View
1.270
Download
2
Embed Size (px)
Citation preview
SupplierGAP
Y/NInput Output
GAP
Y/NCustomer Input Comments Output Comments
Y Identified known errors Incident detail history N
N
Identified resolution actions
that were taken to resolve
multiple incidents
Classification of incidents to
be used as input for
determining known errors
Y
NIdentifies problem resolution
status
Validation that incidents have
not reoccured for known
errors that have been
resolved
Y
Actions taken or workarounds
used to resolve incidentsN
NStatus of RFCs submitted to
resolve incidents
Validation that incidents have
not reoccured for known
errors that have been
resolved via Change
Mangement
Y
N
Projects Service Availability
to determine impact on
incidents
Identification of change
related incidents if they occurN
RFCs for handling standard
changes used to resolve
incidents
N
Participation on the Change
Advisory Board (CAB)N
YLink of releases to incidents
being impacted/resolved
Incident history and detail to
be used as input for
determining development
solutions
N
Incident Management
CyberSecurity ISO 27001 Annex A and ITIL GAP Assessment
Problem
Mangement
Problem
Mangement
Change
Management
Change
Management
Release
Management
Release
Management
Y
Training for new incident
handling skills and
processes related to new or
changed releases being
implemented
Incident history and detail for
incidents related to the
implementation of releases
Y
Identification of incidents
caused by Release
Mangement activities if they
occur
N
YCis with incident information,
status and history
Records Cis with Company
incident information, history
and current status
Y
Identifies incident Cis with
incident handling or
workaround information
Y
Identify which Cis are
associated with or impacted
by incidents
Y
Identifies which incident Cis
should be escalated or closedY
Y SLA Targets and ThresholdsFrequency and duration of
incidentsY
YEscalation policies for
incident resolution
Incident and resolution history
detail to assist with
identification of overall service
quality
Y
N Service Catalogue
Identification as to whether a
service level has been missed
or not
Y
Y
Classification and priority
guidelines for recording and
tracking actions to resolve
incidents
N
Monitoring information
related to availability to help
resolve incidents
Incident history and detail
when requesting N
NSupport for incident
resolution as neededMetrics on MTTR action Y
Configuration
Mangement
Service Level
Management
Service Level
Management
Availability
Management
Availability
Management
Release
Management
Release
Management
Configuration
Mangement
Actions taken to restore
service to customers when
requested
N
Satisfaction feedback from
customers on incidents and
overall service quality
Y
N
Monitoring information
related to performance and
throughput to help resolve
incidents
Incident history and detail
when requestedN
NSupport for incident
resolution as needed
Satisfaction feedback from
customers on capacity related
incidents and overall
satisfaction with performance
and throughput quality
Y
N Status of availability capacity
Y Risk Mitigation plans
Resolution and workaround
measures that need to be in
place while operating at
standby facilities
N
N
Conditions under which
recovery actions would have
to be involved
Incident history and detail
related to severe outages
when requested
N
N ITSC Plan
NEscalation policies for
invoking recovery actions
YCharges for support and/or
resolution processes
Cost impacts for restoring
services and actions takenY
Y
Budgets and financial targets
for incidents management
functions
Assessment as to frequency
that incident will occur to
identify longer term cost
impacts
Y
YFeedback on costs for
incident mangement
Y
Customer feedback on
success level of incident
resolutions
Identifies which Cis are
associated with incidentsY
Availability
Management
Availability
Management
Capacity
Management
Capacity
Management
IT Service
Continuity
Management
IT Service
Continuity
Management
IT Financial
Management
IT Financial
Management
Service Desk Service Desk
Y
Customer feedback on
incident descriptions and
symptons
Identifies incident handling
workaround proceduresN
Identifies service restoration
actions taken after an incident
has occured
N
Identifies incident resolution
statusY
N Company security policies
Incident history and detail
when requested for security
related incidents
N
Y
Process and procedures for
handling common security
requests
Frequency of security related
incidentsY
Y
Escalation policies for
handling security related
incidents
Actions and workarounds
taken to restore services that
have been compromised by
security related incidents
N
Service Desk Service Desk
Security
Management
Security
Management
SupplierGAP
Y/NInput Output
GAP
Y/NCustomer Input Comments Output Comments
N Incident detailed history Identifies known errors Y
Y
Classification of incidents to
be used as input for
determining known errors
Identifies resolution actions
that were taken to resolve
multiple incidents
Y
Y
N
Validation that incidents
have not reoccured for
known errors that were
previously resolved
Identifies problem resolution
statusN
Y
N
Actions taken or
workarounds used to resolve
incidents
N
Forward Schedule of
Changes to determine when
incidents may be resolved
RFCs submitted for known
errors that require changeN
Y
N
Approval and coordination of
RFCs submitted by Problem
Management for change to
resolve known errors and
problems
Validation that problems have
not reoccured for known
errors that have been
resolved thru Change
Management
Y
N
RFCs for handling standard
changes used to resolve
known errors
Y
Identification of criteria for
successful changes
Y
N
Particpation in post
implementation reviews
N
Y
Participation on the Change
Advisory Board (CAB)N
N
Identifies release action
being taken to resolve
known errors
Identification of known errors
that require development
activities to resolve
Y
N
Change
Management
Change
Management
Release
Management
Release
Management
Incident
Mangement
Incident
Mangement
Problem Management
Y
N
Communicates known errors
from development or other
release activities if they
occur
Identification of problems that
occured due to releases that
were implemented
Y
N
Validation that releases
implemented to resolve
known errors were successful
N
YCis related to failing
components
Links incident Cis to known
error informationY
Y Relationship between CisAssociated which Cis may be
at root-cause of incidentsY
Identifies problem knowledge
base CisY
Link incident Cis with error
control information (resolved
problems)
Y
Y
N
SLA Targets and thresholds
to be used as input for
problem identification and
impact analysis
Frequency and duration of
incidentsY
Y
N
Escalation policies for
incident resolution
Incident and resolution history
detail to assist with
identification of overall service
quality
Y
N Service Catalogue
Identification as to wheither a
service level has been missed
or not
Y
N
Y
N
Classification and priority
guidelines for recording and
tracking actions to resolve
incidents
N
Monitoring information
related to availability to help
resolve incidents
Incident history and detail
when requesting
N
Y
NSupport for incident
resolution as neededMetrics on MTTR action N
Availability
Management
Release
Management
Release
Management
Configuration
Mangement
Configuration
Mangement
Service Level
Management
Service Level
Management
Availability
Management
Actions taken to restore
service to customers when
requested
Y
N
Satisfaction feedback from
customers on incidents and
overall service quality
Y
Y
N
Monitoring information
related to performance and
throughput to help resolve
incidents
Incident history and detail
when requestedN
NSupport for incident
resolution as needed
Satisfaction feedback from
customers on capacity related
incidents and overall
satisfaction with performance
and throughput quality
Y
N Status of availability capacity
Y Risk Mitigation plans
Resolution and workaround
measures that need to be in
place while operating at
standby facilities
Y
N
Y
Conditions under which
recovery actions would have
to be involved
Incident history and detail
related to severe outages
when requested
Y
N
YITSC Plan
N
Y
Escalation policies for
invoking recovery actions
Y
N
Charges for support and/or
resolution processes
Cost impacts for restoring
services and actions takenY
Y
Budgets and financial targets
for incidents management
functions
Assessment as to frequency
that incident will occur to
identify longer term cost
impacts
Y
YFeedback on costs for
problem mangement
Availability
Management
IT Service
Continuity
Management
IT Service
Continuity
Management
IT Financial
Management
IT Financial
Management
Capacity
Management
Capacity
Management
Availability
Management
Y
Customer feedback on
success level of incident
resolutions
Identifies which Cis are
associated with incidentsY
N
Customer feedback on
incident descriptions and
symptoms
Identifies incident handling
workaround proceduresN
Identifies service restoration
actions taken after an incident
has occured
N
Identifies incident resolution
statusN
N Company security policies
Incident history and detail
when requested for security
related incidents
N
Y
Process and procedures for
handling common security
requests
Frequency of security related
incidentsY
N
Y
Escalation policies for
handling security related
incidents
Actions and workarounds
taken to restore services that
have been compromised by
security related incidents
N
SupplierGAP
Y/NInput Output
GAP
Y/NCustomer Input Comments Output Comments
Y
N
Validation that incidents
have not recurred for Known
Errors that have been
resolved via Change
Management
Status of RFCs submitted to
resolve incidentsN
N
Identification of change
related incidents if they
occur
Project Service Availability
(PSAs) to determine impact
on incidents
N
N
RFCs for handling standard
changes used to resolve
incidents
Y
N
Participation on the Change
Advisory Board
Service Desk Service Desk
Security
Management
Security
Management
Change Management
Incident
Mangement
Incident
Mangement
N
RFCs submitted for
problems and Known Errors
that require a change
Forward Schedule of
Changes (FSCs) to determine
when incidents may be
resolved
N
Y
N
Validation that problems
have not recurred for Known
Errors that have been
resolved via Change
Management
Approval and coordination of
RFCs submitted by problem
management for change to
resolve Known Errors and
problems
N
Y
RFCs for handling standard
changes used to resolve
Known Errors
Y
N
Identification of criteria for
successful changes
YParticipation in post
implementation reviews
Y
N
Participation on the Change
Advisory Board (CAB)
NParticipation in post
implementation reviews
Approval to undertake release
implementation activitiesN
Y
N
Participation on the Change
Advisory Board (CAB)
Change impact assessment
results for releases under
consideration for
implementation
Y
NNotifications of release
status for changes
Forward Schedule of
Changes (FSCs) to be used
as input for determining
release schedules
N
N
Provides input for Forward
Schedule of Changes
(FSCs) and Planned Service
Availability (PSAs) related to
release activities
Requirements for release
testing and success criteriaY
Release
Management
Release
Management
Problem
Management
Problem
Management
N
Submits plans and
schedules to be used as
input for change review and
approval actions
Coordination of release
implementation phases (build,
test, implement, etc)
Y
N
Y
Validation that requested Cis
for change have indeed
been changed.
Identified changes in CI statusN
Y
YCI reports for change
validation and auditRequest for Changes (RFCs) N
Y
Relationship between Cis to
be used as input for impact
analysis efforts
Forward Schedule of
Changes (FSCs)N
Y CI baselinesProject Service Availability
(PSAs)N
YRFC historical information if
requested
Approval to make changes to
the Configuration
Management Database
(CMDB)
Y
YEstablishes priorities for
RFCs being submitted
Changes to SLAs, OLAs, Ucs
and the Service CatalogueY
YRFCs for changes to the
service catalogueStatus of RFCs Y
N
Y
RFCs related to Service
Improvement Program (SIP)
actions
Notification of approvals to
proceed with planned RFC
changes to modify SLA, OLA
or Ucs.
Y
NParticiaptes on Change
Advisory Board (CAB)
Service quality metrics on the
Change Management
process
Y
N
Y
Review of Planned Service
Availability (PSAs) for impact
on service
FSCs with impact on service
availability
N
Y
Y
Review RFCs and Forward
Schedule of Changes to
match customer
requirements and timelines
Documented Change
Management processes to be
used by IT customers
Y
Service Level
Management
Service Level
Management
Release
Management
Release
Management
Configuration
Mangement
Configuration
Mangement
YReview RFCs for impact on
services being delivered.
Post implementation review
results to assess
effectiveness of service
changes.
Y
YRFCs for changes to SLAs,
OLAs and Ucs.
YIdentifies availability related
RFCs
Status of changes being
implemented to improve
availability
N
YParticipation in post
implementation reviews
RFCs that have been
submitted to improve
availability
N
Y
YParticipation on the Change
Advisory Board (CAB)
RFCs that have been
submitted to assess their
impact on availability
N
N
Y
Participation ion the
Emergency Committee
Change Advisory Board
(EC/CAB)
FSCs to be used as input for
availability plans and actionsN
N
Y
Assists in development of
Planned Service Availability
(PSAs)
Notification of approvals to
proceed with changes to
improve availability or make
changes to the Availability
Plan
N
YIdentify changes that impact
availability
Post implementation review
results to assess
effectiveness of availability
changes.
Y
Y
Identify Security
Requirements needed for
changes.
YIdentifies capacity related
RFCs
Status of changes being
implemented to improve
performance and throughput
Y
YIdentify and review changes
that impact capacity
RFCs that have been
submitted to improve
performance and throughput
N
Service Level
Management
Service Level
Management
Availability
Management
Availability
Management
Capacity
Management
Capacity
Management
N
Identify impact of new
resource technologies on
capacity
RFCs that have been
submitted to asses their
impact on capacity plans
N
YApplication Sizing results to
be used as input for changes
Notification of approvals to
proceed with changes to
capacity or to make changes
to the Capacity Plan
Y
FSCs to assist with planning
for the implementation of
capacity changes
Y
Post implementation review
results to assess
effectiveness of capacity
changes
Y
YRFCs for changes to
recovery plans
RFCs and their current status
that need to be assessed for
their impacts on the ITSC
plan and to keep it current
Y
Y
Reviews submitted RFCs for
impact on IT Service
Continuity Management
operations and plans
Notification of approvals to
proceed with changes to the
ITSC plan
Y
Y
Ensures implemented
changes incorporated to
ITSC plans have been tested
FSCs to be used as input for
determining when changes
will be implemented that have
impact on ITSCM activities
and plan
Y
YParticipates on Change
Advisory Board (CAB)
Post implementation review
results to assess
effectiveness and impacts of
changes on recovery plans
Y
Y
Identifies cost impacts from
implementing RFCs being
submitted
RFCs and FSCs to asess
impact to IT budgets, charges
and costs
Y
IT Service
Continuity
Management
IT Service
Continuity
Management
Capacity
Management
Capacity
Management
IT Financial
Management
IT Financial
Management
Y
RFCs for changes to
budgets and pricing policies
activities
Notification of approvals to
proceed with RFC changes to
update budgets and cost
plans and models as needed
N
Y
Y
Feedback on costs for
change management
activities
Post implementation review
results to assess actual costs
versus planned for
implementing changes
Y
YReviews submitted RFCs for
cost/benefit impact
N
Y
Customer feedback on
Forward Schedule of
Changes
Identifies current status of
changes being applied to the
Company infrastructure
N
Y
Customer feedback on
Planned Schedule of
Availability
Identifies projected service
availability information to be
communicated to Company
customers
N
Y
NEscalations for Emergency
Changes
Y
RFCs for security policy and
process documentation
changes
RFCs to assess impacts of
changes on security N
Notification of approvals to
proceed with planned RFC
changes related to security or
to modify the Company
Security Policy
N
Y
FSCs to be used as input for
review of scheduled changes
against security plans and
policies
Y
Post implementation review
results to assess
effectiveness of security
changes
Y
SupplierGAP
Y/NInput Output
GAP
Y/NCustomer Input Comments Output Comments
Service Desk
Release Management
Security
Management
Security
Management
IT Financial
Management
IT Financial
Management
Service Desk
N
Incident history and detail to
be used as input for
determining development
solutions
Link of releases to incidents
being impacted/resolvedY
Y
Incident history and detail for
incidents related to
implementation of releases
Training for new incident
handling skills and processes
related to new or changed
releases being implemented
Y
YIdentification of incidents
caused by Release
Y
N
Management activities if they
occur
Y
Identification of Known
Errors that require
development activities to
resolve
Identifies release actions
being taken to resolve Known
Errors
N
Y
Identification of problems
that occurred due to
releases that were
implemented
Communicated Known Errors
from development or other
release activities if they occur
Y
Y
N
Validation that releases
implemented to resolve
Known Errors were
successful
Y
N
Approval to undertake
release implementation
activities
Participation in post
implementation reviewsY
Y
Change impact assessment
results for releases under
consideration for
implementation
Participation on the Change
Advisory Board (CAB)Y
N
Forward Schedule Of
Changes (FSCs) to be used
as input for determining
release schedules
Notifications of release status
for changesY
Incident
Management
Incident
Management
Problem
Management
Problem
Management
Change
Management
Change
Management
YRequirements for release
testing and success criteria
Provides input for Forward
Schedule Of Changes (FSCs)
and Planned Service
Availability (PSAs) related to
release activities
Y
N
N
Coordination of release
implementation phases
(build, test, implement, etc.)
