【正文】 ? Continuity plans shall be retained offsite, tested according to business need, with all tests recorded and all abnormalities investigated and actioned. 可用性和服務持續(xù)性管理 目標 : 在任何情況下確保承諾客戶的責任得到滿足 . ? 定義需要基于業(yè)務計劃 ,SLAs,和風險管理評估 . ? 計劃至少按年度開發(fā)和檢查 . ? 可用性必須得到測量和記錄 . ? 持續(xù)性計劃有備份站 ,根據(jù)業(yè)務需要進行測試 ,測試需要有記錄 ,任何不正常情況需要采取調(diào)查和相關行動 . 28 2023/1/30 Budgeting and accounting for IT services Objective: To budget and account for the cost of service provision. The shall be clear policies and procedures: a) Budgeting, and accounting for all ponents including IT assets, shared resources, overheads, thirdparty supplied service, people, insurance and licenses. b) Apportioning and allocating all indirect costs. c) Financial control and authorization. Costing and approving of all of changes IT服務的預算和財務 目標 : 對服務提供的成本進行預算和財務管理 必須有清晰的策略和流程 : a) 預算和財務管理包括 IT資產(chǎn) ,共享資源 ,未知開銷 ,第三方服務 ,人 ,保險和許可證 . b) 分攤所有直接成本 . c) 財務控制和授權(quán) d) 變化的審批和成本記錄 29 2023/1/30 Capacity management Objective: To ensure that the anization has, at all times, sufficient capacity to meet the current and future agreed demands of the business. Production of a capacity plan, matched to business requirements, the process shall include: a) Current and predicted capacity requirement b) Thresholds for investigation and upgrading together with cost and time scales. c) Evaluation and remendation of upgrades, changes, new technologies and new techniques. d) Processes for trending and predicting impacts of events e) Monitoring and measurement techniques for service capacity, tuning and performance to ensure adequate capacity in all areas. 能力管理 目標 : 確保企業(yè)總是能夠滿足現(xiàn)在和未來業(yè)務發(fā)展對 IT能力的需求 . 能力計劃必須同業(yè)務發(fā)展匹配 ,包括 :: a) 現(xiàn)在和預期的能力需求 b) 結(jié)合成本和時間的極限和升級調(diào)查 . c) 對升級 ,變更和新技術的評估和建議 d) 影響事件的趨勢和預測流程 e) 監(jiān)控和測量服務能力 ,執(zhí)行業(yè)績確保始終有適合的能力供應 . 30 2023/1/30 Information security management Objective: Manage information security in line with business requirements, including: a) Maintenance and distribution of an information security policy to all personnel and customers. b) Management of all service associated risks. c) Implementation of necessary security controls and processes to support the information security policy. 信息安全管理 目標 : 根據(jù)業(yè)務發(fā)展管理信息安全 , 包括 : a) 向所有人和客戶發(fā)布維護和信息安全策略 . b) 管理所有服務相關風險 . c) 實施必要的安全控制和流程支持信息安全 . 31 2023/1/30 7 Relationship processes 關系流程 服務提供者 客戶 /業(yè)務 供應商 內(nèi)部或外部 供應商管理 業(yè)務關系管理 32 2023/1/30 Business relationship management Objective: Identify and document the stakeholders and customers of the services. Customer shall attend a service review for SLA, service scope, contract least annually. Service performance reviews, with issues and action plans. Awareness of business needs and changing requirements. A plains and escalation process including definition, recording investigation, action and formal closure Nominated individuals responsible for customer satisfaction and relationships. A customer feedback process, with recording and input to the Service Improvement Plans). 業(yè)務關系管理 目標 : ? 定義和文檔化服務的所有者和客戶 . ? 客戶需要參與 SLA,范圍和合同的年度檢查 . ? 服務業(yè)績檢查 ,問題及行動計劃 . ? 知曉業(yè)務需求和變更需求 . ? 抱怨和抱怨擴展流程 :包括定義 ,記錄 ,調(diào)查 ,行動和問題解決 . ? 指派專人負責客戶滿意和關系 . ? 客戶反饋流程 :記錄反饋 ,輸入服務改進計劃 33 2023/1/30 Supplier management Objective: To manage third party suppliers to ensure the provision of seamless, quality service improvement plan. Management of suppliers to ensure quality services, including: ? Documented processes with named owner for each supplier. ? Agreed and documented scope, targets and processes with agreed interface. ? Targets with suppliers shall align and support business SLA targets. ? Documented processes for lead suppliers, who must demonstrate management of all subcontracted suppliers ? Processes for regular performance reviews and feedback ? Major reviews and agreement reviews at least annually ? Processes for disputes, end of contract and early termination 供應商管理 目標 : 管理第三方供應商確保服務的持續(xù)提供 ,質(zhì)量和服務持續(xù)改進 . 管理供應商確保優(yōu)質(zhì)服務包括 : ? 每個供應商建立流程文檔 . ? 達成雙方同意的接口 ,并對范圍 ,目標和流程雙方接受和文檔化 ? 供應商目標必須符合 SLA目標定義 . ? 對主要供應商需要建立文檔流程 ,能夠說明主要供應商能夠管理好子供應商 ? 對流程進行定期的檢查和反饋 ? 主要的檢查和協(xié)約必須每年做一次 ? 流程爭議 ,結(jié)束合約 ,終止合約需要說明 34 2023/1/30 8 Resolution process 解決流程 Incident management Objective: To restore agreed service to the business as soon as possible to service requests. ? All incident shall be recorded. ? Procedure for managing the impact of incidents, including: recording, prioritizing, impact assessment, classification, updating, escalation and closure ? Reactive and proactive customer munication ? Access to all relevant information: known errors, problem resolution, and CMDB ? Procedures for the classification and management of major incidents 事件管理 目標 : 盡快恢復對業(yè)務的服務和服務請求 . ? 所有事件必須記錄 . ? 事件的流程管理包括 :: 記錄 ,優(yōu)先等級 ,影響評估 ,分類 ,更新 ,擴展和關閉 ? 主動和預先同客戶溝通事件 ? 訪問所有相關信息 :已知錯誤 ,問題解決方案 ,配置數(shù)據(jù)庫 ? 建立分類和重要事件管理流程 35 2023/1/30 問題管理 目標 : 通過預先定義和分析服務終止及管理問題 ,將問題對業(yè)務的影響降到最小 . ? 所有問題必須記錄 . ? 管理和避免事件和問題的流程包括 : 記錄 ,分類 ,更新 ,擴展 ,解決和關閉問題 . ? 預防問題的趨勢分析 ? 監(jiān)控和檢查問題解決的有效性 ? 根據(jù)問題的原因提出變更并反饋給服務改進計劃 . Problem management Objective: To minimize disruption to the business by proactive identification and analysis of the cause of service incidents and by management problem to closure. ? All problems shall be recorded. ? Procedure for managing/ avoiding incidents problems, including: recording, classifying, updating, escalating, resolving and closing problems. ? Trend analysis and problem prevention ? Monitoring and reviewing the effectiveness of problem resolution ? Raising changes to correct the underlying cause of problems and feeding improvement actions into the SIP. 36 2023/1/30 9 Control Pr