The Role of Internal Controls to achieve Highly Available Systems
|
|
- Elfreda Cook
- 8 years ago
- Views:
Transcription
1 The Role of Internal Controls to achieve Highly Available Systems Donna M. Manley, MBA IT Senior Director, Computer Operations University of Pennsylvania
2 Data Center Certifications: ISO 9001:2008 ISO 9001 certification demonstrates an organization s compliance to the ISO 9001:2008, a set of guidelines developed by the International Organization for Standardization. These standards outline a philosophy of quality management. Obtaining certification validates that the operational practices in place, when applied correctly, will yield error-free services and result in high levels of customer satisfaction. We are currently certified in these operational areas: Command Center Operations, Monitoring of Systems, Devices, Hardware and Applications, Customer Service, Special Services (Asset, Incident, Problem and Change Management), and Data Center Facilities Management, and are the only Ivy League Data Center to hold such a certification. Compliance: FISMA NIST Standard Issued by the National Institute of Standards and Technology (NIST) and the US Department of Commerce this standard covers the steps in the Risk Management Framework that address security control selection for federal information systems, in our case, the Veteran s Administration systems. The security rules cover 17 areas including access control, incident response, business continuity, and disaster recoverability. The standard is based on worst-case impact analysis, baseline security controls, and supplemental security controls tied to the assessment of risk. HIPAA HIPAA Compliance rules can be interpreted in a number of ways, and apply to Business Associates (any company that comes in contact with electronic protected health information [e-phi]). Based on the the U.S. Department of Health and Human Services, individuals, organizations and agencies that meet the definition of a Covered Entity under HIPAA must comply with the HIPAA security requirements to protect the privacy and security of health information. PCI Although there are currently no managed services in the Data Center that require PCI compliance, we have insured that our physical Data Center security meets the PCI standard. The PCI Data Security Standards standards consist of 12 significant requirements and directives against which businesses may measure their own payment card security policies, procedures and guidelines.
3 Highly Available Systems call for Strong Internal Controls Methodology ITIL, COBIT, Six Sigma, LEAN Internal Audit Quality Measurements Basic and Advanced Automation Centralized, Secured Documentation Legacy skills to highly skilled p.s. It doesn t happen overnight!
4 Here s what it looked like in 2006 December 2004 Assessment Begins June 2005 Organizational Restructuring Continue maturing Incident/Problem Mgt program April 2005 Begin Preparation August 2005 Incident Management in Production Final organization restructuring January 2006 Change Planning Begins Continue maturing Change Program November 2006 Performance Mgr December 2006 Multiple Change Processes June 2007 Data Center Lock Down Mainframe Ph 2 Auto March st Change Process in Production. Aug/Sept 2006 Staff attains ITIL Foundations Cert Mainframe Phase 1 Automation in place March/April 2007 Event Management Automation in Production Matured remote console solution in place 4
5 The Program continues to mature through 2007 December 2004 Assessment Begins June 2005 Organizational Restructuring Continue maturing Incident/Problem Mgt program April 2005 Begin Preparation August 2005 Incident Management in Production Final organization restructuring January 2006 Change Planning Begins Continue maturing Change Program November 2006 Performance Mgr December 2006 Multiple Change Processes June 2007 Remedy Integration/EM Data Center Lock Down March st Change Process in Production. Aug/Sept 2006 Staff attains ITIL Foundations Cert Mainframe Phase 1 Automation in place March/April 2007 Event Management Automation in Production Matured remote console solution in place Change Advisory Board (CAB) Asset Management Tool Evaluations New Asset Management Tool in Production July 2007 Remedy Integration/Steady State EM Steady State Re-assess EM Architecture CCO QA Processes in place August 2007 ISO Steering Committee in place Additional KMs into production New CCO job descriptions (Development) 5 September 2007 Additional KMs into production December 2007 (approx) (Planned) 1st Pre-ISO Audit Post Audit Remediation complete Additional KMs into production ITIL Cert for additional staff
6 Certification is achieved in 2008 Continue maturing Incident/Problem Mgt and Change Management program August 2007 ISO Steering Committee in place Additional KMs into production New CCO job descriptions (Development) March/April 2007 Event Management Automation in Production Matured remote console solution in place Change Advisory Board (CAB) Asset Management Tool Evaluations New Asset Management Tool in Production June 2007 Remedy Integration/EM Data Center Lock Down July 2007 Remedy Integration/Steady State EM Steady State Re-assess EM Architecture CCO QA Processes in place December 2007 Post Audit Remediation complete Plan ITIL Cert for additional staff Enterprise Monitoring Mainview Development Inception of Quality Management (QMS) Pgm QMS Process Identification QMS Manual Development Begins January 2008 Staff Auditor Certification Complete QMS Documentation and Process Gap Analysis Enterprise Monitoring Portal Upgrade Remedy 7 Upgrade Preparation Begins February 2008 Remediate Gap Analysis Findings Enterprise Monitoring TSM KM in development TPC Agent Upgrades March st Internal QMS Audit Remediate Internal QMS Audit Findings SAN (TPC) events through Pennscope Web App monitoring via Nagios/Pennscope April 2008 TSM KM in production Enterprise Monitoring BEM 5.1 out of support Disaster Recovery Exercise 6 May/June 2008 Fiscal Year End processing Continuous Improvement Initiatives Formal certification recommended 7/08
7 Sustaining the Certification Effort Continue maturing Incident, Problem, Asset and Change Management program Continue maturing Incident, Problem, Asset and Change Management program Remedy rollout to FM Clients Backup Quality Manager identified Pennscope Virtualized Full Data Center Shutdown SOMIS clients move into Data Center Data Center Modernization analysis Eliminate paper requests between CCO and AIT Quality Council Training Database Assessment Major Data Center Power outages July and September Remedy 7 Upgrade PWC Audit Replacement of V2X with DS6800/mirror CMDB Installation begins Virtual Tape Implementation Begins Implement Defect Tracking Implement Solutions DB (post u/g) SSL Certificate Renewal via Remedy PWC Audit Data Center Modernization Analysis/Biz Case 2011 Continue maturing Incident, Problem, Asset and Change Management program FISMA compliance (NIST800-53) granted Risk Assessment methodology applied across projects ADABASE, TSM, Sharepoint Support moves to Operations Online reporting initiative to eliminate print VTL installation continues Formal Service Catalog 7 SOMIS/3440 Relocation Data Center Modernization Biz Case/Exec presentation Repurpose Command Center/Relo Command Center Mainframe CICS Automation RFID Technologies (Start)
8 Sustaining the Certification Effort Continue maturing Incident, Problem, Asset, Configuration, Change Management program FISMA compliance (NIST800-53) - Maintain Project Management following PMI Methodology Disaster Recovery moves to Operations (9/2012) Online Reporting - Phase II VTL - Phase II Zena replaces Zeke TSM Upgrade/Support moves to Operations CMDB Trial Install (under Pennscope) Increased SNMP Automation/Predictive Analytics Storage Management Automation (Hitachi Monitor) PWC Audit Continue maturing Incident, Problem, Asset, Configuration, Change Management program Remedy 7 Upgrade (End) CMDB in Production (Dependent on R7 Upgrade Data Center Modernization Execution (cont d) Data Center Automation (DCIM) FISMA compliance (NIST800-53) Maintain ISO 9001:2008 Maintain/Recertification Continue maturing Incident, Problem, Asset, Configuration, Change Management program Data Center Modernization Execution (End/Maintain) ISO Certification ISO 9001:2008 Maintain/Recertification FISMA compliance (NIST800-53) Maintain 8 Data Center Modernization Trustee Approval/Execution Remedy 7 upgrade (Start) Implement Discovery Tool (TADDM) RFID Technologies (End/Maintain) PWC Audit ISO 9001:2008 Maintain/Surveillance SSL/Certificate Management moves to Operations Sprint Mobile Wireless Management moves to Operations OLAs with Facilities and other 3 rd party providers Scanning Service sunset ISO Preparation Increased SNMP Automation/Predictive Analytics Virtual Storage Initiative Service Impact Manager (Dep upon R7 Upgrade/CMDB) PWC Audit Virtual Command Center Additional technology initiatives TBD PWC Audit
9 Traditional Structure Can No Longer Sustain an Organization
10 The New Tradition Certified Lead Auditor Linux, Windows Certified Certified Lead Auditor Certified Project Resources for Internal Initiatives 100% of the staff has ITIL Foundations education; 75% of the staff has achieved ITIL Foundations Certification
11 Traditional Staff Roles can no longer sustain an organization Maintain the administrative mainframe and related servers in the secure environment of the administrative computer room. Have a working knowledge of fire, water detection systems, networking, and other systems housed in the computer room. Be attentive to customer requests, participate in Business Continuity drills and other training. Be a punctual, dependable member of the operations team.
12 The New Tradition The Command Center Analyst is responsible for observing, controlling and analyzing the computer systems and peripheral equipment under the Command Center domain for the purpose of uninterrupted data processing, operating runs, and batch program jobs. This includes monitoring system tools for errors, failures, network malfunctions, data center security and environmental disruptions. The Command Center Analyst is also responsible for diagnosing problems based on his or her findings, and applying proven analytical and problem-solving skills to help identify and resolve malfunctions in support of system or network recovery. The Analyst must have the ability to work in conjunction with fellow Analysts in a team environment, and work with clients to meet or exceed expectations.
13 Traditional Staff Skill sets can no longer sustain an organization Certifications Multi-platform Business Understanding Strong Analysis Culture of acceptance (Automation) Extended Peer Network
14 Creating a New Tradition Breaking down Silos Multi-discipline Automate commodity services Maximizing resource utilization Discovering all asset types Contain costs while delivering similar or better service levels. Exploit alternative education methods
15 Process Re-engineering Workflow Redesign Metric Capture and Analysis Quality Standards Focus on Security, Compliance, Risk Mitigation Understanding Interdependencies Validating Customer Expectations
16 1.5 FTE of time recovered!
17 Tools and Process Must Work in Concert to Maximize Effectiveness Disaster Recovery Test Preparation and Set Up
18 DR Test Preparation Vital Records DR Test Preparation Customer Service DR Test Preparation Bank Notifications
19 DR Test Preparation DR Team Leader Test Preparation Post DR Exercise Activity
20 When people, automation, a culture of change, and simplicity successfully converge Internal Controls Naturally Emerge Let s Face it.customers Have Always Expected Something More from IT
21
22 Thank you for allowing me to share my thoughts with you today! Donna M. Manley, MBA IT Sr. Director, Computer Operations ITIL V3 Foundations Certified University of Pennsylvania 22
Service Management Foundation
Management Foundation From Best Practice to Implementation 2008 IBM Corporation Agenda Management Foundation: - Fundamental building blocks for successful Management - ITIL v3: What s new in Operations
More informationAn ITIL Perspective for Storage Resource Management
An ITIL Perspective for Storage Resource Management BJ Klingenberg, IBM Greg Van Hise, IBM Abstract Providing an ITIL perspective to storage resource management supports the consistent integration of storage
More informationIT Service Management with System Center Service Manager
Course 10965B: IT Service Management with System Center Service Manager Course Details Course Outline Module 1: Service Management Overview Effective IT Service Management includes process driven methodologies
More informationFacilities Planning and Management Services
Page 1 of 5 Services Page 2 of 5 TABLE OF CONTENTS Revision History... 2 Abbreviations and Acronyms... 2 Terminology... 2 1.0 Service Description and Services... 3 Baseline Services... 3 1.2 Additional
More informationThe SMB IT Decision Maker s Guide: Choosing a SaaS Service Management Solution
BEST PRACTICES WHITE PAPER The SMB IT Decision Maker s Guide: Choosing a SaaS Service Management Solution Nine Things to Look For in Your Next SaaS Service Desk Table of Contents Introduction...................................................
More informationThe Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach
The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach by Philippe Courtot, Chairman and CEO, Qualys Inc. Information Age Security Conference - London - September 25
More informationCopyright 11/1/2010 BMC Software, Inc 1
Copyright 11/1/2010 BMC Software, Inc 1 Copyright 11/1/2010 BMC Software, Inc 2 Copyright 11/1/2010 BMC Software, Inc 3 The current state of IT Service How we work today! INCIDENT SERVICE LEVEL DATA SERVICE
More informationThe Power of BMC Remedy, the Simplicity of SaaS WHITE PAPER
The Power of BMC Remedy, the Simplicity of SaaS WHITE PAPER TABLE OF CONTENTS EXECUTIVE SUMMARY............................................... 1 BUSINESS CHALLENGE: MANAGING CHANGE.................................
More informationCisco IT Technology Tutorial Overview of ITIL at Cisco
Cisco IT Technology Tutorial Overview of ITIL at Cisco Ian Reddy, IT Manager David Lietzell, IT Program Manager May 2009 Produced by the Cisco on Cisco team within Cisco IT 2007 Cisco Systems, Inc. All
More informationIT Service Continuity Management PinkVERIFY
-11-G-001 General Criteria Does the tool use ITIL 2011 Edition process terms and align to ITIL 2011 Edition workflows and process integrations? -11-G-002 Does the tool have security controls in place to
More informationBMC Mainframe Solutions. Optimize the performance, availability and cost of complex z/os environments
BMC Mainframe Solutions Optimize the performance, availability and cost of complex z/os environments If you depend on your mainframe, you can rely on BMC Sof tware. Yesterday. Today. Tomorrow. You can
More informationw w w. s t r a t u s. c o m
Managed Services Buying Guide Eight ways to sustain 99.999% SLAs for vital business processes. In the real world. w w w. s t r a t u s. c o m Mission-critical SLAs demand mission-critical managed services.
More informationCA Service Desk Manager
DATA SHEET CA Service Desk Manager CA Service Desk Manager (CA SDM), on-premise or on-demand, is designed to help you prevent service disruptions, better manage change risks, and provides a 360-degree
More informationSelf-Service SOX Auditing With S3 Control
Self-Service SOX Auditing With S3 Control The Sarbanes-Oxley Act (SOX), passed by the US Congress in 2002, represents a fundamental shift in corporate governance norms. As corporations come to terms with
More informationCHIS, Inc. Privacy General Guidelines
CHIS, Inc. and HIPAA CHIS, Inc. provides services to healthcare facilities and uses certain protected health information (PHI) in connection with performing these services. Therefore, CHIS, Inc. is classified
More informationIT Service Management with System Center Service Manager
Course 10965B: IT Service Management with System Center Service Manager Page 1 of 9 IT Service Management with System Center Service Manager Course 10965B: 3 days; Instructor-Led Introduction This Three-day
More information2014 Audit of the Board s Information Security Program
O FFICE OF I NSPECTOR GENERAL Audit Report 2014-IT-B-019 2014 Audit of the Board s Information Security Program November 14, 2014 B OARD OF G OVERNORS OF THE F EDERAL R ESERVE S YSTEM C ONSUMER FINANCIAL
More informationAtrium Discovery for Storage. solution white paper
Atrium Discovery for Storage solution white paper EXECUTIVE SUMMARY As more IT systems are deployed that depend on storage infrastructure to provide business services, and with the adoption of technology
More informationAchieving Control: The Four Critical Success Factors of Change Management. Technology Concepts & Business Considerations
Achieving Control: The Four Critical Success Factors of Change Management Technology Concepts & Business Considerations T e c h n i c a l W H I T E P A P E R Table of Contents Executive Summary...........................................................
More informationIntroduction to ITIL: A Framework for IT Service Management
Introduction to ITIL: A Framework for IT Service Management D O N N A J A C O B S, M B A I T S E N I O R D I R E C T O R C O M P U T E R O P E R A T I O N S I N F O R M A T I O N S Y S T E M S A N D C
More informationFoundation. Summary. ITIL and Services. Services - Delivering value to customers in the form of goods and services - End-to-end Service
ITIL ITIL Foundation Summary ITIL and s Design s - Delivering value to customers in the form of goods and services - End-to-end ITIL Best Practice - Scalable and not prescriptive - Gathered from Users,
More informationITSM Maturity Model. 1- Ad Hoc 2 - Repeatable 3 - Defined 4 - Managed 5 - Optimizing No standardized incident management process exists
Incident ITSM Maturity Model 1- Ad Hoc 2 - Repeatable 3 - Defined 4 - Managed 5 - Optimizing No standardized incident process exists Incident policies governing incident Incident urgency, impact and priority
More informationReduce IT Costs by Simplifying and Improving Data Center Operations Management
Thought Leadership white paper Reduce IT Costs by Simplifying and Improving Data Center Operations Management By John McKenny, Vice President of Worldwide Marketing for Mainframe Service Management, BMC
More informationIT Service Management with System Center Service Manager
3 Riverchase Office Plaza Hoover, Alabama 35244 Phone: 205.989.4944 Fax: 855.317.2187 E-Mail: rwhitney@discoveritt.com Web: www.discoveritt.com IT Service Management with System Center Service Manager
More informationVendor Audit Questionnaire
Vendor Audit Questionnaire The following questionnaire should be completed as thoroughly as possible. When information cannot be provided it should be noted why it cannot be provided. Information may be
More informationSimplify and Automate IT
Simplify and Automate IT The current state of IT INCIDENT SERVICE LEVEL DATA SERVICE REQUEST ASSET RELEASE CONFIGURATION GOVERNANCE AND COMPLIANCE EVENT AND IMPACT ENTERPRISE SCHEDULING DASHBOARDS CAPACITY
More informationPractical Guidance for Auditing IT General Controls. September 2, 2009
Practical Guidance for Auditing IT General Controls Chase Whitaker, CPA, CIA September 2, 2009 About Hospital Corporation of America $28B annual revenue $24B total assets $4.6B EBDITA $673M Net Income
More informationOVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii
The Office of the Auditor General has conducted a procedural review of the State Data Center (Data Center), a part of the Arizona Strategic Enterprise Technology (ASET) Division within the Arizona Department
More informationAutomated IT Asset Management Maximize organizational value using BMC Track-It! WHITE PAPER
Automated IT Asset Management Maximize organizational value using BMC Track-It! WHITE PAPER CONTENTS ADAPTING TO THE CONSTANTLY CHANGING ENVIRONMENT....................... 1 THE FOUR KEY BENEFITS OF AUTOMATION..................................
More informationBUSINESS PROCESS MANAGEMENT and IT. Helping Align IT with Business
BUSINESS PROCESS MANAGEMENT and IT Helping Align IT with Business Our Business Helping IT organizations streamline Infrastructure Operations Process Development or Re-Engineering Implementation of an ITSM
More informationOffice of Information Technology Hosted Services Service Level Agreement FY2009
Application Name: Application Agreement Start Date: 07/01/08 Customer Name: Customer Agreement Renewal Date: 06/30/09 SLA Number: HSxxxFY09A Service Description: This document describes the technical support
More informationBMC and ITIL: Continuing IT Service Evolution. Why adopting ITIL processes today can save your tomorrow
BMC and ITIL: Continuing IT Service Evolution Why adopting ITIL processes today can save your tomorrow What does it mean to adopt ITIL? Implementing ITIL? Don t. That s outdated thinking. Today s successful
More informationProblem Management: A CA Service Management Process Map
TECHNOLOGY BRIEF: PROBLEM MANAGEMENT Problem : A CA Service Process Map MARCH 2009 Randal Locke DIRECTOR, TECHNICAL SALES ITIL SERVICE MANAGER Table of Contents Executive Summary 1 SECTION 1: CHALLENGE
More informationProject Management and ITIL Transitions
Project Management and ITIL Transitions April 30 th 2012 Linda Budiman Director CSC 1 Agenda Thought Leadership: Linda Budiman What is ITIL & Project Management: Applied to Transitions Challenges & Successes:
More informationHow to Lead the People in a Program Based Environment
SESSION ID: GRC-W01 Balancing Compliance and Operational Security Demands Steve Winterfeld Bank Information Security Officer CISSP, PCIP What is more important? Compliance with laws / regulations Following
More informationCloud Security Alliance and Standards. Jim Reavis Executive Director March 2012
Cloud Security Alliance and Standards Jim Reavis Executive Director March 2012 About the CSA Global, not for profit, 501(c)6 organization Over 32,000 individual members, 120 corporate members, 60 chapters
More informationstate of south dakota Bureau of Information & Telecommunications Provide a Reliable, Secure & Modern Infrastructure services well-designed innovative
Strategic Plan 2015-2017 state of south dakota Bureau of Information & Telecommunications 1GOAL ONE: Provide a Reliable, Secure & Modern Infrastructure services security technology assets well-designed
More informationFirewall Administration and Management
Firewall Administration and Management Preventing unauthorised access and costly breaches G-Cloud 5 Service Definition CONTENTS Overview of Service... 2 Protects Systems and data... 2 Optimise firewall
More informationDynamic Service Desk. Unified IT Management. Solution Overview
I T S E R V I C E + I T A S S E T M A N A G E M E N T INFRASTRUCTURE MANAGEMENT Dynamic Service Desk Unified IT Management Achieving business and IT alignment requires having insight into hardware and
More informationSimplify and Automate IT
Simplify and Automate IT Expectations have never been higher Reduce IT Costs 30% increase in staff efficiency Reduce support costs by 25% Improve Quality of Service Reduce downtime by 75% 70% faster MTTR
More informationCompliance, Security and Risk Management Relationship Advice. Andrew Hicks, Director Coalfire
Compliance, Security and Risk Management Relationship Advice Andrew Hicks, Director Coalfire Housekeeping You may submit questions throughout the webinar using the question area in the control panel on
More information10 Best-Selling Modules For Home Information Technology Professionals
Integriertes Risk und Compliance Management als Elemente einer umfassenden IT-Governance Strategie Ing. Martin Pscheidl, MBA, MSc cert. IT Service Manager Manager, Technical Sales CA Software Österreich
More informationMICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL
MICHIGAN OFFICE OF THE AUDITOR GENERAL AUDIT REPORT THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL The auditor general shall conduct post audits of financial transactions and accounts of the state and of all
More informationThe Modern Service Desk: How Advanced Integration, Process Automation, and ITIL Support Enable ITSM Solutions That Deliver Business Confidence
How Advanced Integration, Process Automation, and ITIL Support Enable ITSM Solutions That Deliver White Paper: BEST PRACTICES The Modern Service Desk: Contents Introduction............................................................................................
More informationHow To Create A Help Desk For A System Center System Manager
System Center Service Manager Vision and Planned Capabilities Microsoft Corporation Published: April 2008 Executive Summary The Service Desk function is the primary point of contact between end users and
More informationCA CMDB Connector for z/os version 2.0
PRODUCT SHEET CA CMDB Connector for z/os version 2.0 CA CMDB Connector for z/os version 2.0 CA CMDB Connector for z/os is the final piece in the puzzle to create an enterprise CMDB, providing you the ability
More informationShelter from the Storm. Presented by Victoria Farnsworth, Director of Service Management
Shelter from the Storm Presented by Victoria Farnsworth, Director of Service Management 1 Perfect Storm or Perfect Opportunity? Why an ITIL Pilot Project?» Processes aren t adopted across entire organization
More informationConfiguration Audit & Control
The Leader in Configuration Audit & Control Configuration Audit & Control Brett Bartow - Account Manager Kelly Feagans, Sr. Systems Engineer ITIL, CISA March 4, 2009 Recognized leader in Configuration
More informationCapability Statement (Organizational)
Capability Statement (Organizational) Aspiryon, LLC. Email:info@aspiryon.net Web: www.aspiryon.net Summary of Services Aspiryon has been an award-winning provider of strategic staffing, technology and
More informationState of Oregon. State of Oregon 1
State of Oregon State of Oregon 1 Table of Contents 1. Introduction...1 2. Information Asset Management...2 3. Communication Operations...7 3.3 Workstation Management... 7 3.9 Log management... 11 4. Information
More informationSecurity Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
More informationVA Office of Inspector General
VA Office of Inspector General OFFICE OF AUDITS & EVALUATIONS Department of Veterans Affairs Federal Information Security Management Act Audit for Fiscal Year 2013 May 29, 2014 13-01391-72 ACRONYMS AND
More informationIT Sr. Systems Administrator
IT Sr. Systems Administrator Location: [North America] [United States] [Monrovia] Category: Information Technology Job Type: Open-ended, Full-time PURPOSE OF POSITION: Systems Administrators and Engineers
More informationExhibit to Data Center Services Service Component Provider Master Services Agreement
Exhibit to Data Center Services Service Component Provider Master Services Agreement DIR Contract No. DIR-DCS-SCP-MSA-002 Between The State of Texas, acting by and through the Texas Department of Information
More informationDELL BACKUP ADMINISTRATION & MANAGEMENT SERVICES
DELL BACKUP ADMINISTRATION & MANAGEMENT SERVICES SIMPLIFY DATA BACKUP MANAGEMENT BACKUP ADMINISTRATION & MANAGEMENT SERVICES DELL S APPROACH Dell brings predictability and manageability into backup environments
More informationTask Area 1: IT Services for Biomedical Research, Health Sciences, and Healthcare
CIO-SP 3 Task Areas Ten task areas constitute the technical scope of this contract: Task Area 1: IT Services for Biomedical Research, Health Sciences, and Healthcare The objective of this task area is
More informationDisaster Recovery Policy
Disaster Recovery Policy INTRODUCTION This policy provides a framework for the ongoing process of planning, developing and implementing disaster recovery management for IT Services at UCD. A disaster is
More informationHow To Improve Your Business
IT Risk Management Life Cycle and enabling it with GRC Technology 21 March 2013 Overview IT Risk management lifecycle What does technology enablement mean? Industry perspective Business drivers Trends
More informationWhy Change When My Process is Working Just Fine? Donna M. Jacobs (Manley) October 24, 2013
Why Change When My Process is Working Just Fine? Donna M. Jacobs (Manley) October 24, 2013 The goal of the change management process is to ensure that standardized methods and procedures are used for efficient
More informationBSM for IT Governance, Risk and Compliance: NERC CIP
BSM for IT Governance, Risk and Compliance: NERC CIP Addressing NERC CIP Security Program Requirements SOLUTION WHITE PAPER Table of Contents INTRODUCTION...................................................
More informationCIO-SP3 Service areas NIH Chief Information Officers-Solutions & Partners
CIO-SP3 Service areas NIH Chief Information Officers-Solutions & Partners PwC Contents Page 1 IT Services for Biomedical Research and Healthcare 2 Chief Information Officer (CIO) Support 3 5 3 Imaging
More informationYour Software Quality is Our Business. INDEPENDENT VERIFICATION AND VALIDATION (IV&V) WHITE PAPER Prepared by Adnet, Inc.
INDEPENDENT VERIFICATION AND VALIDATION (IV&V) WHITE PAPER Prepared by Adnet, Inc. February 2013 1 Executive Summary Adnet is pleased to provide this white paper, describing our approach to performing
More informationGovernance, Risk, and Compliance (GRC) White Paper
Governance, Risk, and Compliance (GRC) White Paper Table of Contents: Purpose page 2 Introduction _ page 3 What is GRC _ page 3 GRC Concepts _ page 4 Integrated Approach and Methodology page 4 Diagram:
More information10751-Configuring and Deploying a Private Cloud with System Center 2012
Course Outline 10751-Configuring and Deploying a Private Cloud with System Center 2012 Duration: 5 days (30 hours) Target Audience: This course is intended for data center administrators who will be responsible
More informationExhibit to Data Center Services Service Component Provider Master Services Agreement
Exhibit to Data Center Services Service Component Provider Master Services Agreement DIR Contract No. DIR-DCS-SCP-MSA-002 Between The State of Texas, acting by and through the Texas Department of Information
More informationGovernance For Compliance The Convergence of Central and Distributed IT Compliance Presented to VASCAN Conference 2009
Governance For Compliance The Convergence of Central and Distributed IT Compliance Presented to VASCAN Conference 2009 JASON C. RICHARDS CHIEF INFORMATION SECURITY OFFICER VIRGINIA COMMUNITY COLLEGE SYSTEM
More informationInformation Security Program CHARTER
State of Louisiana Information Security Program CHARTER Date Published: 12, 09, 2015 Contents Executive Sponsors... 3 Program Owner... 3 Introduction... 4 Statewide Information Security Strategy... 4 Information
More informationJOB DESCRIPTION CONTRACTUAL POSITION
Ref #: IT/P /01 JOB DESCRIPTION CONTRACTUAL POSITION JOB TITLE: INFORMATION AND COMMUNICATIONS TECHNOLOGY (ICT) SECURITY SPECIALIST JOB SUMMARY: The incumbent is required to provide specialized technical
More informationAssessment Process. 2013 HITRUST, Frisco, TX. All Rights Reserved.
Assessment Process Assessment Process Define Scope The assessment scope gives context to the security controls and those organizations and individuals relying on the results Organization scope defines
More informationPROPOSAL EVALUATION WORKSHEET (INDIVIDUAL) EVALUATION FACTOR: INFORMATION TECHNOLOGY SERVICES PLAN (RATED) Selection Committee
Selection Committee PROPOSER: MBCR DATE: 9/9/2013 OVERALL RATING: Acceptable NARRATIVE SUMMARY: The IT organization will be led by an experienced CIO who will have 3 positions assigned to quality assurance.
More informationInformation Technology Auditing for Non-IT Specialist
Information Technology Auditing for Non-IT Specialist IIA Pittsburgh Chapter October 4, 2010 Agenda Introductions What are General Computer Controls? Auditing IT processes controls Understanding and evaluating
More informationTransition From Virginia Interactive
Transition From Virginia Interactive Transition Webinar October 2012 1 1 Authors VITA SiteVision CyberData BroadPoint AIS Hosting O & M Hosting topics include: Network Server performance Backups Patches
More informationCertified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) Course Introduction Course Introduction Module 01 - The Process of Auditing Information Systems Lesson 1: Management of the Audit Function Organization of the
More informationBMC Service Assurance. Proactive Availability and Performance Management Capacity Optimization
BMC Service Assurance Proactive Availability and Performance Management Capacity Optimization BSM enables cross-it workflow Proactive Operations Initiatives Incident Management Proactive Operations REQUEST
More informationMS-10751: Configuring and Deploying a Private Cloud with System Center 2012. Required Exam(s) Course Objectives. Price. Duration. Methods of Delivery
MS-10751: Configuring and Deploying a Private Cloud with System Center 2012 This course teaches students how to design, install and configure a private cloud, including how to configure and deploy the
More informationKlickstart Business Solutions & Services
About us With an Engineering background & vast experience spanning across two decades with an expertise in Technology Marketing, Branding, Business development & Sales we set out to create a platform every
More informationMS 10751A - Configuring and Deploying a Private Cloud with System Center 2012
MS 10751A - Configuring and Deploying a Private Cloud with System Center 2012 Description: Days: 5 Prerequisites: This course describes private cloud configuration and deployment with Microsoft System
More informationInformation Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis
Information Security Risk Assessment Checklist A High-Level Tool to Assist USG Institutions with Risk Analysis Updated Oct 2008 Introduction Information security is an important issue for the University
More informationDatacenter Migration Think, Plan, Execute
Datacenter Migration Think, Plan, Execute Datacenter migration is often regarded as a purely technical, almost trivial side-project, to be delivered by existing IT staff alongside their day jobs. With
More informationWHITEPAPER Map, Monitor, and Manage Distributed Applications in System Center 2012
WHITEPAPER Map, Monitor, and Manage Distributed Applications in System Center 2012 The Challenge: Managing Distributed Applications in System Center 2012 System Center 2012 gives IT Operations managers
More informationCourse 10751A: Configuring and Deploying a Private Cloud with System Center 2012
Course 10751A: Configuring and Deploying a Private Cloud with System Center 2012 OVERVIEW About this Course This course describes private cloud configuration and deployment with Microsoft System Center
More informationVendor Questions and Answers
OHIO DEFERRED COMPENSATION REQUEST FOR PROPOSALS (RFP) FOR COMPREHENSIVE SECURITY ASSESSMENT CONSULTANT Issue Date: December 7, 2016 Written Question Deadline: January 11, 2016 Proposal Deadline: RFP Contact:
More informationADMINISTRATIVE SUPPORT AND CLERICAL OCCUPATIONS SIN 736 1
Following are the Contractor Site and Government Site Labor Categories for SIN 736-1, SIN 736-1, and SIN 736-5. Please do not hesitate to contact us at gsataps@amdexcorp.com if you have any questions ADMINISTRATIVE
More informationBMC Control-M Workload Automation
solution overview BMC Control-M Workload Automation Accelerating Delivery of Digital Services with Workload Management Table of Contents 1 SUMMARY 2 FASTER AND CHEAPER DYNAMIC WORKLOAD MANAGEMENT Minimize
More informationImplement a unified approach to service quality management.
Service quality management solutions To support your business objectives Implement a unified approach to service quality management. Highlights Deliver high-quality software applications that meet functional
More informationPROPOSAL EVALUATION WORKSHEET (INDIVIDUAL) EVALUATION FACTOR: INFORMATION TECHNOLOGY SERVICES PLAN (RATED) Selection Committee #12
PROPOSER: MBCR Selection Committee #12 DATE: 9/9/2013 OVERALL RATING: Acceptable NARRATIVE SUMMARY: The Proposer has submitted an acceptable Information Technology Services plan in accordance with the
More informationCloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter
Cloud Security considerations for business adoption Ricci IEONG CSA-HK&M Chapter What is Cloud Computing? Slide 2 What is Cloud Computing? My Cloud @ Internet Pogoplug What is Cloud Computing? Compute
More informationMS 20247C Configuring and Deploying a Private Cloud
MS 20247C Configuring and Deploying a Private Cloud Description: Days: 5 Prerequisites: This course equips students with the skills they require to configure and deploy a cloud using Microsoft System Center
More informationA Comprehensive Approach to Practicing ITIL Change Management. A White Paper Prepared for BMC Software February 2007
A White Paper Prepared for BMC Software February 2007 Table of Contents Executive Summary...1 The Problem...1 The Solution...2 ITIL Approach to Change Management...2 Integrating Batch Processing With ITIL-Based
More informationIT Service Desk Manager
IT Service Desk Manager Sangita Chandrakant Panmand [1], Sudarshan Ramakant Patil [2] Jainam Technology Pvt. Ltd, Bhaveshwar Complex, Patelwadi. Kurla, Mumbai, Maharashtra 400086. sangitap@jainamtech.com,
More informationCounselorMax and ORS Managed Hosting RFP 15-NW-0016
CounselorMax and ORS Managed Hosting RFP 15-NW-0016 Posting Date 4/22/2015 Proposal submission deadline 5/15/2015, 5:00 PM ET Purpose of the RFP NeighborWorks America has a requirement for managed hosting
More informationSECTION C: DESCRIPTION/SPECIFICATIONS/WORK STATEMENT
PAGE 6 of 51 SECTION C: DESCRIPTION/SPECIFICATIONS/WORK STATEMENT Article C.1 Statement of Work This contract is designed to permit the Institutes and Centers (ICs) of NIH, the Department of Health and
More informationConfiguring and Deploying a Private Cloud with System Center 2012
Course 10751A: Configuring and Deploying a Private Cloud with System Center 2012 Length: Delivery Method: 5 Days Instructor-led (classroom) About this Course This course describes private cloud configuration
More informationDepartment of Management Services. Request for Information
Department of Management Services Request for Information Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services September 3, 2015 Submitted By: Carlos Henley
More informationApril 20, 2006. Integrating COBIT into the IT Audit Process (Planning, Scope Development, Practices)
Integrating COBIT into the IT Audit Process (Planning, Scope Development, Practices) April 20, 2006 San Francisco ISACA Chapter Luncheon Seminar Presented By Lance M. Turcato, CISA, CISM, CPA Deputy City
More informationOffice of Information Technology
Office of Information Technology Core Services Resilience Plan Version 6.5.6 March 2010 Page 1 of 13 Table of Contents Overview... 3 Background... 4 OIT Organizational Resilience Program... 4 Data Centers...
More informationSECURITY RISK MANAGEMENT
SECURITY RISK MANAGEMENT ISACA Atlanta Chapter, Geek Week August 20, 2013 Scott Ritchie, Manager, HA&W Information Assurance Services Scott Ritchie CISSP, CISA, PCI QSA, ISO 27001 Auditor Manager, HA&W
More informationEMC NETWORKER AND DATADOMAIN
EMC NETWORKER AND DATADOMAIN Capabilities, options and news Madis Pärn Senior Technology Consultant EMC madis.parn@emc.com 1 IT Pressures 2009 0.8 Zettabytes 2020 35.2 Zettabytes DATA DELUGE BUDGET DILEMMA
More informationBUSINESS MANAGEMENT SUPPORT
BUSINESS MANAGEMENT SUPPORT Business disadvantages using cloud computing? Author: Maikel Mardjan info@bm-support.org 2010 BM-Support.org Foundation. All rights reserved. EXECUTIVE SUMMARY Cloud computing
More informationA Federated Approach to Systems Management. Sr. Product Specialist Systems Engineer
A Federated Approach to Systems Todd Nugent Mike Huffstatler Sr. Product Specialist Systems Engineer The Absolute Product Portfolio Cross Platform Provides policy driven management of cross platform devices.
More information