Improving the RFP and Contracts Process With COBIT 5
|
|
- Barnaby Paul
- 6 years ago
- Views:
Transcription
1 DISCUSS THIS ARTICLE Improving the RFP and Contracts Process With COBIT 5 By Przemek Tomczak, CISA, CA, CPA COBIT Focus 22 September 2014 English Spanish Russian Changing IT service providers is never a simple undertaking. It is even more challenging when the organization making the change is responsible for processing meter reads and supporting the billing of more than four million customers on time-of-use rates. Such complexity necessitated a framework to help guide the search and contract process so the organization, in this case, turned to COBIT 5 The Independent Electricity System Operator (IESO) balances the supply of and demand for electricity in Ontario (Canada) and then directs its flow across the province s transmission lines. Working at the heart of Ontario's power system, the IESO connects all participants generators that produce electricity, transmitters that send it across the province, retailers that buy and sell it, industries and businesses that use it in large quantities, and local distribution companies that deliver it to people's homes. The IESO is also the Smart Metering Entity responsible for Ontario s smart Meter Data Management and Repository (MDM/R). The MDM/R is the world s first and largest smart meter management and processing shared service, supporting the meter-to-billing operations of more than 70 utilities. This critical, around-the-clock operation handles more than 100 million transactions per day and supports the billing of more than four million customers on time-ofuse rates. The IESO used COBIT 5 for the procurement of IT services, helping to accelerate the procurement process and improve the contract and how it is managed. The Challenge of Changing Service Providers As the contract with the existing service provider for operating the MDM/R system and infrastructure was nearing its end, the IESO undertook an open competitive procurement process to select a vendor to operate this critical, complex service under very demanding service levels. The operation of this service involves: Processing more than 100 million interval meter reads in a few hours each day Processing between 200,000 to 350,000 billing requests per day Processing more than 40,000 requests for consumption information per hour Delivering more than 2,300 reports per day Supporting five different Advanced Metering Infrastructure technologies and more than six different customer information billing systems Supporting 72 utilities with extensive stakeholder and governance requirements External audits of MDM/R functions and processes 1 P a g e
2 To ensure that the existing MDM/R system transitioned to the successful respondent prior to the expiration of the current contract, the IESO needed to complete the competitive procurement and contracting process within a very tight time frame. As part of the procurement process, it was necessary to specify the IESO s requirements related to activities, roles, responsibilities and deliverables for operating the MDM/R to potential service providers. Improving the RFP Process The IESO looked at possible frameworks that could help it define requirements for operating the MDM/R for inclusion in a request for proposal (RFP). The framework had to include comprehensive coverage of all processes for governing and managing an integrated IT service. To satisfy this requirement, the IESO selected COBIT 5 for inclusion in the RFP. The COBIT framework was used to specify the roles, responsibilities, deliverables and expected capability levels for each IT process. Most important, it specified the terms for both the IESO and vendors to clarify roles and avoid misinterpretation, using the COBIT 5 Responsible, Accountable, Consulted and Informed () matrix (see the example in figure 1). The IESO evaluated vendor responses to the RFP, including their demonstrated ability to meet the stated process requirements for governing and managing the operation of the MDM/R. In finalizing the contract with the chosen RFP respondent, the vendor s scope of service, obligations, responsibilities and deliverables for each process in the COBIT framework were clarified and embedded in the contract. Although this exercise involved a significant amount of effort from both the vendors and IESO s teams, it helped ensure that both parties used a common, industry-recognized language for IT processes and practices. Defining the New Contract Terms This example illustrates how the objectives, activities, deliverables and responsibilities were defined for the BAI06 Manage changes process for the RFP and the IESO contract. The chart was used to develop a suggested assignment of level of responsibility for process practices to different roles and structures: R(esponsible) Who is getting the task done? A(ccountable) Who accounts for the success of the task? C(onsulted) Who is providing input? I(nformed) Who is receiving information? BAI06 Process Description All managed in a controlled manner, including standard changes and emergency maintenance relating to business processes, applications and infrastructure. This includes change standards and procedures, impact assessment, prioritization and authorization, emergency changes, tracking, reporting, closure, and documentation. Changes can be identified at any time during the project or operational phase. BAI06 Process Purpose Fast and reliable delivery of change to the business and mitigation of the risk of negatively impacting the stability or integrity of the changed environment are enabled. BAI06 Short-term Desired Capability Level By the end of the transition phase, the business will have reached a level 3, established process (two attributes), capability level. 1 The managed process is implemented using a defined process that is capable of achieving its process outcomes. 2 P a g e
3 IESO BAI06 Long-term Desired Capability Level By three years following the transition phase, the business will have reached level 4, predictable process (two attributes), capability level. The previously described established process now operates within defined limits to achieve its process outcomes. BAI06.01 Evaluate, prioritize and authorize change requests Evaluate all requests for change to determine the impact on business processes and IT services, and to assess whether change will adversely affect the operational environment and introduce unacceptable risk. Ensure that changes are logged, prioritized, categorized, assessed, authorized, planned and scheduled. 1. Use formal change 1. Impact requests to enable business process owners and IT to request changes to business process, infrastructure, systems or applications. Make sure that all such changes arise only through the change request management process. 2. Categorize all requested changes (e.g., business process, infrastructure, operating systems, networks, application systems, purchased/packaged application software) and relate affected configuration items. 3. Prioritize all requested changes based on the business and technical requirements, resources required, and the legal, regulatory and contractual reasons for the requested change. 4. Plan and evaluate all requests in a structured fashion. Include an impact analysis on business process, infrastructure, systems and applications, business continuity plans (BCPs) and service providers to ensure that all affected assessments 2. Approved requests for change 3. Change plan and schedule Y R A The vendor and IESO agree on a change management procedure Y that complies with the MDM/R Terms of Service and MDM/R Change Management Manual. Y The vendor will provide a summary of Informed changes (Business-As- Usual [BAU]) into the IESO service-desk tool. Business-as-usual items are vendor work going on behind the scenes to underlying infrastructure that are reported weekly as a single line item to the IESO with available details. 3 P a g e
4 IESO components have been identified. Assess the likelihood of adversely affecting the operational environment and the risk of implementing the change. Consider security, legal, contractual and compliance implications of the requested change. Consider also interdependencies among changes. Involve business process owners in the assessment process, as appropriate. 5. Formally approve each change by business process owners, service managers and IT technical stakeholders, as appropriate. Changes that are low-risk and relatively frequent should be pre-approved as standard changes. 6. Plan and schedule all approved changes. 7. Consider the impact of contracted service providers (e.g., of outsourced business processing, infrastructure, application development and shared services) on the change management process, including integration of organizational change management processes with change management processes of service providers and the impact on 4 P a g e
5 IESO contractual terms and SLAs. BAI06.02 Manage emergency changes BAI06.03 Track and report change Carefully manage emergency changes to minimize further incidents and make sure the change is controlled and takes place securely. Verify that emergency appropriately assessed and authorized after the change. Maintain a tracking and reporting system to 1. Categorize change requests in the tracking process (e.g., rejected; approved, but not yet 1. Ensure that a 1. Post- documented procedure exists to declare, assess, give preliminary approval, authorize after a change and record an emergency change. 2. Verify that all emergency access arrangements for appropriately authorized, documented and revoked after the change has been applied. 3. Monitor all emergency changes, and conduct postimplementation reviews involving all concerned parties. The review should consider and initiate corrective actions based on root causes such as problems with business process, application system development and maintenance, development and test environments, documentation and manuals, and data integrity. 4. Define what constitutes an emergency change. implementation review of emergency changes 1. Change request status reports (may be provided through Service Y R A The vendor and the IESO agree on a change management procedure that complies with the MDM/R Terms of Service, MDM/R Change Management Manual and requirements outlined in this document. Y R RA The IESO will make available the Service Desk tool for tracking changes to the MDM/R for use by 5 P a g e
6 IESO status document rejected changes, communicate the status of approved and in-process changes, and complete changes. Make certain that approved implemented as planned. initiated; approved and in process; closed). 2. Implement change status reports with performance metrics to enable management review and monitoring of both the detailed status of changes and the overall state (e.g., aged analysis of change requests). Ensure that status reports form an audit trail so changes can subsequently be tracked from inception to eventual disposition. 3. Monitor open changes to ensure that all approved closed in a timely fashion, depending on priority. 4. Maintain a tracking and reporting system for all change requests. Now tool) the vendor and the IESO. BAI06.04 Close and document the changes Whenever implemented, update the solution and user documentation and the procedures affected by the change accordingly. 1. Include changes to documentation (e.g., business and IT operational procedures, business continuity and disaster recovery documentation, configuration information, application documentation, help screens, and training materials) within the change management procedure as an integral part of the change. 2. Define an appropriate retention period for change documentation and pre- and postchange system and user documentation. 3. Subject documentation 1. Change documentation Y R RA 6 P a g e
7 IESO to the same level of review as the actual change. Conclusion The COBIT framework helped the IESO to significantly improve clarity for defining process requirements and vendor obligations as it was a recognized framework, reducing the risk of misunderstanding or misinterpretation. The entire process, from having the RFP issued, responses evaluated and contract signed with the successful respondent, was completed in five months. The framework also allowed the IESO to develop a transition strategy for the maturing of processes over the term of the contract. COBIT 5 continues to be used by the IESO and the vendor in the governance and oversight of the MDM/R. COBIT has been a very useful tool in facilitating the agreement between the IESO and its vendor on a governance model and responsibilities, identifying and managing risk, and establishing targets for continuous improvement. Przemek Tomczak, CISA, CA, CPA Is the director of smart metering at Ontario s Independent Electricity System Operator (IESO), overseeing the operations of the world s first and largest smart meter management and processing shared service, supporting the meter-to-billing operations of Ontario s local distribution companies. Prior to his current role, he led the IESO s internal audit and risk management functions. Tomczak has extensive IT and business leadership experience, delivering program and transformation, consulting, outsourcing, and risk management initiatives. He has also held senior positions with Protiviti Consulting, Capgemini, Accenture, EMC and PricewaterhouseCoopers. Endnotes 1 Capability level definitions are based on those used in the COBIT Assessment Programme Process Assessment Model (PAM), based on ISO/IEC part 2, which defines the measurement framework attributes at these levels. 7 P a g e
PART THREE: Work Plan and IV&V Methodology (RFP 5.3.3)
PART THREE: Work Plan and IV&V Methodology (RFP 5.3.3) 3.1 IV&V Methodology and Work Plan 3.1.1 NTT DATA IV&V Framework We believe that successful IV&V is more than just verification that the processes
More informationIT Management & Governance Tool Assess the importance and effectiveness of your core IT processes
IT & Governance Tool Assess the importance and effectiveness of your core IT processes STRATEGY& GOVERNANCE IT & Governance Framework APPS EDM01 ITRG04 DATA &BI ITRG06 IT Governance Application Portfolio
More informationEXTERNAL REPORT. Smart Metering Entity (SME) MDM/R Report 4 th Quarter October to December. Issue January 29, 2014
REPORT EXTERNAL, Smart Metering Entity (SME) MDM/R Report 4 th Quarter 2013 October to December Issue 2.0 - January 29, 2014 Table of Contents 1. Introduction... 2 1.1 Purpose... 2 1.2 How to Use this
More informationAccessibility of Big (Smart) Data
Accessibility of Big (Smart) Data Sorana Ionescu - Director Smart Metering, IESO EDIST Conference - January 13 th 2016 The Connected Revolution Society continues to move towards ever increasing connectedness.
More informationBest practices for smart meter data management. Gary Michor President and CEO The SPi Group Inc.
Best practices for smart meter data management Gary Michor President and CEO The SPi Group Inc. Agenda Metering today Metering tomorrow Transition to smart meters Issues to think about Solution open standards
More informationProject Management Institute (PMI) Practice Standard for Configuration Management
Project Configuration Management Project Management Institute (PMI) Practice Standard for Configuration Management Project Configuration Management What we will cover: Introduction Relationship with other
More informationReview of Information Systems Development
Name of entity: Year of account Completed/updated by (Initials and date) Reviewed by Assignment Manager (Initials and date) Reviewed by Assignment Director (Initials and date) Purpose This review is in
More informationSOX 404 & IT Controls
SOX 404 & IT Controls IT Control Recommendations For Small and Mid-size companies by Ike Ugochuku, CIA, CISA TLK Enterprise 2006, www.tlkenterprise.com INTRODUCTION Small, medium, and large businesses
More informationE-PROCUREMENT OPERATIONS
E-PROCUREMENT OPERATIONS Post-launch capabilities to ensure your success Introduction: E-procurement operations capabilities that will enable your success Automating the processes your organization uses
More informationSOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER
EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER ARRIVAL OF GDPR IN 2018 The European Union (EU) General Data Protection Regulation (GDPR) that takes effect in 2018 will bring changes for
More informationAgenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)
The Intersection of Enterprise-wide Risk (ERM) and Business Continuity (BCM) Marc Dominus 2005 Protiviti Inc. EOE Agenda Terminology and Process Introductions ERM Process Overview BCM Process Overview
More informationRESPONSIBLE CARE MANAGEMENT SYSTEM TECHNICAL SPECIFICATION
American Chemistry Council RCMS : 2008 TITLE: RESPONSIBLE CARE MANAGEMENT SYSTEM TECHNICAL SPECIFICATION Document Number: Issue Date: February 29, 2008 RESPONSIBLE CARE MANAGEMENT SYSTEM TECHNICAL SPECIFICATION
More informationITIL from brain dump_formatted
ITIL from brain dump_formatted Number: 000-000 Passing Score: 800 Time Limit: 120 min File Version: 1.0 Экзамен A QUESTION 1 Which role is responsible for carrying out the activities of a process? A. Process
More informationThe Case for Outsourcing Accounts Payable
Presented by Lynn Belletti BNY Mellon Transaction Processing Director The & Procure-To-Pay Conference & Expo is produced by: The world is changing. How will you respond to the new pressures of regulatory
More informationAn Overview of the AWS Cloud Adoption Framework
An Overview of the AWS Cloud Adoption Framework Version 2 February 2017 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes
More informationCase Study: Validation Process Efficiency and Cost Reduction Improvements
Published on IVT Network (http://www.ivtnetwork.com) Case Study: Validation Process Efficiency and Cost Reduction Improvements Implementing an efficient, cost effective and innovative Validation Lifecycle
More informationInside of a ring or out, ain t nothing wrong with going down. It s staying down that s wrong. Muhammad Ali
MANAGING OPERATIONAL RISK IN THE 21 ST CENTURY White Paper Series Inside of a ring or out, ain t nothing wrong with going down. It s staying down that s wrong. Muhammad Ali 2 In today s competitive and
More informationBuilding and Maintaining a Business Continuity Program
Building and Maintaining a Business Continuity Program Successful strategies for financial institutions for effective preparation and recovery 1 Building and Maintaining a Business Continuity Program Table
More informationASG s Delivery of BSM Maturity
ASG s Delivery of BSM Maturity ASG Software Solutions (Allen Systems Group) has created a pragmatic focus on how IT customers must deliver both a reliable IT infrastructure ( plumbing ) as well as business
More informationE-vote SSA-V Appendix 2 Contractor Solution Specification Project: E-vote 2011
E-vote 2011 SSA-V Appendix 2 Contractor Solution Specification Project: E-vote 2011 Change log Version Date Author Description/changes 0.1 26.10.09 First version Page 1 CONTENT 1. SERVICE MODEL 3 1.1.
More informationGovernance in a Multi-Supplier Environment
Governance in a Multi-Supplier Environment This paper provides advice and guidance for organisations faced with governing a multi-supplier environment. 1. The Need for Governance ISACA, the global IT governance
More informationComparison of the PCAOB s Auditing Standards No. 5 and No. 2 (Certain key differences are highlighted by underlining)
Comparison of the PCAOB s Auditing Standards No. 5 and No. 2 (Certain key differences are highlighted by underlining) Topic AS No. 5 AS No. 2 Objective of ICFR Audit Planning the ICFR Audit Integration
More informationCMMI-SVC V1.3 CMMI for Services Version 1.3 Quick Reference Guide
processlabs CMMI-SVC V1.3 CMMI for Services Version 1.3 Quick Reference Guide CMMI-SVC V1.3 Process Areas Alphabetically by Process Area Acronym processlabs CAM - Capacity and Availability Management...
More informationIIBA Global Business Analysis Core Standard. A Companion to A Guide to the Business Analysis Body of Knowledge (BABOK Guide) Version 3
IIBA Global Business Analysis Core Standard A Companion to A Guide to the Business Analysis Body of Knowledge (BABOK Guide) Version 3 International Institute of Business Analysis, Toronto, Ontario, Canada.
More informationSTATE OF NORTH CAROLINA
STATE OF NORTH CAROLINA OFFICE OF THE STATE CONTROLLER BEACON HUMAN RESOURCES AND PAYROLL SYSTEM INFORMATION TECHNOLOGY GENERAL CONTROLS JUNE 2012 PERFORMANCE AUDIT OFFICE OF THE STATE AUDITOR BETH A.
More informationIT GOVERNANCE AND MANAGED SERVICES Creating a win-win relationship
IT GOVERNANCE AND MANAGED SERVICES Creating a win-win relationship TABLE OF CONTENTS IT Governance and Managed Services 3 ROLE OF IT GOVERNANCE AND OUTSOURCING 3 IT GOVERNANCE AND THE OUTSOURCING CONTRACT
More informationModel risk management A practical approach for addressing common issues
Model risk management A practical approach for addressing common issues Table of contents An overview of model risk 1 Model governance 2 Modeling standards 3 Model validation 4 Embedding a model risk culture
More informationArticle from: CompAct. April 2013 Issue No. 47
Article from: CompAct April 2013 Issue No. 47 Overview of Programmatic Framework and Key Considerations Key elements Description Items to consider Definition and identification of EUCs The statement that
More informationCMMI-DEV V1.3 CMMI for Development Version 1.3 Quick Reference Guide
processlabs CMMI-DEV V1.3 CMMI for Development Version 1.3 Quick Reference Guide CMMI-DEV V1.3 Process Areas Alphabetically by Process Area Acronym processlabs CAR - Causal Analysis and Resolution...
More informationRisk Management Strategy. Version: V3.0
Risk Management Strategy Version: V3.0 Date: October 2016 Classification: DCC Public Document Control (Document Control Heading) Revision History (Document Control Subtitle) Revision Date Summary of Changes
More informationGetting Started with Risk in ISO 9001:2015
Getting Started with Risk in ISO 9001:2015 Executive Summary The ISO 9001:2015 standard places a great deal of emphasis on using risk to drive processes and make decisions. The old mindset of using corrective
More informationApplying Integrated Assurance Management Scenarios for Governance Capability Assessment
Applying Integrated Assurance Management Scenarios for Governance Capability Assessment János Ivanyos Trusted Business Partners Ltd, Budapest, Hungary, ivanyos@trusted.hu Abstract. The well established
More informationInternal Oversight Division. Audit Report. Audit of the Management of WIPO Customer Services
Internal Oversight Division Reference: IA 2015-07 Audit Report Audit of the Management of WIPO Customer Services December 22, 2015 IA 2015-07 2. TABLE OF CONTENTS LIST OF ACRONYMS... 3 EXECUTIVE SUMMARY...
More informationEXIN ITIL. Exam Name: Exin ITIL Foundation
EXIN ITIL Number: EX0-001 Passing Score: 800 Time Limit: 120 min File Version: 24.5 http://www.gratisexam.com/ Exam Name: Exin ITIL Foundation Exam A QUESTION 1 Which role is responsible for carrying out
More informationManaging Successful Programmes 2011 Glossary of Terms and Definitions
Version 2, November 2011 This glossary: is subject to terms and conditions agreed to by downloading the glossary, uses international English which has been adopted to reflect and facilitate the international
More informationGap analysis for transition from OHSAS to ISO Clauses of ISO Clauses of OHSAS Evidence required
4 Context of the organisation 4.1 Understanding your organization and its context New requirement! Have the OH&S-related internal and external factors and conditions been identified that could affect,
More informationPolicy Outsourcing and Cloud-Based File Sharing
Policy Outsourcing and Cloud-Based File Sharing Version 3.3 Table of Contents Outsourcing and Cloud-Based File Sharing Policy... 2 Outsourcing Cloud-Based File Sharing Management Standard... 2 Overview...
More informationNew Product Due Diligence Regulatory Review Common Deficiencies and Requirements for Written Policies, Procedures and Controls
Rule Notice Guidance Note Dealer Member Rules Please distribute internally to: Corporate Finance Credit Institutional Internal Audit Legal and Compliance Operations Research Retail Senior Management Trading
More informationEffective Date: January, 2007 Last Reviewed Date: September, 2016 Last Revised Date: October, 2016 Next Review Date: April 2018
Section: Finance and Administration Number: 12.20.PP.v7 Subject: Goods and Services Procurement (including consulting services) Policy and Procedure Associated Document Form Number: 12.20.F Effective Date:
More informationISACA. The recognized global leader in IT governance, control, security and assurance
ISACA The recognized global leader in IT governance, control, security and assurance High-level session overview 1. CRISC background information 2. Part I The Big Picture CRISC Background information About
More informationMETUCHEN CAPACITORS INCORPORATED. Quality Manual P.O. BOX HIGHWAY 35, SUITE 2 HOLMDEL NJ USA
METUCHEN CAPACITORS INCORPORATED Quality Manual P.O. BOX 399 2139 HIGHWAY 35, SUITE 2 HOLMDEL NJ 07733 USA Copy Holder Copy Number : 1 This Quality Manual Covers the activities and functions performed
More informationThe Basics of ITIL Help Desk for SMB s
The Basics of ITIL Help Desk for SMB s This three-step process will provide you the information necessary to understand ITIL, help you write your strategic IT plan and develop the implementation plan for
More informationITIL Sample Papers. The Official ITIL Accreditor Sample Examination Papers. Terms of use
ITIL Sample Papers The Official ITIL Accreditor Sample Examination Papers Terms of use Please note that by downloading and/or using this document, you agree to comply with the terms of use outlined below:
More informationREQUEST FOR PROPOSAL
COLORADO HOUSING AND FINANCE AUTHORITY REQUEST FOR PROPOSAL (RFP) COLORADO HOUSING AND FINANCE AUTHORITY 1981 BLAKE STREET DENVER, CO 80202 REQUEST FOR PROPOSAL Technology Assessment POSTED: 11/17/2017
More informationRevision. Quality Manual. Multilayer Prototypes. Compliant to ISO / AS9100 Rev C
1 of 29 Quality Manual Multilayer Prototypes Compliant to ISO 9001-2008 / AS9100 Rev C This Quality Manual sets forth the quality system policies and Defines compliance with the ISO 9001-2008 SAE AS 9100
More informationITIL: Operational Support & Analysis (OSA) (Revision 1.6)
ITIL: Operational Support & Analysis (OSA) (Revision 1.6) Course Overview This program leads to a Certificate in ITIL Service Capability Management - Operational Support and Analysis. The Service Capability
More informationOntario s One-Call-to-Dig System Targeted Stakeholder Outreach - Summary of Discussions
Ministry of Government and Consumer Services Consumer Protection Ontario Public Safety Branch Ontario s One-Call-to-Dig System Targeted Stakeholder Outreach - Summary of Discussions Executive Summary Released
More informationThis resource is associated with the following paper: Assessing the maturity of software testing services using CMMI-SVC: an industrial case study
RESOURCE: MATURITY LEVELS OF THE CUSTOMIZED CMMI-SVC FOR TESTING SERVICES AND THEIR PROCESS AREAS This resource is associated with the following paper: Assessing the maturity of software testing services
More informationAttachment D: Cost Proposal, RFP Section 3.4
ATTACHMENT D: COST PROPOSAL, RFP SECTION 3.4 Instructions: Use this template to comply with Section 3.4, Cost Proposal. Because the requirements of this RFP are part of a portfolio of projects designed
More informationISO Business Continuity Management. Your implementation guide
ISO 22301 Business Continuity Management Your implementation guide Build a robust and resilient organization with ISO 22301 It s never been more important to protect your business from the unexpected.
More informationCHAPTER 2: IMPLEMENTATION PHASES AND OFFERINGS
CHAPTER 2: IMPLEMENTATION PHASES AND OFFERINGS Objectives Introduction The objectives are: Describe the purpose of the phase planning activity, preconditions, and deliverables in the implementation methodology.
More informationAsset management Management systems Guidelines for the application of ISO 55001
INTERNATIONAL STANDARD ISO 55002 First edition 2014-01-15 Asset management Management systems Guidelines for the application of ISO 55001 Gestion d actifs Systèmes de management Lignes directrices relatives
More informationISO/IEC 27001:2005 BASED INFORMATION SECURITY MANAGEMENT SYSTEM INFORMATION SECURITY MANAGEMENT SYSTEM MANUAL
ISO/IEC 27001:2005 BASED INFORMATION SECURITY MANAGEMENT SYSTEM INFORMATION SECURITY MANAGEMENT SYSTEM MANUAL Date of Release of current version: Oct 25, 2010 Mynd Solutions Pvt. Ltd. 280, Udyog Vihar,
More informationDon t start your RFP before you do a needs analysis by Roy Wollen
Don t start your RFP before you do a needs analysis by Roy Wollen Executive Summary Whether you build a customer database yourself or hire external vendors, the process should be rooted in a thorough needs
More informationThe City of Oregon City Oregon City Tourism Strategic Plan - Scope of Work. May 30, 2017 Submitted by Coraggio Group coraggiogroup.
The City of Oregon City Oregon City Tourism Strategic Plan - Scope of Work May 30, 2017 Submitted by Coraggio Group 503.493.1452 coraggiogroup.com Coraggio proposes a straightforward, three-phase framework
More informationINTERNATIONAL STANDARD ON AUDITING (IRELAND) 210 AGREEING THE TERMS OF AUDIT ENGAGEMENTS
INTERNATIONAL STANDARD ON AUDITING (IRELAND) 210 AGREEING THE TERMS OF AUDIT ENGAGEMENTS MISSION To contribute to Ireland having a strong regulatory environment in which to do business by supervising and
More informationUCSF ENTERPRISE INCIDENT MANAGEMENT PROCESS
University of California San Francisco UCSF ENTERPRISE INCIDENT MANAGEMENT PROCESS VERSION 1., REV. October 15, 2011 Enterprise Management Document Version Control Document Name Process Owner Enterprise
More informationISO 28002: RESILIENCE IN THE SUPPLY CHAIN: REQUIREMENTS WITH GUIDANCE FOR USE
Version 1b: September 5, 2009 ISO 28002: RESILIENCE IN THE SUPPLY CHAIN: REQUIREMENTS WITH GUIDANCE FOR USE Draft Version 1b: September 5, 2009 Abstract A comprehensive management systems approach to prevent,
More informationChanges Reviewed by Date. JO Technology Manager - Samer Huwwari JO Manager, Risk & Control Technology: Issa Laty. CIO, Jordan- Mohammad Aburoub
Governance and Management of Information and Related Technologies Guide 2017 Revision History Changes Reviewed by Date Version Author JO Technology Manager - Samer Huwwari JO Manager, Risk & Control Technology:
More informationUSC Compliance and Ethics Program Governance and Standards
Background The following elements of an effective compliance program come from the Federal Sentencing Guidelines, but also are incorporated into federal and state regulations and administrative guidance.
More informationPassit4Sure.OG Questions. TOGAF 9 Combined Part 1 and Part 2
Passit4Sure.OG0-093.221Questions Number: OG0-093 Passing Score: 800 Time Limit: 120 min File Version: 7.1 TOGAF 9 Combined Part 1 and Part 2 One of the great thing about pass4sure is that is saves our
More informationHydro One - Response to Recommendations
Considering Customers 1 2 3 4 5 Hydro One Inc. should ensure that it considers the impact on customers as its first priority throughout all project planning phases and develops appropriate mitigation strategies
More informationInformation Technology Services Project Management Office Operations Guide
Information Technology Services Project Management Office Operations Guide Revised 3/31/2015 Table of Contents ABOUT US... 4 WORKFLOW... 5 PROJECT LIFECYCLE... 6 PROJECT INITIATION... 6 PROJECT PLANNING...
More informationGuidelines for Information Asset Management: Roles and Responsibilities
Guidelines for Information Asset Management: Roles and Responsibilities Document Version: 1.0 Document Classification: Public Published Date: April 2017 P a g e 1 Contents 1. Overview:... 3 2. Audience...
More informationAUDIT UNDP COUNTRY OFFICE SOUTH AFRICA. Report No Issue Date: 22 September 2014 [REDACTED]
UNITED NATIONS DEVELOPMENT PROGRAMME AUDIT OF UNDP COUNTRY OFFICE IN SOUTH AFRICA Report No. 1313 Issue Date: 22 September 2014 [REDACTED] Table of Contents Executive Summary i I. About the Office 1 II.
More informationEHQMS Manual & Policy Document
Quality management input comprises the standard requirements from ISO 9001:2015 which are strategically deployed by our organization to achieve customer satisfaction through process control. Environmental
More informationUS Business Continuity Safeguarding Your Business from a Disaster
US Business Continuity Safeguarding Your Business from a Disaster Juanita Hardin BMO Harris Bank Head TPS Risk and Compliance William Simmons BMO Harris Bank Vice President Business Continuity Management
More informationITCertMaster. Safe, simple and fast. 100% Pass guarantee! IT Certification Guaranteed, The Easy Way!
ITCertMaster Safe, simple and fast. 100% Pass guarantee! Exam : ITIL-F Title : ITIL Foundation Vendor : EXIN Version : DEMO Get Latest & Valid ITIL-F Exam's Question and Answers 1from Itcertmaster. 1 NO.1
More informationDRAFT ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security management system implementation guidance
INTERNATIONAL STANDARD ISO/IEC 27003 First edition 2010-02-01 Information technology Security techniques Information security management system implementation guidance Technologies de l'information Techniques
More informationAn introduction to business continuity planning
An introduction to business continuity planning What is business continuity, and is it relevant to me? Business continuity planning is about identifying the critical functions and services your business
More informationBOARD CHARTER JUNE Energy Action Limited ABN
BOARD CHARTER JUNE 2016 Energy Action Limited ABN 90 137 363 636 Contents Contents... 2 1 Overview... 3 2 Key Board Functions & Procedures... 5 3 Role of the Chairman... 9 4 Role of the Deputy Chairman...
More informationISO 9001 QUALITY MANUAL
ISO 9001 QUALITY MANUAL Origination Date: 10/01/14 Document Identifier: AIF quality control manual Date: 10/01/14 Project: Customer review Document Status: Released Document Link: www.aeroindfast.com Abstract:
More informationRisk Analysis (Project Impact Analysis)
Chapter 2 Risk Analysis (Project Impact Analysis) 2.1 Overview Risk management is a process that provides management with the balance of meeting business objectives or missions and the need to protect
More informationChina s National Carbon Market Development Plan (Power Generation Sector)
China s National Carbon Market Development Plan (Power Generation Sector) Building a carbon market is an important measure that uses the market mechanism to control greenhouse gas (GHG) emissions, as well
More informationUnderstanding and Mitigating IT Project Risks BY MIKE BAILEY AND MIKE RIFFEL
Understanding and Mitigating IT Project Risks BY MIKE BAILEY AND MIKE RIFFEL Technology projects can present organizational challenges, and the associated risk is one of the finance officer s primary concerns
More informationIntroducing ISO 22301
Introducing ISO 22301 1 2 Background How was the ISO22301 formed? Contributors 3 Context 4 Source documents included BS25999-2 NFPA 1600 ASIS OR standard Singapore standards ISO 27031 ISO Guide 73 ISOPAS22399
More informationProject Quality Management
1 Project Quality Management Unit 8 Eng.elsaka09@gmail.com Project Quality Management Includes the processes and activities of the performing organization that determine quality policies, objectives, and
More informationElectronic invoicing (e-invoicing)
www.pwc.ch Electronic invoicing (e-invoicing) A guide for organisations and institutions Electronic invoicing (e-invoicing) 1 What s it all about? This is a guide for decision-makers and project leaders
More information25 D.L. Martin Drive Mercersburg, PA (717)
EMS MANUAL D. L. MARTIN CO. 25 D.L. Martin Drive Mercersburg, PA 17236 (717) 328-2141 Revision 13 January 2017 Kip Heefner Environmental Management Representative Daniel J. Fisher President & CEO D.L.
More informationISO INTERNATIONAL STANDARD. Risk management Principles and guidelines. Management du risque Principes et lignes directrices
INTERNATIONAL STANDARD ISO 31000 First edition 2009-11-15 Risk management Principles and guidelines Management du risque Principes et lignes directrices http://mahdi.hashemitabar.com Reference number ISO
More informationAccess Rights Reference Guide. Release
Access Rights Reference Guide Release 13.3.00 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is for your
More informationA S D T R A N S L A T E D I N T O P L A I N E N G L I S H 8. O P E R A T I O N S
8.1 DEVELOP, IMPLEMENT, AND CONTROL YOUR OPERATIOL PROCESSES 1 Plan the implementation and control of your operational processes. Black identifies ISO 9001 task. 2 Consider how you're going to implement
More informationCity of Saskatoon Updated Internal Audit Plan SPCF Public Meeting. Date of Submission: March 29, 2016 Date of Meeting: April 4, 2016
City of Saskatoon 2016 Updated Internal Audit Plan SPCF Public Meeting Date of Submission: March 29, 2016 Date of Meeting: April 4, 2016 Table of Contents Context - Updating Internal Audit Plan 3 Introduction
More informationITSM Process/Change Management
ITSM Process/Change Management Process Documentation Revision Date: December 13, 2017 Version Number: 2.0 Document Ownership Document Owner Maury Collins Revision History ITSM Role, Department Service
More informationHP Service Manager. Software Version: 9.40 For the supported Windows and Unix operating systems. Processes and Best Practices Guide (Classic Mode)
HP Service Manager Software Version: 9.40 For the supported Windows and Unix operating systems Processes and Best Practices Guide (Classic Mode) Document Release Date: January 2015 Software Release Date:
More informationFINAL DOCUMENT. International Medical Device Regulators Forum. Medical Device Regulatory Audit Reports
FINAL DOCUMENT International Medical Device Regulators Forum Title: Authoring Group: Medical Device Regulatory Audit Reports IMDRF MDSAP Working Group Date: 2 October 2015 Toshiyoshi Tominaga, IMDRF Chair
More informationINTERNAL AUDIT DIVISION REPORT 2017/022. Audit of knowledge and records management at the United Nations Framework Convention on Climate Change
INTERNAL AUDIT DIVISION REPORT 2017/022 Audit of knowledge and records management at the United Nations Framework Convention on Climate Change Knowledge and records management needs to be enhanced by establishing
More informationISO Environmental management systems Requirements with guidance for use
INTERNATIONAL STANDARD Environmental management systems Requirements with guidance for use ISO 14001 Third edition 2015-09-15 Systèmes de management environnemental Exigences et lignes directrices pour
More informationA Value Management Approach to Business Transformation
A Value Management Approach to Business Transformation Chris Carter, KPMG LLP Nov 17-18, 2014 Canadian Value Symposium Toronto, Ontario A Value Management Approach to Business Transformation Understanding
More informationFixed scope offering. Oracle Fusion Inventory & Cost Management Cloud Service. 22 February 2016 A DIVISION OF DIMENSION DATA
Fixed scope offering Oracle Fusion Inventory & Cost Management Cloud Service 22 February 2016 A DIVISION OF DIMENSION DATA 2015 1 Business objectives The solution Scope Methodology Project plan \ time
More informationCompliance Monitoring and Enforcement Program Implementation Plan. Version 1.7
Compliance Monitoring and Enforcement Program Table of Contents TABLE OF CONTENTS NERC Compliance Monitoring and Enforcement Program... 1 Introduction... 2 NERC Compliance Monitoring and Enforcement Program
More informationIMPLEMENT A PIPELINE SMS
GROUP HOW TO IMPLEMENT A PIPELINE SMS AN INTRODUCTORY GUIDE WITH IMPLEMENTATION SUGGESTIONS AND STRATEGIES 3 2 YOUR GUIDE TO IMPLEMENTATION. An Introductory Guide on How to Implement Pipeline SMS Implementing
More informationDraft Classification Model MANAGEMENT OF INFORMATION TECHNOLOGY FUNCTION
Draft Classification Model MANAGEMENT OF INFORMATION TECHNOLOGY FUNCTION This model records classification structure addresses the Management of Information Technology function, the steps in the business
More informationImplementing ITIL Best Practices
REMEDY WHITE PAPER Implementing ITIL Best Practices Mapping ITIL to Remedy Applications WHITE PAPER Table of Contents Introduction.................................................................... 1
More informationThe Role of Service Owners in an IT Organization
The Role of Service Owners in an IT Organization Cisco CIO Summit 2014 October 7-9, 2014 Ritz Carlton, Dove Mountain, Tucson, AZ Rebecca Jacoby CIO & SVP, Cisco Systems At the highest level, our value
More informationBUSINESS CONTINUITY PLANNING WORKPROGRAM
BUSINESS CONTINUITY PLANNING WORKPROGRAM EXAMINATION OBJECTIVE: Determine the quality and effectiveness of the organization s business continuity planning process, and determine whether the continuity
More informationCIP Cyber Security Security Management Controls
A. Introduction 1. Title: Cyber Security Security Management Controls 2. Number: CIP-003-5 3. Purpose: To specify consistent and sustainable security management controls that establish responsibility and
More informationMaximizing The Value Of Your Smart Grid Investment
Maximizing The Value Of Your Smart Grid Investment Publication Date: August 25, 2015 Author: Kody M. Salem and Kara Truschel EXECUTIVE SUMMARY With thorough planning and a rigorous approach to updating
More informationAUSTRALIAN ENERGY MARKET OPERATOR INDEPENDENT ASSURANCE REPORT ON AEMO S COMPLIANCE WITH THE GAS SERVICES INFORMATION RULES AND GSI PROCEDURES
AUSTRALIAN ENERGY MARKET OPERATOR INDEPENDENT ASSURANCE REPORT ON AEMO S COMPLIANCE WITH THE GAS SERVICES INFORMATION RULES AND GSI PROCEDURES 11 SEPTEMBER 20 Prepared by: Sue Paul, Tim Robinson Robinson
More information7.11b: Quality in Project Management: A Comparison of PRINCE2 Against PMBOK
by Peter Whitelaw, Rational Management Pty Ltd, Melbourne Introduction This comparison takes each part of the PMBOK and provides comments on what match there is with elements of the PRINCE2 method. It's
More information