IT SERVICE MANAGEMENT POLICY MANUAL

Transcription

1 IT SERVICE MANAGEMENT POLICY MANUAL Version SATYAM COMPUTER SERVICES LIMITED Satyam Infocity Unit 12, Plot No. 35/36 Hi-tech City layout Survey No. 64 Madhapur Hyderabad Andhra Pradesh Phones: (+91) Fax: (+91) Web site: Note: For branding purposes, the name of Satyam Computer Services Ltd (SCSL) has been changed to Mahindra Satyam since 21 st June The legal entity name for the organization would continue to remain as Satyam Computer Services Ltd (SCSL). Since the intended audience for this document also includes external stakeholders, considering the branding, throughout this document, the name of the organization has been referred to as Mahindra Satyam. 1

2 IT SERVICE MANAGEMENT POLICY MANUAL Version Prepared By Inspected/Reviewed By Approved By NAME: Kannan Narasimhan Sunilkumar Gangadharan Sarma Manthravadi (Total Quality Assurance) (Quality Audits & Assessments) (MR & Head-Quality) SIGNATURE: DATE: 5 th February

3 PAGE 3 of 17 VERSION HISTORY Version No Date Changed By Reasons for revision Changes Made th February 2010 Kannan Narasimhan First version created NA 3

4 PAGE 4 of 17 TABLE OF CONTENTS 1 INTRODUCTION PURPOSE ABOUT MAHINDRA SATYAM GENERAL CONTROLS DISTRIBUTION EXCEPTION APPROVALS CHANGE CONTROL SCOPE SCOPE OF BUSINESS ACTIVITY GEOGRAPHICAL SCOPE TERMS AND DEFINITIONS DEFINITIONS ACRONYMS REQUIREMENTS FOR A MANAGEMENT SYSTEM MANAGEMENT RESPONSIBILITY DOCUMENTATION REQUIREMENTS COMPETENCE, AWARENESS AND TRAINING PLANNING & IMPLEMENTING SERVICE MANAGEMENT PLAN SERVICE MANAGEMENT (PLAN) IMPLEMENT SERVICE MANAGEMENT AND PROVIDE THE SERVICES (DO) MONITORING, MEASURING AND REVIEWING (CHECK) CONTINUAL IMPROVEMENT (ACT) PLANNING AND IMPLEMENTING NEW OR CHANGED SERVICES SERVICE DELIVERY PROCESS SERVICE LEVEL MANAGEMENT SERVICE REPORTING SERVICE CONTINUITY AND AVAILABILITY MANAGEMENT BUDGETING & ACCOUNTING FOR IT SERVICES CAPACITY MANAGEMENT INFORMATION SECURITY MANAGEMENT RELATIONSHIP PROCESSES BUSINESS RELATIONSHIP MANAGEMENT SUPPLIER MANAGEMENT RESOLUTION PROCESSES INCIDENT MANAGEMENT PROBLEM MANAGEMENT CONTROL PROCESSES CONFIGURATION MANAGEMENT CHANGE MANAGEMENT RELEASE PROCESS RELEASE MANAGEMENT PROCESS

5 PAGE 5 of 17 1 Introduction 1.1 Purpose The purpose of this manual is to detail the policies of Mahindra Satyam with regard to its IT Service Management activities covering both the Internal IT operations and the projects executed for external customers in this space. Where required, reference to other policy manuals of Mahindra Satyam, viz., Information Security Management Systems Policy Manual, Business Continuity Management Systems and Quality have been established. 2 About Mahindra Satyam 2.1 General Mahindra Satyam was established in 1987 and is a leading global business and information technology company that delivers consulting, systems integration, and outsourcing solutions to a number of clients that include several Fortune Global 500 and Fortune US 500 corporations in over 20 industries. Mahindra Satyam leverages deep industry and functional expertise, leading technology practices, and an advanced, global delivery model to help clients transform their highest-value business processes and improve their business performance. Mahindra Satyam is powered by a large group of professionals who excel in the IT Service Management Line of Business including Infrastructure Management and other key capabilities. Mahindra Satyam, a multifaceted, totally integrated IT solutions provider is engaged in several IT Service Management services including Consultancy, Design, Implementation and Maintenance of IT Service/Infrastructure Management covering the following Service Management Processes: Service Delivery Processes: Capacity Management IT Service Availability & Continuity Management Information Security Management Service Level Management Service Reporting Budgeting and Accounting for IT Services Release Processes: Release Management Resolution Processes: Incident Management Problem Management Relationship Processes: Business Relationship Management Supplier Management Control Processes: Configuration Management Change Management The company offers IT Infrastructure Management Services to both internal and external customers that include Information Technology Infrastructure Installation, Maintenance, Support and Management. In order to adopt the best practices in the IT Service Management arena, Mahindra Satyam has adopted implementing the practices specified by the ISO 20000:2005 and has got certified by an Independent Certification Body. The ISO 20000:2005 model is adopted by Mahindra Satyam to continually improve its IT Service Management processes. Mahindra Satyam continues to explore and use new quality models from time to time that are suitable for its IT Service Management operations. 3 Controls 5

6 PAGE 6 of Distribution This manual is a controlled document, with the latest version available for perusal by associates of Mahindra Satyam on QUALIFY Quality Information For You (Mahindra Satyam s on-line Quality Management System (QMS). 3.2 Exception Associates who need to provide a copy of this manual to outsiders (potential customers, suppliers, business associates, financiers) may provide the Table of contents with the permission from the Head Quality Unit. However the manual can be referred by the outsiders (potential customers, suppliers, business associates, financiers) within Mahindra Satyam locations in the presence of Satyam associates. 3.3 Approvals This manual in its totality has the approval of the Management Representative of the organization. 3.4 Change Control Changes to this manual are initiated in accordance with the QMS procedures on Process Improvements (QP605PD1). 4 Scope 4.1 Scope of Business Activity The scope covers provision of IT Service Management related activities to both external and internal customers. 4.2 Geographical Scope The policies laid out in this manual are applicable to all the development centers of Mahindra Satyam and to customer locations as applicable from where Mahindra Satyam may provide such IT Service Management related services. 5 Terms and definitions 5.1 Definitions Availability Ability of a component or service to perform its required function at a stated instant or over a stated period of time Baseline Snapshot of the state of a service or individual configuration items at a point in time Change Record Record containing details of which configuration items are affected and how they are affected by an authorized change Configuration Item (CI) Component of an infrastructure or an item which is, or will be, under the control of configuration management NOTE: Configuration items may vary widely in complexity, size and type, ranging from an entire system including all hardware, software and documentation, to a single module or a minor hardware component Configuration Management Database (CMDB) Database containing all the relevant details of each configuration item and details of the important relationships between them Document Information and its supporting medium Note 1: Records are distinguished from documents by the fact that they function as evidence of activities, rather than evidence of intentions. Note 2: Examples of documents include policy statements, plans, procedures, service level agreements and contracts Incident Any event which is not part of the standard operation of a service and which causes or may cause an interruption to, or a reduction in, the quality of that service 6

7 PAGE 7 of Problem Unknown underlying cause of one or more incidents Record Document stating results achieved or providing evidence of activities performed NOTE: 1 Records are distinguished from documents by the fact that they function as evidence of activities, rather than evidence of intentions. NOTE: 2 Examples of records include audit reports, requests for change, incident reports, individual training records and invoices sent to customers Release Collection of new and/or changed configuration items which are tested and introduced into the live environment together Request for change Form or screen used to record details of a request for a change to any configuration item within a service or infrastructure Service desk Customer facing support group who do a high proportion of the total support work Service Level Agreement (SLA) Written agreement between a service provider and a customer that documents services and agreed service levels Service Management Management of services to meet the business requirements Service Provider The organization providing the services 5.2 Acronyms The following are the acronyms that have been used in this manual Acronyms BCMS CoRCC CS EIS ISMS KM LAN N&S PMT PL PM QUALIFY QMS QR ROI SSU TM TQA WAN Explanation Business Continuity Management System Corporate Resource Coordination Committee Corporate Services Enterprise Information System Information Security Management System Knowledge Management Local Area Network Network & Systems Process Management Team Project Leader Project Manager QUALity Information For You (On-line Quality information System) Quality Management System Quality Representative Return on Investment Strategic Support Unit Team Member Total Quality Assurance Wide Area Network 6 Requirements for a management system Mahindra Satyam has established a Management System that includes policies and framework to enable the effective management and implementation of all IT Services. 6.1 Management responsibility 7

8 PAGE 8 of 17 The top/executive management of Mahindra Satyam is committed to developing, implementing and improving its service management capability within the context of the organization s business and customers requirements. This commitment is exhibited through setting up an IT Service Management System that is compliant to the ISO 20000:2005 and getting certified for the same by an Independent Agency. The Mahindra Satyam Management; a) has established service management policy, objectives and plans; b) communicates the importance of meeting the service management objectives and the need for continual improvement; c) ensures that customer requirements are determined and are met with the aim of improving customer satisfaction; d) has appointed a member of management, responsible for the co-ordination and management of all services; e) determines and provides resources to plan, implement, monitor, review and improve service delivery and management including recruitment of appropriate staff and managing staff turnover. f) manages risks to the service management organization and services; and g) conducts reviews of service management, at planned intervals, to ensure continuing suitability, adequacy and effectiveness. 6.2 Documentation Requirements Mahindra Satyam maintains documents and records to ensure effective planning, operation and control of service management. This includes: a) documented service management policies and plans; b) documented service level agreements; c) documented processes and procedures required by the ISO 20000:2005 standard and d) records required by the ISO 20000:2005 standard. Please refer to section 4.2 Documentation Requirements of Quality and the procedures identified therein for more details. 6.3 Competence, Awareness and Training All service management roles and responsibilities have been defined and maintained together with competencies required to execute them effectively. Staff competencies and training needs are reviewed and managed to enable staff to perform their role effectively. Mahindra Satyam senior management ensures through various training programs, awareness sessions, and process documents that all associates are aware of the relevance and importance of their activities and how they contribute to the achievement of the service management objectives. Please refer to section Competence, Training and Awareness of Quality for more details. 7 Planning & Implementing Service Management 7.1 Plan service management (Plan) It is ensured that Service management is planned and the plans include the following: a) the scope of the service provided; b) the objectives and requirements that are to be achieved by service management; c) the processes that are to be executed; 8

9 PAGE 9 of 17 d) the management roles and responsibilities The plans also detail the interfaces between service management processes and the manner in which the activities are co-ordinated and the approach taken in identifying, assessing and managing issues and risks to the achievement of the defined objectives. In addition, the plans also detail the approach for interfacing to projects that are creating or modifying services, the resources, facilities and budget that are necessary to achieve the defined objectives. Tools as appropriate to support the processes and the procedure to ensure that the quality of the service will be managed, audited and improved are identified in the plan. Mahindra Satyam has defined management direction and documented responsibilities for reviewing, authorizing, communicating, implementing and maintaining the plans. It is ensured that the process specific plans produced are compatible with the service management plan. 7.2 Implement service management and provide the services (Do) Mahindra Satyam implements service management plan to manage and deliver the services. This includes a) allocation of funds and budgets b) allocation of roles and responsibilities c) documenting and maintaining the policies, plans, procedures and definitions for each process or set of processes d) identification and management of risks to the service e) managing teams f) managing facilities and budget g) managing the teams including service desk and operations h) reporting progress against the plans and i) co-ordination of service management processes. 7.3 Monitoring, measuring and reviewing (Check) Mahindra Satyam has defined and applies suitable methods for monitoring and where applicable, measurement of the service management processes. It is ensured that the methods demonstrate the ability of the processes to achieve planned results. Mahindra Satyam conducts reviews every quarter in order to ensure the service management requirements conform to the service management plan and to the requirements of the ISO standard. This also includes ensuring effective implementation and maintenance. Mahindra Satyam has defined procedures for planning audit programs taking into consideration the status and importance of the processes and areas to be audited, as well as the results of previous audits. The procedure details the audit criteria, scope, frequency and methods for conducting the audit. The selection of auditors and conduct of audits are done to ensure objectivity and impartiality of the audit process. It is also ensured that the Auditors do not audit their own work. The objective of service management reviews, assessments and audits are recorded together with the findings of such audits and reviews and any remedial actions are identified thereon. Any significant areas of non-compliance or concern are communicated to relevant parties accordingly. For more details on audits, please refer to Audit Procedures in: Web Qualify>QMS Documentation>Support Processes>Corporate Quality>Quality Audits & Assessments> QP605QA1 - Quality Audit (QA) Procedure. 7.4 Continual improvement (Act) Policy 9

10 PAGE 10 of 17 The Service Improvement policy of Mahindra Satyam is as follows Constantly monitor and identify and work on opportunities for improvement in the service delivery processes to make delivery of services more effective and efficient Any non-compliance with the standard or the service management plans are remedied accordingly and as appropriate. Roles and responsibilities for service improvement activities are clearly defined Management of improvements Mahindra Satyam ensures that all identified and suggested service improvements are assessed, recorded, prioritized and authorized. A plan is defined to control the activity. Mahindra Satyam has defined procedures to identify, measure, report and manage improvement activities on an ongoing basis. This includes improvements to an individual process that can be implemented by the process owner with the usual staff resources like performing individual corrective and preventive actions and improvements across the organization or across more than one process Activities Mahindra Satyam performs activities to: a) collect and analyse data to baseline and benchmark Mahindra Satyam s capability to manage and deliver service and service management processes; b) identify, plan and implement improvements; c) consult with all parties involved; d) set targets for improvements in quality, costs and resource utilization; e) consider relevant inputs about improvements from all the service management processes; f) measure, report and communicate the service improvements; g) revise the service management policies, processes, procedures and plans where necessary; and h) ensure all approved actions are delivered and that they achieve their intended objectives. In addition to the above, procedures for Service Improvement have also been established vide: Web Qualify>QMS Documentation>Support Processes>Network &Systems>IT Service Management>Service Level Management>QPSIM Service Improvement Procedure Web Qualify>QMS Documentation>Project Lifecycles>IMS>Procedures>Service Management> QP601IMS09 Service Improvement Procedure. 8 Planning and implementing new or changed services Mahindra Satyam has defined processes for generating proposals for new or changed services considering the cost, organizational, technical and commercial impact that could result from service delivery and management. Procedures exist to plan and approve the implementation of new or changed services, including closure of a service through formal change management procedures. This would include adequate funding and resources to make the changes needed for service delivery and management. The plans include: a) the roles and responsibilities for implementing, operating and maintaining the new or changed service including activities to be performed by customers and suppliers; b) changes to the existing service management framework and services; c) communication to the relevant parties; 10

11 PAGE 11 of 17 d) new or changed contracts and agreements to align with the changes in business need; e) manpower and recruitment requirements; f) skills and training requirements, e.g. users, technical support; g) processes, measures, methods and tools to be used in connection with the new or changed service, h) budgets and time-scales; i) service acceptance criteria; and j) the expected outcomes from operating the new service expressed in measurable terms. Acceptance of the new or changed services is ensured before being implemented into the live environment. Mahindra Satyam procedures detail the reporting on the outcomes achieved by the new or changed service against those planned following its implementation. Post implementation reviews comparing actual outcomes against those planned are performed through the change management process. For more details on this, please refer to the following procedures: Web Qualify>QMS Documentation>Support Processes>Network & Systems>IT Service Management>Change Management> QPCHA Change Management Procedure. Web Qualify>QMS Documentation>Project Lifecycles>IMS>Procedures>Change Management> QP601IMS03 Change Management Procedure. 9 Service Delivery Process 9.1 Service Level Management The range of services to be provided together with the corresponding service level targets and workload characteristics are agreed and recorded. Each service provided is defined, agreed and documented in one or more service level agreements (SLAs). SLAs, together with supporting service agreements, supplier contracts and corresponding procedures, are agreed by all relevant parties and recorded. The SLAs are under the control of the change management process. The SLAs are maintained by regular reviews to ensure that they are up-to-date and remain effective over time. Service levels are monitored and reported against targets, showing both current and trend information. The reasons for non-conformance are reported and reviewed. Actions for improvement are recorded and provided as input plan for improving the service. For more details on Service Level Management, please refer to the following procedures: Web Qualify>QMS Documentation>Support Processes>Network & Systems>IT Service Management> Service Level Management>QPSLM Service Level Management Procedure. 9.2 Service Reporting Clear description of each service report including its identity, purpose, audience and details of the data source is defined and available. Service reports are produced to meet identified needs and customer requirements. Service reporting includes: a) performance against service level targets; b) non-compliance and issues, e.g. against the SLA, security breech; 11

12 PAGE 12 of 17 c) workload characteristics, e.g. volume, resource utilization; d) performance reporting following major events, e.g. major incidents and changes; e) trend information; f) satisfaction analysis. Management decisions and corrective actions take into consideration the findings in the service reports and the same are communicated to relevant stakeholders. Please refer to the following procedures for more details on Service Reporting: Web Qualify>QMS Documentation>Support Processes>Network & Systems>IT Service Management> Service Level Management>QPSRP Service Reporting Procedure. Web Qualify>QMS Documentation>Project Lifecycles>IMS>Procedures>Service Management> QP601IMS08 Service Reporting Procedure. 9.3 Service Continuity and Availability Management Mahindra Satyam has put into implementation a comprehensive Business Continuity Management System that addresses Service Continuity to both internal and external customers. The BCMS of Mahindra Satyam is compliant to BS25999 and has been certified by an Independent Certification Body. Please refer to the BCMS (QMBCM01) available as part of Web Qualify. Mahindra Satyam s Business Continuity Policy is as follows: Mahindra through its BCMS is committed to implement and maintain viable business continuity plans to prevent/contain potential business disruptions and resume business operations within acceptable time frames and at agreed service levels for the identified key products and services. In addition to the above, procedures for Availability Management have also been established vide: Web Qualify>QMS Documentation>Support Processes>Network &Systems>IT Service Management> Availability Management>QPAVL - Availability Management Procedure. Web Qualify>QMS Documentation>Support Processes>Network &Systems>Business Continuity> Disaster Recovery>QP604IC4 Disaster Recovery & Prevention Procedure. Web Qualify>QMS Documentation>Support Processes>Network &Systems>Business Continuity>Back Up QP604IC5 Backing Up Systems Procedure. Web Qualify>QMS Documentation>Project Lifecycles>IMS>Procedures>Availability Management> QP601IMS06 - Availability Management Procedure. 9.4 Budgeting & Accounting for IT Services Mahindra Satyam has defined policies and procedures for budgeting and accounting for all components as IT assets, shared resources, overheads, externally supplied service, people, insurance and licenses. These include apportioning of indirect costs that are involved and allocating direct costs to services. It is ensured that effective financial control and authorization is maintained through defined procedures. It is ensured that costs are budgeted in sufficient detail for effective financial control and decision making. Mahindra Satyam procedures detail the mechanism for monitoring and reporting costs against the budget including reviewing the financial forecasts and managing costs accordingly. It is ensured that changes to services are costed and approved as applicable through the change management process. The complete flow of the Budgeting and Accounting process is established and available in the following procedure documents: 12

13 PAGE 13 of 17 Web Qualify>QMS Documentation>Support Processes>Network & Systems>IT Service Management> Finance Management> QPFIN - Financial Management Procedure. Web Qualify>QMS Documentation>Project Lifecycles>IMS>Procedures>Budgeting & Accounting> QP601IMS07 Budgeting & Accounting for IT Services Procedure. 9.5 Capacity Management Mahindra Satyam has established well laid procedures for Capacity Management. Mahindra Satyam develops and maintains capacity plans in line with the organizations business planning cycle. Business needs include: a) current and predicted capacity and performance requirements; b) Capacity database wherein identified time-scales, thresholds and costs for service upgrades are maintained c) evaluation of effects of anticipated service upgrades, requests for change, new technologies and techniques on capacity; d) predicted impact of external changes wherever applicable e) data and processes to enable predictive analysis. The procedures detail the methods and techniques that are to be used to identify and monitor service capacity, tune service performance and provide adequate capacity wherever required. The complete flow of the Capacity Management process is defined and available in the following procedure documents. Web Qualify>QMS Documentation>Support Processes>Network & Systems>IT Service Management> Capacity Management>QPCAP - Capacity Management Procedure. Web Qualify>QMS Documentation>Project Lifecycles>IMS>Procedures>Capacity Management> QP601IMS10 - Capacity Management Procedure. 9.6 Information Security Management Mahindra Satyam has put into implementation a comprehensive Information Security Management system that is compliant to ISO 27001:2005. Mahindra Satyam is also certified for compliance to ISO 27001:2005 by an independent Certification Body. Please refer to the Information Security (ISMSPOL) available as part of Web Qualify. The Information Security Policy of Mahindra Satyam is as follows: To ensure Confidentiality, Integrity and Availability of information that is acquired, developed and provided to all stakeholders. In addition to the above, procedures for Security Management have also been established vide: Web Qualify>QMS Documentation>Support Processes>N&S>Information Security>Information Management>QP604IS2 - Security Incident Management Procedure. Web Qualify>QMS Documentation>Support Processes>N&S>Information Security>Access Control> QP604IS4 - Server Room Access Procedure. Web qualify>qms Documentation>Support Processes>N&S>Information Security>Privilege Management> QP604IS6 - Privilege Management Procedure. 10 Relationship Processes 10.1 Business Relationship Management Mahindra Satyam has defined procedures for identification and documentation of the stakeholders and the customers for the various services provided. It is ensured that service reviews are conducted with customers including other stakeholders where required, to discuss the changes to the scope of the service provided, SLAs, contract or the business needs on an annual basis. It is also ensured that interim meetings are conducted at agreed intervals to discuss performance, achievements, issues and action plans are documented. Action points resulting from the meetings on the changes to the contract(s) and SLA(s) are subjected to the change management process. 13

14 PAGE 14 of 17 Anticipating major changes to the business needs of the customers, Mahindra Satyam continuously keeps itself ready to respond to such needs. Mahindra Satyam has defined complaints process on recording all formal service complaints, investigation, acting upon, reporting and formally closing such complaints. It is ensured that the definition of a formal service complaint is made aware to all the customers. The procedures include a mechanism of escalation where a complaint is not resolved through the normal channels. The procedures detail the mechanism of identifying individuals who would be responsible for managing customer satisfaction and the whole business relationship process. These include obtaining and acting upon feedback from regular customer satisfaction measurements. It is ensured that actions for improvement identified during the processes are recorded and input into a plan for improving the service. For more details on Business Relationship Management please refer to the following procedure: Web Qualify>QMS Documentation>Support Processes>Network & Systems>IT Service Management> Business Relationship Management>QPCUS - Customer Relationship Management Procedure Supplier Management Mahindra Satyam maintains a documented supplier management procedure. Contract Manager responsible for each supplier is identified. It is ensured that the requirements, scope, level of service and communication processes to be provided by the supplier(s) are documented in SLAs or other documents as applicable upon agreement by relevant stakeholders.. It is ensured that SLAs with the suppliers are in alignment with the SLA(s) agreed with the business. The interfaces between processes used by the stakeholders are documented and agreed upon. The procedures detail the mechanism to document the roles and relationships between lead and subcontracted suppliers. It is ensured that the Lead suppliers are able to demonstrate processes to ensure that subcontracted suppliers meet contractual requirements. The procedures include mechanism for a major review of the contract or formal agreement on an annual basis to ensure that business needs and contractual obligations are met. Action points resulting from such reviews on the changes to the contract or SLAs are subjected to the change management process. The procedures also detail the mechanism to deal with contractual disputes. This includes the details on the expected end of service, early end of the service or transfer of service to another party. Performance against service level targets are monitored and reviewed. Actions for improvement identified during the process are recorded and input into a plan for improving the service. For more details on Supplier Management, please refer to the following procedures: Web Qualify>QMS Documentation>Support processes>network & Systems>Business Relationship Management>QPSUP Supplier Relationship Management Procedure. Web Qualify>QMS Documentation>Support processes>network & Systems>Vendor Review>QP613VR1 - Vendor Performance Review Procedure. 11 Resolution Processes 11.1 Incident management Mahindra Satyam has established Incident Management procedure and has also automated the workflow of the same through a tool in order to restore agreed service to the business as soon as possible or to respond to service requests. Mahindra Satyam has put in processes to record all incidents and to manage the impact of such incidents. This includes classification and managing of major incidents. The procedure on Incident Management addresses recording, prioritization, business impact, classification, updating, escalation, resolution and formal closure of all incidents. 14

15 PAGE 15 of 17 The customers are kept informed of the progress of their reported incidents or service requests and are alerted in advance if the agreed service levels cannot be met and actions are agreed upon. All Mahindra Satyam associates involved in incident management are provided necessary access to relevant information such as known errors, problem resolutions and the configuration management database (CMDB). The detailed procedures for Incident Management are established vide the following: Web Qualify>QMS Documentation>Support Processes>Network and Systems>IT Service Management> Incident Management>QPINC - Incident Management Procedure. Web Qualify>QMS Documentation>Project Lifecycles>IMS>Procedures>Incident Management> QP601IMS01- Incident Management procedure Problem management Mahindra Satyam has established procedures for Problem Management to minimize disruption to the business by proactive identification and analysis of the cause of incidents and by managing problems to closure. Required processes, systems and tools have been established to record all the identified problems. Mahindra Satyam has established procedures to identify and minimize or avoid the impact of incidents and problems. These procedures include recording, classification, updating, escalation, resolution and closure of all problems. Mahindra Satyam initiates preventive actions to reduce potential problems. This is done based on the analysis done on the trend, type and volume of the incidents reported. Changes required to existing processes as part of implementation of preventive actions to correct the underlying cause of problems are taken through the Change Management process. Problem resolutions are monitored, reviewed and reported on for effectiveness. The Problem Management team is responsible for keeping the known error database up-to-date and ensuring that the corrected problems are available to incident management. Actions for improvement as part of Problem Management process are recorded and input into the plan for improving the service. The complete flow of the Problem Management process is defined and available in the following procedure documents. Web Qualify>QMS Documentation>Support Processes>Network & Systems>IT Service Management> Problem Management>QPPR0 - Problem Management Procedure. Web Qualify>QMS Documentation>Project Lifecycles>IMS>Phases>Procedures>Problem Management> QP601IMS02 - Problem Management Procedure. 12 Control Processes 12.1 Configuration Management Mahindra Satyam has established a well defined Configuration Management System to define and control the components of the service and infrastructure and maintain accurate configuration information. Mahindra Satyam has defined an integrated approach to change and configuration management planning. This includes the interface to financial asset accounting processes. Configuration management policy at Mahindra Satyam defines a configuration item and its constituent components. The information to be recorded for each item are defined that will include the relationships and documentation necessary for effective service management. The processes on Configuration management at Mahindra Satyam provide the mechanisms for identifying, controlling and tracking versions of identifiable components of the service and infrastructure. It is ensured that the degree of control is sufficient to meet the business needs, risk of failure and service criticality. This includes the procedure on Configuration audits that include recording deficiencies, initiating corrective actions and reporting on the outcome. The process on Configuration management also provides information to the change management process on the impact 15

16 PAGE 16 of 17 of a requested change on the service and infrastructure configurations. Changes to configuration items are traceable and auditable where appropriate. The Configuration control procedures ensure that the integrity of systems, services and service components are maintained. A baseline of the appropriate configuration items are taken before a release to the live environment wherever applicable. Master copies of digital configuration items are controlled in secure physical or electronic libraries and referenced to the configuration records as detailed in the procedures. All configuration items are uniquely identifiable and recorded in a CMDB to which update access is strictly controlled. The CMDB, wherever applicable, are actively managed and verified to ensure its reliability and accuracy. The status of configuration items, their versions, location, related changes and problems and associated documentation are made visible to those who require it. The procedures for Configuration Management activities and Guidelines for Configuration Management Policy have been established vide: Web Qualify>QMS Documentation>Support Processes>Network & Systems>IT Service Management> Configuration Management>QPCON Configuration Management Procedure. Web Qualify>QMS Documentation>Support Processes>Network & Systems>IT Service Management> Configuration Management>QW1W15 Configuration Management Policy & Guidelines. Web Qualify>QMS Documentation>Project Lifecycles>IMS>Procedures>Configuration Management> QP601IMS05 - Configuration Management Procedure Change management Mahindra Satyam has established Change Management Processes to ensure that all changes are assessed, approved, implemented and reviewed in a controlled manner. It is ensured that service and infrastructure changes have a clearly defined and documented scope. All requests for change are recorded and classified, e.g. urgent, emergency, major, and minor. Requests for changes are assessed for their risk, impact and business benefit. The change management process includes the manner in which the change will be reversed or remedied if unsuccessful. Changes are approved and then checked, and implemented in a controlled manner. All changes are reviewed for success and any actions taken after implementation. Procedures have been established to control the authorization and implementation of emergency changes. The scheduled implementation dates of changes are used as the basis for change and release scheduling. A schedule that contains details of all the changes approved for implementation and their proposed implementation dates is maintained and communicated to relevant stakeholders. Change records are analyzed regularly to detect increasing levels of changes, frequently recurring types, emerging trends and other relevant information. The results and conclusions drawn from change analysis is also recorded. Actions for improvement identified from change management are recorded and input into a plan for improving the service. The complete flow of the Change Management process is established and available in the following procedure documents: Web Qualify>QMS Documentation>Support processes>network & Systems>IT Service Management> Change Management>QPCHA Change Management Procedure. Web Qualify>QMS Documentation>Project Lifecycles>IMS>Procedures>Change Management> QP601IMS03 Change Management. 13 Release Process 13.1 Release Management Process 16

17 PAGE 17 of 17 Mahindra Satyam has established procedures for Release Management to deliver, distribute and track changes in a release into the live environment, Release policies are established as per guidelines available. The release policy details the frequency and type of releases. Mahindra Satyam has defined a procedure that details the plan on the release of services, systems, software and hardware as agreed with the business. The plans include the mechanism of roll out of the release including authorization by all relevant stakeholders. The plans detail the recording of the release dates and deliverables and refer to related change requests, known errors and problems. The processes also include the manner in which the release would be reversed or remedied if unsuccessful. It is ensured that the release management process passes suitable information to the incident management process and that the release management process is integrated with the configuration and change management processes. The release management procedure details the mechanism of assessing the Requests for change for their impact on the release plans. This includes the updating and changing of configuration information and change records. The process also details the mechanism that needs to be followed in case of Emergency releases which would have interfaces to the emergency change management process. The release process details the controlled acceptance test environment that would be established to build and test all releases prior to distribution. Release, distribution and implementation are designed and implemented so that the integrity of hardware and software is maintained during installation, handling, packaging and delivery. Measurement of the release process includes the rate of success and failure of releases. This includes measurements of incidents related to a release in the period following a release. The analysis includes the assessment of the impact on the business, IT operations and support staff resources, thereby providing input to a plan for improving the service. The complete flow of the Release Management process and guidelines for establishing release policy are established and available in the following procedure documents: Web Qualify>QMS Documentation>Support processes>network & Systems>IT Service Management> Release Management>QPREL - Release Management Procedure. Web Qualify>QMS Documentation>Support processes>network & Systems>IT Service Management> Release Management>QW1W16 Release Policy Guidelines. Web Qualify>QMS Documentation>Project Lifecycles>IMS>Procedures>Release Management> QP601IMS04 - Release Management Procedure. 17