收藏本站   设为首页
当前位置:国际标准化动态 > ISO > 正文

ISO/IEC 20000-1使“数据之旅”畅通无阻

发布时间: 2019-01-29 11:22:28   审校:睿智  

对于知道如何处理数据的企业来说,只要采用恰当的策略释放数据潜力,就能从数据和承载数据的云端中收获近乎无限的价值。得益于ISO/IEC的信息技术服务管理标准,Orange Business Services公司能够帮助客户将数据转变成真正的业务资产。

随着数字革命的到来,企业产生的数据量达到了前所未有的高值。这些数据本身仅仅是一种原材料,但是如果能被转化成有用的信息,将会给组织带来无限机遇。云计算的出现使组织能够应用强大的IT功能,还可以实现信息系统、工作区、服务器、应用程序和存储的全部或部分外部化。

尽管云端在十多年前就已经出现,但由于人们对数据安全性和完整性的担忧从未中断,云端在应用时仍然遭受很大阻力。能够确保云托管安全和提供访问控制解决方案的系统集成商在未来将处于有利地位,因为它们不仅能为客户提供多种类型的托管和远程服务,同时还能提升公司的整体价值。

Orange Business Services就是这样一家公司。作为Orange集团下的B2B服务型分公司,这家全球ICT供应商的客户总数达2.6亿,分布于28个国家,年销售收入410亿欧元,力争成为“数据之旅”的领头羊。它全程支持组织的数字化转型,向客户提供数据收集、传输、安全、存储、处理、分析、共享和价值创造等方面的专业技能。要提供范围如此广泛的支持,Orange Business Services就需要在全球适用的公司治理模型下运行无缝衔接的全球操作流程。

因此,执行ISO/IEC 2000 -1标准,信息技术-服务管理-第1部分:服务管理系统要求便是一个合理的目标。ISO/IEC 20000系列标准,是由国际标准委员会(ISO)和国际电工委员会(IEC)共同制定的旗舰标准,能够为组织嵌入服务生命周期策略,为之提供服务组合的最佳管理方案,以保持服务的质量。2018年该标准发布了新的改进版,借此机会我们向Orange Business Services公司的客户服务和运营总监让-皮埃尔•吉拉尔丁(Jean-Pierre Girardin)提出以下问题:新版标准将如何帮助Orange Business Services公司兑现给客户的承诺——无论客户身处何地,都能为之提供卓越的端到端服务。

ISOfocus: Orange Business Services公司为何如此热切地采用ISO/IEC 20000-1,Jean-Pierre Girardin: Orange Business Services在全球拥有三千多家知名跨国公司,在法国也有超过两百万的专业人士,公司和地方团体。我们非常信赖信息安全标准,并曾十年通过ISO/IEC 20000-1认证。

从一开始,我们就有意识地决定以综合方式逐步引入该标准。因此,在最初基于ISO 9001的企业质量管理体系的基础上,我们根据一个综合框架来增强服务管理流程。这样,就能在全球的Orange Business Services运营网站中调整我们的服务流程。

作为一家B2B服务型公司,获得ISO/IEC 20000-1认证是一个千载难逢的机会。这让我们能专注于改善我们的服务,并从三个管理系统标准,即ISO 9001(质量),ISO/IEC 20000-1(IT服务)和ISO/IEC 270011)(信息安全)的良好组合中受益——而这三个标准本身也在不断改进。

ISO/IEC 20000-1为Orange Business Services带来了的好处主要有哪些?

ISO/IEC 20000-1的实施为公司内外都带来了许多关键优势。上述三份认证我们每年更新一次,定期也会进行新的扩展。认证说明Orange Business Services是值得信赖且可靠的合作伙伴,同时也认可了我们全球管理系统的质量。之后,我们还在三个站点中添加了ISO 14001环境管理标准。所有指标均显示,我们这些努力大大提高了客户的满意度。更重要的是,认证制度是加强员工团队凝聚力的绝佳方式,也正是因此,我们才能保持多年来的发展势头。

ISO/IEC 20000-1越来越广泛地用于解决当今的安全问题。对此,您并没有觉得非常惊讶。您能否详细说明该标准还有哪些安全相关的优势?

信息安全的ISO/IEC 27001标准涵盖了一定的范围,包括我们的活动和实体(运营,云服务等),因此我们ISO/IEC 20000-1中关于信息安全管理的章节6.6就提到,这一标准从三个层面上确保了我们流程和活动的广度,即其对我们服务的要求,运营中的安全控制以及托管安全服务组合。

例如,我们会主动监控和应对安全事故,因为它们可能会影响托付给我们的资产。为此,我们要确保在实施之前评估所有的变更,以防对安全保护产生任何潜在影响。我们还在流程和工作程序中引入了强大的安全控制措施,现在看来措施非常有效。ISO/IEC 20000-1的附加安全功能还有助于在操作实践中全面提高安全意识。审计员也曾表示,我们的员工在保护数据完整性方面的行为堪称表率。

ISO/IEC 20000-1是如何在业务流程、运营和战略层面与Orange Business Services结合的?

ISO/IEC 20000-1从2008年项目一开始就全面融入到全球统一的安全管理系统中。这一点尤为重要,因为它与我们在开罗的埃及主要服务中心最初的ISO/IEC 27001认证相一致,之后,位于德里附近古尔冈的印度主要服务中心,法国,巴西乃至毛里求斯的业务也都采用了这一认证。因此,ISO/IEC 20000-1要求已成为我们所有流程和活动的重要组成部分,无论是我们和客户的关系,与供应商的活动,还是整个服务周期,从订单到交付,一切都包含在内。

在战略层面,Orange Business Services定期在当地、地区和全球范围内进行管理评审,这些认证结果都将得到严谨监控。我们会预计客户期望,并根据业务规定调整范围。

ISO/IEC 20000-1主要是通过内部资源实施的,而且非常成功,对此您能否与ISOfocus 读者分享一些技巧?

在争取认证时,应当循序渐进,这一点很重要。我们首先组建了一支技术娴熟、知识渊博又十分敬业的团队来管理项目。关于这方面,熟练掌握ITIL框架是一个加分项,因为这项技能有助于保持IT服务与业务需求的一致性。我们认为,在为认证引入任何新服务之前,应先进行有条理的差距分析和可行性研究,这点很关键。同时,我们也加强了内部审计人才库,对所有业务流程和实体进行年度审计,以此检验我们的进展。

为了给员工创造动力,我们还组织了动员会,为他们介绍ISO/IEC 20000-1以及与认证和标准相关的各个方面。我们始终保持务实,旨在传达争取认证的好处,以确保每个人都正确理解实施标准的目的。关键不是讲标准的要求,而是集中精力讲清应用该标准对我们的客户,服务和业务流程的利益的重要性。整个企业当然得到了高级管理层的认可,这对我们的成功至关重要。

最新版本的ISO/IEC 20000-1已经发布了,您对它的发展有什么想法吗?未来有什么项目或计划?

新版ISO/IEC 20000-1为Orange Business Services打开了振奋人心的视角。该标准与所有ISO管理体系标准(包括ISO 9001:2015,ISO/IEC 27001:2013和ISO 14001:2015)中使用的新的高级结构相一致,因此该版本会更易于理解。

我们已经在研究如何让Orange Business Services公司的发展适应标准的改动,并致力于成为首批成功实施新版标准的公司之一。这将成为我们2019年的挑战!想获悉更多的国内外标准信息,请访问中国标准信息服务网(<https://www.sacinfo.cn>)。

Enabling the data journey with ISO/IEC 20000-1

Data, and the cloud that hosts it, has an almost infinite value for businesses that know how to process it – as long as the proper strategy is in place to unleash its potential. Orange Business Services helps customers turn their data into a true business asset, thanks to a little assistance from ISO/IEC’s IT service management standard.

With the digital revolution, businesses are producing more data than ever before. This data is no more than a raw material, but an organization’s ability to transform it into useful information can unlock a world of opportunities. Thanks to cloud computing, organizations can have access to powerful IT capabilities – and with more flexibility than ever, they can externalize all or part of their information systems, workspaces, servers, applications and storage.

Although the cloud has been around for over a decade, the biggest objection still hindering its adoption is ongoing concern about data security and integrity. Systems integrators that can successfully offer cloud-hosted security and access control solutions will find themselves well-positioned for the future, with the ability to deliver a wide range of managed and remote services to customers while boosting the overall value of their company.

Orange Business Services is one such company. As the B2B branch of the Orange Group, which boasts 260 million customers across 28 countries and an annual sales revenue of EUR 41 billion, the global ICT provider aims to be a leading performer in the “data journey”. Supporting organizations through every step of their digital transformation, it offers customers expertise in the collection, transfer, security, storage, processing, analysis and sharing of data, and value creation. To deliver support on such a broad scale, Orange Business Services needs to operate seamless global processes managed under a corporate governance model that applies worldwide.

The implementation of ISO/IEC 20000-1, Information technology – Service management – Part 1: Service management system requirements, was thus a logical objective. Developed by ISO and the International Electrotechnical Commission (IEC), the flagship standard of the ISO/IEC 20000 family helps organizations embed a service life-cycle strategy, providing best practice on how to manage their portfolio of services so they remain current. The release in 2018 of a new and improved edition prompted us to ask Jean-Pierre Girardin, Customer Services & Operations at Orange Business Services, how this latest update will help the company in its commitment to maintain superior end-to-end services – wherever its customers do business.

ISOfocus: What are the reasons for the enthusiastic uptake of ISO/IEC 20000-1 by Orange Business Services?Jean-Pierre Girardin, Customer Services & Operations at Orange Business Services.

Jean-Pierre Girardin: With over three thousand renowned multinational corporations at the international level and over two million professionals, companies and local communities in France, Orange Business Services relies strongly on information security standards and the company has been certified to ISO/IEC 20000-1 for ten years.

A conscious decision was made from the beginning to introduce the standard progressively and in an integrated manner. So we built on our initial corporate quality management systems based on ISO 9001 to enhance our service management processes in an integrated framework. This allowed us to align our service processes across our Orange Business Services operating sites all over the world.

As a B2B services-oriented company, getting certified to ISO/IEC 20000-1 was a golden opportunity. It enabled us to focus on improving our services and benefit from the virtuous combination of three management systems standards – ISO 9001 (quality), ISO/IEC 20000-1 (IT services) and ISO/IEC 270011) (information security) – and the continuous improvement loops inherent in all three standards.

What are the major benefits that ISO/IEC 20000-1 has brought Orange Business Services?

The implementation of ISO/IEC 20000-1 has provided a number of key benefits, both internal and external. Our triple certification, which is renewed each year with regular new extensions of scope, identifies Orange Business Services as a trustworthy and reliable partner and recognizes the quality of our management system globally. We have since also added ISO 14001 for environmental management in three of our sites. All our indicators show that customer satisfaction has significantly increased as a result of these efforts. What’s more, the certification programme has proved an excellent way of reinforcing team cohesion among our staff, which has enabled us to keep up the momentum over the years.

The increasing uptake of ISO/IEC 20000-1 isn’t particularly surprising when you consider today’s security concerns. Could you please elaborate on the standard’s additional security-related benefits?

ISO/IEC 27001 for information security covers a defined scope of our activities and entities (operational, cloud services…), so we have ISO/IEC 20000-1, Paragraph 6.6 on information security management, to thank for securing the breadth of our processes and activities on three levels: requirements in our services, security controls in our operations, and a portfolio of managed security services.

For instance, we proactively monitor and respond to security incidents that could conceivably affect assets entrusted to us. To this end, we ensure that all changes are assessed before implementation to prevent any potential impacts on security protection. We have also introduced robust security controls in our processes and working procedures that have proved very effective. The additional security features of ISO/IEC 20000-1 also contribute to raising awareness of security as a full part of operational practice and auditors have acknowledged the exemplary behaviour of our staff when it comes to protecting the integrity of data.

How is ISO/IEC 20000-1 integrated at the process, operational and strategic levels within Orange Business Services?

ISO/IEC 20000-1 was fully integrated from the very beginning of the project in 2008 into a global coherent security management system. This was especially important as it coincided with the beginning of the ISO/IEC 27001 certification of our Egypt Major Services Center in Cairo, which was later followed by the India Major Services Center in Gurgaon near Delhi and, finally, our operations in France, Brazil and Mauritius. As a result, the ISO/IEC 20000-1 requirements have become part and parcel of all our processes and activities, whether it be in our relationships with customers, our activities with suppliers or throughout the services life cycle, from order to delivery.

At the strategic level, Orange Business Services conducts regular management reviews on a local, regional and global scale, where our certification results are carefully monitored. We anticipate customer expectations and adjust the scope as dictated by the business.

Being so successful in implementing ISO/IEC 20000-1 mainly by internal resources, could you share some tips with ISOfocus readers?

It is important to take a step-by-step approach when seeking certification. We began by forming a skilled, knowledgeable and dedicated team to manage the project. In this regard, proficiency in the ITIL framework, which helps align IT services with business needs, was considered a plus. We felt it was important to run a methodical gap analysis and feasibility study before introducing any new service for certification and reinforced our pool of internal auditors to help validate our progress through annual audits of all our processes and entities.

To create momentum among the staff, we also organized awareness sessions on ISO/IEC 20000-1 and all aspects related to certification and standards. Remaining pragmatic at all times, we aimed to convey the benefits of a certification journey to make sure everyone properly understood the purpose of implementing the standard. The trick is not to talk about the standards’ requirements, but rather to concentrate on showing the importance of applying them for the benefit of our customers, our services and our processes. The whole enterprise was of course endorsed by senior management, which was crucial to its success.

A new version of ISO/IEC 20000-1 has been recently published – any thoughts on the way forward? Future projects/plans?

The new version of ISO/IEC 20000-1 opens exciting perspectives for Orange Business Services. The standard is aligned to the new High-Level Structure used across all ISO management systems standards, including ISO 9001:2015, ISO/IEC 27001:2013 and ISO 14001:2015, so this version will be even easier to understand.

We are already looking at how to accommodate the changes within Orange Business Services and aim to be one of the first companies to successfully implement the new edition of the standard. This will be our challenge for 2019!


来源: ISO 官网
京ICP备09001239号
网站管理:国家标准化管理委员会标准信息中心
地址:北京海淀区马甸东路9号 邮编:100088 邮箱:info@sac.gov.cn
客服热线:010-82261056 QQ号:3433774297
  • 版权所有 侵权必究
  • 主管:国家标准化管理委员会
  • 主办:国家标准化管理委员会标准信息中心
  • 运营:北京中标赛宇科技有限公司
  • 经营许可证编号 京ICP证 号
  • 盗版侵权 举报热线:400-650-6190
  • 关于我们
  • 技术团队
  • 合作伙伴
  • 法律声明
  • 知识产权