Provider Best Practices
|
|
- Moses Sparks
- 6 years ago
- Views:
Transcription
1 Overview The Provider Best Practices framework includes elements across five key dimensions (financial, organizational, operational, program management, and technology), and describes proposed best practices for each. As a part of ProviderStat 2017 providers will complete a self-assessment based on this document. This document is inclusive of best practices throughout the provider lifecycle and, hence, some of the elements may be more applicable and significant depending on a provider s strategic plan (e.g., taking on new customers, becoming a new provider). As a provider completes its self-assessment, it can comment/explain on particular element s applicability/significance based on its strategic plan and/or decisions of its governance board/customers. Provider performance against standard operational performance measures and a standard customer satisfaction survey is captured in another part of the ProviderStat framework outside of the Provider Best Practices document. The scope for the annual ProviderStat meeting is inclusive of all three areas. Applying Best Practices Providers will complete a four-point self-assessment of each element of the framework as a part of ProviderStat Italicized language references how the best practices should be assessed. The four point assessment is defined as follows: 1 Does not meet (none of the bulleted items within that element are satisfied) 2 Partially meets (half or fewer than half of the bulleted items within that element are satisfied) USSM_Version 1.0_December 2,
2 3 Substantially meets (more than half of the bulleted items within that element are satisfied) 4 Fully meets (all of the bulleted items within that element are satisfied) Categories Elements Financial 4 Organization 5 Operations 7 Program Management 4 Technology 9 Provider Best Practices Financial Funding sources and service costing/pricing methodologies Element Funding mechanisms Best Practices (assessment method) Has a Revolving Fund that allows for the collection of an operating reserve without fiscal year limitations (Review fund authorizing language, agency legal interpretation, and Annual Operating Plans) Sufficiently funded to support strategic plan initiatives (review initiatives in Strategic Plan against reserves and capital investment plan) Documentation/process to show that investments have been used as planned (documented process to demonstrate use of investment funds) Draft Inter Agency Agreements (IAAs) delivered to customers by June for following year. Actively support customers with questions and processes to ensure IAAs are executed timely (Percentage of IAAs in place by USSM_Version 1.0_December 2,
3 Capital investment plan Costs/Pricing October 1) All services provided to the provider by the home agency must be funded/documented by IAA (IAAs with Parent Agency) Capital investment plan exists and maps clearly to strategic plan (review strategic plan and capital investment plans) Capital needs are documented in Major IT Business Case or Agency IT Portfolio Summary documentation along with appropriate sources of funds (budget submission, Agency IT Portfolio Summary, and Major IT Business Case) Customers pricing, is stable without major unplanned variances across years (variance of customer prices year-over-year for comparable services) Transparent pricing methodology for customers (Annual Operating Plans, customer invoices, customer satisfaction surveys) Costing tool or methodology allows for inputs/services to create service packages (or the equivalent) for customers/potential customers (review costing methodology) Accounting, Auditing and Financial Reporting of the Provider * Service Packages establish the basis to identify what functions and activities a customer will receive from a provider. They include all relevant pieces needed to deliver and price the function/activity. Controls for Anti-Deficiency Act violations, funds expiration (Budget Execution/Funds Control Policy) Independent auditing plan (e.g., SSAE 16) Demonstrates effective management and timely closure of corrective actions arising from provider audit findings and recommendation (e.g., annual POAM report) Maintains no material weaknesses in their internal controls or system configurations that contribute to customer audit deficiencies (e.g., SSAE 16) USSM_Version 1.0_December 2,
4 Organization Governance, stakeholder engagement, organizational capacity, strategy, and personnel skillsets/experience Element Staffing Customer engagement Best Practices (assessment method) Must have a documented HR strategy to maximize the value of a blended workforce (incl. use of contractors, FTE, temporary hires, etc.) and ensure needed skill sets are readily available to meet current and anticipated/expected customer load (review of HR strategy documents) The HR strategy must include providing the necessary training and development to ensure personnel are focused on a customer-centric and customer service perspective (review customer satisfaction metrics related to provider employee knowledge and helpfulness) Distinct integration/implementation team exists (review of organizational charts) Customer relationship management strategy allowing for provider to interact with customers either face to face or virtually on a recurring basis (review of organizational charts and geographic distribution of staff; customer engagement strategy/plan) Staff with appropriate certifications (e.g., PMP) commensurate with current and anticipated needs (review of current certifications compared to current and upcoming customers/projects) Provider has certifications (at the organization level) that align with service offerings (review of current certifications versus service offerings) To the extent feasible based on customer requirements defined in the M3 process, provider has a formal process to document identified gaps between customer requirements and the current configuration and works with the customer to develop a plan for them to be addressed (assessed via M3 tollgates) Providers have formal processes for the routine evaluation of functionality that customers/potential USSM_Version 1.0_December 2,
5 Governance & change engagement (e.g., adding/losing customers, changing service offerings, upgrading technology) customers request and an internal decision-making process for addressing those requirements (or not) (assessed via M3 tollgates) Provider works collaboratively with customers to identify and capture the appropriate performance metrics and targets (service level agreements include customer defined performance measures with associated targets) Defined escalation process exists which includes target response times for resolution as well as assigned executive level customer relationship managers for major customers (review of SLAs and escalation processes) Customers are provided the opportunity to formally review and provide input on strategic decisions as needed and decisions that impact daily operations (review of customer meeting minutes) Process exists to assess the impact of adding new customers and impacts are communicated to governance board, parent agency and existing customers (review of governance board and existing customer meeting minutes) An orderly and disciplined approach to managing, controlling, and documenting proposed or actual system and/or operational changes exists and evidence exists that the plan is adhered to (Existence of a change control plan, CCB board, CCB charter, recent meeting minutes, and change control system/log) Change control board includes customer (Documentation that evidences customer as voting member on change control proceedings and decisions) Inclusion of Cyber Security considerations in the change control process (Review charter or other documentation that includes of the impact change control process on cybersecurity, security controls, and resultant vulnerabilities) Communication of service changes is forward looking and intentional (documentation of change control USSM_Version 1.0_December 2,
6 procedures that include steps for communications both with customers and internal to the provider) Human capital management Strategic thinking Staffing strategies are aligned with current/future needs of provider to ensure ongoing support for current customers while onboarding new customers (review of HR strategy and staffing plans compared to current and anticipated customer load) Performance metrics for staff and contractors are linked to strategic goals of the provider (review of staff performance plans and contracts) Comprehensive onboarding/training practices for new staff directed towards ensuring personnel have a customer-centric and customer service orientation (review of onboarding process and materials) Employees at providers are satisfied at work (review of EVS Satisfaction and Work Experience indices against government average) Provide ongoing employee training and enhancement opportunities (Training Plan/Strategy) Provider has a strategic plan which includes performance metrics and targets (review of strategic plan) Strategic plan articulates a vision for measurable and continuously improving shared service offerings or operations (review of vision statement) Strategic plan articulates an ongoing strategy to upgrade and modernize provider offerings, which includes allocation of funding and resources to conduct proof of concepts, pilots, and migrations to new technologies (review of strategic plan) Provider measures its own progress towards achieving goals in its strategic plan (quarterly review of strategic plan or operating plan) Strategic plan is socialized with customers and employees (review of governance board minutes and EVS USSM_Version 1.0_December 2,
7 questions: 56. Managers communicate the goals and priorities of the organization, 57. Managers review and evaluate the organization's progress toward meeting its goals and objectives and 12. I know how my work relates to the agency's goals and priorities Operations Transition, operations, support services, maintenance and recovery Element Best Practices (assessment method) SLA Management Service Level Agreement (SLA) metrics to be reviewed annually and adjusted in concert with SLA changes and pricing (Documentation of SLAs and pricing in IAAs, customer survey responses) SLA metric results are tracked at an individual customer basis and are available and shared with customers at least monthly (Documentation that evidences individual SLA reporting and transparency to customers on an at least monthly basis) Alignment with ProviderStat standard KPIs (Delivery of KPI results requested in ProviderStat) Service Desk Support Provider uses a per incident, transactional surveying mechanism to allow for anonymous scoring by users of service desk resolutions (documentation that demonstrates incident based surveying mechanism) Service desk resolutions are meaningful and useful to users (Demonstration of incident aggregated survey results that demonstrates 90% or greater resolutions at 80% or better satisfaction e.g. 4 out of 5 or better on a 5 point scale) Provider has implemented service desk system enabling customers to transparently assess current state of requests, comportment to relevant SLA, escalation/contact information, and periodic reporting (evidence of provider service desk system enabling transparency into request status) COOP/Business Continuity Plan COOP systems failover capabilities include ability to meet Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) based on documented customer agreements and at least annual testing of USSM_Version 1.0_December 2,
8 Quality/Process Management failover to alternative data centers or cloud. Annual COOP testing that includes coordination with customers. (Documentation of COOP activities ( or a COOP score* by FEMA) that addresses 13 elements - Program Plans & Procedures, Risk Management, Budgeting/Acquisition, Essential Functions, Succession, Delegation of Authority, Continuity of Facilities, Communications, Records Management, HR, Test/Training/Exercise, Devolution of Control, Reconstitution) * A COOP score as determined through Continuity Evaluation Tool by the FEMA National Continuity Program (NCP). It is recognized that the provider s COOP score may be rolled up into the Parent Agency s score at this time due to current policy. As applicable, provider should indicate if it has another way of documenting its COOP activities Organization holds an industry accepted certification in quality or process management (examples include ISO 9001/Baldridge or CMMI) (Documentation of active certification) Transactions are audited for quality on a regular basis by an independent entity (SSAE 16) Release management Release management process that deliberately engages customer in release preparedness and communications (Documentation of release management procedures that include steps for communications both with customers and internal to the provider. Procedures may, but are not limited to including, testing and training prior to the release) Records management/discovery Has a records management strategy and implemented solution that comports to records schedule of customers (Documentation, including procedures, agreements that memorialize the existence of records management capability) Compliant with records management laws and regulations, clear road map, tracking, and execution for compliance of permanent agency records by 2019 in accordance with M (documentation of compliance to or project leading to appropriate levels of compliance over time with M-12-18) USSM_Version 1.0_December 2,
9 Data management Compliance with OMB requirements such as M-13-3 and A-130 on appropriate data management throughout the information life cycle and management of information as an asset. Compliance with relevant Data Act requirements. Enables customer data to be segmented appropriately for the purposes of auditing, discovery, and litigation activity (Policy, Guidelines, Templates for Data Quality, Data Strategy, and Platform solutions that aid in establishing data management maturity) Data is used as an asset within the provider and similarly available to customers in a manner that increases mission return on investment by becoming more efficient with data management and analysis (Data Management Strategy that establishes a vision for the strategic use of data, customer satisfaction with the use of data and information as an asset in driving decision making) USSM_Version 1.0_December 2,
10 Program Management Compliance with government laws/regulations/policies/guidance and effective program/project management when undertaking improvement projects, major upgrades and/or new customer implementations Element Mature Project Management Processes (for migrations and modernizations) Performance Management Best Practices (assessment method) Follows a generally recognized project management approach (e.g. PMBOK, ITIL) (Program Management Plan) Provider Risk management processes consistent with best practices 1 (Risk Management Plan, NIST SP and/or SP managing information security risk at three distinct tiers the organization level, mission/business process level, and information system level) Providers cost management practices consistent with best practices (Change Control - Business Case Analysis processes) Providers schedule management practices consistent with best practices for M3 for integration (documenting results of control gates) (Schedule Management Plan) Compliance with SLAs for operational performance (Dashboard Reports) Variances to Cost, Schedule, and Performance kept within acceptable tolerances as defined in the Program Management Plan (Dashboard Reports) Testing process includes Developer, Unit, End to End, System Acceptance, and User acceptance testing that is well defined (who, what, when, how, where) and documented (Test Plan) Full life-cycle inclusion of cybersecurity requirements in program management processes (A Program Management Plan that integrates NIST Risk Management Framework ) Continuous Improvement Plan exists (Continuous Improvement Plan) Designated responsible and accountable individual(s) are identified for performance accountability 1 As identified in the Project Management Body of Knowledge (PMBOK) guide. USSM_Version 1.0_December 2,
11 Implementation Guidance Program Management (all phases of M3) (Staffing Plan) Meets ProviderStat timeline and resolves action items within given deadlines (ProviderStat meeting) Shows consistent improvement or continuous high level of performance in Provider Performance Assessment (PPA) results (PPA results high level of performance is the highest rating possible in the PPA) Researches benchmarking data available to the Program Management community and performs selfassessment against benchmarking data in order to identify improvement opportunities (Project Review Report) Has documented customer engagement process that follows M3 (Program/Project plan) Works with customer to integrate project management processes (Integrated Governance) Follows M3 (participates in Phase 2 and subsequent tollgates; maps existing documentation to M3 deliverables) Consistently Documents Risks, Action Items, Issues and Decisions (Risk Logs/RAID Logs) Consistently follows the Risk Management Plan (Risk meeting minutes; updates to risk mitigation strategy and documented action items) Monitors the program costs (Dashboard Review) Consistently manages the Integrated Master Schedule (IMS) and analyzes impact to downstream activities (Dashboard; timely updates to schedule, clearly defined critical path) Test Results documented against requirements and validated for accuracy and completeness (Test Results Report/RTM) USSM_Version 1.0_December 2,
12 Technology - System tools and processes, facilities and security Best Practices (assessment method) Provider Best Practices Full Life Cycle Technology Management and Modernization Software/Sys Alignment to Requirements Provider has established and adheres to systems development and technology modernization planning and execution. Provider leverages approaches such as System/Software Development Lifecycle (SDLC) and Agile with appropriate feedback loops for self-assessment and continuous improvement (Documentation of Provider Modernization strategy and/or plan) Provider s solutions/systems adhere to Federal Functional Requirements and outcomes established by applicable line of business. (System/Solution documentation of requirements that establish traceability back to line of business outcomes and requirements) Privacy Policy, Procedures Established Privacy Management program, customer level protection of data through mechanisms such as logical/physical data segmentation and/or appropriate security controls and auditing (Documentation that demonstrates Privacy Mission Statement, Privacy framework, periodic review by Privacy Officer, Privacy metrics, compliance with relevant NIST Guidance ( , , ) and Privacy awareness training by a designated percentage of Provider staff) Authority to Operate Provider has Authority to Operate that comprehensively includes Security Plan, Security Assessment Report, and Plan of Action and Milestones (review ATO documentation completed by an independent 3 rd party within the last 3 years or after major changes to Provider Distributed Computing environment) Provider ATO should include the following [FedRAMP and NIST] documentation: Data Center and/or Cloud Operations Provider has established data center operations plan and road map that includes consideration of goals outlined in M-16-19, as well as scalability through virtualization/cloud, energy efficiency, climate USSM_Version 1.0_December 2,
13 control, physical and logical security, and redundant power management such that overall availability of data center services to customers performed at 99.9% in its most recent year. Providers (Documentation of annual performance metrics and data center operations documentation in accordance with M-16-19) Enterprise Architecture Provider executes deliberate approach to management of their Enterprise Architecture Model in a manner that comports to Federal enterprise architecture guidelines to include consideration for each of Performance Reference Model (PRM), Business Reference Model (BRM), Data Reference Model (DRM), Application Reference Model (ARM), Infrastructure Reference Model (IRM), Security Reference Model (SRM). (Review documentation of provider s approach to Enterprise Architecture management) Environmental Segmentation A production environment logically and physically separate from development, test, and/or preproduction environments such that changes, updates, and other modifications will not compromise the integrity of production operations. (Documentation of production environment validating logical and physical separation from other test and development environments) Interoperability Provider has established interoperability between solutions and systems within own environment and has mechanisms for the secure electronic exchange of data with customers, across functional areas and other stakeholders. System interconnection agreements and controls actively managed and coordinated with customers and compliant with (Enterprise architecture map) Security NIST Risk Management Framework (800-37) implemented to promote a comprehensive, organizationwide view of risk considerate of strategic objectives, priorities and stakeholder interests. (Demonstrates alignment of RMF planning to relevant legislation, directives and policy. Clearly defined organization roles in Provider RMF; Provider alignment to 6 Stages of RMF Lifecycle Categorize, Select, Implement, Assess, Authorize, and Monitor; objective review of most recent 3 years of IG Audit/Evaluation findings USSM_Version 1.0_December 2,
14 as they relate to Provider Cybersecurity) System categorization based on data and systems sensitivity (Documentation of information system categorization that comports to standards set forth in FIPS-199 and FIPS-200) Security Controls appropriately available and actively managed commensurate to data sensitivity (Evidence of 18 control families identified in NIST SP Appropriate controls, processes, responsibilities, and reporting identified in System Security Plan NIST SP ) Continuous monitoring program inclusive of 6 monitoring phases - Define, Establish, Implement, Analyze/Report, Respond, and Review/Update (Documentation compliant with NIST indicating participation in a continuous monitoring program that identifies security metrics, risk tolerance thresholds, is holistically inclusive of IT assets, tracks threats/vulnerabilities and is integrated into change control across 6 ISCM phases) Integrated Security considerations into SDLC and other Project Management Methodologies (Review of documentation and evidence related to NIST with respect to Security integration into 6 phases of SDLC - Initiation, Development/Acquisition, Implementation/Assessment, Operations and Maintenance, Disposal) Assessment planning and processes include implementation and blending of examine, interview, and test methodologies outlined in NIST guidance (Documentation that reflects test and assessment processes comport to NIST A and ) Plan of Action and Milestone (POAM) process inclusive of customer in awareness and review (Review of POAM log, meeting minutes that indicate customer involvement in POAM review) Security Training Provider staff appropriately trained on Annual Cybersecurity Awareness training and Role-Based Training (Most recent year course completion certifications or documentation for all Provider staff, and for those staff subject to role-based training requirements) System decommissioning /disposal meets requirements commensurate to data sensitivity (Documentation of system decommissioning/disposal procedures and evidence past disposal activities USSM_Version 1.0_December 2,
15 hard drive shredding, ) A holistic exfiltration and data loss prevention capability (Evidence of reporting, procurements, and procedures specifically aimed at employing the prevention, detection, and reporting of data loss and exfiltration through mechanisms such as detachable devices, network/internet, and pattern-behavior anomalies) USSM_Version 1.0_December 2,
PART THREE: Work Plan and IV&V Methodology (RFP 5.3.3)
PART THREE: Work Plan and IV&V Methodology (RFP 5.3.3) 3.1 IV&V Methodology and Work Plan 3.1.1 NTT DATA IV&V Framework We believe that successful IV&V is more than just verification that the processes
More informationLIST OF TABLES. Table Applicable BSS RMF Documents...3. Table BSS Component Service Requirements... 13
General Services Administration NS2020 Enterprise Infrastructure Solutions EIS RFP #QTA0015THA3003 Volume 2: Management BSS Risk Management Framework Plan LIST OF TABLES Table 8.2-1. Applicable BSS RMF
More information3 PART THREE: WORK PLAN AND IV&V METHODOLOGY (SECTION 5.3.3)
3 PART THREE: WORK PLAN AND IV&V METHODOLOGY (SECTION 5.3.3) Emagine IT s approach to Independent Verification and Validation (IV&V) has been shaped over the years by hands-on experience and contributions
More informationINFORMATION SERVICES FY 2018 FY 2020
INFORMATION SERVICES FY 2018 FY 2020 3-Year Strategic Plan Technology Roadmap Page 0 of 14 Table of Contents Strategic Plan Executive Summary... 2 Mission, Vision & Values... 3 Strategic Planning Process...
More informationSOLUTION BRIEF RSA ARCHER PUBLIC SECTOR SOLUTIONS
RSA ARCHER PUBLIC SECTOR SOLUTIONS INTRODUCTION Federal information assurance (IA) professionals face many challenges. A barrage of new requirements and threats, a need for better risk insight, silos imposed
More informationTrusted by more than 150 CSPs worldwide.
RAID is a platform designed for Communication Service Providers that want to leverage their data assets to improve business processes and gain business insights, while at the same time simplify their IT
More informationInformation Technology Services Project Management Office Operations Guide
Information Technology Services Project Management Office Operations Guide Revised 3/31/2015 Table of Contents ABOUT US... 4 WORKFLOW... 5 PROJECT LIFECYCLE... 6 PROJECT INITIATION... 6 PROJECT PLANNING...
More informationCMMI Project Management Refresher Training
CMMI Project Management Refresher Training Classifica(on 2: Foxhole Technology Employees Only RMD 032 Project Management Refresher Training Course September 21, 2017 Version 1.0 The Process Approach The
More informationPassit4Sure.OG Questions. TOGAF 9 Combined Part 1 and Part 2
Passit4Sure.OG0-093.221Questions Number: OG0-093 Passing Score: 800 Time Limit: 120 min File Version: 7.1 TOGAF 9 Combined Part 1 and Part 2 One of the great thing about pass4sure is that is saves our
More informationAn Overview of the AWS Cloud Adoption Framework
An Overview of the AWS Cloud Adoption Framework Version 2 February 2017 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes
More informationOffice of Information Technology (OIT) Strategic Plan FY
Office of Information Technology (OIT) Strategic Plan FY 2018 2022 Office of Information Technology - Vision, Mission, Pillars, and Values Vision Statement Boise State is a center for innovation, learning
More informationSelf-Assessment for the CoSN Certified Education Technology Leader (CETL ) Certification Exam
Self-Assessment for the CoSN Certified Education Technology Leader (CETL ) Certification Exam COSN s Self-Assessment will help you determine your readiness for the CETL certification exam. It can also
More informationThis resource is associated with the following paper: Assessing the maturity of software testing services using CMMI-SVC: an industrial case study
RESOURCE: MATURITY LEVELS OF THE CUSTOMIZED CMMI-SVC FOR TESTING SERVICES AND THEIR PROCESS AREAS This resource is associated with the following paper: Assessing the maturity of software testing services
More informationITIL: Planning, Protection & Optimization Course 02 Planning, Protection & Optimization
ITIL: Planning, Protection & Optimization Course 02 Planning, Protection & Optimization Course Slide 1 Planning, Protection & Optimization Topics Covered Learning Objectives Terms-to-Know Introduction
More informationE-vote SSA-V Appendix 2 Contractor Solution Specification Project: E-vote 2011
E-vote 2011 SSA-V Appendix 2 Contractor Solution Specification Project: E-vote 2011 Change log Version Date Author Description/changes 0.1 26.10.09 First version Page 1 CONTENT 1. SERVICE MODEL 3 1.1.
