Service Integration & Management (SIAM) Framework 5 May 2016 Version 1.1

Transcription

1 Service Integration & Management (SIAM) Framework 5 May 2016 Version 1.1 experience. the difference. TORI Global info@toriglobal.com toriglobal.com UK 5th Floor 33 Cavendish Square London W1G 0PW t: +44 (0) f: +44 (0) USA 12th Floor 44 Wall Street New York, NY t: f:

2 Contents Section Page number TORI Managed Services 3 TORI Advisory Services 4 Service integration and management (SIAM) 5 High level operating model 7 Layer 1 Core SIAM functions 10 Layer 2 Service desk 23 Layer 3 Service knowledge management 29 Layer 4 Service provider & solution assurance 31 Layer 5 Risk and security management 36 Layer 6 Service planning, transition and change management 41 Layer 7 Service validation & testing 47 Organisational design for SIAM 50 SIAM Framework 58 2

3 TORI Managed Services Financial services organisations are grappling with a host of challenges including changing customer expectations, economic uncertainty and a complex & changing regulatory environment. TORI Managed Services helps its clients to meet these challenges by maximizing the benefits available through Business Process Outsourcing (BPO), Knowledge Process Outsourcing (KPO) and Service Integration and Management (SIAM). TORI Managed Services Offering BPO & KPO Advisory TORI advises clients on all aspects of BPO & KPO design, implementation and management BPO & KPO Delivery Through its captive operation TORI delivers BPO and KPO services to financial sector clients SIAM TORI helps its clients to realise the benefits of BPO and KPO through its best-in-class service management 3

4 TORI Advisory Services TORI offers a comprehensive suite of advisory services, in addition to providing offshore BPO/KPO and SIAM on an outsourced basis. These services enable our clients to increase customer impact, maintain regulatory compliance, reduce costs and increase productivity, thereby delivering top and bottom line performance improvements. We are experienced, independent practitioners with a track record of delivering measurable value. 1. Developing the Sourcing Strategy 4. Service Integration & Management 2. Sourcing 3. Implementation 4

5 Service integration and management (SIAM) SIAM offers the following key benefits: 1. Consistency of governance across outsourced suppliers 2. Ensuring that operational issues do not fall between the cracks between vendors it is not someone else's problem 3. Better access to Tier 1 pricing through both ability to aggregate demand, and increase in the straightforwardness of changing suppliers Organisations have, in recent years, increased their reliance on third party service providers for a combination of business and technology services. These providers can significantly impact the business performance of an organisation. TORI advises organisations looking to reap the benefits of integrated service management by implementing a SIAM model in-house or an outsourced basis. SIAM is not a process, it is a capability and set of practices that seeks to combine the benefits of multi-sourcing of services with the simplicity of single sourcing whilst retaining direct accountability between service provider and client. An effective end-to-end SIAM solution can efficiently and seamlessly support organisations in managing their vendors ensuring quality and compliance, mitigating risks, controlling costs, and driving process excellence. SIAM includes: Service catalogue development Robust Service Level agreements Key Performance and risk indicators Tooling and reporting Service governance Service desk design Performance reporting Vendor management Operations health check Identification and development of continuous process improvements 5

6 Service integration and management (SIAM) The key rules for the successful operation of SIAM are to eliminate, simplify, standardise and automate. Businesses are having to work smarter and deliver innovative, reliable services mixing in-house and 3 rd party utilities (eg SWIFT/Reuters/DTCC Know Your Client utilities and Anti-Money Laundering utilities) The TORI SIAM model aggregates traditional Prime Supplier service delivery into a multi-sourced vendor or Tower model and draws on the model adopted by HM Government for IT procurement: Smaller procurement lots grow competition, increase subject-matter expert participation, accelerate service commoditisation and result in a more, flexible and scalable set of services. The SIAM model is an enabler for utility-based service provision but while the business case for Tower models is compelling, there are complexities in migrating legacy services to a multi-tenanted supplier model. The model not only changes the traditional procurement approach and the subsequent operational model but it also to the way the broader retained organisation operates. It is essential that the disciplines of operations and change management are considered together, irrespective of where the delineation between retained services and outsourced services is drawn. Common processes, strong governance and solid information management are the key components of effective deployment. TORI brings experience in the definition, procurement and implementation of the SIAM model. 6

7 Business Architecture Technical Architecture policies Standards High level operating model Layer details on subsequent pages Customers Client minimum organisation Strategy, direction and governance Architecture Ethics Strategic Policies and standards Governance SIAM functions Service integration management Cross-supplier orchestration Cross-supplier service management Can be outsourced or retained by clients Operational Governance Products Channels Function Function Function Function Function Strategy, Architecture and Policy Service Management DEMAND INTEGRATE CORE SIAM Cross-supplier service management Layer 1 Core SIAM functions Layer 2 Service desk Layer 3 Service knowledge management Layer 4 Service provider & solution assurance Layer 5 Risk & security management Layer 6 Service planning, transition and change management SIAM functions Layer 7- Service validation and testing MANAGE Service Level Agreements (SLAs) Vendor 1: Operations Service towers Services supplied by multiple vendors including TORI Managed under SLAs Vendor 2: KYC/AML utility Vendor 3: Application Development Vendor 4: IT Infrastructure Vendor 5: Reconciliations 7

8 Business Architecture Technical Architecture policies Standards Understanding the SIAM model Layers in the SIAM function can be retained in the client s core or transferred to a SIAM function. Layer The SIAM function can be provided by the client s own resources or a 3 rd party. SIAM functions It is suggested that there are certain functions that clients will retain in all circumstances including architecture, business ethics and strategy Vendor 1: Operations Services are delivered by service vendors in towers e.g. KYC/AML utility Vendor 2: KYC/AML utility Vendor 3: Application Development Vendor 4: IT Infrastructure Vendor 5: Reconciliations 8

9 High level SIAM operating model Client retained organisation Layer 1 - Core SIAM functions 1. Availability management 2. Capacity management 3. Event management 4. Service continuity management 5. Service asset & configuration management 6. Service catalogue management 7. DEMAND Service level management 8. Standards and architecture 9. Financial management & support 10. Service provider, procurement & contract management 11. Client relationship management Layer 2 Service desk 1. Service desk (General) 2. Incident management 3. Request management 4. problem management 5. Access management* Layer 3 Service knowledge management 1. Service knowledge management Layer 4 Service provider & solution assurance 1. Service level design & review 2. Service and service provider quality 3. Regulatory service provider compliance 4. Solution assurance Layer 5 Risk and security management 1. Incident & event monitoring 2. Security assurance and accreditation 3. Risk management Layer 6 Service planning, transition and change management 1. New service provider on-boarding 2. Service provider exit 3. Service transition planning & execution 4. Project management 5. Transformation delivery & cost reduction Layer 7 - Service validation & testing 1. Test planning, design, integration and execution 2. Service evaluation * Only applicable in an IT SIAM context Service towers 9

10 Layer 1 Core SIAM functions The core SIAM layer co-ordinates and consolidates the management of individual services from service providers. This provides end-toend service management whilst ensuring that services consistently meet business objectives and requirements for performance, quality and cost. The core SIAM layer includes the functions and processes listed below. The core SIAM layer also includes the provision of integrated tools providing data policies, interfaces and standards that facilitate all service provider feeds into a central data hub. The communications in the hub enable SIAM to manage the end-to-end service in real time and generate cross-supplier reports. 1. Availability management 2. Capacity management 3. Event management 4. Service continuity management 5. Service asset & configuration 6. Service catalogue management 7. Service level management 8. Standards and architecture 9. Financial management & support 10. Service provider, procurement & contract management 11. Client relationship management 10

11 1.1 Availability management Availability management ensures that the availability levels for all services comply with or exceed the agreed requirements in a cost-effective manner Example: the X FTE contracted to process KYC are available at desks Outcomes The required resources ( human, system, logistic ) are available to provide the contracted service in the relevant operating time windows Provide and improve the end-to-end availability of the client s critical services and processes Measure and report on the average and maximum end-to-end response times for the client s critical systems transactions and business processes To record, analyse and reduce the frequency at which the services and systems fail Customer / service consumer Provide impact assessments where required to SIAM SIAM (Outsourced or retained) Define, maintain and communicate the availability management policies, procedures and plan Provide support and guidance to service providers in fulfilling their availability management roles and responsibilities Co-ordinate any proposed improvement activities that span multiple service providers Monitor and manage stakeholder compliance to the availability management policies and procedures and inform service providers of any material noncompliance with the availability management policies and procedures Receive notification of new/amended availability requirements and initiate impact assessment Identify and inform the service providers of the end-to-end measurement elements that need to be measured by the service providers in the reporting against the end-to-end service availability target Monitor, analyse and calculate the performance of service providers against the end-to-end KPIs, consolidate and report to the client. Communicate any areas for improvement to the service providers Provide a consolidated report to the client for the measurement of the defined client critical business transactions Attend service delivery review meetings to discuss the availability management content of the dashboard and reports Service provider Assist SIAM in the development of the availability management policies and procedures Assist SIAM in the development and ongoing maintenance of the availability plan Review the availability plan provided by SIAM Evaluate the effectiveness of its own availability management process and implement changes to its availability management process to improve efficiency Provide SIAM with a detailed impact for new/amended availability requirements Provide application/service availability data to SIAM to enable the measurement of end-to-end availability Provide the required data feeds to SIAM for the measurement of the client s critical business transactions Key metrics Key metrics Key metrics Achieve a minimum end-to-end availability of x% for all critical services in each measurement period Reduce the frequency at which services fail by x% year on year Reduce the impact to client users customers of failure of services measured in business days year on year by x% Achieve contractual service levels and service targets for service availability for all client critical services in each measurement period 11

12 1.2 Capacity management The objective of capacity management is to provide service capacity meeting both the current and future needs of the client s customers balanced against justifiable costs Example: the requirement to process Y mortgage applications every 24 hours is being met The client s transactions are processed in a timely manner and cutoff times are met Individual transactions are processed end-to-end within agreed response times The service capacity provided meets the client sneeds Outcomes Accurately forecast resource demands based on the client s business forecasts and provide accurate management reporting of current and future service capacity Provide on demand capacityin a timely manner Reduce the number of queries raised by the client against supplier capacity plans Improve service to customers by minimising business disruption caused by capacity limitations Customer / service consumer Provide insight into the client s current and future business events and strategy which may impact capacity Provide to SIAM the client s quarterly business forecast (QBF) and any other related client documentation containing forecast business volumes which enable the service provider to accurately forecast resource requirements and detail the assumptions made in their capacity plan Where appropriate ensure that the correct commercial contract is in place and ensure that funding is available to progress the optimisationopportunity SIAM (Outsourced or retained) Define, make available, maintain and communicate the capacity management policies and procedures. Progress all capacity-related issues raised by the client with the appropriate service providers Manage through any cross-service provider issues that cannot be resolved directly between the service providers Proactively identify capacity management process improvements, make appropriate recommendations to service providers and co-ordinate improvement activities that span multiple service providers Co-ordinate capacity planning activities that span multiple service providers ensuring that forecast and actual data is realistic and appropriate and facilitates the identification of remedial action by, and between service providers Use forecasts and actuals to develop and distribute the volume of services actually consumed (VSAC)report Review and undertake trend analysis of service provider capacity management information Ensure that the wider client's audience is the focus of all service provider comments and resource forecasts Develop and maintain a record of priority optimisation opportunities that have been suggested by service providers Discuss service providers proposals for optimisation with service providers and the client and create an optimisation opportunity analysis report describing the opportunity, proposed benefits, findings and outcome Where optimisation opportunities are approved by the client, monitor service providers progress against these Analyse service provider MI to provide a reporting dashboards on performance, cost &risk by service and facilitate understanding of total cost of ownership Service provider Assist SIAM in the development of the capacity management policies and procedures Ensure that appropriate levels of monitoring of resources and system performance are set and that information recorded is kept up todate Provide insight into performance achieved focusing on exceptional performance, performance that does not meet expectations and any underlying issues and actions required to resolve thoseissues Manage capacity-related changes through to a successful conclusion and confirm they have had the required effect on the management of capacity Escalate to SIAM any cross-service provider issues that cannot be resolved directly between the service providers Support any ad-hoc audits that are carried out on the capacity management process Monitor, analyse and report to SIAM on capacity volumes andtrends Where required provide information to SIAM to support the optimisation opportunity analysis Comply with any reasonable request by the service integrator to provide relevant data in the required formats and frequency to enable the service integrator to provide and manage the end-to-end capacity management process Provide an effective impacting process for analysing capacity requirements as a result of a business change provided by the client Key metrics Key metrics Key metrics Percentage of client's forecasts provided on time Accuracy of client's previous forecast Year on year percentage reduction of x% in the number of queries raised by the client against the consolidated quarterly capacity plan Year on year percentage reduction of x% in the number of queries raised by the client against the volume of services actually consumed report At least x% of resource unit forecasts measured in the volume of services actually consumed report are within the expected levels of accuracy per measurement period Number of service items missing cutoff time Peak, minimum and average process cycle time for service items Percentage of quarterly capacity plans produced on time Percentage of quarterly capacity plans produced to sufficient quality Percentage of queries raised by SIAM against the volume of services actually consumed report 12

13 1.3 Event management Event management is the process that monitors all events that occur in order to allow for normal operation and also to detect and escalate exceptional conditions. Aspects of event management can be automated to track and escalate unforeseen circumstances Outcomes Ensure suppliers have monitoring in place to detect events in their service Improve the service provided to customers by minimising the impact of business disruption caused by events Comply with the client s service management strategy eg Service provider loses connectivity to systems hosted by client Customer / service consumer Notify SIAM when it becomes aware of an event Assist service providers and SIAM in the investigation of such events SIAM (Outsourced or retained) Log, consolidate and analyse activity on agreed services provided to the client to identify in a timely manner any anomaly that might constitute an event Ensure events identified as potential incidents are adequately investigated by the relevant service provider and recorded and tracked as an incident Ensure that, where a service risk is identified, the service providers take remedial action as necessary and agreed with the client. Co-ordinate, where appropriate, the activities of the service providers involved. Receive and record all events and incidents Service provider Notify SIAM when it becomes aware of an event and provide all necessary details and information of such event Investigate, contain, track, manage and resolve events Key metrics Key metrics Key metrics 13

14 1.4 Service continuity management (SCM) Outcomes Service continuity management (SCM) supports business continuity by ensuring that the required facilities (people, premises, computer systems, networks etc) can be resumed/replaced within agreed timeframes Example: Warm site for continuation of operations in case of loss of primary site Customer / service consumer Provide a decision on whether or not an SCM event should be declared Review and agree the SCM policy and strategy Agree the SCM test programme and scope Attend stakeholder meetings and ensure any customer actions are completed Provide business input to the SCM risk process Provide business input to the SCM test SIAM (Outsourced or retained) Define, maintain and communicate the SCM policies and procedures Manage the SCM risk process Progress all SCM-related issues raised by the client with the appropriate service provider Monitor and manage stakeholder compliance to the SCM policies and procedures and inform service providers of any material non-compliance Review service provider SCM information on and produce its own trend analysis and management summaries to identify SCM issues and trends for discussion with the client and the service providers Develop and agree the SCM test programme with the client and validate the SCM test programme at least annually and maintain to ensure its currency Review and agree service continuity plans with service providers Produce and agree with service providers and the client the SCM test scope and overarching test plan Direct and manage service continuity test activities Identify and communicate lessons learnt and update SCM products as appropriate During both the execution of a SCM test plan and the execution of a real SCM event:- prepare event options and recommendations for consideration by the client direct recovery plan activity prepare a plan to return to normal operations within x days of an SCM event being declared Key metrics Key metrics Key metrics x% of SCM plans complete x% of SCM tests completed in accordance with SCM test programme Ensure that service continuity tests are successfully performed in accordance with the client s service continuity plans Ensure that suppliers have robust and tested service continuity plans in place Ensure suppliers undertake service continuity threat assessments Service provider Assist SIAM in the development of the SCM policies and procedures Analyse root cause analysis and incident closure reports and inform SIAM of the outcome and raise any current and emerging SCM risks required Produce the service provider SC Plan and agree it with SIAM Produce and update SC products including test recovery plans as appropriate Provide information to SIAM to assist in the completion of the SC test programme Analyse the test results of test activity and provide input to the test report and the action plan for any remedial activities During both the execution of a SCM test plan and the execution of a real SCM event the service provider will:- attend major incident forums as required prepare event options and recommendations for consideration by the client prepare and update recovery plans recover systems and services as directed by SIAM contribute to the production of a plan to return to normal operations within x days of an SCM event being declared 14 Number of services with agreed and tested recovery plans

15 1.5 Service asset & configuration management (SACM) Service asset and configuration management (SACM) manages the service assets and configuration items in order to support the other service management processes. SACM defines the service and infrastructure components and maintains accurate configuration records Assets include software licenses and specialised equipment such as call monitors used by service providers but owned by the client Outcomes Improve service to customers by minimising business disruption caused by inaccurate or inadequate configuration information Provide accurate information on configuration items and their documentation Enable client to have sight of the current status and history of all defined CIs it uses Provide and maintain an accurate and up-to-date pictorial end-to-end view of the configuration of the services provided to (or on) the client s estate Ensure the client does not breach software licence terms and conditions Ensure the client maximises its use of hardware assets Comply with the client s asset management strategy Customer / service consumer Participate in meetings to determining the level of service asset and configuration management integration required between SIAM and service providers Agree equipment and other assets to be used by the service provider SIAM (Outsourced or retained) Define, make available, maintain and communicate the service asset and configuration management policies and procedures. Work with the service provider as reasonably requested with the scoping of audits, impact assessments, investigation and resolution of discrepancies Where required, amend the service provider interface definition documentation via the appropriate process Meet with new projects to identify asset requirements Provide client access at all times to an asset inventory repository Ensure that all service providers record all attributes of an asset so that it can be accurately identified Ensure that end-of-life and retired assets are removed from active use or are made available for re-use Service provider Work with SIAM and the client as reasonably required with the scoping of audits, impact assessments, investigation and resolution of discrepancies Provide the required audit data to SIAM within the required timescales and in the format specified Develop a process (automated or non-automated) for the provision of configuration data to SIAM Provide integrator with required asset attributes. Such attributes include, but are not limited to: Ownership (including leased equipment) Asset type, model and release number Physical address Contact details of any regular users Key metrics Key metrics Key metrics Less than x% of incidents, problems and failed changes caused by inaccurate or inadequate configuration information No more than x% inaccuracies identified in the configuration management database 15

