SERVICE CONTINUITY
El propósito de ‘Service Continuity’ (SC), perteneciente al Nivel de Madurez 3, es establecer y mantener planes para asegurar la continuidad de los servicios durante la irrupción de las operaciones. La continuidad del servicio es el proceso que consiste en preparar la mitigación de irrupciones en la entrega del servicio. Las practicas de esta área de proceso describen como preparar los sistemas de servicios y los recursos para asegurar un nivel crítico mínimo del servicio pueda continuar si se produce un riesgo significativo.
Esta área de proceso se puede aplicar a nivel organizacional y a nivel proyecto.
La irrupción de un servicio es una situación que involucra un evento que hace imposible que el proveedor del servicio realice su negocio.
SC abarca el desarrollo, prueba y mantenimiento de los planes de continuidad del servicio.
SC se relaciona con las siguientes áreas de proceso: SD, DAR, OT, PP y RSKM.
Los objetivos específicos (SG), prácticas específicas (SP) y subprácticas de esta AP son:
SG 1 – Identify Essential Service Dependencies
SP 1.1 - Identify and Prioritize Essential Functions
1.1.1- Identify and prioritize the essential services of the organization.
1.1.2- Identify the essential functions on which services rely.
1.1.3- Analyze the criticality of providing those functions and the impact to services if the essential functions cannot be performed.
1.1.4- Prioritize the list of essential functions that must be provided despite a significant disruption.
SP 1.2 - Identify and Prioritize Essential Resources
1.2.1- Identify and document internal and external dependencies.
1.2.2- Identify and document key personnel and their roles in relation to service delivery.
1.2.3- Identify and document organizational and relevant stakeholder responsibilities.
1.2.4- Identify and document resources required by essential functions to ensure continuity.
1.2.5- Prioritize resources based on an evaluation of impact from their loss or from lack of access.
1.2.6- Ensure safety provisions are made for personnel, both internal and external, within the delivery environment and for organizational supporting functions.
1.2.7- Ensure that records and databases are protected, accessible, and usable in an emergency.
Productos de trabajo típicos
A business impact analysis (SP 1.1)
Orders of succession (SP 1.2)
Delegations of authority (SP 1.2)
Directory of critical personnel with contact information (SP 1.2)
Data and systems required to support identified essential service functions (SP 1.2)
Records of service agreements and contracts (SP 1.2)
Records of legal operating charters (e.g., articles of incorporation, authorization by local, state, or national government agencies) (SP 1.2)
Personnel benefit balances, payroll, and insurance records (SP 1.2)
List of internal and external resources required (SP 1.2)
List of dependencies and interdependencies of resources (SP 1.2)
SG 2 – Prepare for Service Continuity
SP 2.1 – Establish Service Continuity Plans
2.1.1- Identify and document threats and vulnerabilities to ongoing service delivery.
2.1.2- Document the service continuity plan.
2.1.3- Review the service continuity plan with relevant stakeholders
2.1.4- Ensure that secure storage and access methods exist for the service continuity plan and critical information and functions needed to implement the plan.
2.1.5- Ensure that vital data and systems are adequately protected.
2.1.6- Document the acceptable service level agreed to by the customer for when a shift between the normal delivery environment and the recovery environment (e.g., site affected by disruption, alternate site) is necessary.
2.1.7- Plan for returning to normal working conditions.
2.1.8- Develop procedures for implementing the service continuity plan.
2.1.9- Revise the service continuity plan as necessary.
SP 2.2 – Establish Service Continuity Training
2.2.1- Develop a strategy for conducting service continuity training.
2.2.2- Develop and document service continuity training for each category of threat and vulnerability to service delivery.
2.2.3- Review service continuity training material with relevant stakeholders
2.2.4- Revise the training material as needed to reflect changes in the service continuity plan and feedback on training effectiveness.
SP 2.3 – Provide and Evaluate Service Continuity Training
2.3.1- Deliver training that covers the execution of the service continuity plan to appropriate personnel.
2.3.2- Maintain records of those who successfully complete service continuity training.
2.3.3- Solicit feedback on how well service continuity training prepared those who will execute the service continuity plan.
2.3.4- Analyze training feedback and document suggested improvements to the service continuity plan and service continuity training.
Productos de trabajo típicos
Formal statement of who has the authority to initiate and execute the service continuity plan (SP 2.1)
List of communication mechanisms needed to initiate the execution of the service continuity plan (SP 2.1)
List of threats and vulnerabilities that could impede the ability of the organization to deliver services (SP 2.1)
List of alternate resources and locations that support the organization’s essential functions (SP 2.1)
Documentation of the recovery sequence (SP 2.1)
List of key personnel’s roles and responsibilities (SP 2.1)
List of stakeholders and the methods used for communicating with them (SP 2.1)
Documented methods for handling security-related material, as appropriate (SP 2.1)
Service continuity training material (SP 2.2)
Training records (SP 2.3)
Evaluations of training effectiveness by students and training specialists (SP 2.3)
Suggested improvements to the service continuity plan (SP 2.3)
SG 3 – Verify and Validate the Service Continuity Plan
SP 3.1 – Prepare for the Verification and Validation of the Service Continuity
Plan
3.1.1- Develop a plan for conducting service continuity verification and validation.
3.1.2- Review with relevant stakeholders the verification and validation plan, including evaluation methods and the environments and other resources that will be needed.
3.1.3- Determine the procedures and criteria for verification and validation of the service continuity plan.
3.1.4- Identify changes to the service continuity plan from the preparation for verification and validation.
SP 3.2 Verify and Validate the Service Continuity Plan
Prepare the environment to conduct verification and validation.
2. Conduct verification and validation of the service continuity plan.
3. Record the results of verification and validation activities
SP 3.3 - Analyze Results of Verification and Validation
3.3.1- Compare actual to expected results of service continuity plan verification and validation.
3.3.2- Evaluate whether restoration to agreed service levels or some other planned state was achieved or not.
3.3.3- Document recommendations for improving the service continuity plan.
3.3.4- Document recommended improvements to the verification and validation of the service continuity plan.
3.3.5- Collect improvement proposals for services or service system components as appropriate based on the analyses of results.
3.3.6- Provide information on how defects can be resolved (including verification methods, criteria, and the verification environment) and initiate corrective action.
Productos de trabajo típicos
Verification and validation plan for assuring service continuity (SP 3.1)
Evaluation methods used for verification and validation (SP 3.1)
Description of environments necessary to conduct verification and Validation (SP 3.1)
Verification and validation procedures (SP 3.1)
Criteria for what constitutes successful verification and validation (SP 3.1)
Roster of personnel and stakeholders involved in service continuity verification and validation (SP 3.2)
Results of service continuity plan verification and validation (SP 3.2)
Verification and validation analysis reports (SP 3.3)
Improvement recommendations for the service continuity plan (SP 3.3)
Verification and validation improvement recommendations (SP 3.3)
SERVICE SYSTEM DEVELOPMENT
El propósito de ‘Service System Development’ (SSD), perteneciente al Nivel de Madurez 3, es analizar, diseñar, desarrollar, verificar y validar los sistemas de servicios, incluyendo los componentes del servicio, para satisfacer los acuerdos de servicio actuales y anticipados.Esta área de proceso es aplicable a todos los aspectos de un sistema de servicio. Se puede aplicar a nuevos sistemas de servicios y a cambios de los sistemas de servicios actuales.
Un sistema de servicio es una combinación integrada e interdependiente de los componentes del sistema de servicio que satisface los requerimientos de las partes interesadas.
Un componente de sistema de servicio es un proceso, producto de trabajo, persona, producto, cliente u otro recurso necesario para que el sistema de servicio tenga valor.
SSD se relaciona con las siguientes áreas de proceso: SD, SST, SSM, DAR, OID y REQM.
Los objetivos específicos (SG), prácticas específicas (SP) y subprácticas de esta AP son:
SG 1 – Develop and Analyze Stakeholder Requirements
SP 1.1 – Develop Stakeholder Requirements
1.1.1- Engage relevant stakeholders using methods for eliciting needs, expectations, constraints, and external interfaces.
1.1.2- Transform stakeholder needs, expectations, constraints, and interfaces into stakeholder requirements
1.1.3- Define constraints for verification and validation
SP 1.2 – Develop Service System Requirements
1.2.1- Develop requirements and express them in the terms necessary for service and service system design.
1.2.2- Derive requirements that result from solution selections and design decisions.
1.2.3- Establish and maintain relationships among requirements for consideration during change management and requirements allocation.
1.2.4- Allocate the requirements to service system components.
1.2.5- Identify interfaces both external and internal to the service system.
1.2.6- Develop requirements for the identified interfaces.
SP 1.3 – Analyze and Validate Requirements
1.3.1- Develop operational concepts and scenarios that include functionality, performance, maintenance, support, and disposal as appropriate
1.3.2- Develop a detailed operational concept that defines the interaction of the service system, end users, and the environment, and that satisfies operational, maintenance, support, and disposal needs.
1.3.3- Establish and maintain a definition of required functionality.
1.3.4- Analyze requirements to ensure that they are necessary, sufficient, and balance stakeholder needs and constraints.
1.3.5- Validate requirements to ensure the resulting service system will perform as intended in the user’s environment
Productos de trabajo típicos
Customer requirements (SP 1.1)
End-user requirements (SP 1.1)
Customer and end-user constraints on the conduct of verification and validation (SP 1.1)
Staffing level constraints Evaluation (SP 1.1)
Derived requirements with relationships and priorities (SP 1.2)
Service requirements (SP 1.2)
Service system requirements (SP 1.2)
Requirement allocations (SP 1.2)
Design constraints (SP 1.2)
Interface requirements (SP 1.2)
Skill-level requirements (SP 1.2)
Operational concepts, use cases, activity diagrams, and timeline scenarios (SP 1.3)
Service system and service system component installation, training, operational, maintenance, support, and disposal concepts (SP 1.3)
New requirements (SP 1.3)
Functional architecture (SP 1.3)
Requirements defects reports and proposed changes to resolve (SP 1.3)
Assessment of risks related to requirements (SP 1.3)
Record of analysis methods and results (SP 1.3)
SG 2 – Develop Service System
SP 2.1 – Select Service System Solutions
2.1.1- Establish defined criteria for selection.
2.2.2- Develop alternative solutions.
2.2.3- Select the service system solutions that best satisfy the criteria established
SP 2.2 – Develop the Design
2.2.1- Develop a design for the service system
2.2.2- Ensure that the design adheres to allocated requirements
2.2.3- Document the design
2.2.4- Design interfaces for the service system components using established criteria
2.2.5- Evaluate whether the components of the service system should be developed, purchased, or reused based on established criteria
SP 2.3 – Ensure Interface Compatibility
2.3.1- Review interface descriptions for coverage and completeness.
2.3.2- Manage internal and external interface definitions, designs, and changes for service system components.
SP 2.4 – Implement the Service System Design
2.4.1- Use effective methods to implement the service system design.
2.4.2- Adhere to applicable standards and criteria.
2.4.3- Conduct peer reviews of selected service system components.
2.4.4- Perform standalone testing of service system components as appropriate.
2.4.5- Revise the service system as necessary
SP 2.5 – Integrate Service System Components
2.5.1- Ensure the readiness of the integration environment.
2.5.2- Confirm that each service system component required for integration has been properly identified, functions according to its description, and that all interfaces comply with their interface descriptions.
2.5.3- Evaluate the assembled service system for interface compatibility, functionality, and performance.
Productos de trabajo típicos
Alternative solution screening criteria (SP 2.1)
Selection criteria (SP 2.1)
Service system component selection decisions and rationale (SP 2.1)
Documented relationships between requirements and service system components (SP 2.1)
Documented solutions, evaluations, and rationale (SP 2.1)
Service system architecture (SP 2.2)
Service system component and consumable designs (SP 2.2)
Skill descriptions and details of the staffing solution (e.g., allocated from available staff, hired as permanent or temporary staff) (SP 2.2)
Interface design specifications and control documents (SP 2.2)
Criteria for design and service system component reuse (SP 2.2)
Results of make-or-buy analyses (SP 2.2)
Categories of interfaces with lists of interfaces per category (SP 2.3)
Table or mapping of interface relationships among service system components and the external environment (SP 2.3)
List of agreed interfaces defined for each pair of service system components when applicable (SP 2.3)
Reports from meetings of the interface control working group (SP 2.3)
Action items for updating interfaces (SP 2.3)
Updated interface description or agreement (SP 2.3)
Implemented service system components (SP 2.4)
Training materials (SP 2.4)
User, operator, and maintenance manuals (SP 2.4)
Procedure descriptions (SP 2.4)
Records of new hires and staff transfers (SP 2.4)
Records of communications about organizational changes (SP 2.4)
Service system integration sequence with rationale (SP 2.5)
Documented and verified environment for service system integration (SP 2.5)
Service system integration procedures and criteria (SP 2.5)
Exception reports (SP 2.5)
Assembled service system components (SP 2.5)
Interface evaluation reports (SP 2.5)
Service system integration summary reports (SP 2.5)
Staffing plans that show the sequence of where and when staff members are provided (SP 2.5)
SG 3 – Verify and Validate Service Systems
SP 3.1 – Prepare for Verification and Validation
3.1.1- Select the components to be verified and validated and the verification and validation methods that will be used for each.
3.1.2- Establish and maintain the environments needed to support verification and validation.
3.1.3- Establish and maintain verification and validation procedures and criteria for selected service system components.
SP 3.2 – Perform Peer Review
3.2.1- Determine what type of peer review will be conducted
3.2.2- Establish and maintain peer review procedures and criteria for the selected service system components and work products.
3.2.3- Define requirements for the peer review
3.2.4- Establish and maintain checklists to ensure that service system components and work products are reviewed consistently
3.2.5- Develop a detailed peer review schedule, including dates for peer review training and for when materials for peer reviews will be available.
3.2.6- Prepare for the peer review
3.2.7- Ensure that the service system component or work product satisfies the peer review entry criteria and make the component or work product available for review to participants early enough to enable them to adequately prepare for the peer review.
3.2.8- Assign roles for the peer review as appropriate
3.2.9- Conduct peer reviews on selected service system components and work products, and identify issues resulting from the peer review
3.2.10- Conduct an additional peer review if the defined criteria indicate the need.
3.2.11- Ensure that exit criteria for the peer review are satisfied.
3.2.12- Record and store data related to the preparation, conduct, and results of peer reviews.
3.2.13- Analyze peer review data
SP 3.3 – Verify Selected Service System Components
3.3.1- Perform verification of selected service system components and work products against their requirements.
3.3.2- Record the results of verification activities.
3.3.3- Identify action items resulting from the verification of service system components and work products.
3.3.4- Document the “as-run” verification method and deviations from the available methods and procedures discovered during its performance.
3.3.5- Analyze and record the results of all verification activities
SP 3.4 – Validate the Service System
3.4.1- Perform functional and nonfunctional validation on selected service system components to ensure that they are suitable for use in their intended delivery environment
3.4.2- Analyze the results of validation activities
Productos de trabajo típicos
Lists of the service system components selected for verification and validation (SP 3.1)
Verification and validation methods for each selected component (SP 3.1)
Verification and validation environment (SP 3.1)
Verification and validation procedures (SP 3.1)
Verification and validation criteria (SP 3.1)
Peer review schedule (SP 3.2)
Peer review checklist (SP 3.2)
Entry and exit criteria for service system components and work products (SP 3.2)
Criteria for requiring another peer review (SP 3.2)
Peer review training material (SP 3.2)
Service system components selected for peer review (SP 3.2)
Peer review results, including issues and action items (SP 3.2)
Peer review data (SP 3.2)
Verification results and logs (SP 3.3)
Verification reports (SP 3.3)
Analysis report (e.g., statistics on performance, causal analysis of nonconformance, comparison of the behavior between the real service system and models, trends) (SP 3.3)
Trouble reports (SP 3.3)
Change requests for verification methods, criteria, and the environment (SP 3.3)
Validation reports and results (SP 3.4)
Validation cross-reference matrix (SP 3.4)
Validation deficiency reports and other issues (SP 3.4)
Change requests for validation methods, criteria, and the environment (SP 3.4)
User acceptance (i.e., sign off) for service delivery validation (SP 3.4)
Focus group reports (SP 3.4)