my free cybersecurity framework based on iso 27001 and itil gap assessment

SupplierGAP

Y/NInput Output

GAP

Y/NCustomer Input Comments Output Comments

Y Identified known errors Incident detail history N

N

Identified resolution actions

that were taken to resolve

multiple incidents

Classification of incidents to

be used as input for

determining known errors

Y

NIdentifies problem resolution

status

Validation that incidents have

not reoccured for known

errors that have been

resolved

Y

Actions taken or workarounds

used to resolve incidentsN

NStatus of RFCs submitted to

resolve incidents

Validation that incidents have



resolved via Change

Mangement

Y

N

Projects Service Availability

to determine impact on

incidents

Identification of change

related incidents if they occurN

RFCs for handling standard

changes used to resolve

incidents

N

Participation on the Change

Advisory Board (CAB)N

YLink of releases to incidents

being impacted/resolved

Incident history and detail to


determining development

solutions

N

Incident Management

CyberSecurity ISO 27001 Annex A and ITIL GAP Assessment

Problem

Mangement

Problem

Mangement

Change

Management

Change

Management

Release

Management

Release

Management

Y

Training for new incident

handling skills and

processes related to new or

changed releases being

implemented

Incident history and detail for

incidents related to the

implementation of releases

Y

Identification of incidents

caused by Release

Mangement activities if they

occur

N

YCis with incident information,

status and history

Records Cis with Company

incident information, history

and current status

Y

Identifies incident Cis with

incident handling or

workaround information

Y

Identify which Cis are

associated with or impacted

by incidents

Y

Identifies which incident Cis

should be escalated or closedY

Y SLA Targets and ThresholdsFrequency and duration of

incidentsY

YEscalation policies for

incident resolution

Incident and resolution history

detail to assist with

identification of overall service

quality

Y

N Service Catalogue

Identification as to whether a

service level has been missed

or not

Y

Y

Classification and priority

guidelines for recording and

tracking actions to resolve

incidents

N

Monitoring information

related to availability to help

resolve incidents

Incident history and detail

when requesting N

NSupport for incident

resolution as neededMetrics on MTTR action Y

Configuration

Mangement

Service Level

Management

Service Level

Management

Availability

Management

Availability

Management

Release

Management

Release

Management

Configuration

Mangement

Actions taken to restore

service to customers when

requested

N

Satisfaction feedback from

customers on incidents and

overall service quality

Y

N


related to performance and

throughput to help resolve

incidents


when requestedN


resolution as needed


customers on capacity related

incidents and overall

satisfaction with performance

and throughput quality

Y

N Status of availability capacity

Y Risk Mitigation plans

Resolution and workaround

measures that need to be in

place while operating at

standby facilities

N

N

Conditions under which

recovery actions would have

to be involved


related to severe outages

when requested

N

N ITSC Plan

NEscalation policies for

invoking recovery actions

YCharges for support and/or

resolution processes

Cost impacts for restoring

services and actions takenY

Y

Budgets and financial targets

for incidents management

functions

Assessment as to frequency

that incident will occur to

identify longer term cost

impacts

Y

YFeedback on costs for

incident mangement

Y

Customer feedback on

success level of incident

resolutions

Identifies which Cis are

associated with incidentsY

Availability

Management

Availability

Management

Capacity

Management

Capacity

Management

IT Service

Continuity

Management

IT Service

Continuity

Management

IT Financial

Management

IT Financial

Management

Service Desk Service Desk

Y


incident descriptions and

symptons

Identifies incident handling

workaround proceduresN

Identifies service restoration

actions taken after an incident

has occured

N

Identifies incident resolution

statusY

N Company security policies


when requested for security

related incidents

N

Y

Process and procedures for

handling common security

requests

Frequency of security related

incidentsY

Y

Escalation policies for

handling security related

incidents

Actions and workarounds

taken to restore services that

have been compromised by

security related incidents

N


Security

Management

Security

Management

SupplierGAP

Y/NInput Output

GAP


N Incident detailed history Identifies known errors Y

Y

Classification of incidents to


determining known errors

Identifies resolution actions


multiple incidents

Y

Y

N

Validation that incidents

have not reoccured for

known errors that were

previously resolved

Identifies problem resolution

statusN

Y

N

Actions taken or

workarounds used to resolve

incidents

N

Forward Schedule of

Changes to determine when

incidents may be resolved

RFCs submitted for known

errors that require changeN

Y

N

Approval and coordination of

RFCs submitted by Problem

Management for change to

resolve known errors and

problems

Validation that problems have



resolved thru Change

Management

Y

N



known errors

Y

Identification of criteria for

successful changes

Y

N

Particpation in post

implementation reviews

N

Y



N

Identifies release action

being taken to resolve

known errors

Identification of known errors

that require development

activities to resolve

Y

N

Change

Management

Change

Management

Release

Management

Release

Management

Incident

Mangement

Incident

Mangement

Problem Management

Y

N

Communicates known errors

from development or other

release activities if they

occur

Identification of problems that

occured due to releases that

were implemented

Y

N

Validation that releases

implemented to resolve

known errors were successful

N

YCis related to failing

components

Links incident Cis to known

error informationY

Y Relationship between CisAssociated which Cis may be

at root-cause of incidentsY

Identifies problem knowledge

base CisY

Link incident Cis with error

control information (resolved

problems)

Y

Y

N

SLA Targets and thresholds

to be used as input for

problem identification and

impact analysis

Frequency and duration of

incidentsY

Y

N


incident resolution

Incident and resolution history

detail to assist with

identification of overall service

quality

Y

N Service Catalogue

Identification as to wheither a


or not

Y

N

Y

N



tracking actions to resolve

incidents

N



resolve incidents


when requesting

N

Y


resolution as neededMetrics on MTTR action N

Availability

Management

Release

Management

Release

Management

Configuration

Mangement

Configuration

Mangement

Service Level

Management

Service Level

Management

Availability

Management



requested

Y

N




Y

Y

N




incidents


when requestedN







and throughput quality

Y

N Status of availability capacity

Y Risk Mitigation plans




standby facilities

Y

N

Y



to be involved



when requested

Y

N

YITSC Plan

N

Y



Y

N

Charges for support and/or

resolution processes

Cost impacts for restoring

services and actions takenY

Y


for incidents management

functions


that incident will occur to


impacts

Y

YFeedback on costs for

problem mangement

Availability

Management

IT Service

Continuity

Management

IT Service

Continuity

Management

IT Financial

Management

IT Financial

Management

Capacity

Management

Capacity

Management

Availability

Management

Y



resolutions

Identifies which Cis are

associated with incidentsY

N



symptoms

Identifies incident handling

workaround proceduresN


actions taken after an incident

has occured

N


statusN

N Company security policies



related incidents

N

Y

Process and procedures for


requests


incidentsY

N

Y



incidents





N

SupplierGAP

Y/NInput Output

GAP


Y

N

Validation that incidents

have not recurred for Known

Errors that have been

resolved via Change

Management

Status of RFCs submitted to

resolve incidentsN

N

Identification of change

related incidents if they

occur

Project Service Availability

(PSAs) to determine impact

on incidents

N

N



incidents

Y

N


Advisory Board


Security

Management

Security

Management

Change Management

Incident

Mangement

Incident

Mangement

N

RFCs submitted for

problems and Known Errors

that require a change

Forward Schedule of

Changes (FSCs) to determine

when incidents may be

resolved

N

Y

N

Validation that problems

have not recurred for Known

Errors that have been

resolved via Change

Management

Approval and coordination of

RFCs submitted by problem

management for change to

resolve Known Errors and

problems

N

Y



Known Errors

Y

N

Identification of criteria for

successful changes

YParticipation in post


Y

N


Advisory Board (CAB)

NParticipation in post


Approval to undertake release

implementation activitiesN

Y

N



Change impact assessment

results for releases under

consideration for

implementation

Y

NNotifications of release

status for changes

Forward Schedule of

Changes (FSCs) to be used

as input for determining

release schedules

N

N

Provides input for Forward

Schedule of Changes

(FSCs) and Planned Service

Availability (PSAs) related to

release activities

Requirements for release

testing and success criteriaY

Release

Management

Release

Management

Problem

Management

Problem

Management

N

Submits plans and

schedules to be used as

input for change review and

approval actions

Coordination of release

implementation phases (build,

test, implement, etc)

Y

N

Y

Validation that requested Cis

for change have indeed

been changed.

Identified changes in CI statusN

Y

YCI reports for change

validation and auditRequest for Changes (RFCs) N

Y

Relationship between Cis to

be used as input for impact

analysis efforts

Forward Schedule of

Changes (FSCs)N

Y CI baselinesProject Service Availability

(PSAs)N

YRFC historical information if

requested

Approval to make changes to

the Configuration

Management Database

(CMDB)

Y

YEstablishes priorities for

RFCs being submitted

Changes to SLAs, OLAs, Ucs

and the Service CatalogueY

YRFCs for changes to the

service catalogueStatus of RFCs Y

N

Y

RFCs related to Service

Improvement Program (SIP)

actions

Notification of approvals to

proceed with planned RFC

changes to modify SLA, OLA

or Ucs.

Y

NParticiaptes on Change


Service quality metrics on the

Change Management

process

Y

N

Y

Review of Planned Service

Availability (PSAs) for impact

on service

FSCs with impact on service

availability

N

Y

Y

Review RFCs and Forward

Schedule of Changes to

match customer

requirements and timelines

Documented Change

Management processes to be

used by IT customers

Y

Service Level

Management

Service Level

Management

Release

Management

Release

Management

Configuration

Mangement

Configuration

Mangement

YReview RFCs for impact on

services being delivered.

Post implementation review

results to assess

effectiveness of service

changes.

Y

YRFCs for changes to SLAs,

OLAs and Ucs.

YIdentifies availability related

RFCs

Status of changes being

implemented to improve

availability

N

YParticipation in post


RFCs that have been

submitted to improve

availability

N

Y

YParticipation on the Change


RFCs that have been

submitted to assess their

impact on availability

N

N

Y

Participation ion the

Emergency Committee

Change Advisory Board

(EC/CAB)

FSCs to be used as input for

availability plans and actionsN

N

Y

Assists in development of

Planned Service Availability

(PSAs)


proceed with changes to

improve availability or make

changes to the Availability

Plan

N

YIdentify changes that impact

availability


results to assess

effectiveness of availability

changes.

Y

Y

Identify Security

Requirements needed for

changes.

YIdentifies capacity related

RFCs



performance and throughput

Y

YIdentify and review changes

that impact capacity

RFCs that have been



N

Service Level

Management

Service Level

Management

Availability

Management

Availability

Management

Capacity

Management

Capacity

Management

N

Identify impact of new

resource technologies on

capacity

RFCs that have been

submitted to asses their

impact on capacity plans

N

YApplication Sizing results to

be used as input for changes



capacity or to make changes

to the Capacity Plan

Y

FSCs to assist with planning

for the implementation of

capacity changes

Y


results to assess

effectiveness of capacity

changes

Y

YRFCs for changes to

recovery plans

RFCs and their current status

that need to be assessed for

their impacts on the ITSC

plan and to keep it current

Y

Y

Reviews submitted RFCs for

impact on IT Service

Continuity Management

operations and plans


proceed with changes to the

ITSC plan

Y

Y

Ensures implemented

changes incorporated to

ITSC plans have been tested


determining when changes

will be implemented that have

impact on ITSCM activities

and plan

Y

YParticipates on Change



results to assess

effectiveness and impacts of

changes on recovery plans

Y

Y

Identifies cost impacts from

implementing RFCs being

submitted

RFCs and FSCs to asess

impact to IT budgets, charges

and costs

Y

IT Service

Continuity

Management

IT Service

Continuity

Management

Capacity

Management

Capacity

Management

IT Financial

Management

IT Financial

Management

Y

RFCs for changes to

budgets and pricing policies

activities


proceed with RFC changes to

update budgets and cost

plans and models as needed

N

Y

Y

Feedback on costs for

change management

activities


results to assess actual costs

versus planned for

implementing changes

Y

YReviews submitted RFCs for

cost/benefit impact

N

Y


Forward Schedule of

Changes

Identifies current status of

changes being applied to the

Company infrastructure

N

Y


Planned Schedule of

Availability

Identifies projected service

availability information to be

communicated to Company

customers

N

Y

NEscalations for Emergency

Changes

Y

RFCs for security policy and

process documentation

changes

RFCs to assess impacts of

changes on security N



changes related to security or

to modify the Company

Security Policy

N

Y


review of scheduled changes

against security plans and

policies

Y


results to assess

effectiveness of security

changes

Y

SupplierGAP

Y/NInput Output

GAP


Service Desk

Release Management

Security

Management

Security

Management

IT Financial

Management

IT Financial

Management

Service Desk

N




solutions

Link of releases to incidents

being impacted/resolvedY

Y

Incident history and detail for

incidents related to


Training for new incident

handling skills and processes

related to new or changed

releases being implemented

Y

YIdentification of incidents

caused by Release

Y

N

Management activities if they

occur

Y

Identification of Known

Errors that require

development activities to

resolve

Identifies release actions

being taken to resolve Known

Errors

N

Y

Identification of problems

that occurred due to

releases that were

implemented

Communicated Known Errors

from development or other

release activities if they occur

Y

Y

N

Validation that releases

implemented to resolve

Known Errors were

successful

Y

N

Approval to undertake

release implementation

activities

Participation in post

implementation reviewsY

Y

Change impact assessment

results for releases under

consideration for

implementation


Advisory Board (CAB)Y

N

Forward Schedule Of

Changes (FSCs) to be used

as input for determining

release schedules

Notifications of release status

for changesY

Incident

Management

Incident

Management

Problem

Management

Problem

Management

Change

Management

Change

Management

YRequirements for release

testing and success criteria

Provides input for Forward

Schedule Of Changes (FSCs)

and Planned Service

Availability (PSAs) related to

release activities

Y

N

N

Coordination of release

implementation phases

(build, test, implement, etc.)

Submits plans and schedules

to be used a s input for

change review and approval

actions

N

Y CI baselines

CI information related to

releases and their current

implementation status

Y

Y CI detail information

CI information related to the

Definitive Software Library

(DSL)

Y

Y CI relationships


Definitive Hardware Stores

(DHS)

Y

YDefinitive Software Library

CIs

Documentation about

releases to be stored as CisY

YDefinitive Hardware Library

Cis

Y

N

Establishes priorities for

release development

activities

Release plans and schedule

status to determine impact on

service quality

Y

Y

Determines impacts of

releases and their

development on services

Release progress/status that

can be communicated to

customers

Y

Y

Service Improvement Plan

(SIP) to be used as input for

release development

Validation that releases were

implemented within customer

SLA timeframes and agreed

scope

Y

N

Y

N

Ensure Service Level

Requirements have been

incorporated into release

designs and activities

Service Level

Management

Service Level

Management

Change

Management

Change

Management

Configuration

Management

Configuration

Management

N

Reviews planned and

implemented releases for

impacts on availability

Release and rollout plans to


assessment on impacts to

availability

N

N

Review planned releases to

determine if availability

requirements are being met

Y

Reviews planned and


impacts on capacity




capacity plans, performance

and throughput

Y

Y


determine if capacity


Y

Application sizing to be used

as input for release

development

Y

Ensure recovery plans are

maintained to include new

releases as they are

implemented



assessment on impacts to the

ITSC plan, business impact

analysis, risk analysis and

ITSC plan testing activities

Y

Y

Ensure ITSCM requirements

are included with releases as

they are developed and

implemented

Requirements for

management and operation of


and Definitive Software

Library that need to be

considered as part of the

ITSC plan

Y

Y

Business Impact Analysis

and Risk Assessment results


release planning and

development

Availability

Management

Availability

Management

Capacity

Management

Capacity

Management

IT Service

Continuity

Management

IT Service

Continuity

Management

YIdentifies cost/benefit

impacts of releases

Identified costs and/or cost

impacts for implementation of

new releases including

documentation, testing and

training

Y

Y

Cost elements to be used as

input for determining

development costs of

releases

Costs associated with

maintenance and

management of Definitive

Hardware Stores and the


Y

YIdentifies budgets for release

activities

YReviews release budgets for

plan versus actual

N




solutions


releases being applied to the


N

Y

Incident history and detail as

well as customer feedback

for incidents related to


Service Desk roles and

responsibilities on behalf of

rollout of new releases

N

Y

Security policies to be used

as input for release design

and implementation


status to determine impact on

security policies and plans

Y

Y

Establishment of appropriate

security access needed to

implement releases

Validation that implemented

releases do not compromise


Y

Y


security access and policies

needed to control Definitive

Hardware Store (DHS) and


(DSL)

Security access requirements

that need to be provided for to

allow release activities to take

place

Y

Security

Management

Security

Management

IT Financial

Management

IT Financial

Management


Configuration Management

SupplierGAP

Y/NInput Output

GAP


Y

Recorded Cis with Company


and current status

Cis with incident information,

status and historyY

Y

Identifies incident Cis with

incident handling or

workaround information

N

Identify which Cis are

associated with or impacted

by incidents

N

Identifies which incident Cis

should be escalated or

closed

YLinks incident CIS with

Known Error information

CIs related to failing

components Y

NAssociates which Cis may

be at root cause of incidentsRelationships between Cis Y

YIdentifies problem

knowledge base Cis

Y

Link incident Cis with Error

Control information (resolved

problems)

NIdentified changes in CI

status

Validation that requested Cis

for change have indeed been

changed

Y

NRequest For Changes

(RFCs)

CI reports for change

validation and auditY

NForward Schedule Of

Changes (FSCs)

Relationships between Cis to

be used a input for impact

analysis efforts

Y

Y

N

Projected Service Availability

(PSAs)CI baselines Y

Y

Approval to make changes

to the Configuration

Management Database

(CMBD)

RFC historical information if

requested

N

Y

Change

Management

Change

Management

Incident

Management

Incident

Management

Problem

Management

Problem

Management

N

CI information related to

releases and their current

implementation status

CI baselines Y

Y



(DSL)

CI detail information Y

Y



(DHS)

CI relationships Y

YDocumentation about

releases to be stored as CisDefinitive Software Library Cis Y

Definitive Hardware Store Cis Y

Y Company customer SLAs

Historical service reports,

SLAs, OLAs, UCs and

customer feedback

information that have been

stored as CIs

Y

Y Company OLAs

CI relationship information to

assist with the development of

service requirements and

service levels

Y

Y UCs with Company vendors

List of components that are

included within the scope of

each service being delivered

Y

N Company Service CatalogueCI status information if

requestedY

Y SIP information

Y Service Reports

YAvailability Database CI

items

Configuration Item

information on components to

be used as input for Fault

Component Impact Analysis

(FCIA) or other analysis

efforts as well as

planning/design efforts

Y

Release

Management

Release

Management

Service Level

Management

Service Level

Management

Availability

Management

Availability

Management

N Availability Plans

Relationships between

configuration items for

systems, resources and

services

Y

YRelationship information

between CIs

Historical reports from other

IT Service Management

functions which have been

stored as CIs

Y

Y

NVital Business functions

Availability Data Base (ADB)

CI

Y

N

Y

Indication which CIs may be

cause for poor service

quality

Y

Changes to CIs caused by

implementation of availability

changes

YProvides status of

serviceability on CIs

Y Capacity Database CI items

Configuration Item

information on components to

be used as input for capacity

analysis efforts as well as


Y

N Capacity Plans



system, resources and

services to assess impacts of

capacity issues and plans

Y

Y

Indication which CIs or set of

CIs may be cause for

capacity issues

Historical reports on capacity

levels, monitoring results and

other IT Service Management

functions which are also CIs

Y

Y


implementation of capacity

changes

Capacity Data Base (CDB) CI Y

Availability

Management

Availability

Management

Capacity

Management

Capacity

Management

Y Application sizing related CIs

N ITSC PlanCIs for components that need

to be recoveredY

N ITSC Plan test results

CI relationships to ensure all

components needed for

recovery actions have been

considered

Y

N Standby arrangements

CIs used as input for impact

analysis and risk mitigation

and planning efforts

Y

YCompany Business Impact

Assessment

Business Continuity Plan and

IT Service Continuity Plans

that have been stored as CIs

Y

Y Company Risk Analysis

Y IT Budgets

CIs for components that

include cost, value and

replacement timeline

information

Y

Y Charging Policies


include location, condition and

inventory of components

Y

N Cost categories

Historical IT financial data,

budgets, reports, charging

policies and customer bills


Y

Y Financial Reports

Costs related to maintenance

and operation of the

Configuration Management

infrastructure

Y

Y Cost and value of CIs

Service Desk Y

Recorded Cis with Company


and current status

CIs with incident information,

status and historyY Service Desk

IT Service

Continuity

Management

IT Service

Continuity

Management

Capacity

Management

Capacity

Management

IT Financial

Management

IT Financial

Management

N Company Security Policies

CIs that need to be under

control for confidentiality,

integrity and access

Y

YIndication of which CIs

should be protected

Historical reports on security

breaches and status as well

as security policies which are

stored as CIs

Y

Y

Confidentiality, Integrity and

Availability policies for the

CMDB

CI relationships that need to

be considered for impact on

security

Y

SupplierGAP

Y/NInput Output

GAP


YFrequency and duration of

incidentsSLA targets and thresholds Y

N

Incident and resolution

history detail to assist with

identification of overall

service quality

Escalation policies for incident

resolution

N

Y

Y


service level has been

missed or not

Service Catalog N



taking actions to resolve

incidents

Y


known errors

SLA targets and thresholds to

be used a input for problem

identification and impact

analysis efforts

Y

Y

Known error detail to assist

with identification of overall

service quality

Escalation policies for Known

Error resolution Y

Y

Notification about known


resolved

Service Catalog Y

Security

Management

Security

Management

Service Level Management

Incident

Management

Incident

Management

Problem

Management

Problem

Management

Y

Identifies actions to be taken

to resolve known errors in

accordance with Service

Improvement Plan (SIP)

Feedback to determine if

Known Errors resolutions are

successful

Y

Identify priorities for problems Y

Service Improvement

Program (SIP) to be used as

input for problem and Known

Error resolution activities

Y

Y


changes on SLAs, OLAs,

UCs and the Service Catalog


RFCs being submittedY

N Status of RFCsRFCs for changes to the

Service CatalogY

Y



changes to modify SLA, OLA

or UCs

RFCs related to Service

Improvement Program (SIP)

actions

Y

Y

Service quality metrics on

the Change Management

process

Participates on Change

Advisory Board (CAB)Y

NFSCs with impact on service

availability

Review RFCs and Forward

Schedule of Changes (FSCs)

to match customer

requirements and timelines

Y

Y

Documented Change

Management processes to

be used by IT customers

Review RFCs for impact on

services being deliveredY

Y


results to assess

effectiveness of service

changes

RFCs for changes to SLAs,

OLAs and UcsY

Problem

Management

Problem

Management

Change

Management

Change

Management

Y

N


status to determine impact

on service quality


release development activitiesY

Y

Release progress/status that

can be communicated to

customers

Determines impacts of

releases and their

development on services

Y

Y

N

Validation that releases were

implemented within

customer SLA timeframes

and agreed scope

Service Improvement Plan

(SIP) to be used as input for

release development

Y

Ensure Service Level

Requirements have been

incorporated into release

designs and activities

Y

N

Y

Historical service reports,

SLAs, OLAs, UCs and

customer feedback

information that have been

stored as CIs

Company customer SLAs Y

Y

CI relationship information to

assist with the development

of service requirements and

service levels

Company OLAs Y

Y

List of components that are

included within the scope of

each service being delivered

Ucs with Company vendors Y

YCI status information if

requestedCompany Service Catalog N

SIP information Y

Service Reports Y

Y

Capability or assessment of

the existing Company IT

infrastructure to support new

services and/or service

levels

Company service level

requirements that need to be

met for availability

N

Availability

Management

Availability

Management

Configuration

Management

Configuration

Management

Release

Management

Release

Management

N

Agreed upon SLR metrics

and targets to support

Company services

Identification of services to be

provided through the

Company IT Service Catalog,

SLA, OLA and underpinning

contract configuration items

Y

N

N

Input information that

describes how well

Company service levels are

being met

Initiation of service

improvement actions related

to availability for Company

services

Y

N

N

Advise and/or input on how

poor Company service

quality can be eliminated or

mitigated

N

Support for service level

negotiation processes with

availability actions/options

needed to support Company

service targets

N

Capacity assessment to

determine if requested

service levels for new

Company systems can be

met



met for performance and

throughput

N

N

Provides capacity related

input and/or implements

capacity changes to

eliminate poor Company IT

service quality if capacity

related






N

N

Initiates demand

management

discussions/options to better

manage and control service

quality when necessary



to capacity for Company

services

Y

Availability

Management

Availability

Management

Capacity

Management

Capacity

Management

N

Provides information on

throughput and performance

metrics that support agreed

upon service level targets

Information to assist Business

Capacity planning activities

N

Y

N

Draft and/or review service

level requirements that

involve capacity related

service targets

Information to assist with

Demand Management

activities

N

Y

N

Provide feedback on

whether service

requirements for continuity

can be provided


requirements that identify

required timescales for

recovery

N

N

Provide Company standard

definition for what conditions

must be in place to invoke

continuity actions


recovered through the




N

Agreed conditions for invoking

recovery actionsN

YCosts for providing Company

IT services



priced and charged for

Y

N

Y

N

Charges to Company

customers for services





contract configuration items to

provide input for budgeting, IT

accounting and charging

activities

Y

Y

N

Identification of financial

penalties or other charges

that may be levied on

Company IT Service Delivery

related to poor service

quality

Capacity

Management

Capacity

Management

IT Service

Continuity

Management

IT Service

Continuity

Management

IT Financial

Management

IT Financial

Management

YFinancial Management

budgets and targets

Y

N

Cost and charging input to

the agree process for

Company SLAs, OLAs and

UCs

N Company charging policies

Y

N

Assessment of capability to

meet requested service

levels for call handling and

response

SLA targets and thresholdsY

N


incidents

Communications on quality of

services being delivered to

customers

Y

N

Y


service quality being

delivered

Escalation policies for incident

resolutionN

Y

N


service level has been

missed or not

Service Catalog to

communicate IT services

available to Company

customers

N




incidents

Y

Y

N


meet Company SLRs that

are security related



met for confidentiality,

integrity and availability of

Company data

Y

NSecurity policies that must

be adhered to






Y

N



to security for Company

services

N

IT Financial

Management

IT Financial

Management


Security

Management

Security

Management

SupplierGAP

Y/NInput Output

GAP


NIncident history and detail

when requested

Monitoring information related

to availability to help resolve

incidents

N

YMetrics on Mean Time To

Repair actions

Support for incident resolution

as neededN

N



requested

Y




Y


problems as input to

understanding the levels of

availability being delivered



problems

N

YKnown errors to assist with

availability improvements

Support for problem

resolution to identify impact of

component failures

N

Y

Problems trends and

information as input for

potential actions to mitigate

Provides availability,

maintenance and

serviceability metrics to assist

in problem identification

Y

Identifies impacts of Known

Errors on availabilityY

Indentifies availability related

problemsN

N



availability

Identifies availability related

RFCsN

N

RFCs that have been


availability

Participation in post

implementation reviewsY

Availability Management

Incident

Management

Incident

Management

Problem

Management

Problem

Management

Change

Management

Change

Management

N

RFCs that have been


impact on availability



N

FSCs to be used as input on

for availability plans and

actions

Participation on the

Emergency Committee

Change Advisory Board

(EC/CAB)

N

Y

N



improve availability or make

changes to the Availability

Plan

Assists in development of

Planned Service Availability

(PSAs)

Y

N

Y


results to assess

effectiveness of availability

changes

Identify changes that impact

availabilityY

Identify Security

Requirements needed for

changes

Y

Y

N




availability

Reviews planned and


impacts on availability

Y


determine if availability


Y

N

Y

Configuration Item

information on components

to be used as input for Fault

Component Impact Analysis

(FCIA) or other analysis

efforts as well as


Availability Database CI items Y

Y




services

Availability PlansY

N

Release

Management

Change

Management

Change

Management

Release

Management

Configuration

Management

Configuration

Management

Y

Historical reports from other

IT Service Management

functions which have been

stored as CIs

Relationship information

between CIs Y

Y

N

Availability Data Base (ADB)

CIVital Business functions

Y

N

Indication which CIs may be

cause for poor service qualityY

Changes to Cis caused by

implementation of Availability

changes

Y

Provides status of

serviceability on CisY

N



met for availability

Capability or assessment of

the existing Company IT

infrastructure to support new

services and/or service levels

Y

N

N

Identification of services to

be provided through the

Company IT Service

Catalog, SLA, OLA and

underpinning contract

configuration items

Agreed upon SLR metrics and

targets to support Company

services

N

N



to availability for Company

services

Input information that

describes how well Company

service levels are being met

Y

N

Advice and/or input on how

poor Company service quality

can be eliminated or mitigated

N

Support for service level

negotiation processes with

availability actions/options

needed to support Company

service targets

N

Service Level

Management

Service Level

Management

Configuration

Management

Configuration

Management

N

Application Sizing for new

Company applications and

services

Design plans for new

Company servicesN

N

Implementation of tuning

and capacity changes to

correct poor Company

service quality

Availability requirements for

new and existing Company

services

Y

N

NCapacity alternatives to meet

availability requirements

Timelines for when new

Company services will be in

production to determine when

capacity levels will be needed

N

N

Capacity related thresholds

and alarms that will need to

be monitored to manage

Company service quality

Resiliency requirements for

Company services to

determine impacts on

capacity needs

Y

Y

Capacity impacts for

component or system

failures

Monitoring requirements for

IT components

Y

N

YCapacity impact analysis for

resiliency optionsAvailability plans

Y

N

Y

N

Business continuity plans to

identify how services will

recovered as input to the

Company availability plan

Identification of Company vital

business functions that need

to be recovered along with

required recovery timescales

N

Y

Identification of Company

business risks and mitigation

strategies

Availability goals and targets

for Company servicesN

N

Assessment as to whether

recovery actions should be

invoked to restore services

Availability options to reduce

risks for failure of Company

services to be used as input

to risk assessment activities

Y

N


Company services that need

to be provided for

N

Capacity

Management

Capacity

Management

IT Service

Continuity

Management

IT Service

Continuity

Management

Impacts of non-availability of

Company services that will be

used as input for Company

Business Impact Analysis

efforts

Y

Y

Identification of costs and

charges for availability

options chosen or under

consideration

Availability design plans for

each Company service that

can be used as input for

identifying IT costs

Y

Y

Identification of costs or

financial penalties for poor

service quality or

unavailability of Company

services



production to determine when

costs will be incurred

N

Impact of non-availability of

Company services to be used

as input for determining non-

availability costs

Y


when requested



Company incidents

N

Y


meet requested service

levels for call handling and

response


as neededN

Y




Provides planned recovery

processes used to resolve

incidents

Y

N



requested

Y

N

Security policy that identifies

security requirements that

must be incorporated into

availability designs

Provides requirements for

confidentiality of Company

data for new and existing

services

N

Security

Management

IT Service

Continuity

Management

IT Service

Continuity

Management

IT Financial

Management

IT Financial

Management


Security

Management

Y

Assessment of availability

designs to ensure they meet

Company requirements for

data confidentiality, integrity

and availability


integrity of data used to

support Company services

Y

N


availability of data used to


Y

Provides designs for access

control to data that needs to

be secured for Company

services

Y

SupplierGAP

Y/NInput Output

GAP



when requested



Company incidents

N

N


customers on capacity

related incidents and overall

satisfaction with


quality


as neededN

Status of available capacity N

Y


problems as input to

understanding the quality of


being delivered


to capacity to help resolve

problems

N

Y

Known errors to assist with


improvements

Support for problem

resolution to identify impact of

capacity failures

N

Y

Problem trends and

information as input for

potential actions to mitigate

Identifies impacts of Known

Errors on capacityY

Identifies capacity related

problemsN

Security

Management

Capacity Management

Incident

Management

Incident

Management

Problem

Management

Problem

Management

Security

Management

Identifies current capacity

status versus planY

Assist with resolution of

known errors related to

performance, capacity and

throughput

N

N




Identifies capacity related

RFCsN

N

RFCs that have been



Identify and reviews changes

that impact capacityN

N

RFCs that have been


impact on capacity plans

Identify impact of new

resource technologies on

capacity

N

N



capacity or to make changes

to the Capacity Plan

Application Sizing results to

be used as input for changesN

N

FSCs to assist with planning

for the implementation of

capacity changes

Y


results to assess

effectiveness of capacity

changes

Y




capacity plans, performance

and throughput

Reviews planned and


impacts on capacity

Y


determine if capacity


Y

Problem

Management

Problem

Management

Change

Management

Change

Management

Release

Management

Release

Management

Application sizing to be used

as input for release

development

N

Y

Configuration Item

information on components


capacity analysis efforts as

well as planning/design

efforts

Capacity Database CI items Y

Y




services to assess impacts

of capacity issues and plans

Capacity Plans Y

Y

Historical reports on capacity

levels, monitoring results

and other IT Service

Management functions

which are also CIs

Indication which CIs or set of

CIs may be cause for capacity

issues

Y

YCapacity Data Base (CDB)

CI


implementation of capacity

changes

Y

Application sizing related CIs Y

Y



met for performance and

throughput

Capacity assessment to

determine if requested

service levels for new

Company systems can be

met

N

N



Company IT Service



configuration items

Provides capacity related

input and/or implements

capacity changes to eliminate

poor Company IT service

quality if capacity related

N

Service Level

Management

Service Level

Management

Configuration

Management

Configuration

Management

Release

Management

Release

Management

N



to capacity for Company

services

Initiates demand

management

discussions/options to better

manage and control service

quality when necessary

N

Y

Information to assist

Business Capacity planning

activities

Provides information on

throughput and performance

metrics that support agreed

upon service level targets

Y

N

Information to assist with

Demand management

activities

Draft and/or review service

level requirements that

involve capacity related

service targets

Y

YDesign plans for new

Company services

Application sizing for new

Company applications and

services

Y

N

Availability requirements for

new and existing Company

services

Implementation of tuning and

capacity changes to correct

poor Company service quality

N

N



production to determine

when capacity levels will be

needed

Capacity alternatives to meet

availability requirementsN

Y


Company services to

determine impacts on

capacity needs

Capacity related thresholds

and alarms that will need to

be monitored to manage

Company service quality

N

NMonitoring requirements for

IT components

Capacity impacts for

component or system failuresY

Y Availability plansCapacity impact analysis for

resiliency optionsY

Service Level

Management

Service Level

Management

Availability

Management

Availability

Management

N


identify what services will be

recovered as input to

capacity planning process

Capacity requirements

needed to meet required


targets while in recovery

Y

N

Testing requirements and

plans as input to capacity

planning process

Capacity plan to provide input

on capacity levels that must

be maintained during the

recovery period

Y

Y


charges for capacity options

chosen or under

consideration

Capacity cost estimates for

new Company services to be

provided

N

Y



service quality or


services

Usage profiles for Company

IT users to be used as input

for charging

Y

Y Budget and IT financial goals

Modeling and analysis to

predict future capacity costs

to be incurred

Y

Application sizing estimates to

cost out new/changed

enhancements to Company

applications

Y

Capacity plans to help identify

future revenues and costsY


when requested


to performance and


incidents

N

Y

Call volumes and operational

metrics to be used as input

for Capacity Plans


as neededN

IT Service

Continuity

Management

IT Service

Continuity

Management

IT Financial

Management

IT Financial

Management


Y


customers on capacity

related incidents and overall

satisfaction with


quality

Status of available capacity N

NSecurity policies that must

be adhered to

Review of security

management and control

options selected to ensure

that performance and

throughput required targets

can still be maintained

Y

Y

Security assessment of

impacts from capacity

decisions or plans

Application sizing information

to be used to identify IT

elements that will need to be

considered for security

Y

SupplierGAP

Y/N

GAP


Y




standby facilities

Risk mitigation plans Y

Y



when requested



to be invoked

Y

N

ITSC PlanY

N



Y

N

Y

Early warning indication of

potential need to invoke

recovery actions

Reviews Known Errors for

business impact, risk or threatY

Y

Known errors and

workaround measures that

need to be in place while

operating at standby facilities



Y

N

IT Service Continuity Management

Incident

Management

Incident

Management

Problem

Management

Problem

Management


Security

Management

Security

Management

Y

Problem history and detail


when requested

Risk mitigation plans Y

Y

Actions taken to resolve

problems that will allow

restoration of services at

primary facilities to begin



to be invoked

Y

N

Y

RFCs and their current

status that need to be

assessed for their impacts

on the ITSC plan and to

keep it current

RFCs for changes to recovery

plansY

Y


proceed with changes to the

ITSC plan


impact on IT Service

Continuity management

operations and plans

Y

Y


determining when changes

will be implemented that

have impact on ITSCM

activities and plans

Ensures implemented

changes incorporated to ITSC

plans have been tested

Y

Y


results to assess

effectiveness and impacts of

changes on recovery plans

Participates on Change

Advisory Board (CAB) Y

Y




the ITSC plan, business

impact analysis, risk analysis

and ITSC plan testing

activities

Ensure recovery plans are

maintained to include new

releases as they are

implemented

Y

Problem

Management

Problem

Management

Change

Management

Change

Management

Release

Management

Release

Management

Y

Requirements for

management and operation

of Definitive Hardware

Stores and Definitive

Software Library that need to

be considered as part of the

ITSC plan

Ensure ITSCM requirements

are included with releases as

they are developed and

implemented

Y

Business Impact Analysis and

Risk Assessment results to

be used as input for release

planning and development

Y

YCIs for components that

need to be recoveredITSC Plan Y

Y

CI relationships to ensure all

components needed for

recovery actions have been

considered

ITSC Plan test results Y

Y

CIs used as input for impact

analysis and risk mitigation

and planning efforts

Standby arrangements Y

Y

Business Continuity Plan

and IT Service Continuity

Plans that have been stored

as CIs

Company Business Impact

AssessmentY

Company Risk Analysis Y

Y

N


requirements that identify

required timescales for

recovery

Provide feedback on whether

service requirements for

continuity can be provided

Y

N

Y

N


be recovered through the

Company IT Service



configuration items

Provide Company standard

definition for what conditions

must be in place to invoke

continuity actions

Y

N

YAgreed conditions for


Release

Management

Release

Management

Service Level

Management

Service Level

Management

Configuration

Management

Configuration

Management

Y

N


vital business functions that

need to be recovered along

with required recovery

timescales


identify how services will be

recovered as input to the

Company availability plan

Y

NAvailability goals and targets

for Company services


business risks and mitigation

strategies

Y

Y

Availability options to reduce

risks for failure of Company


to risk assessment activities

Assessment as to whether

recovery actions should be

invoked to restore services

Y

N

Y


Company services that need

to be provided for

Y

Impacts of non-availability of

Company services that will


Company Business Impact

Analysis efforts

N

Capacity requirements

needed to meet required


targets while in recovery


identify what services will be

recovered as input to capacity

planning process

N

Y

Capacity plan to provide

input on capacity levels that

must be maintained during

the recovery period

Testing requirements and

plans as input to capacity

planning process

N

Y

Identification of costs for

invoking recovery actions of

Company services

Provide costs to execute

recovery actionsY

Y


financial penalties for



for business impact

assessment

Provides costs for testing and

maintaining service continuity

plan

Y

Availability

Management

Availability

Management

Capacity

Management

Capacity

Management

IT Financial

Management

IT Financial

Management

Y

Identification of costs for risk

mitigation items being

considered

Provides costs for risk

mitigation optionsY

NIdentification of costs for

ongoing testing

Assistance with cost

estimates/business impact of

service loss

N

N Budgets and financial targets

N

Charging policies and how

charges may be applied in

the event of that recovery

actions are invoked

Y


return to normal state

services

N

Provide single point of

contact if recovery actions

are invoked

Plans and processes for

communicating and

coordinating recovery status

to customers if recovery

actions are invoked

N

Y



when requested


invoking recovery actionsN

Provides education and

awareness campaign

information

N

N

Security policies that must

be in effect in the event that

recovery actions are invoked


identify how Company

security requirements will be

maintained during recovery

N

N

Assessment of security

impacts from recovery

options and continuity

strategies under

consideration

Business impact assessment

that outlines Company impact

of service losses

Y

N

Security input to business

impact analysis and risk

analysis activities

Security

Management

Security

Management

IT Financial

Management

IT Financial

Management


SupplierGAP

Y/NInput Output

GAP


YCost impacts for restoring

services and actions taken

Charges for support and / or

resolution processesY

Y


that incidents will occur to


impacts


for incident management

functions

Y


incident managementY

Y

Cost impacts for handling

known errors and actions

taken

Charges for support and / or

Known Error resolution

processes

Y

Y


that known errors will occur

to identify longer term cost

impacts

Budget and financial targets

for problem management

functions

Y

YCosts for resolving known

errors (error control)


problem managementY

Identifies cost impacts of

Known ProblemsY

Y

RFCs and FSCs to assess

impact to IT budgets,

charges and costs

Identifies cost impacts for

implementing RFCs being

submitted

Y

Y


proceed with RFC changes

to update budgets and cost

plans and models as needed

RFCs for changes to budgets

and pricing policiesY

Y


results to assess actual

costs versus planned for

implementing changes


change management

activities

Y


cost / benefit impactY

IT Financial Management

Incident

Management

Incident

Management

Problem

Management

Problem

Management

Change

Management

Change

Management

Y

Identified costs and / or cost

impacts for implementation

of new releases including

documentation, testing and

training

Identifies cost/benefit impacts

of releasesY

Y

Costs associated with

maintenance and

management of Definitive

Hardware Stores and the





releases

Y

Identifies budgets for release

activities Y

Reviews release budgets for

plan versus actualY

Y


include cost, value and

replacement timeline

information

IT Budgets Y

Y


include location, condition

and inventory of components

Charging Policies Y

Y

Historical IT financial data,

budgets, reports, charging

policies and customer bills


Cost categories Y

Y

Costs related to

maintenance and operation

of the Configuration

Management infrastructure

Financial Reports Y

Cost and value of CIs Y

Y

N



priced and charged for

Costs for providing Company

IT servicesY

Service Level

Management

Service Level

Management

Configuration

Management

Configuration

Management

Release

Management

Release

Management

N



Company IT Service



configuration items to

provide input for budgeting,

IT accounting and charging

activities

Charges to Company

customers for services

Y

N

Identification of financial

penalties or other charges

that may be levied on

Company IT Service Delivery

related to poor service quality.

Y

Financial Management

budgets and targetsY

Cost and charging input to the

agree process for Company

SLAs, OLAs and UCs

Y

Company charging policiesY

N

Y

Availability design plans for

each Company service that

can be used as input for

identifying IT costs


charges for availability options

chosen or under

consideration

N

Y

N



production to determine

when costs will be incurred



service quality or unavailability

of Company services

N

Y

Impact of non-availability of

Company services to be

used as input for

determining non-availability

costs

Service Level

Management

Service Level

Management

Availability

Management

Availability

Management

N

Capacity cost estimates for

new Company services to be

provided


charges for capacity options

chosen or under

consideration

Y

N

Y

N

Usage profiles for Company

IT users to be used as input

for charging



service quality or unavailability

of Company services

Y

Y

N

Modeling and analysis to

predict future capacity costs

to be incurred

Budgets and IT financial goals Y

Y

N

Application sizing estimates

to cost out new / changed

enhancements to Company

applications

Y

Capacity plans to help

identify future revenues and

costs

YProvide costs to execute

recovery actions


invoking recovery actions of

Company services

Y

Y

Provide costs for testing and

maintaining service

continuity plan


financial penalties for



for business impact

assessment

Y

YProvides costs for risk

mitigation options

Identification of costs for risk

mitigation items being

considered

Y

N

Assistance with cost

estimates / business impact

of service loss


ongoing testingN

Budgets and financial targets Y

Charging policies and how

charges may be applied in the

event of that recovery actions

are invoked

N

Capacity

Management

Capacity

Management

IT Service

Continuity

Management

IT Service

Continuity

Management


return to normal state

services

Y

Y

Costs for Service Desk

operational infrastructure,

resources and supporting

organization

Budget for operation and

management of Service Desk

functions

Y

Y

Planned staffing levels and

resources as input for

budgets

Charging policies to be


customers to help resolve

questions and concerns

Y

N

Y

N

Usage of Service Desk


charging

YCustomer questions and

feedback over charges

Y

Costs for maintaining and

operating Company security

management functions

Identification of costs /

penalties for security related

breaches into Company's

customer and operational

data

Y

N Security policyFinancial Management

budgets and targetsY


managing and controlling

security of Company


data

Y

Charging policies and

charges to be invoked in the

event of a customer induced

security breach

Y

N

SupplierGAP

Y/NInput Output

GAP


YIdentifies which CIs are

associated with incidents



resolutions

Y

Service Desk

Incident

Mangement

Incident

Mangement

IT Service

Continuity

Management

IT Service

Continuity

Management


Security

Management

Security

Management

NIdentifies incident handling

and workaround procedures



symptoms

Y

N


actions taken after an

incident has occurred

Y

N


status

Y Identifies Known Errors Incident detail and historyY

N

N

Identifies resolution actions


multiple incidents



symptoms

Y

NIdentifies problem resolution

status

N


changes being applied to the



Forward Schedule Of

Changes

N

N

Identifies projected service

availability information to be


customers


Planned Schedule of

Availability

N

Y


releases being applied to the


Identifies cost / benefit

impacts of releasesY




releases

Y

Identifies budgets for release

activitiesY

Reviews release budgets for

plan versus actual Y

Incident

Mangement

Incident

Mangement

Problem

Management

Problem

Management

Change

Management

Change

Management

Release

Mangement

Release

Mangement

Configuration

ManagementY

CIs with incident information,

status and history from prior

incidents

Recorded CIs with Company


and current status

YConfiguration

Management

Y SLA targets and thresholds


meet requested service levels

for call handling and response

Y

N

N

Communications on quality

of services being delivered

to customers


incidentsY


incident resolution


service quality being deliveredY

N

Service Catalog to

communicate IT services

available to Company

customers



or not

Y

N

N




incidents

N



resolve company incidents


when requestedY




meet requested service levels

for call handling and response

Y

N

Y

Provides planned recovery

processes used to resolve

incidents




Y



requested

N

N




incidents


when requestedN

Capacity

Management

Service Level

Management

Service Level

Management

Availability

Management

Availability

Management

Capacity

Management



Call volumes and operational

metrics to be used as input

for Capacity Plans

Y

N Status of available capacity





and throughput

Y

N

Plans and processes for

communicating and

coordinating recovery status

to customers if recovery

actions are invoked

Provide single point of contact

if recovery actions are

invoked

N





when requested

Y

N

Provides education and

awareness campaign

information

Y

Budgets for operation and

management of Service

Desk functions

Costs for Service Desk

operational infrastructure,

resources and supporting

organization

Y

N

Charging policies to be


customers to help resolve

questions and concerns

Planned staffing levels and


budgets

Y

Usage of Service Desk


charging

N

Customer questions and

feedback over chargesN

Y

N

Security policies to be

communicated to customers



related incidents

N

Capacity

Management

Security

Management

Security

Management

Capacity

Management

IT Service

Continuity

Management

IT Service

Continuity

Management

IT Financial

Management

IT Financial

Management

N

Processes and procedures

for handling common

security requests that do not

involve hardware or software

changes


service quality related to

security and security policies

in place

Y

N



incidents

SupplierGAP

Y/NInput Output

GAP


N



related incidents

Company security policies

N

N


incidents

Processes and procedures for


requests

Y

N







incidents N

YKnown errors related to

security

Company security policiesN

Y

Actions taken to resolve

security related known errors



problems

N

Y


changes on security

RFCs for security policy and

process documentation

changes

Y

Y



changes related to security

or to modify the Company

Security Policy

Y


review of scheduled changes

against security plans and

policies

Problem

Management

Change

Management

Security

Management

Security

Management

Change

Management

Security Management

Incident

Management

Incident

Management

Problem

Management

Y


results to assess

effectiveness of security

changes

Y


status to determine impact

on security policies and

plans

Security Policies to be used

as input for release design

and implementationN

N

Validation that implemented

releases do not compromise



security access needed to

implement releasesN

N

Security access


provided for to allow release

activities to take place


security access and policies

needed to control Definitive

Hardware Store (DHS) and


(DSL)

Y

Y

CIs that need to be under

control for confidentiality,

integrity and access

Company Security Policies

N

N

Historical reports on security

breaches and status as well

as security policies which

are stored as CIs

Indication of which CIs should

be protected

Y

Y

CI relationships that need to

be considered for impact on

security

Confidentiality, Integrity and

Availability policies for the

CMDB

Y

Y



met for confidentiality,

integrity and availability of

Company data


meet Company SLRs that are

security related Y

Change

Management

Release

Management

Release

Management

Change

Management

Service Level

Management

Service Level

Management

Configuration

Management

Configuration

Management

N



Company IT Service



configuration items

Security policies that must be

adhered to

N

N



to security for Company

services

N


confidentiality of Company

data for new and existing

services

Security policy that identifies

security requirements that

must be incorporated into

availability designs

N

N


integrity of data used to


Assessment of availability

designs to ensure they meet

Company requirements for

data confidentiality, integrity

and availability

N

N


availability of data used to


N

Provides designs for access

control to data that needs to

be secured for Company

services

N

Review of security

management and control

options selected to ensure

that performance and

throughput required targets

can still be maintained


adhered to

N

Service Level

Management

Service Level

Management

Availability

Management

Availability

Management

Capacity

Management

Capacity

Management

N

Application sizing

information to be used to

identify IT elements that will

need to be considered for

security

Security assessment of

impacts from capacity

deCIsions or plans N

N


identify how Company

security requirements will be

maintained during recovery


in effect in the event that

recovery actions are invoked

N

Y

Business impact

assessment that outlines

Company impact of service

losses

Assessment of security

impacts from recovery options

and continuity strategies

under consideration

N

Security input to business

impact analysis and risk

analysis activities

N

Y

Identification of costs /

penalties for security related

breaches into Company's


data

Costs for maintaining and

operating Company security

management functions Y

YFinancial Management

budgets and targets

Security policyN

Y


managing and controlling

security of Company


data

N

Charging policies and

charges to be invoked in the

event of a customer induced

security breach

N



related incidents

Security policies to be

communicated to customers N


Capacity

Management

Capacity

Management

IT Service

Continuity

Management

IT Service

Continuity

Management

IT Financial

Management

IT Financial

Management

Y


service quality related to

security and security policies

in place

Processes and procedures for


requests that do not involve

hardware or software

changes

N



incidents

N