16 1.6 Service catalogue management The purpose of service catalogue management is the development and upkeep of a service catalogue that contains all detail, status, possible interaction and mutual dependencies of all current services and those under development. The service catalogue lists the services available to the client, their pricing, service levels and any interdependencies. Outcomes Build, maintain and manage a service catalogue providing the relationships between the customer facing services and the supporting services; between the all services and the components that deliver those services and showing the relationships between the service catalogue and the client s business processes Example: The opening of a current account having a dependency on a completed KYC process Customer / service consumer Provide all relevant business and customer information to enable SIAM to develop and maintain the service catalogue Provide timely impact assessments to SIAM for any service catalogue change requests raised by service providers and SIAM SIAM (Outsourced or retained) Develop, maintain and distribute the service catalogue Provide on-line access to the service catalogue to the client s customers Manage the impact assessment process for changes to the service catalogue that are proposed by service providers and the client Request and consolidate impact assessments from service providers and the client Review the service catalogue from time to identify any errors or inaccuracies and resolve as soon as is reasonably practicable Service provider Provide all relevant information and assistance to SIAM in the development of the service catalogue Raise requests in the appropriate format to request service provider changes to the service catalogue Provide timely impact assessments to SIAM for any change requests raised by other service providers, SIAM and the client Key metrics Key metrics Key metrics Each measurement period, the service catalogue to be available to users x% of the time it should be available Content to be refreshed each measurement period Year-on-year improvements to the ease-of-use customer satisfaction rating 16

17 1.7 Service level management The objective of the service level management process is to define the services to be delivered and to make sure that the agreed level of service provision is reached Example: production and review of statistics which measure the volume, value, error rate and processing time of payments processed on a monthly basis, split by payment scheme, customer segment and channel SIAM can provide trend analysis and reporting to support aggregation of data across multiple service providers. Trend analysis gathers together MIS data and performs analytics to give access to real time monitoring of performance by multiple service providers. It gives end-to-end MIS reporting and links to client workflow Outcomes Ensure service providers provide accurate service level management information and appropriate supporting documentation Undertake validation checks on service provider service levels, key performance indicators and supporting information and raise any queries within the appropriate timescale Ensure that service targets are being met by service providers each measurement period Provide trend analysis and management information across all service management processes ensuring consistency and accuracy of all information provided Use trend analysis to identify opportunities to drive through continual service improvement, drive down cost and improve the overall service being provided Identify opportunities to improve service and deliver business benefits in line with client priorities Customer / service consumer Review the consolidated performance summary report and provide comments where necessary to SIAM Chair and manage commercial and performance review meetings SIAM (Outsourced or retained) Define, maintain and communicate the service level management policies and procedures. Provide support and guidance to service providers in fulfilling their service level management roles and responsibilities. Review service provider management information each service measurement period and produce its own expert trend analysis and management summaries to identify service provider performance trends and potential performance opportunities and improvements Identify potential process improvements and make appropriate recommendations to service providers Monitor and manage stakeholder compliance to the service level management policies and procedures and inform service providers of any non-compliance Provide input to periodic service level management audit reviews as and when required Produce and publish performance dashboards Review and validate service provider claims for excused performance Review service provider summary reports and produce and issue the consolidated summary report to the client Maintain data on industry trends in relevant services and compare to current provision Service provider Assist SIAM in the development of the service level management policies and procedures. Provide management information each service measurement period to SIAM in accordance with the service level management policies and procedures. Monitor and analyse service level/kpi performance and provide evidence and trend analysis to SIAM within x days of the end of each service management period Work with SIAM and other service providers to assist with any service provider engagement and non- compliance issues Provide input to periodic service level management audit reviews when required Provide weekly dashboard information to SIAM Undertake checks to ensure performance data provided to SIAM is accurate and complete Address and resolve any queries with the service measurement period reports raised by SIAM Key metrics Key metrics Key metrics x% overall of supplier contractual service levels and KPIs reported on each measurement period % of services provided within agreed KPI / KRI In the event of a continuity event, restoration of services within agreed time windows 17

18 1.8 Standards & architecture The objective of the standards and architecture service is to define and provide a documentation standard to which all of the service management policies and procedures will be documented The service ensures that all policies and procedures are documented to this standard Outcomes Defines, maintains and communicates the SIAM operational standards and acceptance criteria for each of the SIAM services Ensures that policies and procedures and other SIAM documentation is produced using the defined standard and to an acceptable quality Defines, maintains and communicates process changes, technical data and technical architecture standards including technical interface requirements Provides an effective reference point for the client s project managers to transition new or changed services into live delivery to the client and client s customers Customer / service consumer Provide impact assessment for changes to SIAM policies and procedures and documentation where required SIAM (Outsourced or retained) Define, make available and maintain the SIAM operational standards Communicate SIAM operational standards to the service providers Define, make available, maintain and communicate the technical architecture standards Define, maintain and communicate to the service providers the quality standards for all SIAM documentation Manage and control the impact and quality review process for changes to all SIAM policies and procedures and documentation amongst the service providers and the client s stakeholders Maintain and make available a central library of all SIAM policies and procedures and documentation Service provider Adhere to the SIAM policies and procedures and standards Provide impact assessment for changes to SIAM policies, procedures and documentation at SIAM s request Key metrics Key metrics Key metrics 18

19 1.9 Financial management support The objectives of financial management support are: to monitor the cost and performance indicators of the services to report on any variances and to ensure that clients are charged only for services that they consume to manage the charging / invoicing process and to ensure that service providers are paid in a timely manner Financial management support is an integrated component of service management. It provides vital information that management needs to guarantee efficient and costeffective service delivery. Outcomes Defines the charge for the service at a unit level which is levied to the client Defines the key performance & control indicators in agreement with the client Monitors the actual cost of service Client receives complete and accurate billing data Service providers are paid promptly Monitors the KPIs & KCIs and escalate any departures from agreed levels to SIAM Raises invoices Pays suppliers Ensure suppliers provide accurate invoices information and appropriate supporting management information documentation Ensure charges are apportioned correctly to client s business units where required Customer / service consumer SIAM (Outsourced or retained) Service provider Agree the charge as part of the contracting process Agree the payment terms as part of the contracting process Define and agree KCIs and KPIs to be monitored and the relevant levels and acceptable variances Pay valid service providers invoices within the terms of the contract Monitors actual service delivery against key control and performance indicators (KCI & KPI) Identifies any variances to agreed KCI & KPI Escalate any departure from the agreed variances to both the client for information and the relevant service provider for resolution Reconcile charges levied by the service provider to service requests issued by clients Consolidate invoicing to client across services and submit to client Define, make available, maintain and communicate the financial management policies and procedures. Review and validate invoices and management information provided by service providers including service credits Notify service providers of any discrepancies between the invoices, supporting MI and the contract value for the service provided and reject any invalid invoices back to the service provider Engage with service providers to resolve any invoice discrepancies Measure actual service delivery Capture service quality and volume data to support charging Raise invoices (including service credits) and associated supporting management information for products and service provided in accordance with the service provider contract Engage with SIAM to resolve invoice discrepancies Refund incorrect payments 19

20 1.9 Financial management support (contd) Customer / service consumer SIAM (Outsourced or retained) Provide a consolidated statement of charges incurred by the client each service measurement period supported by invoices and MI provided by service providers Provide reports to the client providing recommendations on the apportionment of charges to the client s Business Units based on the client s apportionment model Identify potential process improvements, make appropriate recommendations to service provider and co-ordinate improvement activities that span multiple service providers Monitor and manage stakeholder compliance to the financial management policies and procedures and inform service providers of any service provider material non-compliances Service provider Key metrics Key metrics Key metrics Size of any financial variance to agreed budgets Frequency and number of departures from agreed KCI & KPI x% of invoices accurately presented and validated x% of charges apportioned correctly to the client s business units % of service delivered which is within agreed KCI/KPI envelope and which is evidenced by relevant data to support charging 20

21 1.10 Service provider, procurement and contract management The objective of of the service provider, procurement and contract management service are: to identify service providers and create contractual frameworks under which their services can be delivered to clients Outcomes Service providers are identified and framework contracts are negotiated resulting in service being provided to clients as swiftly as possible Service providers whose services are no longer required are paid for services provided and relevant interfaces are closed to secure consistent quality of service provision at the best price Example: Select supplier X to provide outsourced current account switching service Customer / service consumer SIAM (Outsourced or retained) Service provider Provide business requirements and other inputs to procurement activities Agree with SIAM the service provider categorisation Notify SIAM of the service provider lead contact for onboarding activity Sign-off that on-boarding has been complete Review and approve service provider Exit Plans for accuracy and robustness Attend and observe tests of service provider and SIAM tower exit management plans Work with SIAM to agree & undertake periodic audits of exit management plans Regularly review service providers to identify new providers of existing services, new services and trends in service provision Create and run market tests, RFIs & RFPs Investigate options for greater quality or improved price by aggregating demand across clients Negotiate framework contracts with service providers Hold meetings with new service providers to provide an overview of SIAM services and to provide any clarification on SIAM s policies, procedures and standards Ensure resource is allocated by the new service provider to manage take-on Develop a plan for the take-on of the new service provider, hold regular meetings with the service provider and report on service provider progress against the plan Provide sign-off that the service provider has been successfully on- boarded to the SIAM policies, procedures and standards Review service provider s exit plans to ensure their accuracy and robustness Perform and manage tests of service provider s exit management plans in accordance with the agreed exit management test programme Exit service providers as required Identify any gaps in compliance with SIAM s policies and procedures and agree a plan to achieve compliance Meet regularly with SIAM throughout the take-on progress to review progress towards compliancy Agree sign-off that on-boarding has been complete Work with the SIAM and the client with the scoping of exit management plan audits, impact assessments, investigation and resolution of discrepancies Provide the required exit management audit data to SIAM within the required timescales and in the format specified Respond to market tests, RFIs & RFPs Key metrics Key metrics Key metrics % of Suppliers to have exit management plans in place, measured every x months % of RFI / RFP completed on schedule 21

22 1.11 Client relationship management The objective of client relationship management is to ensure that the relationship between the SIAM function and the client core functions is as seamless as possible Outcomes Clients understand the scope and detail of services provided under SIAM arrangements Changes to clients requirements are identified early Customer / service consumer SIAM (Outsourced or retained) Service provider Identify resources (human and technical) which will act as relationship managers and interfaces to the SIAM function Conduct regular meetings with both clients and service providers to validate that service provision is meeting clients expectations and that KPI/KCI data are giving a true indication of service delivery resolve any service delivery issues / complaints that cannot be resolved through other channels ensure that clients understand new service offerings and trends in service provision ensure that service providers understand any proposed changes in clients requirements at an early stage Identify resources (human and technical) which will act as relationship managers and interfaces to the SIAM function Key metrics Key metrics Key metrics % Reduction in number of service delivery issues / complaints escalated 22

23 Layer 2 Service desk The service desk acts as the single point of contact for users and service managers. Service managers are the individuals from the service provider with immediate responsibility for delivery. The service desk manages all incidents and service requests. Its primary purpose is to restore normal service operation to all users as quickly as possible e.g. by resolving technical issues, fulfilling a service requests (and answering user queries during resolution of technical issues and delivery of service requests.) 1. Service desk (General) 2. Incident management 3. Request management 4. Problem management 5. Access management* * Only applicable in IT SIAM context 23

24 2.1 Service desk (general) Acts as the single point of contact for all the client s users covering Incidents Problems Service requests Queries Outcomes Improve customer service and satisfaction year on year Answer calls to the service desk within the required timescales during the required service hours Reduce call abandonment rate Proactively monitor alternative supplier s information e.g.websites, bulletin boards etc to capture and provide information on incidents, problems, known errors and workarounds and publish details of that information to the client Provide the capability for users to report on incidents to the service desk by automated means Reduce the amount of service disruption by providing and maintaining accurate management information from integrated processes, including but not limited to workarounds and service asset &configuration management (SACM) information across all services Customer / service consumer Provide all the necessary information when contacting the service desk to report incidents or raise service requests Ensure all relevant information is provided by users when contacting the service desk Participate in the service desk customer satisfaction surveys as requested by SIAM SIAM (Outsourced or retained) Define the service desk procedures Provide a function which acts as a single point of contact for users and suppliers to report incidents and raise service requests Handle each contact between the user and the service desk in a professional, efficient and serviceoriented manner Handle each contact between the service provider and the service desk in a professional, efficient and service-oriented manner Ensure that service desk agents are certified in accordance with the standards and processes used by SIAM Run a client satisfaction survey to gather feedback from users on the service provided by the service desk Report to the client the results of the satisfaction survey each measurement period Service provider Ensure all relevant information is provided to the service desk Provide information of service knowledge data and articles to SIAM to enable it to update the service desk scripts Regularly review and update service knowledge data and workarounds to ensure the currency of information contained in them and provide such information to the service desk Key metrics Key metrics Key metrics Service desk to be available to receive incidents, service requests and change requests % of the time it is contracted to be available Each measurement period to answer % of calls offered to the service desk within N seconds To ensure the call abandonment rate does not exceed % in each measurement period Each measurement period to respond to % of web-based requests within N minutes of the request Level of customer satisfaction related to the services provided by the service desk to improve year-on-year 24

25 2.2 Incident management Level 1 Support 1st level support, resolving incidents at first point of contact using scripts provided by service providers and experience gained from other instances Level 2 and 3 Integration Provides an effective quality interface to level 2 and 3 support ensuring incidents that are not resolved at first point of contact are accurately captured, classified and assigned to the appropriate level 2 and level 3 service provider experts. Example: Resolution of a report by an authorised user that they are unable to access processing systems Outcomes Improve the management, co-ordination and turnaround of incidents Accurately categorise the severity of incidents reported by users Improve service availability by assigning incidents received from customers to the appropriate service provider first time Improve service availability and reduce end-to-end incident resolution times by improving first contact resolution year on year Improve service availability and reduce the number of business days lost by reducing the number and severity of incidents reported to SIAM by a percentage year on year Improve service to customers by minimising business disruption caused by Incidents Improve the overall unmitigated end-to-end Incident resolution times year on year Customer / service consumer SIAM (Outsourced or retained) Service provider Ensure all appropriate checks have been made prior to reporting an incident to the service desk Ensure all relevant and required details are provided to the service desk when reporting incidents Raise incidents with the service desk when experiencing service disruption Provide information to the service desk on the business impact of incidents and failures Confirm fault resolution and service restoration to the service desk Where appropriate perform incident management in accordance with the incident management policies and procedures Make all reasonable attempts to comply with requests made by the service desk or service provider to undertake simple on-site tasks or provide information to effect the resolution of the incident Define and maintain the incident management policies and procedures Communicate the Incident Management policies and procedures to the service providers and the client Provide support to the client and its service providers in fulfilling their incident management roles and responsibilities Where required as a service provider, perform incident management in accordance with the incident management policies and procedures by:- Leading and managing the major incident resolution forum with the client and appropriate service providers for all severity 1 incidents Accept contacts and reports of technical faults and operational issues from service providers Accept and record all incidents reported by users Ensure that all incidents and faults reported are recorded on the incident management system Allocate incident severity levels for all incidents and faults reported to the service desk Assign correctly reported incidents to the appropriate service provider resolver group Provide incident updates to users Provide details of the service providers support organisation and contacts points to SIAM to enable the accurate assignment of incidents Inform the service desk when they become aware of a fault or failure and indicate the impact to the client Accept and acknowledge incidents that are correctly assigned by the service desk Return incorrectly assigned incidents to the service desk Log all incidents on the incident management system Allocate incident severities in accordance with the incident severity definitions contained in the incident management policies and procedures Provide updates on the progress of incidents 25

26 2.3 Request management Ensures the requests for services (from the service catalogue) that are submitted by users are accurately captured, classified and assigned to the appropriate service provider(s) for fulfilment Example: Request to add a user to a processing system in a defined role profile Outcomes Improve the management, co-ordination and turnaround of both customer requests and service requests Improve service availability by assigning service requests received from customers to the appropriate service provider first time Customer / service consumer Ensure all relevant and required details are provided to the service desk when submitting service requests Ensure that all requests have the appropriate level of approval Provide confirmation to the service desk that the service request has beenfulfilled SIAM (Outsourced or retained) Define, maintain and communicate the Service request management policies and procedures Provide support and guidance to the client and its service providers in fulfilling their service request management roles and responsibilities. Arrange and lead the service request management operational review meeting Review service provider management information on a monthly basis and produce its own expert trend analysis and management summaries to identify trends or significant changes or increases in service request volumes, for discussion with the client and the service providers Identify potential process improvements and make appropriate recommendations to service providers and the client Monitor and manage stakeholder compliance to the service request management policies and procedures Inform service providers of material non- compliance with the service request management policies and procedures Engage with service desk, service providers and the client staff as appropriate where there are issues and problems with the processing of service requests Ensure that service requests are prioritised by service providers when assigned by the service desk Ensure that all relevant information is provided by service providers in response to service requests Accept and record all requests submitted by users and ensure that all requests submitted are recorded on the request management system Service provider Provide details of the service providers support organisation and contacts points to SIAM Accept and acknowledge service requests that are correctly assigned by the service desk Return incorrectly assigned service requests to the service desk Provide updates on the progress of service requests when requested to do so by the service desk Inform the service desk when a service request has been completed Provide management information each service management period to the appropriate service request forums in accordance with the service request management policies and procedures Key metrics Key metrics Key metrics Each measurement period, % of all requests to be assigned to the appropriate supplier with the required time timeframe 26

27 2.4 Problem management For incidents that cannot be prevented, the service desk provides an effective quality interface to the appropriate service providers to determine the underlying cause and initiate and track action to remove the error Example: Determine root cause of loss of access to system holding process maps for operators Outcomes Improve service availability and reduce client & customer impact by reducing the number and severity of problems reported to SIAM by a percentage year on year Improve service to customers by minimising business disruption caused by problems Improve the overall unmitigated end-to-end problem resolution times year on year Customer / service consumer Provide up to date business impact information to enable the service provider to prioritise problems Participate in the evaluation of any solutions proposed by the service provider to resolve problems Formally sign-off all solution approvals Formally sign-off all problem/known error closures SIAM (Outsourced or retained) Define, make available and maintain the problem management policies and procedures. Identify, prioritise and manage through to resolution those problems that cause or have the potential to cause business disruption Coordinate problem management activities which span multiple service providers Receive problems and assign them to the correct service provider Ensure service providers conduct root cause analysis on any problems raised and the problem record is updated Review service provider management information on a monthly basis and produce trend analysis and management summaries Maintain and publish to the client accurate and up to date information on problems, workarounds and known errors Monitor and report to the client on the effectiveness of workarounds proposed by service providers Regularly review problems ensuring incidents are accurately linked and use this information to proactively review and revise problem severities where necessary Identify potential process improvements and make appropriate recommendations to service providers and the client Service provider Identify potential problems and raise with SIAM Submit fully documented and validated problem records to SIAM using the standard problem template Classify problems using SIAM s problem severity model Log and track problems during their lifecycle Accept and resolve problems when they are correctly assigned to the service provider Provide progress updates on problems in a timely manner to SIAM Perform root cause analysis on problems including developing corrective actions and/or workarounds for all problems Continually evaluate the linked incident count to known errors and problems Key metrics Key metrics Key metrics Better than n:n ratio of number of problem records closed in each measurement period compared against number of problems opened in the same period Ratio of new Incidents that linked to problems and known errors in a measurement period compared to total Incidents linked to the same problem/known error at the end of the measurement period At least % of problems records closed as a result of a deployed change each measurement period Less than % of process changes deployed to problems that result in future Incidents 27

28 2.5 Access management* Access management is the process of granting authorised users the right to use a service or system and is key to ensuring the confidentiality, integrity and availability of assets and information * Access management is only provided in IT contexts Outcomes Ensures the client organisation is able to maintain the confidentiality of its information effectively. Ensures that users have the level of access to information and level of system authority to execute their jobs effectively. The ability to audit use of services and to trace the abuse of services The ability to easily revoke access rights when needed Customer / service consumer Issue requests for user access to SIAM using the required format or tool Define and ensure the appropriate approval process is in place and followed by users when requests are being made SIAM (Outsourced or retained) Provide access to systems as requested by users Reject any request that has not been properly approved in accordance with the approval process Undertake periodic audits to ensure correct user access has been provided to systems Inform the client where it suspects inappropriate user access has been requested Service provider Inform SIAM where it suspects inappropriate user access has been granted e.g. where the service provider suspects inappropriate access is granted during its investigation of an incident Key metrics Key metrics Key metrics Percentage of user requests fulfilled on time and in line with the service target Percentage of users with incorrect system access found as a result of audit activity 28

29 Layer 3 Service knowledge management Service knowledge management provides central repository for all service management reference material Service knowledge management feeds into the service desk and enables a client to improve the quality of management decision making by ensuring that reliable, secure current & historic information and data is available throughout the service lifecycle 1. Service knowledge management 29

30 3.1 Service knowledge management Provides central repository for all service management reference material. Service knowledge management feeds into the service desk and enables a client to improve the quality of management decision making by ensuring that reliable secure information and data is available throughout the service lifecycle Example: Library of information on current legal/regulatory requirements for KYC Outcomes Improvements are made throughout the service management processes by having all required information in one place to enable better management decisions to be made Ensures that documentation is in line with regulatory requirements Essential information is kept up to date and is consistent at all times and readily available to those who require it Allocates overall accountability for maintaining a knowledge management repository Customer / service consumer Ensure that all relevant business information is made available to SIAM to enable the development of the service knowledge management repository SIAM (Outsourced or retained) Define and maintain the knowledge management strategy Establish and maintain knowledge management interfaces and transfer mechanisms Establish data & information management procedures Develop the central database for knowledge management Make the service knowledge management information available and accessible to all interested parties Capture, store, analyse and share data effectively across lifecycle processes and service providers Service provider Ensure that all relevant service provider information is made available to SIAM to enable the development of the service knowledge management repository Key metrics Key metrics Key metrics Accuracy of the service knowledge management repository 30

31 Layer 4 Service provider & solution assurance This layer ensures that service providers agree on the delivery of all end-to-end services and that the agreed level of service provision is attained. Functions in this layer are: 1. Service level design & review 2. Service and service provider quality 3. Service provider compliance 4. Solution assurance 31

32 4.1 Service level design and review Ensuring end-to-end service levels meet business/client's needs, and are regularly reviewed with business priorities Example: Varying SLA during seasonal peaks/ sales drives to ensure that customer service is maintained (or improved) during these volume peaks Outcomes Service levels and KPIs compliment and contribute to the achievement of client's business objectives and targets Service levels and KPIs have clear relationships with client's business objectives and targets Service levels and KPIs are clear, unambiguous and clearly articulate their intent Customer / service consumer SIAM (Outsourced or retained) Service provider Provide details of the client s business objectives and targets to SIAM and ensure SIAM have a full understanding of those business objectives and targets Review and provide comment/sign-off of proposed service levels, service targets and KPIs to ensure alignment with the client s business objectives Engage with the client to understand the client s business objectives and targets to ensure alignment with the end-to-end service levels, service targets and KPIs Provide input to periodic service levels, service targets and KPI audit reviews Fully define new or amended end-to-end service levels, service targets and KPI requirements Review and agree the timescales for the implementation and activation of service levels, service targets and KPIs Provide input to periodic service Level management audit reviews when required Assist SIAM and the client in the definition of the service levels, service targets and KPIs Fully define new or amended service levels, and KPI requirements Confirm the service level management impact arising from new or amended service levels, service targets and KPI requirements and submit to the SIAM for approval Propose a timetable for the implementation and activation of new/amended service levels, service targets and KPIs Key metrics Key metrics Key metrics % of service levels, service targets and KPIs fully compliment client's business objectives and targets % of service levels, service targets and KPIs are in place and signed off for measurement prior to the service going live 32

33 4.2 Service and service provider quality Providing expert analysis and management information across all service management processes ensuring consistency and accuracy of the information provided Outcomes Identify service improvement initiatives Ensure that service improvement initiatives are linked to and achieve cost reduction and/or business benefits for the client Customer / service consumer Review service improvements provided by SIAM Approve service improvements where required SIAM (Outsourced or retained) Gather and provide expert analysis of the end-to-end performance using analytical tools and processes Understand the client s business objectives and targets Develop a standard template for service improvement proposals Develop service improvement proposals to support cost reductions and business benefits and submit to the client Service provider Key metrics Key metrics Key metrics Number of service improvement initiatives proposed by SIAM 33

34 4.3 Service provider compliance Monitors and manages service provider compliance to the service management policies and procedures ensuring that any non- compliance is raised and managed through to resolution Outcomes Less than % contractual service provider non-compliances raised during each measurement period No service provider non-compliances to remain open for more than 2 service measurement periods Customer / service consumer Inform SIAM of any issues encountered that the customer believes may be due to service provider non-compliance SIAM (Outsourced or retained) Monitor and manage stakeholder compliance to the service management policies and procedures Arrange and manage service provider compliance management meetings Inform service providers of any service provider material non-compliance with the service management policies and procedures Ensure remedial action plans that are put in place by service providers to resolve non-compliances are actively managed through to successful completion Service provider Comply with the service management policies and procedures Attend service provider compliance management meetings where required by SIAM Put in place and manage remedial action plans to resolve non-compliance Work with the SIAM, the client and other service providers to assist with any service provider engagement and noncompliance issues Key metrics Key metrics Key metrics Number of occasions that service management policies and procedures require amendment as a result of external factors such as new legal/regulatory requirements 34

35 4.4 Solution assurance The objective of solution assurance is to assure the client that the service being provided is the optimum solution to the business requirements Outcomes Affirmation by the client that the business requirements remain complete and correct Affirmation by SIAM and service provider that the service being provided is the most cost-effective way to meet the business requirements Customer / service consumer Periodically reexamine the business requirements and confirm that they are complete and correct. Identify any changes and evaluate whether these changes are sufficient to require a change request to be raised SIAM (Outsourced or retained) Examine options for alternatives to existing service provision and propose them to the client Use service knowledge repository during RFP/RFI processes to validate both client requirements and service provider responses Service provider Propose options for alternative service provision to SIAM Key metrics Key metrics Key metrics 35

36 Layer 5 Risk and security management The risk and security management layer aligns risk and security requirements with client standards to ensure effective risk mitigation across all service providers and service management operations. It creates security & risk policies, standards and procedures and manages any information security requirements of the end-to-end service The functions in this layer are: 1. Incident & event monitoring 2. Security assurance and accreditation 3. Risk management 36

37 5.1 Incident & event monitoring Provides the event and incident monitoring service including incident identification, logging, tracking, investigation and resolution Outcomes Ensures that security events and incidents are detected, logged, contained and managed through to resolution Provides help and advice on all security matters Example: An incident is an event which causes disruption to client or customer service which has financial or reputational consequences such as the loss of an entire web-based service Example: The loss of of a single server in a cluster which reduces transaction throughput but does not disable the service Customer / service consumer Review service improvements provided by SIAM Approve service improvements where required SIAM (Outsourced or retained) Ensure events identified as potential security incidents are adequately investigated by the relevant service provider and recorded and tracked as a security incident In all cases ensure where a risk is identified the service providers take remedial action as necessary and agreed with the client - including where appropriate co-ordinating the activities of the service providers involved Provide a security incident reporting, investigation and management service supported by appropriate contact facilities and tooling and communicate the process to all stakeholders Receive and record all security events, incidents and breaches of security policies, security standards and security procedures reported in accordance with the security incident guide Ensure that data on incidents is sufficiently comprehensive, granular, accessible and can be readily interrogated to inform decisions on controls Ensure that any security incident that constitutes a risk to the client is fed into the risk management process Take the necessary steps to contain the incident and conduct an investigation to establish its nature and take all necessary action to resolve the incident Undertake trend analysis to inform future training and the need for bulletins Continuously monitor the client's employees and agents' use of the Internet, taking into account any relevant information from service providers Service provider Report promptly on all incidents Key metrics Key metrics Key metrics Number of events identified and resolved without disruption to client or customers 37

38 5.2 Security analysis & accreditation End-to-end assurance and accreditation including security audit, vulnerability identification, assessment and management, security risk and compliance management Example: As part of the RFP process ensure that prospective suppliers meet the client s security requirements Outcomes Ensures that security policies, security standards and procedures are continually aligned to relevant policies and standards and are up to date at all times Ensures all service providers and the client s staff are aware of their responsibilities in respect of information security Ensures the client s projects are assessed and have appropriate security accreditation Ensures security risks are known, minimised and managed accordingly Assures and ensures service providers compliance to security policies, security standards and security procedures Defines a client security strategy that has security control at the correct levels and layers Customer / service consumer SIAM (Outsourced or retained) Service provider Review the security policies, security standards and security procedures and provide comments to SIAM Approve any changes to the security policies, security standards and security procedures Provide all necessary Project information and assistance required by SIAM to support the security accreditation process Review and comment on security risk assessments and reports provided by SIAM Ensure risk owners are identified for all security risks raised by SIAM Provide all necessary business information and assistance required by SIAM to support the security audit process and schedule Review and comment on the annual statement of control and vulnerability provided by SIAM Give security awareness sessions and workshops organised by SIAM where required Create, maintain and communicate the client's security policies, security standards and procedures as required Review security policies, security standards and procedures at least annually in light of evolving standards, the client s related strategies, service provider views and Industry best practice Identify, recommend and impact and communicate changes required to security policies, security standards and procedures and update accordingly when agreed with the client Define, manage and communicate the end-to-end security accreditation process Perform security risk assessments and produce ecurity risk reports for all projects undergoing accreditation using standard risk assessment methodology Pro-actively monitor and progress completion of all required accreditation documentation and resolution of Security issues, including reporting and escalation to the client as required Monitor, investigate and assess the cumulative effect on the client's business of all security risks reported from agreed sources, on the client s estate Provide risk assessments on all requests by service providers to off-shore activities that could breach the client's policies Adhere to the security policies, security standards and security procedures Review the security policies, security standards and security procedures and provide comments to SIAM Provide all necessary information and assistance required by SIAM to support the security accreditation process Put in place and actively manage remedial actions to resolve any issues discovered in the accreditation assessment Actively monitor and minimise security risks known to the service provider or highlighted to the service provider by SIAM Assist SIAM in security audits by providing all necessary information, data and resources Put in place and actively manage remedial actions to resolve any issues discovered by SIAM Attend security awareness sessions 38 and workshops organised by SIAM

39 5.2 Security analysis & accreditation (contd) Customer / service consumer SIAM (Outsourced or retained) Monitor service provider compliance with the client s security policies, standards and processes and advise service providers of the action required to resolve any noncompliance and monitor progress toward completion of the recommendations within a timeframe agreed with the client Develop and maintain a programme of security audits to provide appropriate assurance of service providers compliance with the client s security policies, standards and processes Produce an annual statement of control and vulnerability incorporating information gathered throughout the year from the sources monitored Service provider Key metrics Key metrics Key metrics 39

40 5.3 Risk management The objective of risk management is to identify risks to service delivery and ensure that those risks are analysed and then accepted or mitigated in a timely manner Outcomes Ensures that risks to service delivery, or caused by service delivery, are identified Subsequently, ensures that risks are analysed in a consistent manner, escalated to appropriate decision makers and that an audit trail of any actions taken to mitigate risks is maintained Example: Risk of disruption to service caused by loss of premises (mitigated by BCP) Customer / service consumer Approve any risk acceptance Approve any risk mitigation / reduction/ avoidance actions Agree any prioritisation of the risk acceptance / mitigation analysis Proactively contribute to risk identification SIAM (Outsourced or retained) Draft and maintain a risk management methodology and governance structure in consultation with service providers and clients Create and maintain a risk log Monitor the risk log and conduct regular reviews of risks at the appropriate decisionmaking level Escalate any risks that become issues for appropriate resolution Regularly review the risk log and ensure that agreed risk mitigation, risk reduction and risk avoidance measures are being implemented and remain valid Regularly review accepted risks ad validate that the acceptance strategy remains valid Develop and implement incentives for client, SIAM and service providers to contribute to and improve the risk management process Service provider Proactively contribute to risk identification Approve any risk acceptance Approve any risk mitigation / reduction/ avoidance actions Agree any tiering of the risk acceptance / mitigation analysis Key metrics Key metrics Key metrics Number of risks that become issues Rate of financial loss, reputational damage, service failure which was not identified as a risk Audit rating of implementation of lines of defence (first line, second line etc) risk management process across service provider and client 40

41 Layer 6 Service planning, transition and change management The service planning, transition and change management layer manages the planning, delivery and transition of projects from project teams into delivery by ensuring projects deliver services which are operable, economically sustainable and maintainable and which are aligned to clients requirements. The layer also manages changes in production services Service transition feeds into the core SIAM layer in terms of service provider, procurement & contract management by onboarding and exiting service providers and transitioning the delivery of services between service providers either in an aggregated or direct SIAM model The process of on-boarding and off-boarding service providers is complex. It requires detailed knowledge of the SIAM model, the business operations of the client and a focus on maintaining uninterrupted business operations 1. New service provider onboarding 2. Service provider exit 3. Service transition planning & execution 4. Project management 5. Transformation delivery & cost reduction 6. Release and deployment management* 41

42 6.1 New service provider onboarding The objective of service provider onboarding is to complete the preconditions for delivery of services by providers under the SIAM umbrella Service providers only require onboarding once but can supply services to multiple clients Outcomes Identification of service providers Negotiation of service contracts and associated service level agreements Creation of technology links between service providers and the client which are necessary for delivery of the services Customer / service consumer Approve choice of service provider Contribute to negotiation of contracts and SLAs Sign contracts and SLAs Create systems and physical access permissions SIAM (Outsourced or retained) Review potential service providers and onboard them to SIAM if they can offer better services Coordinate the production of MSAs, service contracts and SLAs Validate any preconditions imposed by the client on service providers such as staff vetting and IT security standards are met before advising client to go live Regularly review current service providers to validate that they cuontinue to provide cost-effective and innovative services when compared to emerging (potential) providers Service provider Contribute to negotiation of contracts and SLAs Sign contracts and SLAs Key metrics Key metrics Key metrics Time taken to negotiate contracts once client agrees service provider s service proposal Time taken between client agreement to service proposal and commencement of service delivery 42

43 6.2 Service provider exit The objective of service provider exit are: (In an aggregated model) to close interfaces between all clients and the service provider Outcomes Service providers are paid for services provided and any agreed transitional costs IT links required for service provision are closed Software licenses and other IP revert to the owner (In a direct model) to close interfaces between the client and the service provider to ensure that any intellectual property used in service provision reverts to its owner to ensure that both clients and service providers meet obligations arising from the service agreement / contract until the point of exit Customer / service consumer Close relevant IT interfaces Pay service provider s approved invoices Remove systems and physical security access permissions SIAM (Outsourced or retained) Ensure that transitional provisions in contracts /SLAs are fulfilled by both client and service provider Service provider Close relevant system connections Raise accurate closing invoices for service provision and transitional costs Transfer staff, if required, to new service provider Key metrics Key metrics Key metrics Number of exit / transition issues raised to relationship management (layer 1.6) 43

44 6.3 Service transition planning & execution Plan and execute service transition (either between service providers or into production by existing provider) with impact analysis, recovery/back up and back out plans Example: the detailed planning and handover of processing from a client s onshore facilities to an offshore service provider Outcomes Owns and ensures the smooth and effective transition of projects into the live environment including the handover to the client s live operations Provides oversight, leadership and integration of transition activities across all stakeholders Manages the planning, design, delivery and support of operational environments used by projects for transition and production processing Provides knowledge based assessment of transition and operational costs, issues and risks for input at all stages of the project lifecycle Ensures incidents and service disruption are minimised when projects go live Customer / service consumer Review and approve the plan to deliver service transition Maintain the overall project plan that will incorporate the service delivery transition plan Participate in post implementation reviews Approve the costs and provide sign-off criteria Confirm authority to proceed with project go-live SIAM (Outsourced or retained) Define and maintain the service transition planning and support policies and procedures Communicate the service transition planning and support policies and procedures to the service providers and the client Engage with service providers and the client project staff throughout the transition process Produce and maintain a delivery plan Provide status updates on progress towards the delivery of the service transition plan Consolidate the service providers delivery plans into the transition delivery plan and manage the delivery plans Engage with service providers to review transition requirements and produce the transition approach Manage the consolidated project transition plan and confirm all activities and products are in place for the operational readiness review Manage the handover from the SIAM project team to the client and service provider s operational teams Service provider Review and approve the plan to deliver service transition Complete all activities in the service transition delivery plan that are assigned to the service provider Key metrics Key metrics Key metrics Less than x% of incidents reported in the first 3 months following go-live that are directly attributable to non-functional requirement failures Baselined transition delivery plans established within x weeks of initial engagement for x% of projects 44

45 6.4 Project management Methodologies to ensure robust, risk mitigated management of service transitions from development into live environments Example: PRINCE2, PMBOK, AGILE Outcomes Manages the planning and delivery of projects from project teams and operators to live operations Ensures and demonstrates that Project plans and milestones within those plans are met Ensures project risks are effectively and efficiently managed Ensures accuracy in the estimates made in the number of days specified on project service requests and therefore manages costs Demonstrates reductions in costs to the clients through increased re-use of resources Demonstrates a reduction in the number of projects that are implemented with non-standard services/components Customer / service consumer Identify projects for project engagement and provide the project assignment brief for review and comment by SIAM Ensure commercial cover is provided for the project Review and agree the project assignment brief response including the estimates Provide input to the post implementation report and sign-off Provide the client project list to SIAM SIAM (Outsourced or retained) Ensure suitable resources are allocated as part of the engagement process Review and confirm acceptance of the project assignment brief and provide a response to the project assignment brief Ensure all activities required that are detailed in the project assignment brief are completed according to the agreed schedule Agree a plan for producing an early engagement report Participate in post-project reviews Produce the post-implementation report and gain agreement from service providers and the client Ensure projects have allocated resources to manage and create an architectural design for each of the environments/components specified in the environment design and delivery strategy Produce the environment design and delivery strategy Produce, deliver and obtain sign-off of the architectural design Review service providers proposals and collate a costed proposal for each environment/component specified in the environment design and delivery strategy Throughout the process, provide status reporting to the client on progress against delivery plans Ensure alignment of service management designs to the client s service models and standards Service provider Support SIAM in understanding the project requirements and assist in the production of the project assignment brief response Execute all activities required that are detailed in the project assignment brief response Review requirements and contribute to the environment design, delivery strategy and architectural design Produce costed proposals Support SIAM in the review of the environment sign-off criteria and provide comments to the client Provide detailed delivery plans Perform all service providers activities in the plan and participate in the go live decision Provide input to the post-implementation report Key metrics Key metrics Key metrics Baselined project delivery plans established within x weeks of initial engagement for x% of Projects. No more than x% of projects implemented with non-standard technology Reduce the average time taken by projects between technical review and operational readiness review by x% year-on-year At least x% of project milestone deliveries are met in accordance with agreed delivery plans 45

46 6.5 Transformation delivery & cost reduction Ensures transformation delivery and cost reduction are prioritised and that related projects are driven through Outcomes Cost reductions from transformation and agility are driven through Service providers are continually incentivised to reduce cost throughout contract life Delivery of cost reduction is achieved by processes which are quality-assured Continually looks to new processes, systems or technology that can optimise cost of service delivery Customer / service consumer Ensures transformation delivers cost optimisation Ensures that new services are requested based on most optimal cost basis for each requirement Allows transformation initiatives for existing service providers SIAM (Outsourced or retained) Develop, maintain and communicate the transformation delivery & cost optimisation milestone plan Monitor & review progress against plan & report cost savings/optimisation Continue to drive cost optimisation through new service requests or changes Challenge service delivery costs: process, system or technology savings opportunities Drive cost reduction, continuous quality improvement throughout contract life using LEAN or other standard methodologies Service provider Provide service providers transformation delivery & cost optimisation plans Drive transformation of service provision to delivery cost reduction, higher quality and greater flexibility Proactively contribute to cost saving opportunities Key metrics Key metrics Key metrics Cost saving/optimisation x% through transformation milestone delivery plan & year-on-year cost reduction x% Cost saving/optimisation delivery % Completion of transformation plan milestones % Year-on-year cost reduction 46

47 Layer 7 Service validation & testing Service validation and testing provides confidence and assurance to the client that a project will deliver the expected outcomes by ensuring that the service is fit for purpose. Service validation and testing consists of the following functions: 1. Test planning, design, integration and execution 2. Service evaluation 47

48 7.1 Test planning, design, integration and execution Ensures that new service testing is planned and ensures that all the service providers components are integrated to provide the client with stable, maintainable end-to-end service Outcomes Manage and ensure integration of the testing of projects including operations acceptance test (OAT) and service management acceptance test (SMAT) o Operational Acceptance Testing (OAT) is used to test readiness (pre-release) of a product, service or system. OAT may include checking the backup/restore facilities, IT disaster recovery procedures, maintenance tasks and software security. SMAT includes tests on staff training, process handoffs and transaction cycle times Manage the planning, design, delivery and support of operational environments used by projects for testing Customer / service consumer SIAM (Outsourced or retained) Service provider Provide project documentation and entry criteria to SIAM and service provider to enable them to plan operational acceptance testing (OAT) or service management acceptance testing (SMAT) phases including the project test strategy Review and agree the consolidated OAT/SMAT strategies and plans Review and comment on progress reports provided by SIAM Review and sign-off the OAT/ SMAT test completion reports Review the client project documentation appropriate to OAT and SMAT and provide consolidated service provider and service integrators comments to the client Review, optimise and consolidate service provider OAT and SMAT strategies and plans Validate and verify the test plans and designs for completeness, including all potential interfaces Manage the OAT and SMAT test schedule and plan and provide progress updates to the client against the plan Produce consolidated OAT and SMAT test completion reports Manage the design and completion all end-to-end integration testing Provide a consolidated and integrated test report for all testing activities Review the client project documentation appropriate to OAT and SMAT and provide comments to SIAM Provide OAT and SMAT strategies and plans to SIAM for review Perform allocated service provider activities on the consolidated OAT and SMAT plans Provide service provider OAT and SMAT test completion reports to SIAM and review and sign-off the consolidated OAT and SMAT test completion reports Review transition requirements and contribute to the transition approach Provide assurance about service provider deliverables and transition activity to SIAM prior to the operational readiness review Key metrics Key metrics Key metrics x% of integrated test plans completed by their due date 48

49 7.2 Service evaluation Evaluates the intended effects of a service change provides information about whether a change should be approved or not Outcomes Evaluate the impact and anticipated benefits (including performance) of proposed changes Provides assurance and recommendations to the client on the quality of changes and whether they are fit for purpose Example: Regulatory change Example: Supplier mandatory update to software Customer / service consumer Consider recommendations from SIAM prior to approval of the changes SIAM (Outsourced or retained) Plan the evaluation of the change Perform risk assessments based on the client s specifications Develop the performance model in order to undertake effective evaluation Provide an assessment to the client of predicted end-to-end performance and the likely risks Report on end-to-end performance following the change and provide an assessment to the client of the actual performance against predicted performance Make recommendation to client Service provider Provide all relevant information required by SIAM to enable its evaluation of changes Key metrics Key metrics Key metrics x% of assessment reports produced on time x% of assessment reports predicted end-to-end performance within x% of actual performance 49

50 Organisation design for SIAM Service Integration & Management (SIAM) Framework experience. the difference. TORI Global toriglobal.com UK 5th Floor 33 Cavendish Square London W1G 0PW t: +44 (0) f: +44 (0) USA 12th Floor 44 Wall Street New York, NY t: f:

51 Business Architecture Technical Architecture policies Standards Organisation design Client minimum organisation Strategy, direction and governance Architecture Ethics Strategic Policies and standards Governance SIAM functions Service integration management Cross-supplier orchestration Cross-supplier service management Can be outsourced or retained by clients Operational Governance Customers Products Channels Function Function Function Function Function Strategy, Architecture and Policy Service Management DEMAND INTEGRATE CORE SIAM Cross-supplier service management Layer 1 Core SIAM functions Layer 2 Service desk Layer 3 Service knowledge management Layer 4 Service provider & solution assurance Layer 5 Risk & security management Layer 6 Service planning, transition and change management SIAM functions Layer 7- Service validation and testing MANAGE Service Level Agreements (SLAs) SIAM organisations have three main areas: 1. Client retained 2. SIAM 3. Service towers with a fourth key component provided by the governance structure. Governance being the activities that are necessary to manage the client/supplier relationship, including the management of service level agreements, performance reporting, billing, and issue resolution. Vendor 1: Operations Service towers Services supplied by multiple vendors including TORI Managed under SLAs Vendor 2: KYC/AML utility Vendor 3: Application Development Vendor 4: IT Infrastructure Vendor 5: Reconciliations 51

52 Organisation design for SIAM Shared service/bpo governance is about making decisions and assigning accountability for agreed outcomes. It comprises a set of processes and structures that are designed to address management concerns such as: Governance relating to the shared services Measuring and improving shared services performance Cascading shared service strategy and goals through the organisation Providing resources to implement and improve the use of shared services Governance relating to user organisation Aligning the shared service capability with the business strategy Ensuring the shared service capability is adopted and fully used throughout the organisation Evolving the retained function to operate in a shared services environment An effective governance structure can be designed using the following principles: Decision making responsibilities should be clearly articulated and confined to the formal governance structure Appoint recognized leaders to the governance team. Governance bodies need membership from the business and shared services/bpo communities with a mandate to represent their constituents Implement a clear communication approach. It s critical that mechanisms exist to collect information and disseminate decisions throughout the organisation The shared service/bpo governance structure should reinforce the roles and responsibilities of the business function and the shared services capability Inputs Strategy Operating model HR policy & processes Headcount targets Culture vision & values Business imperatives Location strategy Organisation: Design & populate Design Structure Job descriptions Competence / skills Resourcing Location Affordability Governance Populate Matching Selecting in /out Recruitment Redeployment Communications & stakeholder management Employee relations Organisational effectiveness Operating model implementation Leadership development Competency development / learning Business as usual Performance management 52

53 Governance design for SIAM Key components include a governance board consisting of: Senior client representatives Heads of profession for the key functions in the shared services Senior representatives from the services operation This governance board receives inputs from client forums and the services operations management team. The board has responsibility and oversight of the services capability and will: Set the policy for shared services/bpo Champion convergence of services requirements Determine the performance management regime to be applied and ensure links to broader performance management mechanisms Moderate and approve plans, priorities and funding Monitor delivery of services objectives Approve framework commercial agreements Address and resolve services issues which threaten to limit achievement of overall objectives Consider and approve actions required to deliver on services objectives Governance body Governance board Membership Chair Service director Client director(s) Meeting frequency Quarterly Client group meetings Service & client forum Service managers Client representatives Client business partners Functional specialists Account managers Organisation s meet to review performance Operational managemen t team Service managers Service management team Weekly 53

54 Service management design for SIAM Service management is about building relationships with key customers and stakeholders and then ensuring that the services of the shared service operation deliver to their needs. At the highest level service management exists to meet regularly with customers to share objectives, review past performance and set expectations for future activity. A successful service management team will continually check the alignment of the services from the shared service centre with the goals and objectives of the customer groups Service management is usually made up of the following key activities: Quality control to monitor standard processes and outputs on a day by day basis Performance measurement to track volumes and adherence to service key performance indicators within cost parameters Process improvement teams to manage change requests and to act to correct service non-compliance in a timely manner Service level agreement (SLA) management to set up suitable SLAs that define the responsibilities between service provider and customer Performance reporting of key performance indicators (KPIs) and balanced scorecards on a regular (normally monthly) basis to inform the dialog between the service provider and the customer Client satisfaction feedback surveys to measure baseline satisfaction with services on a regular basis (normally a sample approach across different customer sectors) Governance boards, which meet on a quarterly or half-yearly basis to review overall performance and prioritize new services for rollout, improvements to be scheduled or investments to be made 54

55 Service management design for SIAM (contd) Quality control Standardised processes Control check points Service lines Service terms Service improvement plans Employee feedback Performance measurement Volume indicators KPIs Cost analysis Target service levels Two-service level agreement Overview of services and key inputs Service levels Performance reporting Overall commentary KPIs Appendices Governance boards Clients and nominated board members Process improvement Management of nonconformance Change request management Performance feedback Client feedback Client feedback survey Client satisfaction 55

56 Service management design for SIAM (contd) If service management is deployed correctly, it will help drive: A customer-focused service culture An efficient mechanism through which performance against agreed-upon service levels can be managed and non-performance escalated, as necessary A focus on service performance and a continuous improvement mindset A regular supply of data and analysis to ensure that the governance of the shared service arrangements is conducted in an informed, evidence-based manner There is no clear cut rule for how service management organisations are usually structured, but it s common to find four main teams reporting into an overall service management director Service Governance Team Responsible for managing key strategic relationships with customers and conducting account planning and contract management discussions. This is essentially a small support team for the service management director, which will normally represent the shared service organisation at governance board meetings Service Management Team Responsible for day to day incidence management, service reporting, capacity planning and non-compliance interventions. This team will also prepare monthly/quarterly reporting packs and participate in service review meetings. This team manages customer satisfaction surveys Service Development Team Responsible for scheduling continuous improvement activities, service upgrades and new service implementation management. This team is usually responsible for managing operational risk management and quality audit and compliance activities Financial Management Team Responsible for operational budgeting, management of any cross charging or client billing arrangements and the tracking of project finances 56

57 Service management design for SIAM (contd) People and Culture SLAs increase clarity around services and service standards. The use of SLAs requires service centre teams to focus on developing and maintaining the skills, behaviours and knowledge that drive outstanding service. In the case of an internal shared service centre there is usually a significant attitude change required of staff moving from traditional back-office functions into a shared service or a front office service delivery role In shaping and developing the culture, the shared service centre management team needs to consider the following: Being clear about the values of the organisation and how these link to expected behaviours The way that people are appointed, managed and developed is driven by the values of the organisation Hiring decisions made on the basis of attitude as well as technical skills Promotion and succession planning based as much on how an individual gets work done (their behaviours and demonstrated values) as on their ability to deliver results Performance appraisal and reward to identify and reward those who go the extra mile to deliver customer service or those who work with their teams to bring everyone to the same performance level. The performance management process also creates consequences for poor performers who are made aware of improvement requirements Training and development offerings clearly linked to developing the behaviours and skills required to drive customer service for each role Planning The work on the OD will differ, depending on where an organisation is in the lifecycle. Organisational design isn t a one-off exercise. It should be developed and updated iteratively throughout the lifecycle of a services/bpo programme. 57

58 Appendices Service Integration & Management (SIAM) Framework experience. the difference. TORI Global toriglobal.com UK 5th Floor 33 Cavendish Square London W1G 0PW t: +44 (0) f: +44 (0) USA 12th Floor 44 Wall Street New York, NY t: f:

59 1. Defining the business objectives A successful managed services strategy can achieve a range of objectives including increasing revenue, taking advantage of new business opportunities, improving quality/control, gaining access to new skills and reducing costs. TORI assists organisations with developing an effective and actionable sourcing strategy that defines who will fulfil the Business Objectives and how. Defining SMART objectives and a set of outsourcing principles Feasibility study development Development of the Sourcing strategy Target Operating Model design Development of a high level implementation approach Business case development 59

60 2. Sourcing TORI brings a wealth of experience in the global sourcing and provision of vendor services. Defining the solution requirements Location evaluation & selection Identification of potential providers Designing and running RFIs and RFPs Vendor due diligence and selection Contract negotiation 60

61 3. Implementation Managing the transition to an outsourced model is a complex and demanding process that, unless handled well, will have an adverse impact on the delivery of business operations. TORI offers dedicated expertise, project management and industry best practices to ensure a smooth and seamless implementation. Programme design and implementation Programme governance and PMO Resourcing the project team (including interim management) Physical infrastructure set-up (e.g. desktop, voice, network, data centre) Technology implementation (e.g. Robotic Process Automation) and change management 61

62 4. Service integration and management (SIAM) SIAM offers the following key benefits: 1. Consistency of governance across outsourced suppliers 2. Ensuring that operational issues do not fall between the cracks 3. Better access to Tier 1 pricing through fungibility of supply Organisations have, in recent years, increased their reliance on third party service providers for a combination of business and technology services. These providers can significantly impact the business performance of an organisation. TORI advises organisations looking to reap the benefits of integrated service management by implementing a SIAM model in-house or an outsourced basis. SIAM is not a process, it is a capability and set of practices that seeks to combine the benefits of multi-sourcing of services with the simplicity of single sourcing whilst retaining direct accountability between service provider and client. An effective end-to-end SIAM solution can efficiently and seamlessly support organisations in managing their vendors ensuring quality and compliance, mitigating risks, controlling costs, and driving process excellence. SIAM includes: Service catalogue development Service/Operating Level Agreements Key Performance and Risk Indicators Tooling and reporting Service governance Service Desk design Performance reporting Vendor management Operations health check Identification and development of continuous process improvement opportunities 62