Submits plans and schedules
to be used a s input for
change review and approval
actions
N
Y CI baselines
CI information related to
releases and their current
implementation status
Y
Y CI detail information
CI information related to the
Definitive Software Library
(DSL)
Y
Y CI relationships
CI information related to the
Definitive Hardware Stores
(DHS)
Y
YDefinitive Software Library
CIs
Documentation about
releases to be stored as CisY
YDefinitive Hardware Library
Cis
Y
N
Establishes priorities for
release development
activities
Release plans and schedule
status to determine impact on
service quality
Y
Y
Determines impacts of
releases and their
development on services
Release progress/status that
can be communicated to
customers
Y
Y
Service Improvement Plan
(SIP) to be used as input for
release development
Validation that releases were
implemented within customer
SLA timeframes and agreed
scope
Y
N
Y
N
Ensure Service Level
Requirements have been
incorporated into release
designs and activities
Service Level
Management
Service Level
Management
Change
Management
Change
Management
Configuration
Management
Configuration
Management
N
Reviews planned and
implemented releases for
impacts on availability
Release and rollout plans to
be used as input for
assessment on impacts to
availability
N
N
Review planned releases to
determine if availability
requirements are being met
Y
Reviews planned and
implemented releases for
impacts on capacity
Release and rollout plans to
be used as input for
assessment on impacts to
capacity plans, performance
and throughput
Y
Y
Review planned releases to
determine if capacity
requirements are being met
Y
Application sizing to be used
as input for release
development
Y
Ensure recovery plans are
maintained to include new
releases as they are
implemented
Release and rollout plans to
be used as input for
assessment on impacts to the
ITSC plan, business impact
analysis, risk analysis and
ITSC plan testing activities
Y
Y
Ensure ITSCM requirements
are included with releases as
they are developed and
implemented
Requirements for
management and operation of
Definitive Hardware Stores
and Definitive Software
Library that need to be
considered as part of the
ITSC plan
Y
Y
Business Impact Analysis
and Risk Assessment results
to be used as input for
release planning and
development
Availability
Management
Availability
Management
Capacity
Management
Capacity
Management
IT Service
Continuity
Management
IT Service
Continuity
Management
YIdentifies cost/benefit
impacts of releases
Identified costs and/or cost
impacts for implementation of
new releases including
documentation, testing and
training
Y
Y
Cost elements to be used as
input for determining
development costs of
releases
Costs associated with
maintenance and
management of Definitive
Hardware Stores and the
Definitive Software Library
Y
YIdentifies budgets for release
activities
YReviews release budgets for
plan versus actual
N
Incident history and detail to
be used as input for
determining development
solutions
Identifies current status of
releases being applied to the
Company infrastructure
N
Y
Incident history and detail as
well as customer feedback
for incidents related to
implementation of releases
Service Desk roles and
responsibilities on behalf of
rollout of new releases
N
Y
Security policies to be used
as input for release design
and implementation
Release plans and schedule
status to determine impact on
security policies and plans
Y
Y
Establishment of appropriate
security access needed to
implement releases
Validation that implemented
releases do not compromise
security policies and plans
Y
Y
Establishment of appropriate
security access and policies
needed to control Definitive
Hardware Store (DHS) and
Definitive Software Library
(DSL)
Security access requirements
that need to be provided for to
allow release activities to take
place
Y
Security
Management
Security
Management
IT Financial
Management
IT Financial
Management
Service Desk Service Desk
Configuration Management
SupplierGAP
Y/NInput Output
GAP
Y/NCustomer Input Comments Output Comments
Y
Recorded Cis with Company
incident information, history
and current status
Cis with incident information,
status and historyY
Y
Identifies incident Cis with
incident handling or
workaround information
N
Identify which Cis are
associated with or impacted
by incidents
N
Identifies which incident Cis
should be escalated or
closed
YLinks incident CIS with
Known Error information
CIs related to failing
components Y
NAssociates which Cis may
be at root cause of incidentsRelationships between Cis Y
YIdentifies problem
knowledge base Cis
Y
Link incident Cis with Error
Control information (resolved
problems)
NIdentified changes in CI
status
Validation that requested Cis
for change have indeed been
changed
Y
NRequest For Changes
(RFCs)
CI reports for change
validation and auditY
NForward Schedule Of
Changes (FSCs)
Relationships between Cis to
be used a input for impact
analysis efforts
Y
Y
N
Projected Service Availability
(PSAs)CI baselines Y
Y
Approval to make changes
to the Configuration
Management Database
(CMBD)
RFC historical information if
requested
N
Y
Change
Management
Change
Management
Incident
Management
Incident
Management
Problem
Management
Problem
Management
N
CI information related to
releases and their current
implementation status
CI baselines Y
Y
CI information related to the
Definitive Software Library
(DSL)
CI detail information Y
Y
CI information related to the
Definitive Hardware Stores
(DHS)
CI relationships Y
YDocumentation about
releases to be stored as CisDefinitive Software Library Cis Y
Definitive Hardware Store Cis Y
Y Company customer SLAs
Historical service reports,
SLAs, OLAs, UCs and
customer feedback
information that have been
stored as CIs
Y
Y Company OLAs
CI relationship information to
assist with the development of
service requirements and
service levels
Y
Y UCs with Company vendors
List of components that are
included within the scope of
each service being delivered
Y
N Company Service CatalogueCI status information if
requestedY
Y SIP information
Y Service Reports
YAvailability Database CI
items
Configuration Item
information on components to
be used as input for Fault
Component Impact Analysis
(FCIA) or other analysis
efforts as well as
planning/design efforts
Y
Release
Management
Release
Management
Service Level
Management
Service Level
Management
Availability
Management
Availability
Management
N Availability Plans
Relationships between
configuration items for
systems, resources and
services
Y
YRelationship information
between CIs
Historical reports from other
IT Service Management
functions which have been
stored as CIs
Y
Y
NVital Business functions
Availability Data Base (ADB)
CI
Y
N
Y
Indication which CIs may be
cause for poor service
quality
Y
Changes to CIs caused by
implementation of availability
changes
YProvides status of
serviceability on CIs
Y Capacity Database CI items
Configuration Item
information on components to
be used as input for capacity
analysis efforts as well as
planning/design efforts
Y
N Capacity Plans
Relationships between
configuration items for
system, resources and
services to assess impacts of
capacity issues and plans
Y
Y
Indication which CIs or set of
CIs may be cause for
capacity issues
Historical reports on capacity
levels, monitoring results and
other IT Service Management
functions which are also CIs
Y
Y
Changes to CIs caused by
implementation of capacity
changes
Capacity Data Base (CDB) CI Y
Availability
Management
Availability
Management
Capacity
Management
Capacity
Management
Y Application sizing related CIs
N ITSC PlanCIs for components that need
to be recoveredY
N ITSC Plan test results
CI relationships to ensure all
components needed for
recovery actions have been
considered
Y
N Standby arrangements
CIs used as input for impact
analysis and risk mitigation
and planning efforts
Y
YCompany Business Impact
Assessment
Business Continuity Plan and
IT Service Continuity Plans
that have been stored as CIs
Y
Y Company Risk Analysis
Y IT Budgets
CIs for components that
include cost, value and
replacement timeline
information
Y
Y Charging Policies
CIs for components that
include location, condition and
inventory of components
Y
N Cost categories
Historical IT financial data,
budgets, reports, charging
policies and customer bills
that have been stored as CIs
Y
Y Financial Reports
Costs related to maintenance
and operation of the
Configuration Management
infrastructure
Y
Y Cost and value of CIs
Service Desk Y
Recorded Cis with Company
incident information, history
and current status
CIs with incident information,
status and historyY Service Desk
IT Service
Continuity
Management
IT Service
Continuity
Management
Capacity
Management
Capacity
Management
IT Financial
Management
IT Financial
Management
N Company Security Policies
CIs that need to be under
control for confidentiality,
integrity and access
Y
YIndication of which CIs
should be protected
Historical reports on security
breaches and status as well
as security policies which are
stored as CIs
Y
Y
Confidentiality, Integrity and
Availability policies for the
CMDB
CI relationships that need to
be considered for impact on
security
Y
SupplierGAP
Y/NInput Output
GAP
Y/NCustomer Input Comments Output Comments
YFrequency and duration of
incidentsSLA targets and thresholds Y
N
Incident and resolution
history detail to assist with
identification of overall
service quality
Escalation policies for incident
resolution
N
Y
Y
Identification as to whether a
service level has been
missed or not
Service Catalog N
Classification and priority
guidelines for recording and
taking actions to resolve
incidents
Y
YFrequency and duration of
known errors
SLA targets and thresholds to
be used a input for problem
identification and impact
analysis efforts
Y
Y
Known error detail to assist
with identification of overall
service quality
Escalation policies for Known
Error resolution Y
Y
Notification about known
errors that have been
resolved
Service Catalog Y
Security
Management
Security
Management
Service Level Management
Incident
Management
Incident
Management
Problem
Management
Problem
Management
Y
Identifies actions to be taken
to resolve known errors in
accordance with Service
Improvement Plan (SIP)
Feedback to determine if
Known Errors resolutions are
successful
Y
Identify priorities for problems Y
Service Improvement
Program (SIP) to be used as
input for problem and Known
Error resolution activities
Y
Y
RFCs to assess impacts of
changes on SLAs, OLAs,
UCs and the Service Catalog
Establishes priorities for
RFCs being submittedY
N Status of RFCsRFCs for changes to the
Service CatalogY
Y
Notification of approvals to
proceed with planned RFC
changes to modify SLA, OLA
or UCs
RFCs related to Service
Improvement Program (SIP)
actions
Y
Y
Service quality metrics on
the Change Management
process
Participates on Change
Advisory Board (CAB)Y
NFSCs with impact on service
availability
Review RFCs and Forward
Schedule of Changes (FSCs)
to match customer
requirements and timelines
Y
Y
Documented Change
Management processes to
be used by IT customers
Review RFCs for impact on
services being deliveredY
Y
Post implementation review
results to assess
effectiveness of service
changes
RFCs for changes to SLAs,
OLAs and UcsY
Problem
Management
Problem
Management
Change
Management
Change
Management
Y
N
Release plans and schedule
status to determine impact
on service quality
Establishes priorities for
release development activitiesY
Y
Release progress/status that
can be communicated to
customers
Determines impacts of
releases and their
development on services
Y
Y
N
Validation that releases were
implemented within
customer SLA timeframes
and agreed scope
Service Improvement Plan
(SIP) to be used as input for
release development
Y
Ensure Service Level
Requirements have been
incorporated into release
designs and activities
Y
N
Y
Historical service reports,
SLAs, OLAs, UCs and
customer feedback
information that have been
stored as CIs
Company customer SLAs Y
Y
CI relationship information to
assist with the development
of service requirements and
service levels
Company OLAs Y
Y
List of components that are
included within the scope of
each service being delivered
Ucs with Company vendors Y
YCI status information if
requestedCompany Service Catalog N
SIP information Y
Service Reports Y
Y
Capability or assessment of
the existing Company IT
infrastructure to support new
services and/or service
levels
Company service level
requirements that need to be
met for availability
N
Availability
Management
Availability
Management
Configuration
Management
Configuration
Management
Release
Management
Release
Management
N
Agreed upon SLR metrics
and targets to support
Company services
Identification of services to be
provided through the
Company IT Service Catalog,
SLA, OLA and underpinning
contract configuration items
Y
N
N
Input information that
describes how well
Company service levels are
being met
Initiation of service
improvement actions related
to availability for Company
services
Y
N
N
Advise and/or input on how
poor Company service
quality can be eliminated or
mitigated
N
Support for service level
negotiation processes with
availability actions/options
needed to support Company
service targets
N
Capacity assessment to
determine if requested
service levels for new
Company systems can be
met
Company service level
requirements that need to be
met for performance and
throughput
N
N
Provides capacity related
input and/or implements
capacity changes to
eliminate poor Company IT
service quality if capacity
related
Identification of services to be
provided through the
Company IT Service Catalog,
SLA, OLA and underpinning
contract configuration items
N
N
Initiates demand
management
discussions/options to better
manage and control service
quality when necessary
Initiation of service
improvement actions related
to capacity for Company
services
Y
Availability
Management
Availability
Management
Capacity
Management
Capacity
Management
N
Provides information on
throughput and performance
metrics that support agreed
upon service level targets
Information to assist Business
Capacity planning activities
N
Y
N
Draft and/or review service
level requirements that
involve capacity related
service targets
Information to assist with
Demand Management
activities
N
Y
N
Provide feedback on
whether service
requirements for continuity
can be provided
Company service level
requirements that identify
required timescales for
recovery
N
N
Provide Company standard
definition for what conditions
must be in place to invoke
continuity actions
Identification of services to be
recovered through the
Company IT Service Catalog,
SLA, OLA and underpinning
contract configuration items
N
Agreed conditions for invoking
recovery actionsN
YCosts for providing Company
IT services
Company service level
requirements that need to be
priced and charged for
Y
N
Y
N
Charges to Company
customers for services
Identification of services to be
provided through the
Company IT Service Catalog,
SLA, OLA and underpinning
contract configuration items to
provide input for budgeting, IT
accounting and charging
activities
Y
Y
N
Identification of financial
penalties or other charges
that may be levied on
Company IT Service Delivery
related to poor service
quality
Capacity
Management
Capacity
Management
IT Service
Continuity
Management
IT Service
Continuity
Management
IT Financial
Management
IT Financial
Management
YFinancial Management
budgets and targets
Y
N
Cost and charging input to
the agree process for
Company SLAs, OLAs and
UCs
N Company charging policies
Y
N
Assessment of capability to
meet requested service
levels for call handling and
response
SLA targets and thresholdsY
N
YFrequency and duration of
incidents
Communications on quality of
services being delivered to
customers
Y
N
Y
Customer feedback on
service quality being
delivered
Escalation policies for incident
resolutionN
Y
N
Identification as to whether a
service level has been
missed or not
Service Catalog to
communicate IT services
available to Company
customers
N
Classification and priority
guidelines for recording and
taking actions to resolve
incidents
Y
Y
N
Assessment of capability to
meet Company SLRs that
are security related
Company service level
requirements that need to be
met for confidentiality,
integrity and availability of
Company data
Y
NSecurity policies that must
be adhered to
Identification of services to be
provided through the
Company IT Service Catalog,
SLA, OLA and underpinning
contract configuration items
Y
N
Initiation of service
improvement actions related
to security for Company
services
N
IT Financial
Management
IT Financial
Management
Service Desk Service Desk
Security
Management
Security
Management
SupplierGAP
Y/NInput Output
GAP
Y/NCustomer Input Comments Output Comments
NIncident history and detail
when requested
Monitoring information related
to availability to help resolve
incidents
N
YMetrics on Mean Time To
Repair actions
Support for incident resolution
as neededN
N
Actions taken to restore
service to customers when
requested
Y
Satisfaction feedback from
customers on incidents and
overall service quality
Y
Frequency and duration of
problems as input to
understanding the levels of
availability being delivered
Monitoring information related
to availability to help resolve
problems
N
YKnown errors to assist with
availability improvements
Support for problem
resolution to identify impact of
component failures
N
Y
Problems trends and
information as input for
potential actions to mitigate
Provides availability,
maintenance and
serviceability metrics to assist
in problem identification
Y
Identifies impacts of Known
Errors on availabilityY
Indentifies availability related
problemsN
N
Status of changes being
implemented to improve
availability
Identifies availability related
RFCsN
N
RFCs that have been
submitted to improve
availability
Participation in post
implementation reviewsY
Availability Management
Incident
Management
Incident
Management
Problem
Management
Problem
Management
Change
Management
Change
Management
N
RFCs that have been
submitted to assess their
impact on availability
Participation on the Change
Advisory Board (CAB)N
N
FSCs to be used as input on
for availability plans and
actions
Participation on the
Emergency Committee
Change Advisory Board
(EC/CAB)
N
Y
N
Notification of approvals to
proceed with changes to
improve availability or make
changes to the Availability
Plan
Assists in development of
Planned Service Availability
(PSAs)
Y
N
Y
Post implementation review
results to assess
effectiveness of availability
changes
Identify changes that impact
availabilityY
Identify Security
Requirements needed for
changes
Y
Y
N
Release and rollout plans to
be used as input for
assessment on impacts to
availability
Reviews planned and
implemented releases for
impacts on availability
Y
Review planned releases to
determine if availability
requirements are being met
Y
N
Y
Configuration Item
information on components
to be used as input for Fault
Component Impact Analysis
(FCIA) or other analysis
efforts as well as
planning/design efforts
Availability Database CI items Y
Y
Relationships between
configuration items for
systems, resources and
services
Availability PlansY
N
Release
Management
Change
Management
Change
Management
Release
Management
Configuration
Management
Configuration
Management
Y
Historical reports from other
IT Service Management
functions which have been
stored as CIs
Relationship information
between CIs Y
Y
N
Availability Data Base (ADB)
CIVital Business functions
Y
N
Indication which CIs may be
cause for poor service qualityY
Changes to Cis caused by
implementation of Availability
changes
Y
Provides status of
serviceability on CisY
N
Company service level
requirements that need to be
met for availability
Capability or assessment of
the existing Company IT
infrastructure to support new
services and/or service levels
Y
N
N
Identification of services to
be provided through the
Company IT Service
Catalog, SLA, OLA and
underpinning contract
configuration items
Agreed upon SLR metrics and
targets to support Company
services
N
N
Initiation of service
improvement actions related
to availability for Company
services
Input information that
describes how well Company
service levels are being met
Y
N
Advice and/or input on how
poor Company service quality
can be eliminated or mitigated
N
Support for service level
negotiation processes with
availability actions/options
needed to support Company
service targets
N
Service Level
Management
Service Level
Management
Configuration
Management
Configuration
Management
N
Application Sizing for new
Company applications and
services
Design plans for new
Company servicesN
N
Implementation of tuning
and capacity changes to
correct poor Company
service quality
Availability requirements for
new and existing Company
services
Y
N
NCapacity alternatives to meet
availability requirements
Timelines for when new
Company services will be in
production to determine when
capacity levels will be needed
N
N
Capacity related thresholds
and alarms that will need to
be monitored to manage
Company service quality
Resiliency requirements for
Company services to
determine impacts on
capacity needs
Y
Y
Capacity impacts for
component or system
failures
Monitoring requirements for
IT components
Y
N
YCapacity impact analysis for
resiliency optionsAvailability plans
Y
N
Y
N
Business continuity plans to
identify how services will
recovered as input to the
Company availability plan
Identification of Company vital
business functions that need
to be recovered along with
required recovery timescales
N
Y
Identification of Company
business risks and mitigation
strategies
Availability goals and targets
for Company servicesN
N
Assessment as to whether
recovery actions should be
invoked to restore services
Availability options to reduce
risks for failure of Company
services to be used as input
to risk assessment activities
Y
N
Resiliency requirements for
Company services that need
to be provided for
N
Capacity
Management
Capacity
Management
IT Service
Continuity
Management
IT Service
Continuity
Management
Impacts of non-availability of
Company services that will be
used as input for Company
Business Impact Analysis
efforts
Y
Y
Identification of costs and
charges for availability
options chosen or under
consideration
Availability design plans for
each Company service that
can be used as input for
identifying IT costs
Y
Y
Identification of costs or
financial penalties for poor
service quality or
unavailability of Company
services
Timelines for when new
Company services will be in
production to determine when
costs will be incurred
N
Impact of non-availability of
Company services to be used
as input for determining non-
availability costs
Y
NIncident history and detail
when requested
Monitoring information related
to availability to help resolve
Company incidents
N
Y
Assessment of capability to
meet requested service
levels for call handling and
response
Support for incident resolution
as neededN
Y
Satisfaction feedback from
customers on incidents and
overall service quality
Provides planned recovery
processes used to resolve
incidents
Y
N
Actions taken to restore
service to customers when
requested
Y
N
Security policy that identifies
security requirements that
must be incorporated into
availability designs
Provides requirements for
confidentiality of Company
data for new and existing
services
N
Security
Management
IT Service
Continuity
Management
IT Service
Continuity
Management
IT Financial
Management
IT Financial
Management
Service Desk Service Desk
Security
Management
Y
Assessment of availability
designs to ensure they meet
Company requirements for
data confidentiality, integrity
and availability
Provides requirements for
integrity of data used to
support Company services
Y
N
Provides requirements for
availability of data used to
support Company services
Y
Provides designs for access
control to data that needs to
be secured for Company
services
Y
SupplierGAP
Y/NInput Output
GAP
Y/NCustomer Input Comments Output Comments
NIncident history and detail
when requested
Monitoring information related
to availability to help resolve
Company incidents
N
N
Satisfaction feedback from
customers on capacity
related incidents and overall
satisfaction with
performance and throughput
quality
Support for incident resolution
as neededN
Status of available capacity N
Y
Frequency and duration of
problems as input to
understanding the quality of
performance and throughput
being delivered
Monitoring information related
to capacity to help resolve
problems
N
Y
Known errors to assist with
performance and throughput
improvements
Support for problem
resolution to identify impact of
capacity failures
N
Y
Problem trends and
information as input for
potential actions to mitigate
Identifies impacts of Known
Errors on capacityY
Identifies capacity related
problemsN
Security
Management
Capacity Management
Incident
Management
Incident
Management
Problem
Management
Problem
Management
Security
Management
Identifies current capacity
status versus planY
Assist with resolution of
known errors related to
performance, capacity and
throughput
N
N
Status of changes being
implemented to improve
performance and throughput
Identifies capacity related
RFCsN
N
RFCs that have been
submitted to improve
performance and throughput
Identify and reviews changes
that impact capacityN
N
RFCs that have been
submitted to assess their
impact on capacity plans
Identify impact of new
resource technologies on
capacity
N
N
Notification of approvals to
proceed with changes to
capacity or to make changes
to the Capacity Plan
Application Sizing results to
be used as input for changesN
N
FSCs to assist with planning
for the implementation of
capacity changes
Y
Post implementation review
results to assess
effectiveness of capacity
changes
Y
Release and rollout plans to
be used as input for
assessment on impacts to
capacity plans, performance
and throughput
Reviews planned and
implemented releases for
impacts on capacity
Y
Review planned releases to
determine if capacity
requirements are being met
Y
Problem
Management
Problem
Management
Change
Management
Change
Management
Release
Management
Release
Management
Application sizing to be used
as input for release
development
N
Y
Configuration Item
information on components
to be used as input for
capacity analysis efforts as
well as planning/design
efforts
Capacity Database CI items Y
Y
Relationships between
configuration items for
systems, resources and
services to assess impacts
of capacity issues and plans
Capacity Plans Y
Y
Historical reports on capacity
levels, monitoring results
and other IT Service
Management functions
which are also CIs
Indication which CIs or set of
CIs may be cause for capacity
issues
Y
YCapacity Data Base (CDB)
CI
Changes to CIs caused by
implementation of capacity
changes
Y
Application sizing related CIs Y
Y
Company service level
requirements that need to be
met for performance and
throughput
Capacity assessment to
determine if requested
service levels for new
Company systems can be
met
N
N
Identification of services to
be provided through the
Company IT Service
Catalog, SLA, OLA and
underpinning contract
configuration items
Provides capacity related
input and/or implements
capacity changes to eliminate
poor Company IT service
quality if capacity related
N
Service Level
Management
Service Level
Management
Configuration
Management
Configuration
Management
Release
Management
Release
Management
N
Initiation of service
improvement actions related
to capacity for Company
services
Initiates demand
management
discussions/options to better
manage and control service
quality when necessary
N
Y
Information to assist
Business Capacity planning
activities
Provides information on
throughput and performance
metrics that support agreed
upon service level targets
Y
N
Information to assist with
Demand management
activities
Draft and/or review service
level requirements that
involve capacity related
service targets
Y
YDesign plans for new
Company services
Application sizing for new
Company applications and
services
Y
N
Availability requirements for
new and existing Company
services
Implementation of tuning and
capacity changes to correct
poor Company service quality
N
N
Timelines for when new
Company services will be in
production to determine
when capacity levels will be
needed
Capacity alternatives to meet
availability requirementsN
Y
Resiliency requirements for
Company services to
determine impacts on
capacity needs
Capacity related thresholds
and alarms that will need to
be monitored to manage
Company service quality
N
NMonitoring requirements for
IT components
Capacity impacts for
component or system failuresY
Y Availability plansCapacity impact analysis for
resiliency optionsY
Service Level
Management
Service Level
Management
Availability
Management
Availability
Management
N
Business continuity plans to
identify what services will be
recovered as input to
capacity planning process
Capacity requirements
needed to meet required
performance and throughput
targets while in recovery
Y
N
Testing requirements and
plans as input to capacity
planning process
Capacity plan to provide input
on capacity levels that must
be maintained during the
recovery period
Y
Y
Identification of costs and
charges for capacity options
chosen or under
consideration
Capacity cost estimates for
new Company services to be
provided
N
Y
Identification of costs or
financial penalties for poor
service quality or
unavailability of Company
services
Usage profiles for Company
IT users to be used as input
for charging
Y
Y Budget and IT financial goals
Modeling and analysis to
predict future capacity costs
to be incurred
Y
Application sizing estimates to
cost out new/changed
enhancements to Company
applications
Y
Capacity plans to help identify
future revenues and costsY
NIncident history and detail
when requested
Monitoring information related
to performance and
throughput to help resolve
incidents
N
Y
Call volumes and operational
metrics to be used as input
for Capacity Plans
Support for incident resolution
as neededN
IT Service
Continuity
Management
IT Service
Continuity
Management
IT Financial
Management
IT Financial
Management
Service Desk Service Desk
Y
Satisfaction feedback from
customers on capacity
related incidents and overall
satisfaction with
performance and throughput
quality
Status of available capacity N
NSecurity policies that must
be adhered to
Review of security
management and control
options selected to ensure
that performance and
throughput required targets
can still be maintained
Y
Y
Security assessment of
impacts from capacity
decisions or plans
Application sizing information
to be used to identify IT
elements that will need to be
considered for security
Y
SupplierGAP
Y/N
GAP
Y/NCustomer Input Comments Output Comments
Y
Resolution and workaround
measures that need to be in
place while operating at
standby facilities
Risk mitigation plans Y
Y
Incident history and detail
related to severe outages
when requested
Conditions under which
recovery actions would have
to be invoked
Y
N
ITSC PlanY
N
Escalation policies for
invoking recovery actions
Y
N
Y
Early warning indication of
potential need to invoke
recovery actions
Reviews Known Errors for
business impact, risk or threatY
Y
Known errors and
workaround measures that
need to be in place while
operating at standby facilities
Escalation policies for
invoking recovery actions
Y
N
IT Service Continuity Management
Incident
Management
Incident
Management
Problem
Management
Problem
Management
Service Desk Service Desk
Security
Management
Security
Management
Y
Problem history and detail
related to severe outages
when requested
Risk mitigation plans Y
Y
Actions taken to resolve
problems that will allow
restoration of services at
primary facilities to begin
Conditions under which
recovery actions would have
to be invoked
Y
N
Y
RFCs and their current
status that need to be
assessed for their impacts
on the ITSC plan and to
keep it current
RFCs for changes to recovery
plansY
Y
Notification of approvals to
proceed with changes to the
ITSC plan
Reviews submitted RFCs for
impact on IT Service
Continuity management
operations and plans
Y
Y
FSCs to be used as input for
determining when changes
will be implemented that
have impact on ITSCM
activities and plans
Ensures implemented
changes incorporated to ITSC
plans have been tested
Y
Y
Post implementation review
results to assess
effectiveness and impacts of
changes on recovery plans
Participates on Change
Advisory Board (CAB) Y
Y
Release and rollout plans to
be used as input for
assessment on impacts to
the ITSC plan, business
impact analysis, risk analysis
and ITSC plan testing
activities
Ensure recovery plans are
maintained to include new
releases as they are
implemented
Y
Problem
Management
Problem
Management
Change
Management
Change
Management
Release
Management
Release
Management
Y
Requirements for
management and operation
of Definitive Hardware
Stores and Definitive
Software Library that need to
be considered as part of the
ITSC plan
Ensure ITSCM requirements
are included with releases as
they are developed and
implemented
Y
Business Impact Analysis and
Risk Assessment results to
be used as input for release
planning and development
Y
YCIs for components that
need to be recoveredITSC Plan Y
Y
CI relationships to ensure all
components needed for
recovery actions have been
considered
ITSC Plan test results Y
Y
CIs used as input for impact
analysis and risk mitigation
and planning efforts
Standby arrangements Y
Y
Business Continuity Plan
and IT Service Continuity
Plans that have been stored
as CIs
Company Business Impact
AssessmentY
Company Risk Analysis Y
Y
N
Company service level
requirements that identify
required timescales for
recovery
Provide feedback on whether
service requirements for
continuity can be provided
Y
N
Y
N
Identification of services to
be recovered through the
Company IT Service
Catalog, SLA, OLA and
underpinning contract
configuration items
Provide Company standard
definition for what conditions
must be in place to invoke
continuity actions
Y
N
YAgreed conditions for
invoking recovery actions
Release
Management
Release
Management
Service Level
Management
Service Level
Management
Configuration
Management
Configuration
Management
Y
N
Identification of Company
vital business functions that
need to be recovered along
with required recovery
timescales
Business continuity plans to
identify how services will be
recovered as input to the
Company availability plan
Y
NAvailability goals and targets
for Company services
Identification of Company
business risks and mitigation
strategies
Y
Y
Availability options to reduce
risks for failure of Company
services to be used as input
to risk assessment activities
Assessment as to whether
recovery actions should be
invoked to restore services
Y
N
Y
Resiliency requirements for
Company services that need
to be provided for
Y
Impacts of non-availability of
Company services that will
be used as input for
Company Business Impact
Analysis efforts
N
Capacity requirements
needed to meet required
performance and throughput
targets while in recovery
Business continuity plans to
identify what services will be
recovered as input to capacity
planning process
N
Y
Capacity plan to provide
input on capacity levels that
must be maintained during
the recovery period
Testing requirements and
plans as input to capacity
planning process
N
Y
Identification of costs for
invoking recovery actions of
Company services
Provide costs to execute
recovery actionsY
Y
Identification of costs or
financial penalties for
unavailability of Company
services to be used as input
for business impact
assessment
Provides costs for testing and
maintaining service continuity
plan
Y
Availability
Management
Availability
Management
Capacity
Management
Capacity
Management
IT Financial
Management
IT Financial
Management
Y
Identification of costs for risk
mitigation items being
considered
Provides costs for risk
mitigation optionsY
NIdentification of costs for
ongoing testing
Assistance with cost
estimates/business impact of
service loss
N
N Budgets and financial targets
N
Charging policies and how
charges may be applied in
the event of that recovery
actions are invoked
Y
Identification of costs for
return to normal state
services
N
Provide single point of
contact if recovery actions
are invoked
Plans and processes for
communicating and
coordinating recovery status
to customers if recovery
actions are invoked
N
Y
Incident history and detail
related to severe outages
when requested
Escalation policies for
invoking recovery actionsN
Provides education and
awareness campaign
information
N
N
Security policies that must
be in effect in the event that
recovery actions are invoked
Business continuity plans to
identify how Company
security requirements will be
maintained during recovery
N
N
Assessment of security
impacts from recovery
options and continuity
strategies under
consideration
Business impact assessment
that outlines Company impact
of service losses
Y
N
Security input to business
impact analysis and risk
analysis activities
Security
Management
Security
Management
IT Financial
Management
IT Financial
Management
Service Desk Service Desk
SupplierGAP
Y/NInput Output
GAP
Y/NCustomer Input Comments Output Comments
YCost impacts for restoring
services and actions taken
Charges for support and / or
resolution processesY
Y
Assessment as to frequency
that incidents will occur to
identify longer term cost
impacts
Budgets and financial targets
for incident management
functions
Y
Feedback on costs for
incident managementY
Y
Cost impacts for handling
known errors and actions
taken
Charges for support and / or
Known Error resolution
processes
Y
Y
Assessment as to frequency
that known errors will occur
to identify longer term cost
impacts
Budget and financial targets
for problem management
functions
Y
YCosts for resolving known
errors (error control)
Feedback on costs for
problem managementY
Identifies cost impacts of
Known ProblemsY
Y
RFCs and FSCs to assess
impact to IT budgets,
charges and costs
Identifies cost impacts for
implementing RFCs being
submitted
Y
Y
Notification of approvals to
proceed with RFC changes
to update budgets and cost
plans and models as needed
RFCs for changes to budgets
and pricing policiesY
Y
Post implementation review
results to assess actual
costs versus planned for
implementing changes
Feedback on costs for
change management
activities
Y
Reviews submitted RFCs for
cost / benefit impactY
IT Financial Management
Incident
Management
Incident
Management
Problem
Management
Problem
Management
Change
Management
Change
Management
Y
Identified costs and / or cost
impacts for implementation
of new releases including
documentation, testing and
training
Identifies cost/benefit impacts
of releasesY
Y
Costs associated with
maintenance and
management of Definitive
Hardware Stores and the
Definitive Software Library
Cost elements to be used as
input for determining
development costs of
releases
Y
Identifies budgets for release
activities Y
Reviews release budgets for
plan versus actualY
Y
CIs for components that
include cost, value and
replacement timeline
information
IT Budgets Y
Y
CIs for components that
include location, condition
and inventory of components
Charging Policies Y
Y
Historical IT financial data,
budgets, reports, charging
policies and customer bills
that have been stored as CIs
Cost categories Y
Y
Costs related to
maintenance and operation
of the Configuration
Management infrastructure
Financial Reports Y
Cost and value of CIs Y
Y
N
Company service level
requirements that need to be
priced and charged for
Costs for providing Company
IT servicesY
Service Level
Management
Service Level
Management
Configuration
Management
Configuration
Management
Release
Management
Release
Management
N
Identification of services to
be provided through the
Company IT Service
Catalog, SLA, OLA and
underpinning contract
configuration items to
provide input for budgeting,
IT accounting and charging
activities
Charges to Company
customers for services
Y
N
Identification of financial
penalties or other charges
that may be levied on
Company IT Service Delivery
related to poor service quality.
Y
Financial Management
budgets and targetsY
Cost and charging input to the
agree process for Company
SLAs, OLAs and UCs
Y
Company charging policiesY
N
Y
Availability design plans for
each Company service that
can be used as input for
identifying IT costs
Identification of costs and
charges for availability options
chosen or under
consideration
N
Y
N
Timelines for when new
Company services will be in
production to determine
when costs will be incurred
Identification of costs or
financial penalties for poor
service quality or unavailability
of Company services
N
Y
Impact of non-availability of
Company services to be
used as input for
determining non-availability
costs
Service Level
Management
Service Level
Management
Availability
Management
Availability
Management
N
Capacity cost estimates for
new Company services to be
provided
Identification of costs and
charges for capacity options
chosen or under
consideration
Y
N
Y
N
Usage profiles for Company
IT users to be used as input
for charging
Identification of costs or
financial penalties for poor
service quality or unavailability
of Company services
Y
Y
N
Modeling and analysis to
predict future capacity costs
to be incurred
Budgets and IT financial goals Y
Y
N
Application sizing estimates
to cost out new / changed
enhancements to Company
applications
Y
Capacity plans to help
identify future revenues and
costs
YProvide costs to execute
recovery actions
Identification of costs for
invoking recovery actions of
Company services
Y
Y
Provide costs for testing and
maintaining service
continuity plan
Identification of costs or
financial penalties for
unavailability of Company
services to be used as input
for business impact
assessment
Y
YProvides costs for risk
mitigation options
Identification of costs for risk
mitigation items being
considered
Y
N
Assistance with cost
estimates / business impact
of service loss
Identification of costs for
ongoing testingN
Budgets and financial targets Y
Charging policies and how
charges may be applied in the
event of that recovery actions
are invoked
N
Capacity
Management
Capacity
Management
IT Service
Continuity
Management
IT Service
Continuity
Management
Identification of costs for
return to normal state
services
Y
Y
Costs for Service Desk
operational infrastructure,
resources and supporting
organization
Budget for operation and
management of Service Desk
functions
Y
Y
Planned staffing levels and
resources as input for
budgets
Charging policies to be
communicated to Company
customers to help resolve
questions and concerns
Y
N
Y
N
Usage of Service Desk
resources as input for
charging
YCustomer questions and
feedback over charges
Y
Costs for maintaining and
operating Company security
management functions
Identification of costs /
penalties for security related
breaches into Company's
customer and operational
data
Y
N Security policyFinancial Management
budgets and targetsY
Identification of costs for
managing and controlling
security of Company
customer and operational
data
Y
Charging policies and
charges to be invoked in the
event of a customer induced
security breach
Y
N
SupplierGAP
Y/NInput Output
GAP
Y/NCustomer Input Comments Output Comments
YIdentifies which CIs are
associated with incidents
Customer feedback on
success level of incident
resolutions
Y
Service Desk
Incident
Mangement
Incident
Mangement
IT Service
Continuity
Management
IT Service
Continuity
Management
Service Desk Service Desk
Security
Management
Security
Management
NIdentifies incident handling
and workaround procedures
Customer feedback on
incident descriptions and
symptoms
Y
N
Identifies service restoration
actions taken after an
incident has occurred
Y
N
Identifies incident resolution
status
Y Identifies Known Errors Incident detail and historyY
N
N
Identifies resolution actions
that were taken to resolve
multiple incidents
Customer feedback on
incident descriptions and
symptoms
Y
NIdentifies problem resolution
status
N
Identifies current status of
changes being applied to the
Company infrastructure
Customer feedback on
Forward Schedule Of
Changes
N
N
Identifies projected service
availability information to be
communicated to Company
customers
Customer feedback on
Planned Schedule of
Availability
N
Y
Identifies current status of
releases being applied to the
Company infrastructure
Identifies cost / benefit
impacts of releasesY
Cost elements to be used as
input for determining
development costs of
releases
Y
Identifies budgets for release
activitiesY
Reviews release budgets for
plan versus actual Y
Incident
Mangement
Incident
Mangement
Problem
Management
Problem
Management
Change
Management
Change
Management
Release
Mangement
Release
Mangement
Configuration
ManagementY
CIs with incident information,
status and history from prior
incidents
Recorded CIs with Company
incident information, history
and current status
YConfiguration
Management
Y SLA targets and thresholds
Assessment of capability to
meet requested service levels
for call handling and response
Y
N
N
Communications on quality
of services being delivered
to customers
Frequency and duration of
incidentsY
NEscalation policies for
incident resolution
Customer feedback on
service quality being deliveredY
N
Service Catalog to
communicate IT services
available to Company
customers
Identification as to whether a
service level has been missed
or not
Y
N
N
Classification and priority
guidelines for recording and
taking actions to resolve
incidents
N
Monitoring information
related to availability to help
resolve company incidents
Incident history and detail
when requestedY
NSupport for incident
resolution as needed
Assessment of capability to
meet requested service levels
for call handling and response
Y
N
Y
Provides planned recovery
processes used to resolve
incidents
Satisfaction feedback from
customers on incidents and
overall service quality
Y
Actions taken to restore
service to customers when
requested
N
N
Monitoring information
related to performance and
throughput to help resolve
incidents
Incident history and detail
when requestedN
Capacity
Management
Service Level
Management
Service Level
Management
Availability
Management
Availability
Management
Capacity
Management
NSupport for incident
resolution as needed
Call volumes and operational
metrics to be used as input
for Capacity Plans
Y
N Status of available capacity
Satisfaction feedback from
customers on capacity related
incidents and overall
satisfaction with performance
and throughput
Y
N
Plans and processes for
communicating and
coordinating recovery status
to customers if recovery
actions are invoked
Provide single point of contact
if recovery actions are
invoked
N
NEscalation policies for
invoking recovery actions
Incident history and detail
related to severe outages
when requested
Y
N
Provides education and
awareness campaign
information
Y
Budgets for operation and
management of Service
Desk functions
Costs for Service Desk
operational infrastructure,
resources and supporting
organization
Y
N
Charging policies to be
communicated to Company
customers to help resolve
questions and concerns
Planned staffing levels and
resources as input for
budgets
Y
Usage of Service Desk
resources as input for
charging
N
Customer questions and
feedback over chargesN
Y
N
Security policies to be
communicated to customers
Incident history and detail
when requested for security
related incidents
N
Capacity
Management
Security
Management
Security
Management
Capacity
Management
IT Service
Continuity
Management
IT Service
Continuity
Management
IT Financial
Management
IT Financial
Management
N
Processes and procedures
for handling common
security requests that do not
involve hardware or software
changes
Customer feedback on
service quality related to
security and security policies
in place
Y
N
Escalation policies for
handling security related
incidents
SupplierGAP
Y/NInput Output
GAP
Y/NCustomer Input Comments Output Comments
N
Incident history and detail
when requested for security
related incidents
Company security policies
N
N
Frequency of security related
incidents
Processes and procedures for
handling common security
requests
Y
N
Actions and workarounds
taken to restore services that
have been compromised by
security related incidents
Escalation policies for
handling security related
incidents N
YKnown errors related to
security
Company security policiesN
Y
Actions taken to resolve
security related known errors
Escalation policies for
handling security related
problems
N
Y
RFCs to assess impacts of
changes on security
RFCs for security policy and
process documentation
changes
Y
Y
Notification of approvals to
proceed with planned RFC
changes related to security
or to modify the Company
Security Policy
Y
FSCs to be used as input for
review of scheduled changes
against security plans and
policies
Problem
Management
Change
Management
Security
Management
Security
Management
Change
Management
Security Management
Incident
Management
Incident
Management
Problem
Management
Y
Post implementation review
results to assess
effectiveness of security
changes
Y
Release plans and schedule
status to determine impact
on security policies and
plans
Security Policies to be used
as input for release design
and implementationN
N
Validation that implemented
releases do not compromise
security policies and plans
Establishment of appropriate
security access needed to
implement releasesN
N
Security access
requirements that need to be
provided for to allow release
activities to take place
Establishment of appropriate
security access and policies
needed to control Definitive
Hardware Store (DHS) and
Definitive Software Library
(DSL)
Y
Y
CIs that need to be under
control for confidentiality,
integrity and access
Company Security Policies
N
N
Historical reports on security
breaches and status as well
as security policies which
are stored as CIs
Indication of which CIs should
be protected
Y
Y
CI relationships that need to
be considered for impact on
security
Confidentiality, Integrity and
Availability policies for the
CMDB
Y
Y
Company service level
requirements that need to be
met for confidentiality,
integrity and availability of
Company data
Assessment of capability to
meet Company SLRs that are
security related Y
Change
Management
Release
Management
Release
Management
Change
Management
Service Level
Management
Service Level
Management
Configuration
Management
Configuration
Management
N
Identification of services to
be provided through the
Company IT Service
Catalog, SLA, OLA and
underpinning contract
configuration items
Security policies that must be
adhered to
N
N
Initiation of service
improvement actions related
to security for Company
services
N
Provides requirements for
confidentiality of Company
data for new and existing
services
Security policy that identifies
security requirements that
must be incorporated into
availability designs
N
N
Provides requirements for
integrity of data used to
support Company services
Assessment of availability
designs to ensure they meet
Company requirements for
data confidentiality, integrity
and availability
N
N
Provides requirements for
availability of data used to
support Company services
N
Provides designs for access
control to data that needs to
be secured for Company
services
N
Review of security
management and control
options selected to ensure
that performance and
throughput required targets
can still be maintained
Security policies that must be
adhered to
N
Service Level
Management
Service Level
Management
Availability
Management
Availability
Management
Capacity
Management
Capacity
Management
N
Application sizing
information to be used to
identify IT elements that will
need to be considered for
security
Security assessment of
impacts from capacity
deCIsions or plans N
N
Business continuity plans to
identify how Company
security requirements will be
maintained during recovery
Security policies that must be
in effect in the event that
recovery actions are invoked
N
Y
Business impact
assessment that outlines
Company impact of service
losses
Assessment of security
impacts from recovery options
and continuity strategies
under consideration
N
Security input to business
impact analysis and risk
analysis activities
N
Y
Identification of costs /
penalties for security related
breaches into Company's
customer and operational
data
Costs for maintaining and
operating Company security
management functions Y
YFinancial Management
budgets and targets
Security policyN
Y
Identification of costs for
managing and controlling
security of Company
customer and operational
data
N
Charging policies and
charges to be invoked in the
event of a customer induced
security breach
N
Incident history and detail
when requested for security
related incidents
Security policies to be
communicated to customers N
Service Desk Service Desk
Capacity
Management
Capacity
Management
IT Service
Continuity
Management
IT Service
Continuity
Management
IT Financial
Management
IT Financial
Management