ISO IEC 20000-10:2018 pdf download.Information technology - Service management
4 Terminology used in ISO/IEC 20000 (all parts)
Most terms in ISO/IEC 20000 (all parts) use the definitions found in commonly available English language dictionaries and in some cases, use defined terms. These defined terms are taken from the ISO/IEC Directives Part 1, Annex SL Appendix 2 high-level structure terminology used in all management system standards, other International Standards, or are specifically defined for ISO/IEC 20000 (all parts), e.g.“documented information" from Annex SL, "information security" from ISO/IEC 27000, "service" specifically defined for ISO/IEC 20000 (all parts).
Some of the ISO/IEC Directives Part 1, Annex SL Appendix 2 high-level structure terms have been adapted to be specific to service management and therefore can differ from those terms in other International Standards. For example, "corrective action”has been adapted to“action to eliminate the cause or reduce the likelihood of recurrence of a detected nonconformity or other undesirable situation" whereas the Annex SL term used in many other management system standards is“action to eliminate the cause of a nonconformity and to prevent recurrence”. In service management, it is not always cost effective, technically feasible or desirable due to the impact on services to totally eliminate the cause of a nonconformity.
Some of the terms defined in this document are not used in ISO/IEC 20000-1 but are used in other parts of ISO/IEC 20000. For example, there are no requirements for the "governing body" in ISO/IEC 20000-1 but the term is used in other parts for guidance.
The term "service" as used in ISO/IEC 20000 (all parts) refers to the service or services in the scope of the SMS. The term "organization" as used in ISO/IEC 20000 (all parts) refers to the organization in the scope of the SMS. The organization manages and delivers services to customers and can also be referred to as a service provider. The organization in the scope of the SMS can be part of a larger organization,for example an individual department of a large corporation.
Any use of the terms "service" or "organization" with a different intent is distinguished clearly in ISO/IEC 20000 (all parts).
Although the wording of the definition of "information security incident" used in ISO/IEC 20000 (all parts) was taken from ISO/IEC 27000:2018, the way "incident" is defined and used in ISO/IEC 20000 (all parts) is wider and more generic. In ISO/IEC 27000:2018, information security incident is the term used for all unwanted events threatening information security. ISO/IEC 27001:2013 describes a single process to deal with information security incidents.
In contrast, in ISO/IEC 20000-1, several mechanisms and processes are used for managing unwanted events and related records: incident, major incident, information security incident, problem and known error. According to ISO/IEC 27001 and depending on their characteristics, these can all be information security incidents. In ISO/IEC 20000-1, incidents can be for many reasons including information security. ISO/IEC 20000-1 also has a variety of mechanisms to manage these events, such as incident management, major incident procedure and problem management.ISO IEC 20000-10 pdf download.