Skip to content

Cobit: Delivery and Support (3 of 4)

August 12, 2008
tags:

Delivery and Support

1. Define and Manage Service Levels

  • Service level agreement framework

  • Aspects of service level agreements

  • Performance procedures

  • Monitoring and reporting

  • Review of service level agreements and contracts

  • Chargeable items

  • Service improvement program

2. Manage Third-Party Services

  • Supplier interfaces

  • Owner relationships

  • Third-party contracts

  • Third-party qualifications

  • Outsourcing contracts

  • Continuity of services

  • Security relationships

  • Monitoring

3. