ISO/IEC 20000-2:2012 pdf free.Information technology — Service management — Part 2: Guidance on the application of service management systems.
ISO/IEC 20000-2:2012 provides guidance on the application of service management systems (SMS) based on the requirements in ISO/IEC 20000-1.
ISO/IEC 20000-2:2012 enables organizations and individuals to interpret ISO/IEC 20000-1 more accurately, and therefore to use it more effectively. The guidance includes examples and suggestions to enable organizations to interpret and apply ISO/IEC 20000-1, including references to other parts of ISO/IEC 20000 and other relevant standards.
This includes guidance on the use of an SMS for the planning, design, transition, delivery and improvement of the SMS and services. At a minimum this includes service management policies, objectives, plans, service management processes, process interfaces, documentation and resources. The SMS provides ongoing control, greater effectiveness, efficiency and opportunities for continual improvement of service management and of services. It enables an organization to work effectively with a shared vision.
There should be evidence of an acceptance procedure for documents in accordance with the roles and responsibilities for documents defined in the SMS.
The service provider should also understand that documents, such as SLAs, policies and plans, can be interdependent, e.g. an information security policy defining what information can be stored on mobile devices or a server that supports the delivery of an email service. These interdependencies should be understood and managed when changes are made to documents.
Records, which show what has actually been done or what has happened, do not always require an acceptance procedure, e.g. an incident record. An incident record should be updated as the incident is progressed to closure. To operate an acceptance procedure each time an incident record is updated would cause unacceptable delays in the resolution of incidents.
NOTE: Documents and records need not be unique to the SMS. Provided they meet the requirements of ISO/IEC 20000-1, they may also cover the requirements of standards such as ISO 9001 or ISO/IEC 27001.
4.3.3 Control of records
Records associated with the SMS should be aligned to the requirements of ISO/IEC 20000-1, statutory and regulatory requirements and contractual obligations. For example, retention of records, archival and disposal practices. Records that should be retained include the record of document reviews and the tracking of review comments to resolution. These requirements and obligations should influence the design of the SMS.
Any conflicts between the statutory and regulatory requirements or contractual obligations and the requirements of ISO/IEC 20000-1, should be resolved. This should apply to all records that are created and used as part of the SMS. This includes but is not limited to documentation, logs and database records, known error records, CIs, incident records and request for change records.
Records established to provide evidence of conformity to requirements and of the effective operation of the SMS should be controlled. The organization should establish a documented procedure to define the controls needed for the identification, storage, protection, retrieval, retention and disposition of records. Records should remain legible, readily identifiable and retrievable.ISO/IEC 20000-2 pdf download.
NOTE: Further information on record management can be found in ISO/IEC 15489-1.