
13、1 requirements. 101 Bibliography . 204 ISO/IEC TS 15504-8:2012(E) ISO/IEC 2012 All rights reserved vForeword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies tha
14、t are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other interna
15、tional organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules given in
16、 the ISO/IEC Directives, Part 2. The main task of the joint technical committee is to prepare International Standards. Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at
17、 least 75 % of the national bodies casting a vote. In other circumstances, particularly when there is an urgent market requirement for such documents, the joint technical committee may decide to publish an ISO/IEC Technical Specification (ISO/IEC TS), which represents an agreement between the member
18、s of the joint technical committee and is accepted for publication if it is approved by 2/3 of the members of the committee casting a vote. An ISO/IEC TS is reviewed after three years in order to decide whether it will be confirmed for a further three years, revised to become an International Standa
19、rd, or withdrawn. If the ISO/IEC TS is confirmed, it is reviewed again after a further three years, at which time it must either be transformed into an International Standard or be withdrawn. Attention is drawn to the possibility that some of the elements of this document may be the subject of paten
20、t rights. ISO shall not be held responsible for identifying any or all such patent rights. ISO/IEC TS 15504-8:2012 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 7, Software and systems engineering. ISO/IEC TS 15504-8 consists of the following parts,
21、 under the general title Information technology Process assessment: Part 1: Concepts and vocabulary Part 2: Performing an assessment Part 3: Guidance on performing an assessment Part 4: Guidance on use for process improvement and process capability determination Part 5: An exemplar software life cyc
22、le process assessment model Part 6: An exemplar system life cycle process assessment model Part 7: Assessment of organizational maturity Technical Report Part 8: An exemplar process assessment model for IT service management Technical Specification Part 9: Target process profiles Technical Specifica
23、tion Part 10: Safety extension Technical Specification ISO/IEC TS 15504-8:2012(E) vi ISO/IEC 2012 All rights reservedIntroduction This part of ISO/IEC 15504 provides an example of an IT Service Management Process Assessment Model (PAM) for use in performing a conformant assessment in accordance with
24、 the requirements of ISO/IEC 15504-2. It enables implemented processes of ISO/IEC 20000-4 to be assessed according to the requirements of ISO/IEC 15504-2. An integral part of conducting an assessment is to use a Process Assessment Model (PAM) that is constructed for that purpose. A PAM is related to
25、 a Process Reference Model (PRM) and is conformant with ISO/IEC 15504-2. ISO/IEC 15504-2 sets out the minimum requirements for performing an assessment in order to ensure consistency and repeatability of the ratings. ISO/IEC 15504-2 addresses the assessment of process and the application of process
26、assessment for improvement and capability determination. Results of conformant process assessments may be compared when the scopes of the assessments are considered to be similar. The requirements for process assessment defined in ISO/IEC 15504-2 form a structure which: a) facilitates self-assessmen
27、t; b) provides a basis for use in process improvement and capability determination; c) takes into account the context in which the assessed process is implemented; d) produces a process rating; e) addresses the ability of the process to achieve its purpose; f) is applicable across all application do
28、mains and sizes of organization; g) may provide an objective benchmark between organizations. The PRM defined in ISO/IEC TR 20000-4 has been used as the basis for the PAM in this part of ISO/IEC 15504. The relationship between ISO/IEC 20000-1, ISO/IEC TR 20000-4 and ISO/IEC 15504-2 is shown in Figur
29、e 1. ISO/IEC 20000-1 Service Management System Requirements ISO/IEC TR 24774 - Guidelines for process definition Figure 1 Relationship between ISO/IEC 20000-1, ISO/IEC TR 20000-4 and ISO/IEC 15504-2 ISO/IEC TR 20000-4 Service Management Process Reference Model informs Provides processes to support C
30、apability of processes is assessed by ISO/IEC 15504-2 Performing an Assessment ISO/IEC TS 15504-8 An exemplar process assessment model for IT service management ISO/IEC TS 15504-8:2012(E) ISO/IEC 2012 All rights reserved viiAny organisation may use processes with additional elements in order to suit
31、 it to the environment and circumstances. The Process Reference Model (PRM) that is the basis for this Process Assessment Model is ISO/IEC 20000-4:2010. This PRM may not be fully aligned with ISO/IEC 20000-1:2011 as it was developed to align to ISO/IEC 20000-1:2005. A revised PRM aligned to ISO/IEC
32、20000-1:2011 is being developed and it is expected that this revised PRM will address and resolve these identified incompatibilities. Due to the development status of this PRM, it is known to be unverified and subject to change in the future. This PAM contains a set of indicators to be considered wh
