对于知道如何处理数据的企业来说，只要采用恰当的策略释放数据潜力，就能从数据和承载数据的云端中收获近乎无限的价值。得益于ISO/IEC的信息技术服务管理标准，Orange Business Services公司能够帮助客户将数据转变成真正的业务资产。
Orange Business Services就是这样一家公司。作为Orange集团下的B2B服务型分公司，这家全球ICT供应商的客户总数达2.6亿，分布于28个国家，年销售收入410亿欧元，力争成为“数据之旅”的领头羊。它全程支持组织的数字化转型，向客户提供数据收集、传输、安全、存储、处理、分析、共享和价值创造等方面的专业技能。要提供范围如此广泛的支持，Orange Business Services就需要在全球适用的公司治理模型下运行无缝衔接的全球操作流程。
因此，执行ISO/IEC 2000 -1标准，信息技术-服务管理-第1部分:服务管理系统要求便是一个合理的目标。ISO/IEC 20000系列标准，是由国际标准委员会（ISO）和国际电工委员会(IEC)共同制定的旗舰标准，能够为组织嵌入服务生命周期策略，为之提供服务组合的最佳管理方案，以保持服务的质量。2018年该标准发布了新的改进版，借此机会我们向Orange Business Services公司的客户服务和运营总监让-皮埃尔•吉拉尔丁(Jean-Pierre Girardin)提出以下问题:新版标准将如何帮助Orange Business Services公司兑现给客户的承诺——无论客户身处何地，都能为之提供卓越的端到端服务。
从一开始，我们就有意识地决定以综合方式逐步引入该标准。因此，在最初基于ISO 9001的企业质量管理体系的基础上，我们根据一个综合框架来增强服务管理流程。这样，就能在全球的Orange Business Services运营网站中调整我们的服务流程。
作为一家B2B服务型公司，获得ISO/IEC 20000-1认证是一个千载难逢的机会。这让我们能专注于改善我们的服务，并从三个管理系统标准，即ISO 9001（质量），ISO/IEC 20000-1（IT服务）和ISO/IEC 270011)（信息安全）的良好组合中受益——而这三个标准本身也在不断改进。
ISO/IEC 20000-1的实施为公司内外都带来了许多关键优势。上述三份认证我们每年更新一次，定期也会进行新的扩展。认证说明Orange Business Services是值得信赖且可靠的合作伙伴，同时也认可了我们全球管理系统的质量。之后，我们还在三个站点中添加了ISO 14001环境管理标准。所有指标均显示，我们这些努力大大提高了客户的满意度。更重要的是，认证制度是加强员工团队凝聚力的绝佳方式，也正是因此，我们才能保持多年来的发展势头。
信息安全的ISO/IEC 27001标准涵盖了一定的范围，包括我们的活动和实体（运营，云服务等），因此我们ISO/IEC 20000-1中关于信息安全管理的章节6.6就提到，这一标准从三个层面上确保了我们流程和活动的广度，即其对我们服务的要求，运营中的安全控制以及托管安全服务组合。
ISO/IEC 20000-1从2008年项目一开始就全面融入到全球统一的安全管理系统中。这一点尤为重要，因为它与我们在开罗的埃及主要服务中心最初的ISO/IEC 27001认证相一致，之后，位于德里附近古尔冈的印度主要服务中心，法国，巴西乃至毛里求斯的业务也都采用了这一认证。因此，ISO/IEC 20000-1要求已成为我们所有流程和活动的重要组成部分，无论是我们和客户的关系，与供应商的活动，还是整个服务周期，从订单到交付，一切都包含在内。
在战略层面，Orange Business Services定期在当地、地区和全球范围内进行管理评审，这些认证结果都将得到严谨监控。我们会预计客户期望，并根据业务规定调整范围。
新版ISO/IEC 20000-1为Orange Business Services打开了振奋人心的视角。该标准与所有ISO管理体系标准（包括ISO 9001:2015，ISO/IEC 27001:2013和ISO 14001:2015）中使用的新的高级结构相一致，因此该版本会更易于理解。
我们已经在研究如何让Orange Business Services公司的发展适应标准的改动，并致力于成为首批成功实施新版标准的公司之一。这将成为我们2019年的挑战！想获悉更多的国内外标准信息，请访问中国标准信息服务网（<https://www.sacinfo.cn>）。
Data, and the cloud that hosts it, has an almost infinite value for businesses that know how to process it – as long as the proper strategy is in place to unleash its potential. Orange Business Services helps customers turn their data into a true business asset, thanks to a little assistance from ISO/IEC’s IT service management standard.
With the digital revolution, businesses are producing more data than ever before. This data is no more than a raw material, but an organization’s ability to transform it into useful information can unlock a world of opportunities. Thanks to cloud computing, organizations can have access to powerful IT capabilities – and with more flexibility than ever, they can externalize all or part of their information systems, workspaces, servers, applications and storage.
Although the cloud has been around for over a decade, the biggest objection still hindering its adoption is ongoing concern about data security and integrity. Systems integrators that can successfully offer cloud-hosted security and access control solutions will find themselves well-positioned for the future, with the ability to deliver a wide range of managed and remote services to customers while boosting the overall value of their company.
Orange Business Services is one such company. As the B2B branch of the Orange Group, which boasts 260 million customers across 28 countries and an annual sales revenue of EUR 41 billion, the global ICT provider aims to be a leading performer in the “data journey”. Supporting organizations through every step of their digital transformation, it offers customers expertise in the collection, transfer, security, storage, processing, analysis and sharing of data, and value creation. To deliver support on such a broad scale, Orange Business Services needs to operate seamless global processes managed under a corporate governance model that applies worldwide.
The implementation of ISO/IEC 20000-1, Information technology – Service management – Part 1: Service management system requirements, was thus a logical objective. Developed by ISO and the International Electrotechnical Commission (IEC), the flagship standard of the ISO/IEC 20000 family helps organizations embed a service life-cycle strategy, providing best practice on how to manage their portfolio of services so they remain current. The release in 2018 of a new and improved edition prompted us to ask Jean-Pierre Girardin, Customer Services & Operations at Orange Business Services, how this latest update will help the company in its commitment to maintain superior end-to-end services – wherever its customers do business.
Jean-Pierre Girardin: With over three thousand renowned multinational corporations at the international level and over two million professionals, companies and local communities in France, Orange Business Services relies strongly on information security standards and the company has been certified to ISO/IEC 20000-1 for ten years.
A conscious decision was made from the beginning to introduce the standard progressively and in an integrated manner. So we built on our initial corporate quality management systems based on ISO 9001 to enhance our service management processes in an integrated framework. This allowed us to align our service processes across our Orange Business Services operating sites all over the world.
As a B2B services-oriented company, getting certified to ISO/IEC 20000-1 was a golden opportunity. It enabled us to focus on improving our services and benefit from the virtuous combination of three management systems standards – ISO 9001 (quality), ISO/IEC 20000-1 (IT services) and ISO/IEC 270011) (information security) – and the continuous improvement loops inherent in all three standards.
The implementation of ISO/IEC 20000-1 has provided a number of key benefits, both internal and external. Our triple certification, which is renewed each year with regular new extensions of scope, identifies Orange Business Services as a trustworthy and reliable partner and recognizes the quality of our management system globally. We have since also added ISO 14001 for environmental management in three of our sites. All our indicators show that customer satisfaction has significantly increased as a result of these efforts. What’s more, the certification programme has proved an excellent way of reinforcing team cohesion among our staff, which has enabled us to keep up the momentum over the years.
ISO/IEC 27001 for information security covers a defined scope of our activities and entities (operational, cloud services…), so we have ISO/IEC 20000-1, Paragraph 6.6 on information security management, to thank for securing the breadth of our processes and activities on three levels: requirements in our services, security controls in our operations, and a portfolio of managed security services.
For instance, we proactively monitor and respond to security incidents that could conceivably affect assets entrusted to us. To this end, we ensure that all changes are assessed before implementation to prevent any potential impacts on security protection. We have also introduced robust security controls in our processes and working procedures that have proved very effective. The additional security features of ISO/IEC 20000-1 also contribute to raising awareness of security as a full part of operational practice and auditors have acknowledged the exemplary behaviour of our staff when it comes to protecting the integrity of data.
ISO/IEC 20000-1 was fully integrated from the very beginning of the project in 2008 into a global coherent security management system. This was especially important as it coincided with the beginning of the ISO/IEC 27001 certification of our Egypt Major Services Center in Cairo, which was later followed by the India Major Services Center in Gurgaon near Delhi and, finally, our operations in France, Brazil and Mauritius. As a result, the ISO/IEC 20000-1 requirements have become part and parcel of all our processes and activities, whether it be in our relationships with customers, our activities with suppliers or throughout the services life cycle, from order to delivery.
At the strategic level, Orange Business Services conducts regular management reviews on a local, regional and global scale, where our certification results are carefully monitored. We anticipate customer expectations and adjust the scope as dictated by the business.
It is important to take a step-by-step approach when seeking certification. We began by forming a skilled, knowledgeable and dedicated team to manage the project. In this regard, proficiency in the ITIL framework, which helps align IT services with business needs, was considered a plus. We felt it was important to run a methodical gap analysis and feasibility study before introducing any new service for certification and reinforced our pool of internal auditors to help validate our progress through annual audits of all our processes and entities.
To create momentum among the staff, we also organized awareness sessions on ISO/IEC 20000-1 and all aspects related to certification and standards. Remaining pragmatic at all times, we aimed to convey the benefits of a certification journey to make sure everyone properly understood the purpose of implementing the standard. The trick is not to talk about the standards’ requirements, but rather to concentrate on showing the importance of applying them for the benefit of our customers, our services and our processes. The whole enterprise was of course endorsed by senior management, which was crucial to its success.
The new version of ISO/IEC 20000-1 opens exciting perspectives for Orange Business Services. The standard is aligned to the new High-Level Structure used across all ISO management systems standards, including ISO 9001:2015, ISO/IEC 27001:2013 and ISO 14001:2015, so this version will be even easier to understand.
We are already looking at how to accommodate the changes within Orange Business Services and aim to be one of the first companies to successfully implement the new edition of the standard. This will be our challenge for 2019!
地址：北京海淀区马甸东路9号 邮编：100088 邮箱：firstname.lastname@example.org