For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— IEC Electropedia: available at http:/ /www.electropedia.org/
— ISO Online browsing platform: available at https:/ /www.iso.org/obp
3.1 Terms specific to management system standards
3.1 Thuật ngữ liên quan tiêu chuẩn hệ thống quản lý
3.1.1
audit
systematic, independent and documented process (3.1.18) for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled
Note 1 to entry: An audit can be an internal audit (first party) or an external audit (second party or third party), and it can be a combined audit (combining two or more disciplines).
Note 2 to entry: An internal audit is conducted by the organization (3.1.14) itself, or by an external party on its behalf.
Note 3 to entry: “Audit evidence” and “audit criteria” are defined in ISO 19011.
3.1.2
competence
ability to apply knowledge and skills to achieve intended results
3.1.3
conformity
fulfilment of a requirement (3.1.19) Note 1 to entry: Conformity relates to requirements in this document as well as the organization’s SMS requirements. Note 2 to entry: The original Annex SL definition has been modified by adding Note 1 to entry.
3.1.4
continual improvement
recurring activity to enhance performance (3.1.16)
3.1.5
corrective action
action to eliminate the cause or reduce the likelihood of recurrence of a detected nonconformity (3.1.12) or other undesirable situation Note 1 to entry: The original Annex SL definition has been changed by adding text to the original “action to eliminate the cause of a nonconformity and to prevent recurrence”.
3.1.6
documented information
information required to be controlled and maintained by an organization (3.1.14) and the medium on which it is contained EXAMPLE Policies (3.1.17), plans, process descriptions, procedures (3.2.11), service level agreements (3.2.20) or contracts.
Note 1 to entry: Documented information can be in any format and media and from any source.
Note 2 to entry: Documented information can refer to: — the management system (3.1.9), including related processes (3.1.18); — information created in order for the organization to operate (documentation); — evidence of results achieved (records (3.2.12)).
Note 3 to entry: The original Annex SL definition has been modified by adding examples.
3.1.7
effectiveness
extent to which planned activities are realized and planned results achieved
3.1.8
interested party
person or organization (3.1.14) that can affect, be affected by, or perceive itself to be affected by a decision or activity related to the SMS (3.2.23) or the services (3.2.15)
Note 1 to entry: An interested party can be internal or external to the organization.
Note 2 to entry: Interested parties can include parts of the organization outside the scope of the SMS, customers (3.2.3), users (3.2.28), community, external suppliers (3.2.4), regulators, public sector bodies, nongovernment organizations, investors or employees.
Note 3 to entry: Where interested parties are specified in the requirements (3.1.19) of this document, the interested parties can differ depending on the context of the requirement.
Note 4 to entry: The original Annex SL definition has been modified by deleting the admitted term “stakeholder”, adding “related to the SMS or the services” to the definition and by adding Notes 1, 2 and 3 to entry.
3.1.9
management system
set of interrelated or interacting elements of an organization (3.1.14) to establish policies (3.1.17) and objectives (3.1.13) and processes (3.1.18) to achieve those objectives
Note 1 to entry: A management system can address a single discipline or several disciplines.
Note 2 to entry: The management system elements include the organization’s structure, roles and responsibilities, planning, operation, policies, objectives, plans, processes and procedures (3.2.11).
Note 3 to entry: The scope of a management system may include the whole of the organization, specific and identified functions of the organization, specific and identified sections of the organization, or one or more functions across a group of organizations.
Note 4 to entry: The original Annex SL definition has been modified by clarifying that the system is a management system and listing further elements in Note 2 to entry.
Thuật ngữ và định nghĩa tiêu chuẩn ISO/IEC 20000-1
3.1.10
measurement
process (3.1.18) to determine a value
3.1.11
monitoring
determining the status of a system, a process (3.1.18) or an activity
Note 1 to entry: To determine the status there may be a need to check, supervise or critically observe.
3.1.12
nonconformity
non-fulfilment of a requirement (3.1.19)
Note 1 to entry: Nonconformity relates to requirements in this document as well as the organization’s SMS requirements.
3.1.13
Objective
result to be achieved
Note 1 to entry: An objective can be strategic, tactical, or operational.
Note 2 to entry: Objectives can relate to different disciplines [such as financial, health and safety, service management (3.2.22) and environmental goals] and can apply at different levels [such as strategic, organization- wide, service (3.2.15), project, product and process (3.1.18)].
Note 3 to entry: An objective can be expressed in other ways, e.g. as an intended outcome, a purpose, an operational criterion, as a service management objective or by the use of other words with similar meaning (e.g. aim, goal, or target).
Note 4 to entry: In the context of an SMS (3.2.23), service management objectives are set by the organization, consistent with the service management policy (3.1.17), to achieve specific results.
Note 5 to entry: The original Annex SL definition has been modified by adding “service management” and “service” to Note 2 to entry.
3.1.14
organization
person or group of people that has its own functions with responsibilities, authorities and relationships to achieve its objectives (3.1.13)
Note 1 to entry: The concept of organization includes, but is not limited to sole-trader, company, corporation, firm, enterprise, authority, partnership, charity or institution, or part or combination thereof, whether incorporated or not, public or private.
Note 2 to entry: An organization or part of an organization that manages and delivers a service (3.2.15) or services to internal or external customers (3.2.3) can be known as a service provider (3.2.24).
Note 3 to entry: If the scope of the SMS (3.2.23) covers only part of an organization, then organization, when used in this document, refers to the part of the organization that is within the scope of the SMS. Any use of the term organization with a different intent is distinguished clearly.
Note 4 to entry: The original Annex SL definition has been modified by adding Notes 2 and 3 to entry.
3.1.15
outsource, verb
make an arrangement where an external organization (3.1.14) performs part of an organization’s function or process (3.1.18)
Note 1 to entry: An external organization is outside the scope of the SMS (3.2.23), although the outsourced function or process, is within the scope.
3.1.16
performance
measurable result
Note 1 to entry: Performance can relate either to quantitative or qualitative findings.
Note 2 to entry: Performance can relate to the management of activities, processes (3.1.18), products, services (3.2.15), systems or organizations (3.1.14).
Note 3 to entry: The original Annex SL definition has been modified by adding “services” to Note 2 to entry.
3.1.17
policy
intentions and direction of an organization (3.1.14) as formally expressed by its top management (3.1.21)
3.1.18
process
set of interrelated or interacting activities that use inputs to deliver an intended result
Note 1 to entry: Whether the “intended result” of a process is called output, product or service (3.2.15) depends on the context of the reference.
Note 2 to entry: Inputs to a process are generally the outputs of other processes and outputs of a process are generally the inputs to other processes.
Note 3 to entry: Two or more interrelated and interacting processes in series can also be referred to as a process.
Note 4 to entry: Processes in an organization (3.1.14) are generally planned and carried out under controlled conditions to add value.
Note 5 to entry: The original Annex SL definition has been changed from “set of interrelated or interacting activities which transforms inputs into outputs”. The original Annex SL definition has also been modified by adding Notes 1 to 4 to entry. The revised definition and Notes 1 to 4 to entry are sourced from ISO 9000:2015, 3.4.1.
3.1.19
requirement
need or expectation that is stated, generally implied or obligatory
Note 1 to entry: “Generally implied” means that it is custom or common practice for the organization (3.1.14) and interested parties (3.1.8) that the need or expectation under consideration is implied.
Note 2 to entry: A specified requirement is one that is stated, for example, in documented information (3.1.6).
Note 3 to entry: In the context of an SMS (3.2.23), service requirements (3.2.26) are documented and agreed rather than generally implied. There can also be other requirements such as legal and regulatory requirements.
Note 4 to entry: The original Annex SL definition has been modified by adding Note 3 to entry.
3.1.20
risk
effect of uncertainty
Note 1 to entry: An effect is a deviation from the expected — positive or negative.
Note 2 to entry: Uncertainty is the state, even partial, of deficiency of information related to understanding or knowledge of, an event, its consequence, or likelihood.
Note 3 to entry: Risk is often characterized by reference to potential events (as defined in ISO Guide 73:2009, 3.5.1.3) and consequences (as defined in ISO Guide 73:2009, 3.6.1.3), or a combination of these.
Note 4 to entry: Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated likelihood (as defined in ISO Guide 73:2009, 3.6.1.1) of occurrence.
3.1.21
top management
person or group of people who directs and controls an organization (3.1.14) at the highest level
Note 1 to entry: Top management has the power to delegate authority and provide resources within the organization.
Note 2 to entry: If the scope of the management system (3.1.9) covers only part of an organization then top management refers to those who direct and control that part of the organization.
Xem thêm:
• Lợi ích của Hệ thống Quản lý An toàn Thông tin đối với doanh nghiệp ? tại
LINK SẴN SÀNG ĐỂ BẮT ĐẦU HÀNH TRÌNH ĐẠT CHỨNG NHẬN ISO 20000 ?
Chúng tôi sẽ cung cấp cho bạn một thông tin rõ ràng về chi phí đạt được và duy trì chứng nhận ISO 20000.
Nếu bạn chưa sẵn sàng? Gọi cho chúng tôi theo số 091 203 5885 hoặc yêu cầu gọi lại để thảo luận về các yêu cầu chứng nhận ISO 20000 của bạn.