33、en interpreting the intent of its PRM. It provides greater detail to indicate process performance and capability. The indicators may also be used when implementing a process improvement program or to help evaluate and select an assessment model, method, methodology or tools. As an exemplar, this PAM
34、 embodies the core characteristics that could be expected of any PAM consistent with ISO/IEC 15504-2. Nevertheless any other PAMs meeting the requirements of ISO/IEC 15504-2 may be used in a conformant assessment. This Part of ISO/IEC 15504 has a similar structure to ISO/IEC 15504 Parts 5 and 6. It
35、may be used in conjunction with them for joint assessment of service management processes and system/software life cycle processes. Within this part of ISO/IEC 15504: clause 4 provides a detailed description of the structure and key components of a PAM, which includes two dimensions: a process dimen
36、sion and a capability dimension. Assessment indicators are introduced in this clause; clause 5 addresses the process dimension. It uses process definitions from ISO/IEC TR 20000-4 to designate the PRM. The processes of the PRM are described in the PAM in terms of purpose and outcomes. The PAM expand
37、s the PRM process definitions by including a set of process performance indicators called base practices for each process. The PAM also defines a second set of indicators of process performance by associating inputs and outputs with each process. Clause 5 is also linked directly to Annex B, which de
38、fines the inputs/outputs characteristics; clause 6 addresses the capability dimension. It duplicates the definitions of the capability levels and process attributes from ISO/IEC 15504-2, and expands each of the nine attributes through the inclusion of a set of generic practices. These generic practi
39、ces belong to a set of indicators of process capability, in association with generic resource indicators, and generic inputs/outputs indicators. Annex B is also linked directly to Clause 6 as it defines the inputs/outputs characteristics; Annex A provides a statement of conformance of the PAM to the
40、 requirements defined in ISO/IEC 15504-2; Annexes B provides selected characteristics for typical inputs/outputs to assist the assessor in evaluating the capability level of processes; Annex C contains a capability process profile linking the requirements of ISO/IEC 20000-1 to base practices and inf
41、ormation items; the Bibliography contains a list of informative references. TECHNICAL SPECIFICATION ISO/IEC TS 15504-8:2012(E) ISO/IEC 2012 All rights reserved 1Information technology Process assessment Part 8: An exemplar process assessment model for IT service management 1 Scope This part of ISO/I
42、EC 15504: defines an exemplar PAM that meets the requirements of ISO/IEC 15504-2 and that supports the performance of an assessment by providing indicators for guidance on the interpretation of the process purposes and outcomes as defined in ISO/IEC TR 20000-4 and the process attributes as defined i
43、n ISO/IEC 15504-2; provides guidance, by example, on the definition, selection and use of assessment indicators. A PAM comprises a set of indicators of process performance and process capability. The indicators are used as a basis for collecting the objective evidence that enables an assessor to ass
44、ign ratings. The set of indicators included in this part of ISO/IEC 15504 is not intended to be an all-inclusive set nor is it intended to be applicable in its entirety. Subsets that are appropriate to the context and scope of the assessment should be selected, and possibly augmented with additional
45、 indicators (see Annex C). The PAM in this part of ISO/IEC 15504 is directed at assessment sponsors and competent assessors who wish to select a model, and associated documented process method, for assessment (for either capability determination or process improvement). Additionally it may be of use
46、 to developers of assessment models in the construction of their own model, by providing examples of good service management practices. It can be used by: a) service providers to assess and improve a Service Management System (SMS), including processes, for the design, development, transition and de
47、livery of services that fulfil service requirements; b) organizations that are seeking services from service providers and requiring assurance that their service requirements will be fulfilled; c) service providers to demonstrate their capability for the design, development, transition and delivery
48、of services that fulfil service requirements. Any PAM meeting the requirements defined in ISO/IEC 15504-2 concerning models for process assessment may be used for assessment. Different models and methods may be needed to address differing business needs. The assessment model in this part of ISO/IEC
49、15504 is provided as an exemplar of a model meeting all the requirements expressed in ISO/IEC 15504-2. The scope of this Part of ISO/IEC 15504 is consistent with the scope of Part 5 and 6 of ISO/IEC 15504 in order to assist situations where assessment is being made of both service management and system/software life cycle processes. ISO/IEC TS 15504-8:2012(E) 2 ISO/IEC 2012 All rights reservedNOTE: Copyright release for the Exemplar PAM: Users of this part of ISO/IEC 15504 may fr
