企業如何因應ISO/IEC 20000改版之研究-以證券業為例 / A moving plan for a corporation to adapt the new edition of ISO/IEC 20000:2011: a case study in securities industry.

梁維誠, Liang, Vincent

Unknown Date

企業應隨著資訊科技進步，必須跟上資訊科技改變服務策略的趨勢，更要知道如何善用資訊科技，成為自身的優勢，才能在一波波新的科技浪潮中免於被吞噬的命運。 本研究對於資訊治理相關ITIL與ISO/IEC 20000進行相關文獻的探討蒐集，歸納過去研究的重點，並對於ISO於2011年發行新版ISO/IEC 20000:2011驗證，企業或組織面臨版本轉換的考驗做一探討，整理企業應透過哪些步驟修改才能夠符合改版後的ISO/IEC 20000:2011。 研究透過相關文獻與統計資料了解目前ITIL與ISO/IEC 20000的現況與台灣企業目前通過驗證的狀況，對於其版本差異進行分析研究，提出企業轉版規劃建議，並以實際個案公司(證券業)為例，對於如何調整規劃以轉換至2011版本提供一個具體可行方案。 企業從ISO/IEC 20000:2005轉換到ISO/IEC 20000:2011，因為已有舊版導入經驗，所以取得新版驗證不算困難，但是取得ISO/IEC 20000:2011驗證的組織，並非一定能讓資訊服務與業務策略緊密結合，因為ISO/IEC 20000:2011新版條文，對於服務策略部分，並沒有ITIL V3的策略發想、服務組合管理及需求管理等服務策略管理流程要求。 通過 ISO/IEC 20000:2011，必須先建立ITIL V3與ISO/IEC 20000:2011對應的管理流程，再以ISO/IEC 20000:2011為檢核方式作為組織提供資訊服務的能力與效度之驗證，最後參考ITIL V3新增的管理流程及資訊功能，補強ISO/IEC:20000:2011不足之處，才能夠由業務策略出發結合服務流程運用資訊科技提昇組織整體對外競爭力。 由於資訊科技日新月異，建議已經通過ISO/IEC 20000:2011的組織，應隨時關注ITIL版本更新，參考新增的部分強化管理流程，以彌補資訊科技演進快速，管理跟不上腳步的困境；企業不應只以取得 ISO/IEC 20000:2011驗證自滿，對於新資訊科技改變服務流程也應建立管理評估標準，以PDCA的方法論持續改善，達到真正資訊治理的目標。 / It is necessary for corporations to follow the progress of information technology, to catch up with the changing trends service strategies, and to transform the information technology to become their advantages so that they will be saved from the fate of being devoured by the continuous new waves of technology. This research includes providing literature review with respect to information governance targeting on Information Technology Infrastructure Library (ITIL) and ISO/IEC 20000, summarizing previous research works, studying the challenges that the corporations or organizations facing when moving to the new edition of ISO/IEC 20000:2011, and analyzing the steps that the corporations should take in order to be certified under the new edition. This research surveys the current conditions of the certified companies in Taiwan under ITIL and ISO/IEC 20000 based on related literatures and statistical data. The research further analyzes the differences between editions and proposes a moving plan to the new edition. The moving plan is illustrated in a case study in securities industry with a tangible and executable solution of adjustment planning. It is not difficult for corporations to move from ISO/IEC 20000:2005 to ISO/IEC 20000:2011 because of the experiences of introducing prior edition into the organizations. However, for organizations that pass the certification of ISO/IEC 20000:2011, it is not always the case to integrate information services and business model tightly. The problem occurs because there are no specific requirements documented in the new edition regarding service strategy management processes such as strategy generation, service portfolio management, and demand management specified in ITIL V3. In order to be certified by ISO/IEC 20000:2011, the corporations first have to establish corresponding management processes between ITIL V3 and ISO/IEC 20000:2011. Secondly, the corporations have to verify the capability and effectiveness of providing information services within the organizations by using the ISO/IEC 20000:2011 as an auditing tool. Lastly, the corporations have to reinforce the missing part of the ISO/IEC 20000:2011 by considering the newly added management process and information functions in ITIL V3 and integrate service process from business model. Thus can promote competitive strength across the organizations This research suggests that in order to catch up the fast pace of the technology evolution and to manage the situation of falling behind, the certified organizations should pay attention to the updates of ITIL, and consider the new additions to strengthen management processes. The corporations should not be only satisfied on passing the certification of ISO/IEC 20000:2011 but also to establish management evaluation standards for the changing service processes caused by new information technology. The corporations also should keep improving according to the PDCA methodology in order to reach the goal of real IT governance.

資訊治理

ISO/IEC 20000:2011

ITIL

ISO 20000

IT Governance

ISO/IEC 20000:2011

ITIL

ISO 20000

Modelo de aporte de valor de la implantación de un sistema de gestión de servicios de TI (SGSIT), basado en los requisitos de la norma ISO/IEC 20000

BAUSET CARBONELL, MARÍA DEL CARMEN

13 July 2012

El presente trabajo de investigación tiene como objetivo analizar en qué medida una organización, al satisfacer los requisitos de la norma ISO/IEC 20000-1:2005 y obtener su certificación, aporta valor a la propia organización desde el punto de vista de la gestión de los servicios de TI. Esta tesis se ha desarrollado con el objetivo de proporcionar un modelo de referencia a cualquier organización, que necesite medir el aporte de valor de los servicios de tecnología de la organización. Los fundamentos de la investigación incluyen un análisis desde dos perspectivas claramente diferenciadas, es decir, un enfoque más tradicional orientado a definir instrumentos de medida de ayuda al autodiagnóstico en el campo de la creación de valor de la tecnología de la información, y otro enfoque más innovador relacionado con los marcos de trabajo de gestión de TI como ITIL, considerado como un estándar de �facto� aplicable a cualquier modelo empresarial, y la norma ISO/IEC 20000. El modelo ha permitido contrastar empíricamente los factores directos e indirectos que pueden estar relacionados con el aporte de valor de los servicios de TI, considerándose para ello factores tangibles e intangibles como la eficiencia en la provisión de los servicios de TI, soporte de la prestación de los servicios de TI, control sobre los servicios, eficiencia en la gestión de los proveedores y satisfacción de los clientes. Todo ello, se ha aplicado sobre los más de 90 servicios de TI de INDRA, consultora tecnológica de ámbito internacional, facilitando la aplicación de dicho modelo información estratégica para la dirección de sistemas internos de la organización, convirtiéndose en una herramienta de apoyo a la toma de decisiones. / Bauset Carbonell, MDC. (2012). Modelo de aporte de valor de la implantación de un sistema de gestión de servicios de TI (SGSIT), basado en los requisitos de la norma ISO/IEC 20000 [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/16546 / Palancia

Gestión servicios ti

Aporte valor

Itil

Iso/iec 20000

Sgsti

ORGANIZACION DE EMPRESAS

Návrh procesů pro společnost poskytující IT služby s ohledem na ISMS a ITSM / Draft of Processes for IT Outsourcing Company Considering ISMS and ITSM

Haller, Martin

January 2012

The goal of this diploma thesis is to design processes for existing ICT company mainly providing services. This work contains models of the designed processes and proposes convenient information system. All the designed processes are evaluated against ISO/IEC 27000 and ISO/IEC 20000 standards.

Stanovení zásad systému managementu informatiky kompatibilního s ISO 9001:2008 pro malé IS/IT neintenzivní podniky / ISO 9001:2008 compatible IT Management System Specification for IS/IT Non-intensive Small Businesses

Lozan, Petr

January 2012

Information systems and technologies (IT) are ubiquitous and play a significant role in everyday life of people and enterprises. Even the smallest organisations need to be sure, that their information systems are working properly, appropriately support their operations, are cost-effective and comply with regulations and other requirements. The service-based management approach to management of enterprise IT is the most promoted and widely used. But what if this approach is not equally suitable for enterprises of all sizes? This thesis presents an alternative approach to IT management, directly built on requirements of well-known International Standard ISO 9001:2008. For many people who know and understand ISO 9001 and its requirements, it should be easier to use their knowledge about management of quality for managing of IT than learn and implement IT service management and -- probably -- try to find out how to scale service management down to the environment of limited resources which is typical for small businesses. Author describes ISO 9001 as universal management system model and investigates requirements of ISO 9001:2008 related to information technology. Then attention is aimed to existing International Standards for various aspects of IT governance and management. Text describes main content of ISO/IEC 38500 for IT Governance, ISO/IEC 20000 for service management, selected standards from ISO/IEC 27000 series for information security management and ISO/IEC 19770-1 for software asset management. Next chapter shows mainly approach of COBIT5 and COBIT solutions suitable for small businesses -- COBIT Quickstart and COBIT Security Baseline. Last part of text explains, how ISO 9001:2008 was used and adapted to create the main subject of this thesis -- ISO 9001:2008 compatible IT Management System Specification for IS/IT Non-intensive Small Businesses.