EA-POL-019 Service Provisioning Policy

Similar documents
INFORMATION TECHNOLOGY STRATEGY Mission. Vision. Priorities

EA-PRC Enterprise Architecture Compliance Review Process

That the Cabinet agrees to approve the Technology Strategy and ICT Asset Management Plan for the period

Customer Solutions Guide

The purpose of this document is to define the overall IT Strategy for the period 2016 to 2021

Prepare for GDPR today with Microsoft 365

TECHNOLOGY POLICY SUMMARY FOR THIRD PARTY SUPPLIERS

SysTrack Workspace Analytics

SECURITY MADE SIMPLE DITNO OVERVIEW 14/03/2017 1/7

IT Standard Operating Environment Policy

Administering System Center Configuration Manager and Intune (NI114) 40 Hours

Configuration Management in cloud environment

Accelerate GDPR compliance with the Microsoft Cloud Henrik Mønsted

GDPR and Microsoft 365: Streamline your path to compliance

INFORMATION SERVICES FY 2018 FY 2020

COBIT 5. COBIT 5 Online Collaborative Environment

ERM: Risk Maps and Registers. Performing an ISO Risk Assessment

TECHNOLOGY POLICY SUMMARY FOR THIRD PARTY SUPPLIERS

IT UNIVERSITY OF COPENHAGEN IT STRATEGY

Strathclyde Partnership for Transport

BIM for infrastructure, Paul King Bentley Systems 2016 Bentley Systems, Incorporated

Real Estate Lifecycle

Administering System Center Configuration Manager and Intune (20696C)

Enterprise Architecture Waiver Policy

Authors: Steven Jewell Assistant Director IT and e-government Tel: ; Paul Fleming Systems Architect

Technology & Information Services. Architecture Principles. Date: 30 October Document Security Level: Document Version:

Purpose of the role (What the role does; how the role contributes to the team/department/division goals)

exam. Number: Passing Score: 800 Time Limit: 120 min File Version: Microsoft

INFORMATION ASSURANCE DIRECTORATE

Council Policy. Community & Stakeholder Engagement Policy Council policy title: Executive Manager Communications, Customer and Cultural Services

En Pointe Technologies

HRIS TECHNICAL ARCHITECT ST VINCENT S HEALTH AUSTRALIA POSITION DESCRIPTION

TELSTRA HOSTED SAP SOLUTIONS WITH ACCENTURE A SMARTER SAP SOLUTION

SOLUTION BRIEF HELPING PREPARE FOR RISK ASSESSMENT & COMPLIANCE CHALLENGES FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

The Cloud at Your Service

Entitlement Management

State of Oklahoma CIO Assessment Study

Resource and Infrastructure Strategic Plan

International Civil Aviation Organization FIRST INFORMATION MANAGEMENT PANEL (IMP/1) Montreal, Canada January, 25 30, 2015

Viewpoint Transition to the cloud

PERSONAL DATA SECURITY GUIDANCE FOR MICROENTERPRISES UNDER THE GDPR

Go Digital to Easily and Quickly Comply with MiFID II The next-generation telephone system.

The USDA Enterprise Architecture Program

ANS Frameworks Overview. Further detailed information on Frameworks can be found in the internal FAQ available on SharePoint and in Teams

Technical Systems & Delivery

RESPONSIBLE AND SAFE MANAGEMENT OF SPENT FUEL AND RADIOACTIVE WASTE REGULATIONS

Oracle Cloud Blueprint and Roadmap Service. 1 Copyright 2012, Oracle and/or its affiliates. All rights reserved.

This five year strategy sets out how the council intends to purchase goods, works or services from third parties that:

University Systems Desktop Support Service Level Commitment

Construction & Engineering Global Business Unit Service Descriptions and Metrics February 12, 2018

EAST SUSSEX FIRE AUTHORITY Job Description

Audit of Shared Services Canada s Information Technology Asset Management

Head of HSE. Group Services, Risk

SAM SUMMIT. Techniques for Future Proofing Your Software Contracts. Richard Kemp 16 May 2018

CTIS GSA LABOR CATEGORY DESCRIPTIONS

Service Strategy Quick Reference Guide

WHITE PAPER. Integrate Software License Optimization and IT Service Management to Increase Efficiency and Reduce Costs

The Hybrid Enterprise: Working Across On-premises, IaaS, PaaS and SaaS

SOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER

Digital Industries Apprenticeship: Occupational Brief. Unified Communications Trouble Shooter. March 2016

Digital Industries Apprenticeship: Occupational Brief. Infrastructure Technician. January 2017

Digital Industries Apprenticeship: Occupational Brief. Unified Communications Trouble Shooter. March 2016

Enterprise Architecture Policy Provision of Commodity IT Capabilities Adrian Hollister Head of Strategy and Architecture

SOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER

Manage the common integration platforms that connect internal and external services and customers;

Date: INFORMATION GOVERNANCE POLICY

Why SAM-iQ? 2 SAM-iQ Specification 3 SAM-iQ Online Tools 4 The Four Distinct Phases 6 SAM-iQ Portal 7 SAM-iQ Assessments 8 The SAM Maturity

Capability Oriented Service Transition Approach Dinsha Palkhiwala

Why does Enterprise Architecture Matter?

OBJECTIVE PERFORM FOR CONTENT MANAGER

Debunking the Top 10 Cloud-Hosted Desktop Myths

ITS Strategic Plan San Jacinto College

Surface Mining Association for Research and Technology (SMART) Update Meeting

White Paper. Managed IT Services as a Business Solution

University of Wisconsin-Superior

PSR Statements of Responsibility. Senior Managers Regime

1 Microsoft Volume Licensing Basics

ITS Strategic Plan San Jacinto College

The Information Technology Management Reform Act. Clinger-Cohen Act of 1996

REALYST. Digital Transaction & Contract Management.

Session 3: License Optimization for the Datacenter Covance Case Study

UNITED NATIONS PUBLIC SERVICE AWARDS

IT Due Diligence UNCOVER ISSUES AND PREPARE FOR ACTION

BIM VDI Cloud: Elevating the AEC industry evolution

Enterprise Digital Architect

Enterprise Architecture

Buyers Guide to ERP Business Management Software

IBM Db2 Warehouse. Hybrid data warehousing using a software-defined environment in a private cloud. The evolution of the data warehouse

Keep Calm and Don t Panic vsphere 5.5 End of General Support by Christopher Lewis

IBM Tivoli Endpoint Manager for Lifecycle Management

Assistant Regional Asset Manager EU, Wider Europe and Americas. Department/Country Global Estates. Duration of job

ORACLE CLOUD MANAGEMENT PACK FOR MIDDLEWARE

Transforming software delivery with cloud

The experience demanded by the student is rapidly changing, and becoming increasingly dependent on leading edge technology.

Department Business Plan Progress Report. Information Technology Services

High Value Food Frontiers: Portfolio Review & Dashboard Design

Head of Information Services (I.S.) Job reference: FIS1603. Director of Finance & IS. Head of Information Services. ICT Manager

Enabled by. Manage. SIAM Function or SMO. Process. Tools. Process operation Roles

Our Own Experience: How IBM is using Cloud

Attachment SA Power Networks: Information Technology Strategy October 2014

Transcription:

Technology & Information Services EA-POL-019 Service Provisioning Policy Author: Paul Ferrier Date: 18/12/2017 Document Level: PUBLIC Document Version: 1.00 Document Ref: EA-POL-019 Document Link: Review Date: 12/2018

Document Control Version Author Position Details Date/Time Approved by Position Date/Time 0.9 Alex Stubbs, EA, ESA, ESAs Enterprise Assistant 0.91 PF Enterprise Architect Drafted the policy Updated the policy for use now 0.92 PF ESA Updated following internal comments 0.93 PF ESA Departmental approval process complete 1.00 PF ESA Virtual approval by ISG 07/04/2017 14:05 24/08/2017 10:55 11/10/2017 11:15 24/11/2017 12:30 18/12/2017 11:45 Paul Westmore Information Group IT Director 24/11/2017 12:00 08/12/2017 12:00 Page 2 of 5

Purpose The purpose of this policy is to establish and enforce practices for the addition of IT servers, solutions and infrastructure to any environment owned and operated by Plymouth University. There are established policies in place which govern the correct location for services and how they may be created, this policy sets out the correct approach for choosing how services may be provisioned within our environment. Definitions Application Owner Device On Premise Service Owner Services, systems and servers Service Technical Contact a person or group that is accountable for a specific application within an organisation regardless of where the technology components or professional capabilities reside. is a collective term to describe a hardware component, irrespective of the operating system that is used for transmitting, storing, accessing or manipulating university data, including (but not limited to) servers, laptops and desktop computers, network switches and wireless access points. within the physical confines of the organisation. a person or group that is accountable for a specific service within an organisation regardless of where the technology components or professional capabilities reside. in the context of this document these refer to all commissioned and provisioned solutions irrespective of the chosen hosting platform(s), service provider(s) or area(s) of responsibility. is a person or group that is accountable for a specific server within an organisation regardless of where the technology components or professional capabilities reside. Principles P1. Selection of services will follow the cloud first paradigm. This will provide alignment with EA-POL-008 - Provision of Commodity IT Capabilities and EA-POL-014 Hosting policies. Everything as a Service (XaaS) will therefore be the default. P2. New servers will only have a single function. This will aid sustainability, transparency and compliance. Multi-function servers must be avoided, except where the infrastructure or platform is specifically designed for that purpose. P3. All new services will be implemented and maintained against a secure known controlled baseline. This is to provide assurance that system and servers in our environment are of a known security posture. Maintaining agreed baselines for all systems, servers and other devices must be business as usual. P4. All live services will be fully documented, including configuration, purpose, roles and responsibilities, information classification, data flows and a retirement plan. This will aid with trouble shooting, acceptance into service (AIS), statutory compliance and allow for the true cost of the service to be calculated and reported where required. A central IT service catalogue should be maintained within the architectural repository. Goals G1. To facilitate the secure provisioning of services. (P1, P3, P4) G2. To clearly associate all systems and services to a business function. (P2, P4) G3. To clearly associate all servers with a system or service. (P2, P4) Page 3 of 5

G4. All servers will have a single function. (P2) G5. All services will be configured in a secure and documented manner. (P4) G6. To minimise the operating overheads for maintaining service. (P3, P4) G7. Lifecycle costs are understood, transparent and available to inform business decisions. (P4) G8. Services will be provisioned to be compliant with statutory obligations. (P2, P3, P4) Objectives O1. All services will be provisioned in accordance with the following University s policies prior to acceptance into service. (G1, G2, G5, G8) O2. For all systems and servers, documentation will be sufficient to capture the initial business, application, technology and security architectures, fulfil the requirements for Acceptance into Service (AIS) process, and support data governance activities regardless of service provider. (G1, G2, G3, G4, G5, G6, G7, G8) O3. All servers which contribute to the realisation of a service will have a single function by design where possible. (G4, G8) Responsibilities Role Responsibility SIRO is responsible for all information and sets the acceptable level of risk of the University's informational estate. IT Director has delegated responsibility for the management and security of the University infrastructure, devices and systems provided internally or by its service (within Technology & providers; additionally, delegated responsibility to impose sanctions on devices Information Services) for non-compliance with this policy is granted. Faculties and directorates have delegated responsibility to ensure the security of any non-tis managed devices and systems that they operate (inclusive of any services supplied by a service provider). Technical Design Authority has delegated responsibility for aligning IT service provision with University vision whilst ensuring the realisation of benefits to the organisation are delivered through the practice of Enterprise Architecture. Enterprise Team has responsibility for monitoring and reporting compliance against this policy, necessary escalations in terms of sanctions and maintain the secure University staff acquiring service(s) directly from external parties Requirements under this policy configuration baseline. have responsibility for ensuring all other roles covered by this policy have been engaged to enable them to meet their responsibilities; and responsible for ensuring that services acquired and related content are managed securely. All services providers MUST: o be made aware of University policies, procedures, guidelines, Enterprise Architecture standards and principles pertaining to service provision as described here and in related documents o provide documentation necessary to comply with University policies, procedures, guidelines and standards Technical Design Authority MUST: Page 4 of 5

o ensure alignment with the University vision and goals o meet Enterprise Architecture policy and standards o ensure that policies, procedures and relevant guidelines are published and available to all appropriate parties Supporting Documentation EA-POL-008 EA-POL-014 Provision of Commodity IT Capabilities This sets out the practices for introducing new or refreshed IT capabilities that could be classed as commodity IT. Hosting Policy This establishes practices relating to the provision of hosted services for electronic assets owned and managed by the University of Plymouth. Exception Management Exceptions to this policy may be granted using the Enterprise Architecture Waiver Policy (EA-POL-002) and process will be considered on merit as well as alignment with the overall architecture, business continuity, regulatory and legislative requirements. Page 5 of 5

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback