ISO/IEC JTC 1 N 13145

Similar documents
ISO/IEC ISO/IEC

ISO/IEC JTC 1 Study Group on Smart Cities

6th Working Draft of ISO/IEC Introduction from the Convenor

ISO/IEC JTC 1 N 13538

Security Standardization

ISO/IEC JTC 1 N 13127

ISO/IEC JTC 1 N 11326

ISO/IEC JTC 1 N 11274

ISO/IEC JTC 1/SC 40/WG 1

IOGP. Supplementary Procedure for Development and Maintenance of ISO Standards as an ISO Liaison Member. Approved

ISO/IEC JTC 1/SC 27 N7769

Form 4: New Work Item Proposal. Reference number: ISO/IEC NP TS Circulation date: (to be given by Central Secretariat)

ISO/IEC JTC 1 Update. April 2018 Phil Wennblom, Chair

Introduction to Conformity Assessment and ISO/CASCO Tool Box

Information technology Service management. Part 10: Concepts and terminology

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security management systems Overview and vocabulary

Information technology Service management. Part 10: Concepts and vocabulary

ISO/IEC Information technology Security techniques Code of practice for information security management

Information technology Security techniques Requirements for bodies providing audit and certification of information security management systems

Driving Global Resilience

ISO/IEC JTC1/SC7 /N4314

ISO/IEC INTERNATIONAL STANDARD

ISO/ IEC (ITSM) Certification Roadmap

TITLE: Final Linked Agenda for the 31st JTC 1 Plenary Meeting, 7-11 November 2016 in Lillehammer, Norway

ISO/IEC JTC1/SC7 3810

ISO/IEC JTC 1/SC 22 N 4677

ISO Energy Management System Standard

Global Specification Protocol for Organisations Certifying to an ISO Standard related to Market, Opinion and Social Research.

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Code of practice for information security management

John Snare Chair Standards Australia Committee IT/12/4

Information technology Service management. Part 11: Guidance on the relationship between ISO/IEC :2011 and service management frameworks: ITIL

Systems and software engineering Requirements for managers of information for users of systems, software, and services

This document is a preview generated by EVS

The main objective is to respond to an increasing need for coordination since there is a close relationship among multiple ISO security standards proj

Information technology Security techniques Information security controls for the energy utility industry

Manchester Metropolitan University Information Security Strategy

ISO/IEC JTC 1 N 11743

Introduction of ISO/IEC JTC1 SC 38 & its standard work on cloud computing. Junfeng ZHAO

Information Security Management Systems Standards ISO/IEC Global Opportunity for the Business Community

ISA99 - Industrial Automation and Controls Systems Security

ISO/IEC JTC 1 N 11298

Inter American Accreditation Cooperation. IAAC, IAF and ILAC Resolutions Applicable to IAAC MLA Peer Evaluations

Predstavenie štandardu ISO/IEC 27005

ISO/IEC JTC 1 N 11737

Frequently Asked Questions

Agenda. New ISO/IEC developments in Process Assessment standards for IT Services. Antonio Coletta DNV IT Global Services

GUIDE FOR ITU-T AND ISO/IEC JTC 1 COOPERATION

SOC for cybersecurity

Introduction to Standards Development

ISO/IEC Information technology Security techniques Code of practice for information security controls

Information technology - Security techniques - Privacy framework

ISO/IEC JTC1/SC7 /N3040

SC22/WG20 N751 Date: June 29, 2000

ISO/IEC INTERNATIONAL STANDARD. Information technology Software asset management Part 1: Processes and tiered assessment of conformance

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security risk management

Session 609 Tuesday, October 22, 2:45 PM - 3:45 PM Track: IT Governance and Security

ISO/IEC JTC 1/SC 35 N 1664

ISO/IEC INTERNATIONAL STANDARD

What is ISO/IEC 20000?

IAF Strategic Plan to Identify and Achieve Expectations

ISO/IEC JTC1/SC7 /N3647

Reported by Jim Moore, The MITRE Corporation, ,

standards and so the text is not to be used for commercial purposes, gain or as a source of profit. Any changes to the slides or incorporation in

ISA99 - Industrial Automation and Controls Systems Security

ISO/IEC JTC 1/SC 2 N ISO/IEC JTC 1/SC 2 Coded Character Sets Secretariat: Japan (JISC)

Iso Need to access completely for Ebook PDF iso 27004

ISO/IEC JTC 1 N 11746

ISO 9001 Auditing Practices Group Guidance on:

What is ISO/IEC 27001?

Revision of ISO ISO TC69 Ballot CD1 Major revisions agreed by TC69/WG9 Proposed changes not accepted Next steps

SC22/WG20 N677 Date: May 12, 1999

SPECIFIC PROVISIONS FOR THE ACCREDITATION OF CERTIFICATION BODIES IN THE FIELD OF INFOR- MATION SECURITY MANAGEMENT SYSTEMS (ISO/IEC 27001)

ISO/IEC JTC 1/WG 8 N 61

The ISO/TMB Smart Cities Strategic Advisory Group (S_Cities SAG)

ISO/IEC JTC 1/SC 27 N17XXX ISO/IEC JTC 1/SC 27/WG 1 N9XX

United States Government Cloud Standards Perspectives

Status of activities Joint Working Group on standards for Smart Grids in Europe

EA-7/05 - EA Guidance on the Application of ISO/IEC 17021:2006 for Combined Audits

Expected outcomes. for accredited certification to ISO management system standards such as ISO 9001 and ISO 14001

ISO/IEC Status Report to T10

An Overview of ISO/IEC family of Information Security Management System Standards

Engineering for System Assurance Legacy, Life Cycle, Leadership

Introduction to ISO/IEC 27001:2005

THE ENERGY MANAGEMENT WORKING GROUP

Information technology Security techniques Guidance on the integrated implementation of ISO/IEC and ISO/IEC

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006

Policy. Business Resilience MB2010.P.119

The Emerging ISO International Standard for Certification of Software Engineering Professionals

Business Plan and Convener s Report ISO/IEC JTC 1/SC 22/WG 14 (The Programming Language C)

Dated 3 rd of November 2017 MEMORANDUM OF UNDERSTANDING SIERRA LEONE NATIONAL ehealth COORDINATION HUB

1. You should attempt all 40 questions. Each question is worth one mark.

COPANT ANNUAL ASSEMBLY XXX PASC MEETING Together towards Standardization. Cartagena de Indias, Colombia April 22 to 27, 2007

ISO/IEC TR TECHNICAL REPORT. Information technology Security techniques Information security management guidelines for financial services

Information technology Governance of IT Governance of data. Part 1: Application of ISO/IEC to the governance of data

ISO/IEC JTC1/SC7 /N3287

ISO/IEC INTERNATIONAL STANDARD. Information technology Code of practice for information security management

ISO/IEC INTERNATIONAL STANDARD

Cyber risk resilience

VdTÜV Statement on the Communication from the EU Commission A Digital Single Market Strategy for Europe

Information technology Guidelines for the application of ISO 9001:2008 to IT service management and its integration with ISO/IEC :2011

Transcription:

ISO/IEC JTC 1 N 13145 ISO/IEC JTC 1 Information technology Secretariat: ANSI (United States) Document type: Title: Status: Business Plan BUSINESS PLAN FOR ISO/IEC JTC 1/SC 40, IT SERVICE MANAGEMENT AND IT GOVERNANCE for the PERIOD COVERED: November 2015 October 2016 This document is circulated for review and consideration at the November 2016 JTC 1 meeting in Norway. Date of document: 2016-10-03 Source: Expected action: SC 40 Secretariat ACT Action due date: 2016-11-07 Email of secretary: Committee URL: lrajchel@ansi.org http://isotc.iso.org/livelink/livelink/open/jtc1

BUSINESS PLAN FOR ISO/IEC JTC 1/SC 40 IT SERVICE MANAGEMENT AND IT GOVERNANCE PERIOD COVERED: November 2015 October 2016 1.0 Executive Summary During the period under review, SC 40 published two standards and completed one study group. A further fourteen standards are in various stages in the process. Two new projects are under consideration under the auspices of a proposed new working group. International interest in the SC is growing. With the addition of three new P-members and one O-member, SC 40 currently has 32 P-members and 11 O-members. The last plenary was held in Suzhou, China. Over 70 delegates, including representatives from liaison organisations, attended the meeting. The scope of SC 40 was updated and work programs were progressed. 2.0 Chairman's Remarks 2.1 Market requirements, innovation As Corporate Governance has taken on greater significance, so too has IT Governance. Failure to align IT to business strategy and direction is one of the biggest risks for top management today. Standards on operational aspects of IT Governance are increasingly important in today s technology dependent world. Recent developments in IT have raised fresh challenges both for IT Managers, members of governing bodies, and business leaders that can be addressed only through good governance practices. The growing emphasis on IT cost reduction necessitates more effective and efficient use of IT resources and improved levels of service. Cloud computing, the use of multiple service providers and IT-enabled business process outsourcing are transforming the IT value proposition to customers. These trends are shaping future business strategies, necessitating an increased focus on IT governance and service delivery. The rapid growth of Cloud Computing has introduced a number of issues, including security, terms of use, contractual, legal and regulatory. Although control over many aspects rests with cloud service providers, customers remain accountable to their users and need to assess opportunities together with potential risks and harm. As data becomes important, so does the need to more strongly protect it. Customers remain responsible for how data under their responsibility is secured, used and shared. There is a constant threat of security breaches, hacking etc. These are being tackled through sophisticated loss prevention and threat response systems. To be effective, these systems need clear models of governance. A key feature of modern IT landscape is the rapid spread of mobile devices. Users value flexibility and have a wide range of equipment to choose from. This gives rise to new requirements for service management and consequently new standards to deal with them effectively. The BPO industry is transforming its value proposition to its customers from a pure play labour arbitrage provider to a business partner. As the outsourcing maturity improves BPO vendors are likely to play an increasing role in shaping the overall business strategy and perform services of strategic importance to customers. Customer expectations would change calling for more robust service management standards. 2.2 Accomplishments SC 40 completed one study group and published two documents during the review period: Study group: Governance and service management of IT and IT-enabled business services provided by multiple service providers: At the 2016 plenary, SC 40 endorsed the recommendation that members of JTC1/SC40 involved in the development of standards should ensure that aspects relating to the governance and service management of multiple service providers are included in the JTC1/SC40 standards. ISO/IEC TR 20000-10 Information technology Service management Part 10: Concepts and terminology ISO/IEC TR 20000-11 Information technology Service management Part 11: Guidance on the relationship between ISO/IEC 20000-1:2011 and service management frameworks 2.3 Resources There is good participation in SC 40 s programme of work by National Bodies and Liaison Organizations.

2 SC 40 encourages the use of electronic meetings for all study and working groups and wherever possible and appropriate to assist with progressing of the work program. SC 40 initially operated through three working groups: WG 1 Governance of Information Technology 123 experts with Peter Brown (BSI) as the Convenor WG 2 Maintenance and development of ISO/IEC 20000 - Information technology - Service management 134 experts with Erin Casteel (SA) as the Convenor WG 3 IT-enabled services/business process outsourcing 88 experts Convenor Ravi Veeraraghavan (BIS) At its 2016 plenary, SC 40 created a new working group WG 4 - IT Service Management of infrastructure with the scope aspects of IT service management not within the new scope of WG2 or the scope of WG3, including aspects of IT service management of infrastructure. 2.4 Competition and cooperation SC 40 liaisons are listed here 1. SC 40 is also planning to enter a new liaison with ISO TC 309 Organizational governance, created in 2016. 3.0 Working Groups 3.1 WG 1 Governance of Information Technology JTC 1/SC 40/WG 1 is responsible for standardisation activities in the domain on governance of information technologies as well as operational aspects of such governance. The initial standards deal with core governance issues across IT but work has started to also develop standards in more detailed areas, such as guidelines for the assessment of governance, governance of data and the governance of IT-enabled investments. The Working Group has started to assess the interest in work for particular sectors (e.g. the governance of IT in the public sector, financial industries, etc.) as well as particular technology areas (governance of cloud computing, Internet of Things/Big Data, cybersecurity, etc.) but progress will depend on future work items being agreed. 3.1.1 WG 1 Accomplishments The International Forum on Governance of IT, held on 17th May 2016 in Suzhou, China and hosted by CESI, was open to all SC 40 plenary participants. The event drew more than 200 participants and included many speakers from WG 1. 38504 Guidelines for the structure of principles-based standards in the Governance of IT - Publication as a Technical Report in September 2016 38506 - Governance of IT enabled Investments successful ballot Mapping of ISO/IEC 38500 and OASIS TGF Implications for future work - The final report has been published, draft recommendations tabled at the plenary and the report will be publicly available. 3.1.2 WG 1 Deliverables 38503 - Assessment of the Governance of IT consider a NP if proposed 38505 Part 1 - The application of ISO 38500 to the Governance of Data - The CRM recommended to move to DIS. 38505 Part 2 - The implications of 38505-1 for data management - A first draft of a PDTR will be ready for discussion at the London face-to-face meeting. 38506 - Governance of IT enabled Investments - The project editor and convenor will prepare a work plan. 3.1.3 WG 1 strategies/risks/opportunities 38502 - Governance of IT Framework and Model - examine a number of options based on initial ideas to be prepared by the Convenor and 38500 Project Editor, and that may include a NWIP on core terminology; possibly as a new part of 38500; possibly as a freely-available standard A series of emeetings to be held at regular intervals WG 1 will coordinate with WGs 2 and 3 in preparing the agenda for parallel face-to-face meetings in the 1 http://www.iso.org/iso/home/standards_development/list_of_iso_technical_committees/iso_technical_committee.htm?commid=5013818

3 future, starting with the November 2016 meetings in London 3.2 WG 2 Maintenance and development of ISO/IEC 20000 JTC 1/SC 40 WG2 is the standards development environment for the ISO/IEC 20000 series. The series consists of international standards and technical reports for service management which are used by organizations, auditors, trainers, consultants and customers. ISO/IEC 20000-1 specifies requirements for a service management system (SMS). All requirements in ISO/IEC 20000-1 are generic and are intended to be applicable to all organizations, regardless of type, size and the nature of the services delivered. 3.2.1 WG 2 Accomplishments In 2015 WG 2 initiated the 3rd revision of the ISO/IEC 20000 series. 3.2.2 WG 2 Deliverables In 2015, WG2 published 20000-11 and republished TR 20000-10. ISO/IEC 27013, a joint project with JTC 1/SC27/WG1, was also republished. In 2016, WG2 expects to publish 20000-12 and 20000-6. WG2 is addressing incorrect information about 20000 being provided to certification bodies by the IAF, via one of their published documents. The forthcoming publication of ISO/IEC 20000-6, which is requirements for certification bodies, is expected to help with this issue. It will be for use by bodies certifying an SMS and by bodies accrediting certification bodies. CASCO has also agreed to assist WG2 in addressing this issue. 3.2.3 WG 2 Risks, Opportunities and Issues The revision of ISO/IEC 20000, in alignment with the common high-level structure and text for all ISO MSS, will further facilitate the ability of organizations to integrate their SMS with other ISO MSS, including ISO 9001 and ISO/IEC 27001. It will also support service integration and multi-supplier services. With the increased focus on the importance of services, a need for a standard that can support the service lifecycle for all services and facilitate alignment across other ISO standards supporting specific service types, has been identified. The ISO may be able leverage 20000 for this purpose. Work to explore this should commence with participation in the development process of 20000 from all potential stakeholders, focused on the widest possible range of service types. 3.3 WG 3 IT enabled services/business Process Outsourcing The current Project ISO/IEC 30105, which is in the final stages of development, provides the standards and guideline on delivery and consumption of the lifecycle elements involved in ITES-BPO industry. WG3 plans to identify new work items from the emerging trends in ITES/BPO industry and add new standards for ITES/BPO. 3.3.1 WG 3 Accomplishments For ISO/IEC 30105, DIS ballots completed for all the five parts and comment resolution meetings held. In July 2016, WG 3 submitted all the five Parts of ISO/IEC 30105 for FDIS registration. The ballot process is expected to be completed by the end of September 2016. The Study Group established within WG 3 on the customer perspective on Business Process Outsourcing submitted its report. 3.3.2 WG 3 Deliverables Publication of IS for Part 1 to Part 5 of ISO/IEC 30105, on successful completion of FDIS ballot. Potential new work items in the areas of ITES BPO need to be identified in the Interim 2016 and taken up for New Work Item Proposal in the Plenary in 2017. These items include enhancements to ISO/IEC 30105, Knowledge Process Outsourcing, and Business Process as a Service. A study group on Management Systems Standard for Business Process Outsourcing has been established at SC 40 level and the report to be submitted before the next Plenary in May 2017. This will have members across SC 40 and will be led by WG3 expert. 3.3.3 WG 3 Risks, Opportunities and Issues Process automation, transformation, analytics are emerging in Business Process services. New business models, such as solution providers, Platform service, etc. are also coming up. These emerging areas in the Business Process Outsourcing industry offers opportunity to explore new work items for the future and provide market guidance.

SC 40 CURRENT WORK PROGRAM ISO / IEC Title WG ISO/IEC DIS 38505-1 Information Technology Governance of IT Application of ISO/IEC 38500 to the governance of data 1 ISO/IEC WD TR 38505-2 Information Technology Governance of IT Part 2: Implications of 38505-1 for data management 1 ISO/IEC AWI 38506 Information Technology Governance of IT Governance of IT enabled investments 1 ISO/IEC WD 20000-1 Information technology - Service management -- Part 1: Service management system requirements 2 ISO/IEC NP 20000-2 Information technology - Service management Part 2: Guidance on the application of service management systems 2 ISO/IEC NP 20000-3 Information technology - Service management Part 3: Guidance on scope definition and applicability of ISO/IEC 20000-1 2 ISO/IEC FDIS 20000-6 Information Technology Service Management Part 6: Requirements for bodies providing audit and certification of service management systems 2 ISO/IEC TR 20000-12 Information technology - IT Service management -- Part 12: Guidance on the relationship between ISO/IEC 20000-1:2011 and service management frameworks: CMMI-SVC 2 ISO/IEC FDIS 30105-1 Information Technology IT Enabled Services Business Process Outsourcing (ITES-BPO) lifecycle processes Part 1: Process reference model 3 ISO/IEC FDIS 30105-2 Information Technology IT Enabled Services Business Process Outsourcing (ITES-BPO) lifecycle processes Part 2: Process assessment model 3 ISO/IEC FDIS 30105-3 Information Technology - IT Enabled Services Business Process Outsourcing (ITES-BPO) lifecycle processes Part 3: Measurement framework and organization maturity model 3 ISO/IEC FDIS 30105-4 Information Technology IT Enabled Services Business Process Outsourcing (ITES-BPO) lifecycle processes Part 4: Terms and concepts 3 ISO/IEC FDIS 30105-5 Information Technology IT Enabled Services Business Process Outsourcing (ITES-BPO) lifecycle processes Part 5: Guidelines 3

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback