Version 1.0. IT Service Management & IT Asset Management Services (ITSM & ITAM Services) Governance Process

Size: px
Start display at page:

Download "Version 1.0. IT Service Management & IT Asset Management Services (ITSM & ITAM Services) Governance Process"

Transcription

1 Version 1.0 IT Service Management & IT Asset Management Services (ITSM & ITAM Services) Governance Process

2 Table of Contents 1 Planning and Organization Executive Overview ITSM & ITAM Services Value Management ITSM & ITAM Services Business Alignment ITSM & ITAM Services Performance Management ITSM & ITAM Services Strategic Plan ITSM & ITAM Services Tactical Plan Technological Direction ITSM & ITAM Services Information Architecture Model Technological Direction Planning Technological Infrastructure Plan Monitoring of Future Trends and Regulations Technology Practices, Standards and Guidelines Organizational Roles and Relationships ITSM & ITAM Services Steering Committee ITSM & ITAM Services Governance Council Organizational Structure of Application Service Roles and Responsibility of Application Service Responsibility for Risk, Security, and Compliance ITSM & ITAM Services Data and System Ownership ITSM & ITAM Services Personnel Service Relationships (Operational Level Agreements and Underpinning Contracts) Manage Financials Billing and Cost Recovery Model ITSM & ITAM Services Budget Prioritization ITSM & ITAM Services Budgeting Process Cost Management Benefit Management Manage Quality Assess and Manage Service Risks Risk Assessment Risk Response Maintenance and Monitoring of a Risk Action Plan Manage Projects Acquisition and Implementation Acquisition of Resources, Software, Hardware Maintaining Service and Test Tools Enable Operation and Use Knowledge Transfer to End Users & Train the Trainer Knowledge Transfer to Operations and Support Staff

3 2.3.3 Remedy Application Training Procurement of IT Resources Procurement Control Manage Changes Change Standards and Procedures Change Status Tracking and Reporting Manage Releases ITSM & ITAM Services Implementation Plan ITSM & ITAM Services Test Environment Testing of Changes Service Delivery and Support Define and Manage Service Levels Service Level Management Definition of Services Service Level Agreements Operating Level Agreements Review of Service Level Agreements Monitoring and Reporting of Service Level Agreements Service Contract Agreements Manage Performance and Capacity Performance and Capacity Planning Service Monitoring Ensure Continuous Service Ensure Service Security IT Security Plan Management of IT Security Identity Management User Intrusion Identify and Allocate Costs Definition of Services IT Accounting Cost Modeling and Charging Cost Model Maintenance Manage Service Desk and Incident Management Service Desk Registration of Customer Queries Incident Escalation Incident Closure Trend Analysis Manage the Configuration Configuration Repository and Baseline Identification and Maintenance of Configuration Items Configuration Integrity Review Manage Problems

4 3.9 Manage Data Storage and Retention Arrangements Media Library Management System Disposal Backup and Restoration Security Requirements for Data Management Manage the Physical Environment Manage Operations Operations Procedures and Instructions Infrastructure Monitoring Sensitive Documents and Output Devices Preventive Maintenance for Hardware Monitoring and Evaluation Monitor and Evaluate Performance Definition and Collection of Monitoring Data Monitoring Methods Performance Assessment Board and Executive Reporting Remedial Actions Ensure Regulatory Compliance Laws & Regulations w/ Potential Impact on ITSM & ITAM Services Appendix A Governance Roles and Responsibilities Appendix B ITSM & ITAM Services Governance Process Diagram Appendix C ITIL Mappings for ITS and ITSM & ITAM Services

5 Copyright Disclosure The Control Objectives for Information and related Technology version 4.0 (COBIT 4.0) specification document was used as the basis for developing this Governance Framework Template. The COBIT 4.0 specification is produced and maintained by The IT Governance Institute (ITGI The ITGI was established in 1998 to advance international thinking and standards for directing and controlling the use of information technology. Effective IT governance helps ensure that IT supports business goals, optimizes business investment in IT, and appropriately manages IT related risks and opportunities. The IT Governance Institute offers original research, electronic resources, and case studies to assist organizations in their IT governance responsibilities. ITGI (the Owner ), has designed and created the COBIT 4.0 specification (the Work ), primarily as an educational resource for senior IT management and control professionals. The Owner makes no claim that use of any of the Work will assure a successful outcome. The Work should not be considered inclusive of any proper information, procedures and tests or exclusive of other information, procedures and tests that are reasonably directed to obtaining the same results. In determining the propriety of any specific information, procedure or test, senior IT management and control professionals should apply their own professional judgment to the specific circumstances presented by their particular systems or information technology environment. ITS Enterprise Solutions (ES) has leveraged the content of the COBIT 4.0 specification document for creating the ITSM & ITAM Services Governance document that can be reused and adapted for governance process development for ES shared services. Per the ITGI copyright disclosure statement, this type of content reuse is permitted for internal, noncommercial, or academic use only and must include full attribution of the material s source. ITS-ES intends to comply with this copyright requirement by only using this material for internal and noncommercial use. 5

6 1 Planning and Organization 1.1 Executive Overview Mission statement The ITSM & ITAM Services Governance Council mission is to provide a highly reliable, scalable, secure, and cost effective IT Service Management, Asset Management and Customer Relationship Management tool that NC State agencies can leverage for managing tasks and activities associated with the OEP implementations of the processes designed within the ITIL Framework. Purpose and Role The purpose of this document is to provide all interested parties with a formal structure that outlines how the ITSM & ITAM Services Group conducts business and responds to business requirements that affects the service as a whole. This governance mechanism also provides a vehicle for each member to make decisions on behalf of their respective agency and to share in the responsibilities and goals of the ITSM & ITAM Services within the State of NC ITSM & ITAM Services Value Management ITSM & ITAM Services provides State of NC agencies with the ability to access and leverage a best in class IT Service Management and Asset Management software solution as a shared service utility without having to fund the significant up-front investment that would normally be associated with the acquisition and deployment of a comparable in-house solution. Other value provided by the service includes: Access to the ITS OEP processes, procedures and documents developed in accordance with the ITIL Framework which is also the basis for the ITSM & ITAM Services implementation. Adhesion to the ITIL Framework and methodology for the management of IT Services. A collection of Best Practices for the processes of Incident Management, Problem Management, Change Management, Configuration Management, Release Management, and Service Level Management, supported by a single integrated application. 6

7 A complete solution of integrated tool and processes which will bring higher levels of efficiency and effectiveness to your Service Management and Asset Management activities. Economies of scale from a shared service offering that would offer lower entry costs for using the ITSM & ITAM Services when it would normally be out of reach for most agencies ITSM & ITAM Services Business Alignment The concept of a shared ITSM & ITAM Services hosted under a single agency started several years ago. The current ITSM application is the third application hosted by ITS providing a means of managing and tracking activities related to Incidents, Service Requests, Changes, and root cause analysis functions of Problem Management. Asset Management is a new offering with the latest tool. Several Service Desks / Call Centers have utilized the previous tools offered by ITS to fill their needs for managing Incidents and Service Requests. These Agencies are positioned to move to the new ITSM & ITAM Services as it offers significantly enhanced capabilities over the previous offerings and provides a substantially less expensive alternative than implementing a tool only for their agency s use. This new offering has generated a high level of interest from several new state agencies that recognize the strength and cost effectiveness of the offering. As a result the support staff was increased with the goal of shortening the time to market for the ITSM & ITAM Services offering. These agencies have agreed to participate on the ITSM & ITAM Services Governance Council and to contribute in helping to shape and define how the ITSM & ITAM Services meet the needs of the State of North Carolina, its agencies and its citizens. ITS, in turn agreed to host and maintain the service including software, hardware, and infrastructure and to offer State agencies the following ITSM & ITAM Services tool options: IT Service Management Service Desk tools to manage Incidents, Service Requests, Problems and in some cases Customer Relationship Management: An Incident Management Application for managing and tracking Incidents and Service Requests. This Incident Management application allows for management of the entire Incident Management process in order to assist in restoring service as quickly as possible. The ability to prioritize Incidents and Service Requests according to business impact allows staff to focus efforts where it matters most. A Problem Management Application for managing and tracking Problem investigations from detection to eradication through the sub-processes of Problem 7

8 Control, Error Control, and Pro-Active Problem Analysis. Problem Management processes remove defects from the IT infrastructure, eliminate recurring Incidents, and stabilize the environment. A Change Management Application for managing and tracking infrastructure changes which includes process management and planning capabilities that help increase the speed and consistency in the way changes are implemented while minimizing risk and errors. This module includes built-in approval process for Change and Release management. This module is completely integrated with Incident, Problem, Asset and Service Level Management Applications. A Service Level Management Application for managing and tracking SLA commitments and breaches allowing management to pinpoint weaknesses and take corrective action. IT Asset Management Asset Management tools to discover and manage assets: A Configuration Discovery Application automates collection of hardware, software, and system information, which provides accurate data for reporting and license compliance. This tool can help reduce support costs by providing support staff with details that will allow them to remotely troubleshoot and resolve issues. A Topology Discovery Application can provide fast, accurate dependency mapping of components within an IT environment. This application provides an upto-date view of dependencies and relationships of assets. An Asset Management Application gives greater visibility to assets and allows for managing and tracking assets along with their physical and financial attributes and disposition. This module includes a Definitive Software Library (DSL) as well as the ability to manage contracts. This allows automated links between assets and software license, lease, warranty, and support contracts to ensure compliance. Asset Management also allows tracking of total cost of ownership of assets. Additional information about the service in general and how it aligns itself in regards to the business perspective can be found on the ITS website under ITS Service Catalog, Application Services, ITSM & ITAM Services. Below is a link to access this information directly ITSM & ITAM Services Performance Management The ITSM & ITAM Services Governance Council will assess and measure the performance of existing policies, plans, procedures, processes, and controls as they relate to the business objectives, delivery, functionality, maintainability, security, and costs of the service. 8

9 1.1.4 ITSM & ITAM Services Strategic Plan ITSM & ITAM Services achieved the goal of introducing an enterprise level ITIL compliant IT Asset Management application in June, 2007 and IT Service Management application in October, This application is available for other State Agencies to utilize for managing their day to day tasks and activities associated with the core ITIL processes of Incident Management, Problem Management, Change Management, Release Management and Configuration Management as well as Asset Management based on the close alignment of the ITSM application with the ITIL Framework. Any agency electing to follow the ITIL Best Practices may do so utilizing the tool ITSM & ITAM Services Tactical Plan To be added and determined by the ITSM & ITAM Services Steering Committee. 9

10 1.2 Technological Direction ITSM & ITAM Services Information Architecture Model Insert Multi Tenancy Diagram and Concept Technological Direction Planning ITSM & ITAM Services group will provide any new technological, software, or service options and/or recommendations to assist with determining the most appropriate strategy when issues with the current service or Remedy ARSystem occur. These will be presented to the ITSM & ITAM Services Governance Council for review. ITSM & ITAM Services currently has a multi-year agreement with Column Technologies for the support and maintenance of the Remedy AR System and applications utilized as part of ITSM & ITAM Services Technological Infrastructure Plan Technical Infrastructure plans are handled and developed by the Architecture and Engineering (A&E) group in conjunction with the ITSM & ITAM Services. The service was implemented in June of The only updates currently scheduled are an addition of a test environment for User Acceptance Testing Monitoring of Future Trends and Regulations The ITSM & ITAM Services Governance Council, under the guidance of the ITSM & ITAM Services group, will monitor business sector/industry, technology, infrastructure, legal, and regulatory environment trends Technology Practices, Standards and Guidelines ITSM & ITAM Services will comply with any applicable principles, practices, standards, guidelines, processes set forth by the State of North Carolina Statewide Technology Architecture (NCSTA) and any state-level information technology strategies, plans, policies, and procedures set forth by Architecture and Engineering (A&E). Below are links to access this information directly: 10

11 1.3 Organizational Roles and Relationships ITSM & ITAM Services Steering Committee The ITSM & ITAM Services Steering Committee includes the State CIO, Deputy State CIO (ITS), ES Director, and current members of the TPG. Their primary focus may include all or one of the following: Determine prioritization of IT-enabled investment programs in line with the enterprise s business strategy and priorities Track status of projects and resolve resource, software, or hardware conflicts Monitor service levels and service improvements ITSM & ITAM Services Governance Council The ITSM & ITAM Services Governance Council is comprised of current subscribers of the service. Appendix A provides a current list of agencies and members along with their roles and responsibilities Organizational Structure of Application Service ITSM & ITAM Services is part of the Enterprise Solutions group within ITS and reports to the ES Director. The following sections detail the Organizational Placement and Structure of the service Roles and Responsibility of Application Service The responsibility for ITSM & ITAM Services includes but is not limited to the following: Work with agency designees in the initial implementation and deployment activities and tasks providing guidance and leadership in the execution. Participate in daily operations, coordination, and support of agency application administrators, users, and customers using the ITSM & ITAM Services. Provide support and maintenance of the application to ensure its ongoing availability to the agencies that utilize the service in alignment with the published SLA for the ITSM & ITAM Services. Establish overall test strategy & scope; test readiness; and perform risk analysis for assigned testing activities. 11

12 Provide and manage functional and performance testing of the ITSM & ITAM Services. Serve (as needed) in a subject matter expert (SME) role to support ITSM & ITAM Services for local application administrators using the Remedy AR System tools, forms and application. Receive and provide feedback on the product life cycle and Road Map for ITSM & ITAM Services as it pertains to development and maintenance of strategic business/technology plans; logical and physical platform architecture; and configuration, maintenance, and version upgrades of ITSM & ITAM Services infrastructure Responsibility for Risk, Security, and Compliance ITSM & ITAM Services will comply with any applicable policies, standards, and procedures set forth by the Enterprise Security and Risk Management Office as it pertains to potential security risks. Below is a link to access this information directly: ITSM & ITAM Services Data and System Ownership ITSM & ITAM Services Data Any data stored within any specific tenancy of the ITSM & ITAM Services database will be fully owned by the agency tenant. With the exception of the ITSM & ITAM Services System Administrators, data within each tenancy is visible and available only to the respective tenant agency unless the tenant agrees to make data visible to other tenancies. Excluding any activities which must be or can only be carried out by ITS ITSM & ITAM Services System Administrators, the management of all data and records within any specific tenancy shall be the sole responsibility of the tenant agency System Ownership ITSM & ITAM Services is solely responsible for coordinating and implementing any modifications, updates, and patches to any of the Remedy AR System tools, servers, or databases, as well as installation of any new software as required. 12

13 1.3.7 ITSM & ITAM Services Personnel ITSM & ITAM Services will comply with any applicable policies and procedures set forth by ITS and OSP office in regards to the process for hiring and staffing of state employees Security Clearance Procedures ITSM & ITAM Services will comply with any applicable policies and procedures set forth by ITS for personnel security clearance. Any adherence to additional security clearance policies required by other State Agencies will be determined as necessary Contracted Staff Policies and Procedures ITSM & ITAM Services will comply with any applicable policies and procedures set forth by ITS Statewide Procurement office in regards to the process for hiring and staffing of contracted personnel Service Relationships (Operational Level Agreements and Underpinning Contracts) ITSM & ITAM Services administers, supports, and maintains the Remedy AR System application tool suite and the Atrium CMDB. The hosting of the service is provided by several support groups within ITS. In conjunction with ITSM & ITAM Services, they are responsible for supporting and maintaining the following components that complete the service. Computing Services - Server hardware and software platform including OS patches/ updates, virus protection, monitoring, and re-imaging Telecommunication Services Network hardware, connectivity, firewalls, VPN profiles, and security NCID Single sign on authentication and identity management ITS Enterprise Security and Risk Management Services oversight and security scanning, user intrusion detection, and security patch enforcement ITS Service Desk 24 X 7 support of handling of incidents related to ITSM & ITAM Services 13

14 Column Technologies support 24 X 7 support of the Remedy AR System tool suite administrated by ITSM & ITAM Services for critical incidents NCAS Fixed Asset System Ariba eprocurement System Business Relationship Management Business relationships between agencies and ITSM & ITAM Services ITSM & ITAM Services Governance Council represents each subscribing agency in making business decisions related to ITSM & ITAM Services 14

15 1.4 Manage Financials Billing and Cost Recovery Model Charges for the usage of ITSM & ITAM Services will be invoiced on a monthly basis to each tenant agency in accordance with the approved annual rates and the license counts to which they have committed. General usage of the application, standard application maintenance, application hosting, and infrastructure support for all ITSM & ITAM Services specific hardware, software, and OS are included in the approved annual rates. Any optional work requested by and carried out for a specific agency tenant or group of agency tenants will be charged at the time and material rate set for the current year. Specific rates are available on the rates page at : ITSM & ITAM Services Budget Prioritization ITSM & ITAM Services Governance Council will review and prioritize any allocation of IT resources, software, hardware, licensing, infrastructure, support maintenance agreements, and other recommendations that may affect changes to the current cost model. Changes to the cost model must be reviewed by the ITSM & ITAM Services Governance Council prior to submission to the State CIO ITSM & ITAM Services Budgeting Process ITSM & ITAM Services will comply with any applicable budgeting policies and procedures set forth by Financial Management and contained in the Financial Management for IT Library within ITS or the ITS Financial Budget office. The Financial Management for IT documentation was developed to meet the standards of the Information Technology Infrastructure Library (ITIL) methodology as part of the Operational Excellence Program (OEP) in the Office of Information Technology Services Cost Management ITSM & ITAM Services Governance Council, in conjunction with the budgetary recommendations set forth by ITSM & ITAM Services, will review and approve any changes, recommendations, or additional service charges to the cost model on an annual basis Benefit Management Please refer to section ITSM & ITAM Services Value Management 15

16 1.5 Manage Quality To ensure ongoing business requirements are properly aligned, ITSM & ITAM Services has established standards and practices to help manage the quality of services provided and delivered to subscribing agencies and customers by continuous measurement of and concentration on the following criteria: Customer focus and communication Customer feedback and satisfaction Continuous improvement of service delivery Preventive maintenance and conflict resolution Service usage, monitoring, and review Overall performance is ultimately measured against the current Service Level Agreement (SLA) and Operational Level Agreement (OLA) documents pertaining to ITSM & ITAM Services. The scope of these agreements is further explained in section 3. 16

17 1.6 Assess and Manage Service Risks Risk Assessment ITSM & ITAM Services will comply with any applicable policies or procedures set forth and developed by Risk Management Services, part of the Enterprise Security and Risk Management Office, which supports the State CIO. Their performance of duties and responsibilities are directly associated with any involvement as it pertains to information technology risk management, continuity of operations/continuity of government, and audits/assessments as they relate to information technology and include but are not limited to any of the following: ITSM & ITAM Services and Business Risk Management Alignment Establishment of Risk Context Event Identification Risk Management Services reviews and evaluates State Agency plans including ITSM & ITAM Services on an annual basis against industry standards, State policy, and best practices. Audits and assessments are conducted as prescribed by legal and regulatory requirements. Any findings and recommendations are reported to applicable ITS management Risk Response Response to any potential risk to service in general will be initially handled by correspondence from ITSM & ITAM Services via detailing the event. Depending on the level and degree of the risk, an emergency meeting of the ITSM & ITAM Governance Council will be held as deemed necessary Maintenance and Monitoring of a Risk Action Plan The maintenance and monitoring of a Risk Action plan will be developed by the ITSM & ITAM Services Governance Council in 2008 and will be reviewed on a quarterly basis or as deemed necessary. 17

18 1.7 Manage Projects ITSM & ITAM Services will comply with any applicable policies and procedures set forth and outlined in the IT General Statue and PPM Workflow Supporting Information implemented as part of the State SB991 Project Portfolio Management Process. 18

19 2 Acquisition and Implementation 2.1 Acquisition of Resources, Software, Hardware ITSM & ITAM Services Governance Council will review, decide on [vote], and prioritize the allocation of any additional IT resources, software, hardware, infrastructure, licensing, support maintenance agreements, and any other recommendations that may affect changes to the current cost model during or outside the normal scheduled yearly budget cycle. Any decisions may be based on but not limited to any of the following: Major Upgrades and Enhancements to Existing Test Tools and Service Feasibility Study and Impact Assessment Risk Analysis Cost Analysis Operational Benefits Requirements and Feasibility Decision and Approval 2.2 Maintaining Service and Test Tools Refer to section Enable Operation and Use Knowledge Transfer to End Users & Train the Trainer Standard documentation, training materials, and procedures are available from ITSM & ITAM Services to assist training new tenants and users of the service. This material covers basic functionality of the application which is common across all modules as well as material that covers the specific modules available for use by the various state agencies. The documentation covers the following topics: Description of Application / Module Roles and Responsibilities of Users Logins and Passwords User and Usage Guidelines Use of the application in alignment with the OEP Processes 19

20 Service Orientation ITSM & ITAM Services schedules and holds a kickoff meeting for any new agency joining the services to address any questions or concerns related to the topics described above in section ITSM & ITAM Services provides an overview covering such topics as use of the service, accessibility, best practices, procedures, and user guidelines Vendor Support Any issues, problems, or general questions relating to the actual usage of the tools which can not be addressed by local agency application administrators or by ITSM & ITAM Services staff will be escalated to Column Technologies for Support. Column Technologies will act as the escalation point to BMC if this level of escalation is required Knowledge Transfer to Operations and Support Staff All procedures related to the operation of the service are stored in Documentum which is managed by the Electronic Document Management and Project Collaboration service within ITS. The ITSM & ITAM Services Product Manager will handle transfer of knowledge of such procedures Remedy Application Training Individual agencies are solely responsible for procuring administrator training for their local application administrators. ITS will provide Train the trainer sessions for a limited number of agency users who will be expected to act as agency trainers for ITSM & ITAM Services. ITS will also, as part of this service offering, provide training materials used by ITS in training its own staff. Each agency is free to use this material in its original form, or as a template for creating agency specific training materials. 20

21 2.4 Procurement of IT Resources Procurement Control ITSM & ITAM Services will comply with any applicable policies and procedures set forth by the ITS Statewide Procurement office including Title 9 of the NC Administrative Code which contains the Information Technology Procurement Rules developed in response to Senate Bill 222. This applies to the following when procuring IT goods and services: Supplier Contract Management Supplier Selection Software Acquisition Acquisition of Professional Services Resources 21

22 2.5 Manage Changes Change Standards and Procedures ITSM & ITAM Services will comply with any applicable policies and procedures set forth by Change Management and contained in the Change Management Library within ITS as it pertains to any of the following criteria: Impact Assessment, Prioritization, and Authorization Emergency Changes Change Closure and Documentation The Change Management documentation was developed to meet the standards of the Information Technology Infrastructure Library (ITIL) methodology as part of the Operational Excellence Program (OEP) in the Office of Information Technology Services Change Status Tracking and Reporting ITSM & ITAM Services uses the ITS Remedy tracking and reporting system for reviewing and keeping users and relevant stakeholders up to date regarding the status of any change requests pertaining to the service, testing tools, system platforms, and infrastructure. 22

23 2.6 Manage Releases ITSM & ITAM Services Implementation Plan An Implementation plan will be developed by the ITSM & ITAM Services and presented to the ITSM & ITAM Services Governance Council for approval each time any new software or hardware installations, upgrades, patch releases, or other changes to the service are required that directly effect the user community. ITSM & ITAM Services will comply with any applicable policies and procedures set forth by Change Management or Release Management and contained in the Change Management or Release Management Library within ITS. The Change Management and Release Management documentation was developed to meet the standards of the Information Technology Infrastructure Library (ITIL) methodology as part of the Operational Excellence Program (OEP) in the Office of Information Technology Services ITSM & ITAM Services Test Environment A plan for a separate environment for User Acceptance Testing is being proposed for the upcoming 08/09 Fiscal Year. This environment will allow agency users to test any new software, updates, or patches before they are implemented in the existing production environment Testing of Changes ITSM & ITAM Services will ensure that changes are tested in accordance with the defined implementation plan and follow the existing Change Management and Release Management processes. A fallback/back out plan will also be developed and tested prior to promotion of the change to production. The ITSM & ITAM Services Governance Council will select a subcommittee for testing of changes. This committee will report the testing results to the ITSM & ITAM Services Governance Council, which will then vote on whether to approve the change based on the test results submitted. The ITSM & ITAM Services Council Chairperson will then submit the decision of the council to the ITSM & ITAM Services team. 23

24 3 Service Delivery and Support 3.1 Define and Manage Service Levels Service Level Management ITSM & ITAM Services will comply with any applicable policies and procedures set forth by the Service Level Management and contained in the Service Level Management Library within ITS. The process maintains continuous alignment with business requirements and priorities and facilitates common understanding between the customer and ITSM & ITAM Services. The process includes a mechanism for creating service requirements, service definitions, Service Level Agreements (SLAs), Operating Level Agreements (OLAs), and funding sources. The Service Level attributes are organized and maintained in a service catalog. The process also defines the organizational structure for service level management, covering the roles, tasks, and responsibilities of internal and external service providers and customers. The Services Level Management documentation was developed to meet the standards of the Information Technology Infrastructure Library (ITIL) methodology as part of the Operational Excellence Program (OEP) in the Office of Information Technology Services Definition of Services Service Level Agreements ITSM & ITAM Services will comply with the standard Service Level Agreement (SLA) documents provided by ITS to support the service. The ultimate objective of this agreement is to define the support and procedures necessary to ensure high quality and timely delivery of this service. This document clarifies all parties responsibilities to ensure customer needs are met in a timely manner. Although the SLA is in the form of a document that defines a level of service, the desired outcome is to represent the result of an agreement between ITS and its customers Operating Level Agreements ITSM & ITAM Services will comply with the standard Operating Level Agreement (OLA) documents provided by ITS to support the service. 24

25 3.1.5 Review of Service Level Agreements Service Level Agreement reviews will be conducted at a minimum on a quarterly basis or as needed and are facilitated by ITS Business Relationship Management. A Business Account Manager and the respective subscribing agency of the ITSM & ITAM Services will participate in the reviews. Service Level Agreements (SLA) will be reviewed and/or renewed at least once per year. A review of Service Level Agreements may be requested at any time in writing to ITS Business Relationship Management by customer management. The SLA will also require review under any of the following conditions: Whenever there is a significant and/or sustained change to the delivery of the service. Whenever there is a significant change requested to the SLA that supports the ITS service. As a result of these reviews or as other pertinent information is provided, Service Improvement Programs will be implemented as needed Monitoring and Reporting of Service Level Agreements The Service Management Tool [Remedy] in conjunction with ITS Business Relationship Management provides monitoring activity and reports to ITSM & ITAM Services Product Manager on a monthly basis. ITSM & ITAM Services Product Manager will share these reports with the ITSM & ITAM Services Governance Council monthly Service Contract Agreements Conditions on any service contract agreements are handled through a Memorandum of Understanding ( MOU or Agreement ) between a subscribing agency and the North Carolina Office of Information Technology Services ( ITS ). The purpose of this MOU is to define the roles, responsibilities, and other business commitments between each party with respect to the Agency s use of the ITSM & ITAM Services offering provided by ITS. 25

26 3.2 Manage Performance and Capacity Performance and Capacity Planning ITSM & ITAM Services will comply with any applicable policies and procedures set forth by Performance and Capacity Management and contained in the Performance and Capacity Management Library within ITS as it pertains to any of the following criteria: Current Capacity and Performance Future Capacity and Performance IT Resources Availability Monitoring and Reporting The Performance Management and Capacity Management documentation was developed to meet the standards of the Information Technology Infrastructure Library (ITIL) methodology as part of the Operational Excellence Program (OEP) in the Office of Information Technology Services Service Monitoring All servers managed by ITSM & ITAM Services are monitored by the Computing Services group within ITS using the BMC Patrol monitoring tool. 26

27 3.3 Ensure Continuous Service ITSM & ITAM Services will comply with any applicable policies and procedures set forth by IT Service Continuity Management and contained in the Service Continuity Management Library within ITS as it pertains to any of the following criteria: IT Continuity Framework IT Continuity Plans Critical IT Resources Maintenance of the IT Continuity Plan Testing of the IT Continuity Plan IT Continuity Plan Training Distribution of the IT Continuity Plan IT Services Recovery and Resumption Offsite Backup Storage Post-resumption Review The Service Continuity Management documentation was developed to meet the standards of the Information Technology Infrastructure Library (ITIL) methodology as part of the Operational Excellence Program (OEP) in the Office of Information Technology Services. 27

28 3.4 Ensure Service Security IT Security Plan ITSM & ITAM Services will comply with any applicable policies and procedures set forth by the Information Security Threat Management and Incident Response services. These services are offered and provided to help State agencies safeguard citizens data and meet the requirements of the security standards legislation, N.C.G.S through , and other legal and regulatory requirements including the following: User Account Management Threat Management NC-ISAC Security Consulting and Training Security Testing and Monitoring Security Incident Definition Protection of Security Technology Cryptographic Key Management Malicious Software Prevention, Detection and Correction Network Security Exchange of Sensitive Data Management of IT Security ITSM & ITAM Services will manage and ensure security is at the highest appropriate organizational level, so the management of security actions is in line with business requirements. As part of the security management criteria, ITSM & ITAM Services requires an NCID account to authenticate and access the application. In addition, VPN access will also be required for some reporting tasks associated with the ITSM & ITAM Services Identity Management ITSM & ITAM Services will comply with any applicable policies and procedures set forth and developed by the NCID group within ITS which provides a provisioning environment for managing application access. The service infrastructure provides a unified platform for e- business authentication and authorization. As the standard identity management and access service provided to State, local, business, and citizen users by the Office of Information Technology Services, NCID enables its customers to achieve an elevated degree of security and access control for real-time resources such as customer based applications and information retrieval. 28

29 3.4.4 User Intrusion ITSM & ITAM Services will comply with any applicable policies and procedures set forth and developed by Intrusion Prevention Service (IPS) within ITS which provides a critical defensive layer of security for the customer's network that monitors network activities for malicious behavior and can block or prevent those activities. 29

30 3.5 Identify and Allocate Costs Definition of Services Refer to section under Define and Mange Service Levels IT Accounting ITSM & ITAM Services will comply with any applicable policies and procedures set forth by Financial Management and contained in the Financial Management for IT Library within ITS. Disclosure of the capture and allocation of actual costs as it pertains to the current cost model is available upon request. Any variances between forecasts and actual costs will be reported to the ITSM & ITAM Services Governance Council for review and evaluation. The Financial Management documentation was developed to meet the standards of the Information Technology Infrastructure Library (ITIL) methodology as part of the Operational Excellence Program (OEP) in the Office of Information Technology Services Cost Modeling and Charging Refer to section Billing and Cost Recovery Model Cost Model Maintenance The ITSM & ITAM Services Governance council will review and benchmark the current cost/subscription charge model on a annual basis in conjunction with the ITS yearly budget cycle to ensure the cost recovery model is fair and appropriate for the level of service provided by ITSM & ITAM Services. 30

31 3.6 Manage Service Desk and Incident Management ITSM & ITAM Services will comply with any applicable policies and procedures set forth by Service Desk and Incident Management and contained in the Service Desk and Incident Management Library within ITS. The Service Desk and Incident Management documentation was developed to meet the standards of the Information Technology Infrastructure Library (ITIL) methodology as part of the Operational Excellence Program (OEP) in the Office of Information Technology Services Service Desk The ITS Service Desk (ITSSD) handles all incidents related to ITSM & ITAM Services. The ITS Service Desk (ITSSD) agents are on duty 24 hours a day, seven days a week and provide business and technical infrastructure analysis, problem solving, and first and second level diagnostics for hardware. A monitoring and escalation procedure is based upon service levels relative to the appropriate SLA that allows classification and prioritization of any reported issue as an incident, service request or information request. Measurement of end users satisfaction with the quality of the service desk and the ITSM & ITAM Services is also provided Registration of Customer Queries ITSM & ITAM Services uses the ITS Remedy help desk application to log and track incidents, service requests, change requests, and other service related information needs. ITS Service Desk (ITSSD) within ITS works closely with such processes as incident management, problem management, change management, release management, capacity management, and availability management. Incidents are classified according to a business and service priority/severity model and are routed to the appropriate problem management team if a solution or workaround cannot be found Incident Escalation The ITS Service Desk (ITSSD) handles incident escalation for all incidents related to the ITSM & ITAM Services. Incidents that cannot be immediately resolved are appropriately escalated according to limits defined in the SLA and, if appropriate, workarounds are provided. Incident ownership and life cycle monitoring remain with the ITS Service Desk (ITSSD) for user-based incidents regardless of which group is working on resolution activities Incident Closure 31

32 ITSM & ITAM Services works in conjunction with the ITS Service Desk (ITSSD) to resolve and provide timely closure to service incidents. When an incident has been resolved, ITS Customer Care Center (CSC) will record the root cause, if known, and confirm that the action taken has been agreed upon with the customer Trend Analysis Daily incident reports and service level reports are generated from the Service Desk Management tool [Remedy] and provide ITSM & ITAM Services visibility on incidents that have not been responded to or resolved in a timely manner as per the SLA. These reports can be produced as needed to enable management to measure service performance and service response times and to identify trends or recurring problems, so service can be continually improved. 32

33 3.7 Manage the Configuration Configuration Repository and Baseline All relevant information regarding configuration items for ITSM & ITAM Services will be collected, stored, and housed in a central repository and handled by the Information Technology Asset Management (ITAM) group within ITS via the asset management function of Remedy. This repository includes hardware, software, documentation, and operating procedures. Relevant information includes naming, version numbers, and licensing details Identification and Maintenance of Configuration Items ITSM & ITAM Services will abide by and comply with any applicable policies and procedures set forth by Configuration Management and contained in the Configuration Management Library within ITS. This may include one or more of the following activities: Identify configuration items and their attributes Record new, modified, and deleted configuration items Identify and maintain the relationships among configuration items in the configuration repository Update existing configuration items into the configuration repository Prevent the inclusion of unauthorized software These procedures also provide proper authorization and logging of all actions on the configuration repository, which are then properly integrated with change management and problem management procedures. The Configuration Management documentation was developed to meet the standards of the Information Technology Infrastructure Library (ITIL) methodology as part of the Operational Excellence Program (OEP) in the Office of Information Technology Services Configuration Integrity Review Audits and review of configuration integrity will be handled by the ITAM group within ITS and the APM process, when necessary, to verify and confirm the current status and historical configuration items against the actual items in use, existence of any personal or unlicensed software, or any software instances in excess of current license agreements. Any discovery of errors and deviations will be reported to proper authorities responsible for handling such discrepancies. 33

34 3.8 Manage Problems ITSM & ITAM Services will comply with any applicable policies and procedures set forth by Problem Management and contained in the Problem Management Library within ITS which include the following controls: Problem Control o Problem Identification and Recording o Problem Classification and Resource Allocation o Problem Investigation and Diagnosis (Root Cause Analysis) Error Control o Error Identification and Recording o Error Assessment o Record Error Resolution o Integration of Change, Configuration, and Problem Management o Problem Error and Closure The Problem Management documentation was developed to meet the standards of the Information Technology Infrastructure Library (ITIL) methodology as part of the Operational Excellence Program (OEP) in the Office of Information Technology Services. 34

35 3.9 Manage Data Storage and Retention Arrangements Each agency must follow policies and procedures set forth by the Statewide Information Security Manual for handling and storing sensitive data while performing testing of their applications to ensure any sensitive information is secure and encrypted Media Library Management System ITSM & ITAM Services will comply with any applicable policies and procedures set forth by the ITAM group within ITS for maintenance of onsite or electronic software media as it applies to the service [i.e. Remedy AR System Application Software] Disposal Each agency must follow policies and procedures set forth by the Statewide Information Security Manual for disposing of sensitive data and software from equipment or media when transferred for the purpose of testing Backup and Restoration Backup and restoration of ITSM & ITAM Services and any associated Databases is handled by Computing Services group within ITS Security Requirements for Data Management ITSM & ITAM Services and subscribers of the service will comply with any applicable policies and procedures set forth by Statewide Information Security Manual when dealing with physical storage and output of data and sensitive messages. This includes physical records, data transmissions, and any data stored offsite. Individual agencies are shielded from one another by means of individually assigned user logins and projects to ensure an agency s data is isolated from other agencies. Following is a link to access this information directly: 35

36 3.10 Manage the Physical Environment The physical environment which houses ITSM & ITAM Services is supported and maintained by ITS which is responsible for but not limited to the following: Service Hardware Location and Layout Physical Security Measures Physical Access Protection Against Environmental Factors Physical Facilities Management 36

ITSM Process Description

ITSM Process Description ITSM Process Description Office of Information Technology Incident Management 1 Table of Contents Table of Contents 1. Introduction 2. Incident Management Goals, Objectives, CSFs and KPIs 3. Incident Management

More information

Why you need an Automated Asset Management Solution

Why you need an Automated Asset Management Solution solution white paper Why you need an Automated Asset Management Solution By Nicolas Renard, Support and Professional Services Manager, BMC France Table of Contents 1 OVERVIEW Automated Asset Discovery

More information

ITIL Roles Descriptions

ITIL Roles Descriptions ITIL Roles s Role Process Liaison Incident Analyst Operations Assurance Analyst Infrastructure Solution Architect Problem Manager Problem Owner Change Manager Change Owner CAB Member Release Analyst Test

More information

Sarbanes-Oxley Policy Mapping Table

Sarbanes-Oxley Policy Mapping Table Sarbanes-Oxley Policy Mapping Table Based on COBIT Control Objectives V4.1 The following table illustrates how the security policy categories of Information Security Policies Made Easy (ISO 27002) map

More information

Summit Platform. IT and Business Challenges. SUMMUS IT Management Solutions. IT Service Management (ITSM) Datasheet. Key Benefits

Summit Platform. IT and Business Challenges. SUMMUS IT Management Solutions. IT Service Management (ITSM) Datasheet. Key Benefits Summit Platform The Summit Platform provides IT organizations a comprehensive, integrated IT management solution that combines IT service management, IT asset management, availability management, and project

More information

IBM Tivoli Asset Management for IT

IBM Tivoli Asset Management for IT Cost-effectively manage the entire life cycle of your IT assets IBM Highlights Help control the costs of IT assets with a single product installation that tracks and manages hardware, software and related

More information

COBIT Practises. Align, Plan and Organize. APO.01 - Manage the IT Management Framework. APO.02 - Manage Strategy

COBIT Practises. Align, Plan and Organize. APO.01 - Manage the IT Management Framework. APO.02 - Manage Strategy COBIT Practises Align, Plan and Organize APO.01 - Manage the IT Management Framework Clarify and maintain the governance of enterprise IT mission and vision. Implement and maintain mechanisms and authorities

More information

Securing the Service Desk in the Cloud

Securing the Service Desk in the Cloud TECHNICAL WHITE PAPER Securing the Service Desk in the Cloud BMC s Security Strategy for ITSM in the SaaS Environment Introduction Faced with a growing number of regulatory, corporate, and industry requirements,

More information

Service Catalog. it s Managed Plan Service Catalog

Service Catalog. it s Managed Plan Service Catalog Service Catalog it s Managed Plan Service Catalog 6/18/2012 Document Contents Contents Document Contents... 2 Overview... 3 Purpose... 3 Product Description... 3 Plan Overview... 3 Tracking... 3 What is

More information

INFORMATION TECHNOLOGY SERVICES IT SERVICES PORTFOLIO

INFORMATION TECHNOLOGY SERVICES IT SERVICES PORTFOLIO INFORMATION TECHNOLOGY SERVICES IT SERVICES PORTFOLIO Updated October 2010 Table of Contents Desktop and Customer Services... 3 Enterprise Application Services... 6 Department Specific Application Services...

More information

HP Service Manager. Software Version: 9.34 For the supported Windows and UNIX operating systems. Processes and Best Practices Guide

HP Service Manager. Software Version: 9.34 For the supported Windows and UNIX operating systems. Processes and Best Practices Guide HP Service Manager Software Version: 9.34 For the supported Windows and UNIX operating systems Processes and Best Practices Guide Document Release Date: July 2014 Software Release Date: July 2014 Legal

More information

Domain 1 The Process of Auditing Information Systems

Domain 1 The Process of Auditing Information Systems Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

Draft Information Technology Policy

Draft Information Technology Policy Draft Information Technology Policy Version 3.0 Draft Date June 2014 Status Draft Approved By: Table of Contents 1.0 Introduction... 6 Background... 6 Purpose... 6 Scope... 6 Legal Framework... 6 2.0 Software

More information

TEXAS WORKFORCE COMMISSION

TEXAS WORKFORCE COMMISSION TEXAS WORKFORCE COMMISSION Enterprise Information Security Program It is the policy of the Texas Workforce Commission that the Commission and its employees will protect the Information Resources (IR) of

More information

Appendix A-2 Generic Job Titles for respective categories

Appendix A-2 Generic Job Titles for respective categories Appendix A-2 for respective categories A2.1 Job Category Software Engineering/Software Development Competency Level Master 1. Participate in the strategic management of software development. 2. Provide

More information

STATE OF NORTH CAROLINA

STATE OF NORTH CAROLINA STATE OF NORTH CAROLINA INFORMATION SYSTEMS AUDIT OFFICE OF INFORMATION TECHNOLOGY SERVICES INFORMATION TECHNOLOGY GENERAL CONTROLS OCTOBER 2014 OFFICE OF THE STATE AUDITOR BETH A. WOOD, CPA STATE AUDITOR

More information

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225

More information

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.

More information

Exhibit to Data Center Services Service Component Provider Master Services Agreement

Exhibit to Data Center Services Service Component Provider Master Services Agreement Exhibit to Data Center Services Service Component Provider Master Services Agreement DIR Contract No. DIR-DCS-SCP-MSA-002 Between The State of Texas, acting by and through the Texas Department of Information

More information

ISO 20000-1:2005 Requirements Summary

ISO 20000-1:2005 Requirements Summary Contents 3. Requirements for a Management System... 3 3.1 Management Responsibility... 3 3.2 Documentation Requirements... 3 3.3 Competence, Awareness, and Training... 4 4. Planning and Implementing Service

More information

Request for Proposal for Application Development and Maintenance Services for XML Store platforms

Request for Proposal for Application Development and Maintenance Services for XML Store platforms Request for Proposal for Application Development and Maintenance s for ML Store platforms Annex 4: Application Development & Maintenance Requirements Description TABLE OF CONTENTS Page 1 1.0 s Overview...

More information

Maximo ITSM Product Suite. Francois Marais

Maximo ITSM Product Suite. Francois Marais Maximo ITSM Product Suite Francois Marais What do we mean by Maximo Service & IT Asset Management (ITSM)? MAXIMO and TIVOLI Traditional Maximo Service desk (ITSM) NOW! Tivoli Service Request Manager TSRM

More information

EVALUATION REPORT. Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review. March 13, 2015 REPORT NUMBER 15-07

EVALUATION REPORT. Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review. March 13, 2015 REPORT NUMBER 15-07 EVALUATION REPORT Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review March 13, 2015 REPORT NUMBER 15-07 EXECUTIVE SUMMARY Weaknesses Identified During the FY 2014

More information

INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION

INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION Information security is a critical issue for institutions of higher education (IHE). IHE face issues of risk, liability, business continuity,

More information

SACM and CMDB Strategy and Roadmap. David Lowe ActionableITSM.com March 20, 2012

SACM and CMDB Strategy and Roadmap. David Lowe ActionableITSM.com March 20, 2012 SACM and CMDB Strategy and Roadmap David Lowe ActionableITSM.com March 20, 2012 Disclaimer The strategy and roadmap information presented here is generic by nature and based on a highly hypothetical use

More information

TASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices

TASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices Page 1 of 10 TSK- 040 Determine what PCI, NERC CIP cyber security standards are, which are applicable, and what requirements are around them. Find out what TRE thinks about the NERC CIP cyber security

More information

BMC s Security Strategy for ITSM in the SaaS Environment

BMC s Security Strategy for ITSM in the SaaS Environment BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...

More information

BSM for IT Governance, Risk and Compliance: NERC CIP

BSM for IT Governance, Risk and Compliance: NERC CIP BSM for IT Governance, Risk and Compliance: NERC CIP Addressing NERC CIP Security Program Requirements SOLUTION WHITE PAPER Table of Contents INTRODUCTION...................................................

More information

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief RSA Solution Brief Streamlining Security Operations with Managing RSA the Lifecycle of Data Loss Prevention and Encryption RSA envision Keys with Solutions RSA Key Manager RSA Solution Brief 1 Who is asking

More information

Combine ITIL and COBIT to Meet Business Challenges

Combine ITIL and COBIT to Meet Business Challenges Combine ITIL and COBIT to Meet Business Challenges By Peter Hill, Director, IT Governance Network, and Ken Turbitt, Best Practices Director, BMC Software BEST PRACTICES WHITE PAPER Table of Contents ABSTRACT...

More information

CENTRE (Common Enterprise Resource)

CENTRE (Common Enterprise Resource) CENTRE (Common Enterprise Resource) IT Service Management Software designed for ISO 20000 ITSM ISO/IEC 20000 is the international IT Service Management (ITSM) standard that enables IT organizations (whether

More information

Applying ITIL v3 Best Practices

Applying ITIL v3 Best Practices white paper Applying ITIL v3 Best Practices to improve IT processes Rocket bluezone.rocketsoftware.com Applying ITIL v. 3 Best Practices to Improve IT Processes A White Paper by Rocket Software Version

More information

BMC Cloud Management Functional Architecture Guide TECHNICAL WHITE PAPER

BMC Cloud Management Functional Architecture Guide TECHNICAL WHITE PAPER BMC Cloud Management Functional Architecture Guide TECHNICAL WHITE PAPER Table of Contents Executive Summary............................................... 1 New Functionality...............................................

More information

The ITIL Foundation Examination

The ITIL Foundation Examination The ITIL Foundation Examination Sample Paper A, version 5.1 Multiple Choice Instructions 1. All 40 questions should be attempted. 2. All answers are to be marked on the answer grid provided. 3. You have

More information

DIVISION OF INFORMATION SECURITY (DIS)

DIVISION OF INFORMATION SECURITY (DIS) DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy Information Systems Acquisitions, Development, and Maintenance v1.0 October 15, 2013 Revision History Update this table every time a new

More information

Infasme Support. Incident Management Process. [Version 1.0]

Infasme Support. Incident Management Process. [Version 1.0] Infasme Support Incident Management Process [Version 1.0] Table of Contents About this document... 1 Who should use this document?... 1 Summary of changes... 1 Chapter 1. Incident Process... 3 1.1. Primary

More information

IBM Tivoli Service Request Manager

IBM Tivoli Service Request Manager Deliver high-quality services while helping to control cost IBM Tivoli Service Request Manager Highlights Streamline incident and problem management processes for more rapid service restoration at an appropriate

More information

Unified Security Management

Unified Security Management Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy

More information

DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy Threat and Vulnerability Management V1.0 April 21, 2014

DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy Threat and Vulnerability Management V1.0 April 21, 2014 DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy Threat and Vulnerability Management V1.0 April 21, 2014 Revision History Update this table every time a new edition of the document is

More information

Information Technology Engineers Examination. Information Technology Service Manager Examination. (Level 4) Syllabus

Information Technology Engineers Examination. Information Technology Service Manager Examination. (Level 4) Syllabus Information Technology Engineers Examination Information Technology Service Manager Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination

More information

EXIN IT Service Management Foundation based on ISO/IEC 20000

EXIN IT Service Management Foundation based on ISO/IEC 20000 Sample Exam EXIN IT Service Management Foundation Edition October 2013 Copyright 2013 EXIN All rights reserved. No part of this publication may be published, reproduced, copied or stored in a data processing

More information

BMC Software Consulting Services. Fermilab Computing Division Service Catalog & Communications: Process and Procedures

BMC Software Consulting Services. Fermilab Computing Division Service Catalog & Communications: Process and Procedures BMC Software Consulting Services Service Catalog & Communications: Process and Procedures Policies, Client: Date : Version : Fermilab 02/12/2009 1.0 GENERAL Description Purpose This document establishes

More information

Service Level Agreement for Database Hosting Services

Service Level Agreement for Database Hosting Services Service Level Agreement for Database Hosting Services Objective Global Service Levels include the general areas of support that are applicable to every ITS service. The purpose of the Service Level Agreement

More information

Introduction to ITIL: A Framework for IT Service Management

Introduction to ITIL: A Framework for IT Service Management Introduction to ITIL: A Framework for IT Service Management D O N N A J A C O B S, M B A I T S E N I O R D I R E C T O R C O M P U T E R O P E R A T I O N S I N F O R M A T I O N S Y S T E M S A N D C

More information

OVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii

OVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii The Office of the Auditor General has conducted a procedural review of the State Data Center (Data Center), a part of the Arizona Strategic Enterprise Technology (ASET) Division within the Arizona Department

More information

The ITIL Foundation Examination Sample Paper A, version 5.1

The ITIL Foundation Examination Sample Paper A, version 5.1 The ITIL Foundation Examination Sample Paper A, version 51 Multiple Choice Instructions 1 All 40 questions should be attempted 2 All answers are to be marked on the answer grid provided 3 You have 60 minutes

More information

An Overview of the AWS Cloud Adoption Framework. October 2016

An Overview of the AWS Cloud Adoption Framework. October 2016 An Overview of the AWS Cloud Adoption Framework October 2016 2016, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes only. It

More information

Functional Area 3. Skill Level 301: Applications Systems Analysis and Programming Supervisor (Mercer 1998 Job 011)

Functional Area 3. Skill Level 301: Applications Systems Analysis and Programming Supervisor (Mercer 1998 Job 011) Functional Area 3 Skill Level 301: Applications Systems Analysis and Programming Supervisor (Mercer 1998 Job 011) Description: Supervises activities of all applications systems analysis and programming

More information

Proven deployments across different Industry verticals; Being used by leading brands

Proven deployments across different Industry verticals; Being used by leading brands What is SapphireIMS? Comprehensive IT Service Management Suite consisting of IT Service desk certified as per ITIL 3.0 (ITSM) IT Asset management (ITAM) Business Service Monitoring (BSM) IT Automation

More information

ITIL A guide to service asset and configuration management

ITIL A guide to service asset and configuration management ITIL A guide to service asset and configuration management The goal of service asset and configuration management The goals of configuration management are to: Support many of the ITIL processes by providing

More information

The Modern Service Desk: How Advanced Integration, Process Automation, and ITIL Support Enable ITSM Solutions That Deliver Business Confidence

The Modern Service Desk: How Advanced Integration, Process Automation, and ITIL Support Enable ITSM Solutions That Deliver Business Confidence How Advanced Integration, Process Automation, and ITIL Support Enable ITSM Solutions That Deliver White Paper: BEST PRACTICES The Modern Service Desk: Contents Introduction............................................................................................

More information

Security from a customer s perspective. Halogen s approach to security

Security from a customer s perspective. Halogen s approach to security September 18, 2015 Security from a customer s perspective Using a cloud-based talent management program can deliver tremendous benefits to your organization, including aligning your workforce, improving

More information

Information Security Policies. Version 6.1

Information Security Policies. Version 6.1 Information Security Policies Version 6.1 Information Security Policies Contents: 1. Information Security page 3 2. Business Continuity page 5 3. Compliance page 6 4. Outsourcing and Third Party Access

More information

State of Oregon. State of Oregon 1

State of Oregon. State of Oregon 1 State of Oregon State of Oregon 1 Table of Contents 1. Introduction...1 2. Information Asset Management...2 3. Communication Operations...7 3.3 Workstation Management... 7 3.9 Log management... 11 4. Information

More information

Information Security Program CHARTER

Information Security Program CHARTER State of Louisiana Information Security Program CHARTER Date Published: 12, 09, 2015 Contents Executive Sponsors... 3 Program Owner... 3 Introduction... 4 Statewide Information Security Strategy... 4 Information

More information

Change Management Best Practices

Change Management Best Practices General Change Management Best Practices Practice Area Best Practice Criteria Organization Change management policy, procedures, and standards are integrated with and communicated to IT and business management

More information

FINANCIAL MANAGEMENT SHARED SERVICES

FINANCIAL MANAGEMENT SHARED SERVICES TREASURY OFFICE OF FINANCIAL INNOVATION AND TRANSFORMATION FINANCIAL MANAGEMENT SHARED SERVICES FEDERAL SHARED SERVICE PROVIDER AND CUSTOMER AGENCY GOVERNANCE September 2014 SECTION 1: BACKGROUND FSSP

More information

Published April 2010. Executive Summary

Published April 2010. Executive Summary Effective Incident, Problem, and Change Management Integrating People, Process, and Technology in the Datacenter Published April 2010 Executive Summary Information technology (IT) organizations today must

More information

Central Agency for Information Technology

Central Agency for Information Technology Central Agency for Information Technology Kuwait National IT Governance Framework IT Service Management How many times we felt that Business is looking to IT as Operations center not strategy enabler 1

More information

The ITIL Foundation Examination

The ITIL Foundation Examination The ITIL Foundation Examination Sample Paper A, version 4.1 Multiple Choice Instructions 1. All 40 questions should be attempted. 2. All answers are to be marked on the answer grid provided. 3. You have

More information

Central Agency for Information Technology

Central Agency for Information Technology Central Agency for Information Technology Kuwait National IT Governance Framework Information Security Agenda 1 Manage security policy 2 Information security management system procedure Agenda 3 Manage

More information

Final. North Carolina Procurement Transformation. Governance Model March 11, 2011

Final. North Carolina Procurement Transformation. Governance Model March 11, 2011 North Carolina Procurement Transformation Governance Model March 11, 2011 Executive Summary Design Approach Process Governance Model Overview Recommended Governance Structure Recommended Governance Processes

More information

INFORMATION TECHNOLOGY ENGINEER V

INFORMATION TECHNOLOGY ENGINEER V 1464 INFORMATION TECHNOLOGY ENGINEER V NATURE AND VARIETY OF WORK This is senior level lead administrative, professional and technical engineering work creating, implementing, and maintaining the County

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

Exhibit to Data Center Services Service Component Provider Master Services Agreement

Exhibit to Data Center Services Service Component Provider Master Services Agreement Exhibit to Data Center Services Service Component Provider Master Services Agreement DIR Contract No. DIR-DCS-SCP-MSA-002 Between The State of Texas, acting by and through the Texas Department of Information

More information

Program Lifecycle Methodology Version 1.7

Program Lifecycle Methodology Version 1.7 Version 1.7 March 30, 2011 REVISION HISTORY VERSION NO. DATE DESCRIPTION AUTHOR 1.0 Initial Draft Hkelley 1.2 10/22/08 Updated with feedback Hkelley 1.3 1/7/2009 Copy edited Kevans 1.4 4/22/2010 Updated

More information

Office of Inspector General

Office of Inspector General DEPARTMENT OF HOMELAND SECURITY Office of Inspector General Security Weaknesses Increase Risks to Critical United States Secret Service Database (Redacted) Notice: The Department of Homeland Security,

More information

SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA

SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA SITA Information Security SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA September, 2012 Contents 1. Introduction... 3 1.1 Overview...

More information

TECHNOLOGY STRATEGY AUDIT

TECHNOLOGY STRATEGY AUDIT TECHNOLOGY STRATEGY AUDIT Executive Summary It is our intention to facilitate the understanding of technology strategy and its integration with business strategies. This guideline is organized as series

More information

ORACLE IT SERVICE MANAGEMENT SUITE

ORACLE IT SERVICE MANAGEMENT SUITE ORACLE IT SERVICE MANAGEMENT SUITE ITIL COMPATIBLE PINKVERIFY ORACLE IT SERVICE MANAGEMENT SUITE HAS BEEN CERTIFIED BY PINK ELEPHANT THROUGH THE PINKVERIFY PROCESS TO BE ITIL COMPATIBLE IN SIX PROCESS

More information

N e t w o r k E n g i n e e r Position Description

N e t w o r k E n g i n e e r Position Description Position Title: Group/Division/Team Network Engineer Business Technology Services / IT Operations Division Date October 2011 Reports to Roles Reporting to This Primary Objective Decision Making Authority

More information

INFORMATION TECHNOLOGY SECURITY STANDARDS

INFORMATION TECHNOLOGY SECURITY STANDARDS INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL

More information

Fermilab Computing Division Service Level Management Process & Procedures Document

Fermilab Computing Division Service Level Management Process & Procedures Document BMC Software Consulting Services Fermilab Computing Division Process & Procedures Document Client: Fermilab Date : 07/07/2009 Version : 1.0 1. GENERAL Description Purpose Applicable to Supersedes This

More information

Which statement about Emergency Change Advisory Board (ECAB) is CORRECT?

Which statement about Emergency Change Advisory Board (ECAB) is CORRECT? ITIL Foundation mock exam 4 1. Which of the following is NOT a purpose of Service Transition? A) To ensure that a service can be managed, operated and supported B) To provide training and certification

More information

Software Quality Assurance (SQA) Testing

Software Quality Assurance (SQA) Testing Service Description Services is a subscription fee based managed shared service, which offers a highly reliable, scalable, secure, and cost-effective testing platform that state agencies and local government

More information

The Power of BMC Remedy, the Simplicity of SaaS WHITE PAPER

The Power of BMC Remedy, the Simplicity of SaaS WHITE PAPER The Power of BMC Remedy, the Simplicity of SaaS WHITE PAPER TABLE OF CONTENTS EXECUTIVE SUMMARY............................................... 1 BUSINESS CHALLENGE: MANAGING CHANGE.................................

More information

Integrating Project Management and Service Management

Integrating Project Management and Service Management Integrating Project and Integrating Project and By Reg Lo with contributions from Michael Robinson. 1 Introduction Project has become a well recognized management discipline within IT. is also becoming

More information

Build (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation)

Build (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation) It is a well-known fact in computer security that security problems are very often a direct result of software bugs. That leads security researches to pay lots of attention to software engineering. The

More information

HP Change Configuration and Release Management (CCRM) Solution

HP Change Configuration and Release Management (CCRM) Solution HP Change Configuration and Release Management (CCRM) Solution HP Service Manager, HP Release Control, and HP Universal CMDB For the Windows Operating System Software Version: 9.30 Concept Guide Document

More information

IBM Maximo Asset Management for IT

IBM Maximo Asset Management for IT Cost-effectively manage the entire life cycle of your IT assets IBM Highlights Help control the costs and financial impact of IT assets with a single solution that tracks and manages your hardware, software

More information

The SMB IT Decision Maker s Guide: Choosing a SaaS Service Management Solution

The SMB IT Decision Maker s Guide: Choosing a SaaS Service Management Solution BEST PRACTICES WHITE PAPER The SMB IT Decision Maker s Guide: Choosing a SaaS Service Management Solution Nine Things to Look For in Your Next SaaS Service Desk Table of Contents Introduction...................................................

More information

Office of the Auditor General Performance Audit Report. Statewide UNIX Security Controls Department of Technology, Management, and Budget

Office of the Auditor General Performance Audit Report. Statewide UNIX Security Controls Department of Technology, Management, and Budget Office of the Auditor General Performance Audit Report Statewide UNIX Security Controls Department of Technology, Management, and Budget December 2015 State of Michigan Auditor General Doug A. Ringler,

More information

Address IT costs and streamline operations with IBM service desk and asset management.

Address IT costs and streamline operations with IBM service desk and asset management. Asset management and service desk solutions To support your IT objectives Address IT costs and streamline operations with IBM service desk and asset management. Highlights Help improve the value of IT

More information

Certified Information Systems Auditor (CISA)

Certified Information Systems Auditor (CISA) Certified Information Systems Auditor (CISA) Course Introduction Course Introduction Module 01 - The Process of Auditing Information Systems Lesson 1: Management of the Audit Function Organization of the

More information

LogRhythm and NERC CIP Compliance

LogRhythm and NERC CIP Compliance LogRhythm and NERC CIP Compliance The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to ensure that the bulk electric system in North America is reliable, adequate

More information

White Paper November 2006. BMC Best Practice Process Flows for Asset Management and ITIL Configuration Management

White Paper November 2006. BMC Best Practice Process Flows for Asset Management and ITIL Configuration Management White Paper November 2006 BMC Best Practice Process Flows for Asset and ITIL Configuration Copyright 2006 BMC Software, Inc. All rights reserved. BMC, the BMC logo, all other BMC product or service names,

More information

Lot 1 Service Specification MANAGED SECURITY SERVICES

Lot 1 Service Specification MANAGED SECURITY SERVICES Lot 1 Service Specification MANAGED SECURITY SERVICES Fujitsu Services Limited, 2013 OVERVIEW OF FUJITSU MANAGED SECURITY SERVICES Fujitsu delivers a comprehensive range of information security services

More information

Problem Management: A CA Service Management Process Map

Problem Management: A CA Service Management Process Map TECHNOLOGY BRIEF: PROBLEM MANAGEMENT Problem : A CA Service Process Map MARCH 2009 Randal Locke DIRECTOR, TECHNICAL SALES ITIL SERVICE MANAGER Table of Contents Executive Summary 1 SECTION 1: CHALLENGE

More information

The ITIL Foundation Examination

The ITIL Foundation Examination The ITIL Foundation Examination Sample Paper A, version 5.1 Multiple Choice Instructions 1. All 40 questions should be attempted. 2. All answers are to be marked on the answer grid provided. 3. You have

More information

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results Acquire or develop application systems software Controls provide reasonable assurance that application and system software is acquired or developed that effectively supports financial reporting requirements.

More information

CMS Policy for Configuration Management

CMS Policy for Configuration Management Chief Information Officer Centers for Medicare & Medicaid Services CMS Policy for Configuration April 2012 Document Number: CMS-CIO-POL-MGT01-01 TABLE OF CONTENTS 1. PURPOSE...1 2. BACKGROUND...1 3. CONFIGURATION

More information

Service Level Agreement Between: Computing and Informational Technology And The Finance and Business Operations Division

Service Level Agreement Between: Computing and Informational Technology And The Finance and Business Operations Division Service Level Agreement Between: Computing and Informational Technology And The Finance and Business Operations Division 1/9 1. Executive Summary This Service Level Agreement ( SLA ) is between Computing

More information

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific

More information

ITIL Foundation for IT Service Management 2011 Edition

ITIL Foundation for IT Service Management 2011 Edition ITIL Foundation for IT Service Management 2011 Edition ITIL Rev 03.12 3 days Description ITIL (IT Infrastructure Library) provides a practical, no-nonsense framework for identifying, planning, delivering

More information

Management and Use of Information & Information Technology (I&IT) Directive. Management Board of Cabinet

Management and Use of Information & Information Technology (I&IT) Directive. Management Board of Cabinet Management and Use of Information & Information Technology (I&IT) Directive Management Board of Cabinet February 28, 2014 TABLE OF CONTENTS PURPOSE... 1 APPLICATION AND SCOPE... 1 PRINCIPLES... 1 ENABLE

More information

Address IT costs and streamline operations with IBM service request and asset management solutions.

Address IT costs and streamline operations with IBM service request and asset management solutions. Service management solutions To support your IT objectives Address IT costs and streamline operations with IBM service request and asset management solutions. Highlights Help service desk technicians become

More information

CITY OF HOUSTON. Executive Order. Information Technology (IT) Governance

CITY OF HOUSTON. Executive Order. Information Technology (IT) Governance CITY OF HOUSTON Executive Order E.O. No: 1-44 Effective Date: December 20, 2012 1. AUTHORITY 1.1 Article VI, Section 7a, of the City Charter of the City of Houston. 2. PURPOSE 2.1 The City of Houston seeks

More information

Device Lifecycle Management

Device Lifecycle Management Device Lifecycle Management 1 (8) Table of Contents 1. Executive summary... 3 2. Today's challenges in adapting to lifecycle management... 3 3. How is Miradore different?... 5 4. Conclusion... 8 2 (8)

More information

ITIL by Test-king. Exam code: ITIL-F. Exam name: ITIL Foundation. Version 15.0

ITIL by Test-king. Exam code: ITIL-F. Exam name: ITIL Foundation. Version 15.0 ITIL by Test-king Number: ITIL-F Passing Score: 800 Time Limit: 120 min File Version: 15.0 Sections 1. Service Management as a practice 2. The Service Lifecycle 3. Generic concepts and definitions 4. Key

More information