More informationPass4sure.ITIL-F.347.QA
Pass4sure.ITIL-F.347.QA Number: ITIL-F Passing Score: 800 Time Limit: 120 min File Version: 19.1 http://www.gratisexam.com/ ITIL-F.EN.dat ITIL Foundation Enjoy the real success with nicely written Questions
More informationCHAPTER 1 Introduction
CHAPTER 1 Introduction The Standard for Program Management provides guidelines for managing programs within an organization. It defines program management and related concepts, describes the program management
More informationWORK PLAN AND IV&V METHODOLOGY Information Technology - Independent Verification and Validation RFP No IVV-B
1. Work Plan & IV&V Methodology 1.1 Compass Solutions IV&V Approach The Compass Solutions Independent Verification and Validation approach is based on the Enterprise Performance Life Cycle (EPLC) framework
More informationThe Basics of ITIL Help Desk for SMB s
The Basics of ITIL Help Desk for SMB s This three-step process will provide you the information necessary to understand ITIL, help you write your strategic IT plan and develop the implementation plan for
More informationCompetency Area: Business Continuity and Information Assurance
Competency Area: Business Continuity and Information Assurance Area Description: Business Continuity and Information Assurance competency area mainly concerns the continuity, auditing and assurance of
More informationIT Strategic Plan Portland Community College 2017 Office of the CIO
IT Strategic Plan Portland Community College 2017 Office of the CIO 1 Our Vision Information Technology To be a nationally recognized standard for Higher Education Information Technology organizations
More informationPart 0: Overview and vocabulary
Edition 2016 Version 2.4 This work is licensed under a Creative Commons Attribution 4.0 International License. www.fitsm.eu Document control Document Title Part 0: Overview and vocabulary Document version
More informationCMMI-DEV V1.3 CMMI for Development Version 1.3 Quick Reference Guide
processlabs CMMI-DEV V1.3 CMMI for Development Version 1.3 Quick Reference Guide CMMI-DEV V1.3 Process Areas Alphabetically by Process Area Acronym processlabs CAR - Causal Analysis and Resolution...
More informationCarahsoft End-User Computing Solutions Services
Carahsoft End-User Computing Solutions Services Service Description Horizon View Managed Services Gold Package Managed Services Packages Options # of Desktops to be Managed Desktop Type Duration of Services
More informationSOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER
EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER ARRIVAL OF GDPR IN 2018 The European Union (EU) General Data Protection Regulation (GDPR), which takes effect in 2018, will bring changes
More informationGOVERNANCE AES 2012 INFORMATION TECHNOLOGY GENERAL COMPUTING CONTROLS (ITGC) CATALOG. Aut. / Man. Control ID # Key SOX Control. Prev. / Det.
GOVERNANCE 8.A.1 - Objective: Information Technology strategies, plans, personnel and budgets are consistent with AES' business and strategic requirements and goals. Objective Risk Statement(s): - IT Projects,
More informationCIP Cyber Security Security Management Controls
A. Introduction 1. Title: Cyber Security Security Management Controls 2. Number: CIP-003-5 3. Purpose: To specify consistent and sustainable security management controls that establish responsibility and
More informationTranslate stakeholder needs into strategy. Governance is about negotiating and deciding amongst different stakeholders value interests.
Principles Principle 1 - Meeting stakeholder needs The governing body is ultimately responsible for setting the direction of the organisation and needs to account to stakeholders specifically owners or
More informationPortfolio Marketing. Research and Advisory Service
Portfolio Marketing Research and Advisory Service SiriusDecisions Team Jeff Lash VP and Group Director, Go-to-Market Christina McKeon Service Director, Portfolio Marketing Tyler Anderson Team Leader, Account
More informationCMMI-SVC V1.3 CMMI for Services Version 1.3 Quick Reference Guide
processlabs CMMI-SVC V1.3 CMMI for Services Version 1.3 Quick Reference Guide CMMI-SVC V1.3 Process Areas Alphabetically by Process Area Acronym processlabs CAM - Capacity and Availability Management...
More informationService Desk Certification YOUR ESSENTIAL HANDBOOK
Service Desk Certification YOUR ESSENTIAL HANDBOOK COPYRIGHT NOTICE The trade mark SDI Logo is a registered trade mark of Customers International Ltd. Please see the list of countries where the trade mark
More informationPMI Scheduling Professional (PMI-SP)
PMI Scheduling Professional (PMI-SP) E X A M I N AT I O N CO N T E N T O U T L I N E Project Management Institute PMI Scheduling Professional (PMI-SP) Exam Content Outline Published by: Project Management
More informationNotice is hereby given of the following changes to the above-referenced SOLICITAITON:
FLORIDA DEPARTMENT OF TRANSPORTATION Procurement Office 605 Suwannee Street, MS 20 Tallahassee, Florida 32399-0450 Phone: (850) 414-4381 Fax: (850) 414-4951 ADDENDUM NO. 2 DATE: May 10, 2016 RE: BID #:
More informationUnleashing the Enormous Power of Call Center KPI s. Call Center Best Practices Series
Unleashing the Enormous Power of Call Center KPI s Call Center Best Practices Series 27 Years of Call Center Benchmarking Data Global Database More than 3,700 Call Center Benchmarks 30 Key Performance
More informationEXIN ITIL Exam Questions & Answers
EXIN ITIL Exam Questions & Answers Number: ITIL Passing Score: 800 Time Limit: 120 min File Version: 37.4 http://www.gratisexam.com/ EXIN ITIL Exam Questions & Answers Exam Name: ITIL V3 Foundation Exam
More informationAt the Heart of Connected Manufacturing
www.niit-tech.com At the Heart of Connected Manufacturing Transforming Manufacturing Operations to Drive Agility and Profitability The success of the new manufacturing network hinges on the agility of
More informationSYSTEM MODERNIZATION BEST PRACTICES
tl SYSTEM MODERNIZATION BEST PRACTICES SYSTEM MODERNIZATION WORKING GROUP C1 5912-C aamva_systemmodernization_dvd_insert.indd 1 6/7/17 11:01 AM System Modernization Best Practices provides a roadmap to
More informationZurich Financial Services & AMS. An evolving partnership. April Samulewicz. Mark Smith. Global Head of Talent Attraction & Recruitment CoE
Zurich Financial Services & AMS An evolving partnership April Samulewicz Global Head of Talent Attraction & Recruitment CoE Zurich Mark Smith Client Relationship Director Alexander Mann Solutions Alexander
More informationSOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER
EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER ARRIVAL OF GDPR IN 2018 The European Union (EU) General Data Protection Regulation (GDPR) that takes effect in 2018 will bring changes for
More informationImplementing ITIL Best Practices
REMEDY WHITE PAPER Implementing ITIL Best Practices Mapping ITIL to Remedy Applications WHITE PAPER Table of Contents Introduction.................................................................... 1
More informationHow to Drive Business Value with Capacity Management
How to Drive Business Value with Capacity Management 18 July 2017 Your Presenter Jim Smith The Building Blocks Executive Buy-in Benefits realization Assessment Roles and responsibilities Strategy Toolset
More information1010 La Trobe Street Docklands Victoria
Position description Position Group Reports to Location Service Desk Administrator Telecommunications IT Service Delivery Manager 1010 La Trobe Street Docklands Victoria Date 2018 Our organisation VicTrack
More informationExecutive Steering Committee Meeting. Department of Revenue Building 2, Room 1250 July 27, 2016
Executive Steering Committee Meeting Department of Revenue Building 2, Room 1250 Roll Call and Opening Remarks Facilitator: Robert (Budd) Kneip, Chair Review of June 2016 Meeting Minutes Facilitator: Robert
More informationEnterprise Risk Management Program Development Update. Finance & Audit Committee Meeting September 25, 2015
Enterprise Risk Management Program Development Update Finance & Audit Committee Meeting September 25, 2015 Enterprise Risk Management Presentation Topics Enterprise Risk Management ( ERM ) Overview Lead
More informationITIL from brain dump_formatted
ITIL from brain dump_formatted Number: 000-000 Passing Score: 800 Time Limit: 120 min File Version: 1.0 Экзамен A QUESTION 1 Which role is responsible for carrying out the activities of a process? A. Process
More informationAudit of Human Resources Planning
Health Canada Santé Canada Final Audit Report Audit of Human Resources Planning March 2012 Table of Contents Executive summary... i 1. Introduction... 1 1.1 Background... 1 1.2 Audit objective... 2 1.3
More informationPINK ELEPHANT THOUGHT LEADERSHIP WHITE PAPER. Identifying & Implementing Quick Wins
PINK ELEPHANT THOUGHT LEADERSHIP WHITE PAPER Identifying & Implementing Quick Wins Executive Summary One of the goals of IT Service Management (ITSM) is to identify and implement improvement opportunities
More informationSunGard: Cloud Provider Capabilities
SunGard: Cloud Provider Capabilities Production and Recovery Solutions for Mid-Sized Enterprises www.sungardas.com Agenda Our Mission Use Cases Cloud Strategy Why SunGard 2 Our Mission Enable mid-sized
More informationReengineering your core processes and service layer A critical digital ecosystem enabler
Reengineering your core processes and service layer A critical digital ecosystem enabler Stéphane Hurtaud Partner Cybersecurity Leader Deloitte Jesper Nielsen Director Technology & Enterprise Application
More informationITIL CSI Intermediate. How to pass the exam
ITIL CSI Intermediate How to pass the exam CSI Objectives 1. Review, analyse and make recommendations on improvement opportunities in each lifecycle phase: Service Strategy, Service Design, Service Transition
More informationThe Road to Shared IT Services. John Gohsman, Vice Chancellor and CIO
The Road to Shared IT Services John Gohsman, Vice Chancellor and CIO John Gohsman Vice Chancellor of Information Technology and Chief Information Officer 2 IT @ WUSTL Vision (draft) 3 Current Trends core
More informationITIL V3 Foundation (Classified Questions) Page 1 of Which of the following questions does Service Strategy help answer with its guidance?
ITIL V3 Foundation (Classified Questions) Page 1 of 21 Service Strategy 1. Which of the following questions does Service Strategy help answer with its guidance? 1. How do we prioritize investments across
More information4/26. Analytics Strategy
1/26 Qlik Advisory As a part of Qlik Consulting, Qlik Advisory works with Customers to assist in shaping strategic elements related to analytics to ensure adoption and success throughout their analytics
More informationIT PROJECT ANALYST/MANAGER
IT PROJECT ANALYST/MANAGER I. DESCRIPTION OF WORK Positions in this banded class are responsible for project management work involving planning and coordination of information technology projects. To ensure
More informationCA Clarity PPM for IT Governance. Functional Overview
CA Clarity PPM for IT Governance Functional Overview Introduction CA Clarity PPM for IT Governance CA Clarity PPM for IT Governance (ITG) is an integrated solution that gives your executives a real-time
More informationIntegration Competency Center Deployment
Service Offering Integration Competency Center Deployment Achieve Higher Levels of Performance & Capability Benefits Experienced Informatica Professional Services managers provide invaluable insight Lower
More informationDynamic Reallocation of Portfolio Funds
Complete Perspective. Smart Decisions. #StrategicPMO Dynamic Reallocation of Portfolio Funds Ben Chamberlain Chief Product & Marketing Officer Ben.Chamberlain@umt360.com Agenda What s wrong with traditional
More informationReview of Duke Energy Florida, LLC Internal Audit Function
Review of Duke Energy Florida, LLC Internal Audit Function MAY 2017 B Y A U T H O R I T Y O F The Florida Public Service Commission Office of Auditing and Performance Analysis Review of Duke Energy Florida,
More informationA Value Management Approach to Business Transformation
A Value Management Approach to Business Transformation Chris Carter, KPMG LLP Nov 17-18, 2014 Canadian Value Symposium Toronto, Ontario A Value Management Approach to Business Transformation Understanding
More informationFulfilling CDM Phase II with Identity Governance and Provisioning
SOLUTION BRIEF Fulfilling CDM Phase II with Identity Governance and Provisioning SailPoint has been selected as a trusted vendor by the Continuous Diagnostics and Mitigation (CDM) and Continuous Monitoring
More informationPOSSE System Review. January 30, Office of the City Auditor 1200, Scotia Place, Tower Jasper Avenue Edmonton, Alberta T5J 3R8
1200, Scotia Place, Tower 1 10060 Jasper Avenue Edmonton, Alberta T5J 3R8 edmonton.ca/auditor POSSE System Review January 30, 2017 The conducted this project in accordance with the International Standards
More informationIT Management & Governance Tool Assess the importance and effectiveness of your core IT processes
IT & Governance Tool Assess the importance and effectiveness of your core IT processes STRATEGY& GOVERNANCE IT & Governance Framework APPS EDM01 ITRG04 DATA &BI ITRG06 IT Governance Application Portfolio
More informationAsset Performance Management from GE Digital. Enabling intelligent asset strategies to optimize performance
Asset Performance Management from GE Digital Enabling intelligent asset strategies to optimize performance How can you make your operation safer and more reliable while helping to ensure optimal performance
More informationDATE ADVERTISED: 05 SEPTEMBER 2017 VACANCY PROPERTIES UNIT: FACILITIES MANAGER X 3 (BUTTERWORTH, MTHATHA AND EAST LONDON)
DATE ADVERTISED: 05 SEPTEMBER 2017 VACANCY PROPERTIES UNIT: FACILITIES MANAGER X 3 (BUTTERWORTH, MTHATHA AND EAST LONDON) GRADE 14: R 454 924 - R 556 018 (Total Cost to Company) The Properties Facilities
More informationOracle Taleo Business Edition Implementation Fixed Scope Offerings
Oracle Taleo Business Edition Implementation Fixed Scope Offerings Date Email Website : Dec-2015 : info@kovaion.com : www.kovaion.com Kovaion Consulting Kovaion A Snapshot Oracle Alliance Certified Consultants
More informationMonthly Independent Verification and Validation Assessment Report
Monthly Independent Verification and Validation Assessment Report Florida Planning, Accounting and Ledger Management (PALM) Project April 2016 Date: 5/11/2016 Version 1.0 Table of Contents Executive Summary...
More informationHow Can I Better Manage My Software Assets And Mitigate The Risk Of Compliance Audits?
SOLUTION BRIEF CA SERVICE MANAGEMENT - SOFTWARE ASSET MANAGEMENT How Can I Better Manage My Software Assets And Mitigate The Risk Of Compliance Audits? SOLUTION BRIEF CA DATABASE MANAGEMENT FOR DB2 FOR
More informationALFABET 9.12 WHAT S NEW IN. With Alfabet 9.12 you can: Risk mitigation planning & management ALFABET
ALFABET WHAT S NEW IN ALFABET 9.12 Deliver the agile IT environment digital business demands Driven to get digital? You ll like the new features of Alfabet 9.12 for Enterprise Architecture (EA) management,
More informationVULNERABILITY MANAGEMENT BUYER S GUIDE
VULNERABILITY MANAGEMENT BUYER S GUIDE VULNERABILITY MANAGEMENT BUYER S GUIDE 01 Introduction 2 02 Key Components 3 03 Other Considerations 10 About Rapid7 11 01 INTRODUCTION Exploiting weaknesses in browsers,
More informationREQUEST FOR PROPOSAL
COLORADO HOUSING AND FINANCE AUTHORITY REQUEST FOR PROPOSAL (RFP) COLORADO HOUSING AND FINANCE AUTHORITY 1981 BLAKE STREET DENVER, CO 80202 REQUEST FOR PROPOSAL Technology Assessment POSTED: 11/17/2017
More informationBusiness Process Services: A Value-Based Approach to Process Improvement and Delivery
WHITE PAPER Business Process Services: A Value-Based Approach to Process Improvement and Delivery In this white paper, we examine how your business can be improved through business process services. Business
More informationFederal Enterprise Architecture
Enabling the Vision of E-Government Federal Enterprise Architecture FEA Program Management Office Office of Management and Budget Executive Office of the President February 2004 The Office of Management
More informationInfrastructure Hosting Service. Service Level Expectations
November 2016 Shared Infrastructure Service TOC Service Level Expectation Documents Cloud Premier Data Center Hosting Cloud Essentials Public Cloud Brokerage Managed Database Raw Storage Cloud Premier
More informationMonthly IV&V Assessment Report (December 1 31, 2015)
Monthly IV&V Assessment Report (December 1 31, 2015) Department of Financial Services Date: 01/13/2016 Version 1.0 Table of Contents Department of Financial Services Executive Summary... 4 Project... 4
More informationData Governance Implementation
Service Offering Implementation Leveraging Data to Transform the Enterprise Benefits Use existing data to enable new business initiatives Reduce costs of maintaining data by increasing compliance, quality
More informationWfMC BPM Excellence 2013 Finalist Copyright Bizagi. All rights reserved.
WfMC BPM Excellence 2013 Finalist Copyright 2002-2015 Bizagi. All rights reserved. WfMCBPM Excelence2013Finalist 2 1. Overview Initially, BBVA decided to set up a real-estate unit within the bank to manage
More informationUSAC SOLICITATION FOR Schools and Libraries Program Business Process Outsourcing (BPO) Services. Revised
USAC SOLICITATION FOR Schools and Libraries Program Business Process Outsourcing (BPO) Services Revised CONTRACT INFORMATION: Method of Solicitation: Request for Proposal for Proposals (RFP) Contract Number:
More informationThe 9 knowledge Areas and the 42 Processes Based on the PMBoK 4th
The 9 knowledge Areas and the 42 Processes Based on the PMBoK 4th www.pmlead.net PMI, PMP, CAPM and PMBOK Guide are trademarks of the Project Management Institute, Inc. PMI has not endorsed and did not
More informationTransforming your PMO into a Centre of Excellence. Dev Ramcharan, PMP
Transforming your PMO into a Centre of Excellence Dev Ramcharan, PMP 1 This session covers: key concerns in transforming a PMO into a COE possible triggers for this business decision. differences between
More informationAudit Report. Audit of Contracting and Procurement Activities
Audit Report August 2012 Recommended for Approval to the Deputy Minister by the Departmental Audit Committee on October 12, 2012 Approved by the Deputy Minister on October 18, 2012 Table of Contents Table
More informationKEY SUCCESS FACTORS FOR MAJOR PROGRAMS THAT LEVERAGE IT. The 7-S for Success Framework
KEY SUCCESS FACTORS FOR MAJOR PROGRAMS THAT LEVERAGE IT The 7-S for Success Framework May 2014 This document sets forth a framework of critical success factors for large scale government IT projects. ACT-IAC
More informationImplementing Category Management for Common Goods and Services
Implementing Category Management for Common Goods and Services Darbi Dillon Office of Federal Procurement Policy 1800 G Street NW, Washington DC 20006 Audit Tax Advisory Grant Thornton LLP 333 John Carlyle
More informationShared Services Management - Chargeback
Asset Management Shared Services Management - Chargeback Business Challenges Industry analysts have reported that an average business spends between $1.50 and $2.00 per transaction on the labor and materials
More informationThe Role of Service Owners in an IT Organization
The Role of Service Owners in an IT Organization Cisco CIO Summit 2014 October 7-9, 2014 Ritz Carlton, Dove Mountain, Tucson, AZ Rebecca Jacoby CIO & SVP, Cisco Systems At the highest level, our value
More informationState: Original. July 2015 June Status: Planned. State: Original. July 2015 June 2018
GOAL 4: Infrastructure: Provide a high-performance infrastructure that takes advantage of innovative technologies that can reduce costs, promote ready access, and improve communication and collaboration
More informationAssistant Regional Asset Manager EU, Wider Europe and Americas. Department/Country Global Estates. Duration of job
Role Profile Job Description Job Title Ref no: Assistant Regional Asset Manager EU, Wider Europe and Americas Directorate or Region Resources/Busines s Support Services Department/Country Global Estates
More informationContents An Introductory Overview of ITIL Service Lifecycle: concept and overview...3 I. Service strategy...6 The 4 P's of ITIL Service
ITIL 2011 Notes Contents An Introductory Overview of ITIL 2011...3 Service Lifecycle: concept and overview...3 I. Service strategy...6 II. The 4 P's of ITIL Service Strategy...6 Key processes and activities...7
More informationProject performance management using balanced score card (BSC) approach
Project performance management using balanced score card (BSC) approach Published in PMI global network Prepared by Ilango Vasudevan, Consulting Director, SaraS Project Performance Management Scorecard
More informationThe USDA Enterprise Architecture Program
The USDA Enterprise Architecture Program Niles E Hewlett, PMP CEA Enterprise Architecture Team USDA-OCIO January 25, 2006 1 We have an Enterprise Architecture -- We just can t show it, explain it, share
More informationBuilding a Foundation for Effective Service Delivery and Process Automation
Building a Foundation for Effective Service Delivery and Process Automation Agenda Service Management World Tour IBM Service Management Customer Challenges Overview of Service Delivery and Process Automation
More informationStandards for Excellence Program Organizational Self-Assessment Checklist
Standards for Excellence Program Organizational Self-Assessment Checklist Instructions for using the checklist: if the organization has met the standard, X if the organization has not met the standard,
More informationFinal Report Evaluation of Translation Bureau Programs Volume 2: Translation and Other Linguistic Services Program
2012-603 Evaluation of Translation Bureau Programs Office of Audit and Evaluation January 21, 2014 Table of Contents MAIN POINTS... i INTRODUCTION... 1 PROFILE... 1 Background... 1 Authority... 2 Roles
More informationIndiana Youth Group Strategic Plan
Indiana Youth Group Strategic Plan 2011-2014 1 Table of Contents MISSION AND VISION 3 HUMAN CAPITAL 4 GOAL 4 OBJECTIVES 4 METRICS 5 FACILITY 5 GOAL 5 OBJECTIVES 5 METRICS 5 RESOURCES 5 GOAL 5 OBJECTIVES
More informationITSM Process/Change Management
ITSM Process/Change Management Process Documentation Revision Date: December 13, 2017 Version Number: 2.0 Document Ownership Document Owner Maury Collins Revision History ITSM Role, Department Service
More informationOracle Systems Optimization Support
Oracle Systems Optimization Support Oracle Systems Optimization Support offerings provide customers with welldefined packaged services. Let Oracle Advanced Customer Support help you make the most of your
More informationSPTF Universal Standards for. Social Performance. Management. Version 2.0, Published August 2016
SPTF Universal Standards for Social Performance Version 2.0, Published August 2016 Management Pathway to Improved Practice REPORT 5 1 LEARN Responsible Inclusive Finance 2 ASSESS IMPLEMENT 4 PLAN 3 The
More informationAttachment B Project Specifications
TABLE OF CONTENTS INTRODUCTION... 4 SOFTWARE... 4 PROJECT FACILITIES AND OFFICE EQUIPMENT... 5 PROJECT STAFFING... 6 IMPLEMENTATION CONSIDERATIONS... 6 5.1 Project Phases... 7 5.2 Project Stages... 7 5.3
More informationVENDOR RISK MANAGEMENT FCC SERVICES
VENDOR RISK MANAGEMENT FCC SERVICES Introductions Chris Tait, CISA, CFSA, CCSK, CCSFP Principal, Financial Services Baker Tilly Russ Sommers, CPA, CISA Senior Manager, Financial Services Baker Tilly Agenda
More informationProgram Management Professional (PgMP)
Program Management Professional (PgMP) E X A M I N AT I O N CO N T E N T O U T L I N E Project Management Institute Program Management Professional (PgMP ) Examination Content Outline April 2011 Published
More informationCHAPTER 2: IMPLEMENTATION PHASES AND OFFERINGS
CHAPTER 2: IMPLEMENTATION PHASES AND OFFERINGS Objectives Introduction The objectives are: Describe the purpose of the phase planning activity, preconditions, and deliverables in the implementation methodology.
More information