Случайная страница | ТОМ-1 | ТОМ-2 | ТОМ-3 Архитектура Биология География Другое Иностранные языки Информатика История Культура Литература Математика Медицина Механика Образование Охрана труда Педагогика Политика Право Программирование Психология Религия Социология Спорт Строительство Физика Философия Финансы Химия Экология Экономика Электроника

Standards

Standard s exist because a widely recognized governing body, in most cases a governing body with worldwide scope, has agreed on a specific set of principles or protocols and published them for everyone to use. Standards are usually set by committees working under various trade and international organizations.

Some standards govern technical specification s that profoundly impact our daily lives. Without standards we would be unable to plug in appliances, make phone calls, send faxes, connect computers together, or even buy groceries in most developed countries. Examples of these international technical governing bodies are the ITU (International Telecommunications Union) and the IEEE (Institute of Electrical and Electronics Engineers). Other less technical standards define what activities should be implemented and often add a code of practice to determine what level these activities should achieve. The most prevalent and highly visible international standards body in this area is the ISO (International Standards Organization) which boasts member organizations in every developed country in the world. In the world of ITSM it is the ISO that creates the standards. The ISO operates in Europe in conjunction with the IEC (International Electrotechnical Commission), therefore, the correct nomenclature for the international standards is: ISO/IEC xxxxx. This standard number is often followed by the year it was issued. This serves as the version of the standard. The most important standards applying to the world of ITSM are:

• ISO/IEC 20000:2005 promotes the adoption of an integrated process approach to effectively deliver managed services to meet business and customer requirements. For an organization to function effectively it has to identify and manage numerous linked activities. Coordinated integration and implementation of the service management processes provides the ongoing control, greater efficiency and opportunities for continual improvement. (ISO). ISO/IEC 20000 is based on the ITIL service management processes.
• ISO/IEC 27001:2005 covers all types of organization s and specifies the requirement s for establishing, implementing, operating, monitoring, review ing, maintaining and improving a documented Information Security Management System within the context of the organization’s overall business risk s. It specifies requirements for the implementation of security control s customized to the needs of individual organizations or parts thereof. It is designed to ensure the selection of adequate and proportionate security controls that protect information asset s and give confidence to interested parties.
• ISO/IEC 17799:2005 establishes guideline s and general principles for initiating, implementing, maintaining and improving Information Security Management in an organization. The objective s outlined provide general guidance on the commonly accepted goals of Information Security Management. The control objectives and controls in ISO/IEC 17799:2005 are intended to be implemented to meet the requirements identified by a risk assessment. ISO/IEC 17799:2005 is intended as a common basis and practical guideline for developing organizational security standards and effective Security Management practice s, and to help build confidence in inter-organizational activities.
• ISO/IEC 15504 (also known as SPICE – Software Process Improvement and Capability dEtermination) provides a framework for the assessment of process capability. This framework can be used by organizations involved in planning, managing, monitoring, controlling and improving the acquisition, supply, development, operation, evolution and support of products and service s. It is also intended for use by assessors in the performance of process assessment, and by organizations involved in the development of process reference models, process assessment models or process assessment processes.
• ISO/IEC 19770:2006 has been developed to enable an organization to prove that it is performing software asset management (SAM) to a standard sufficient to satisfy corporate governance requirements and ensure effective support for IT service management overall. ISO/IEC 19770:2006 is intended to align closely to, and to support, ISO/IEC 20000. Good practice in SAM should result in several benefits, and certifiable good practice should allow management and other organizations to place reliance on the adequacy of these processes. The expected benefits should be achieved with a high degree of confidence.

An individual can be accredited as an ISO auditor. Organizations can be audited against an ISO standard. If the audit is passed successfully, that organization is ‘ISO xxxxx Certified’.

Дата добавления: 2015-10-02; просмотров: 86 | Нарушение авторских прав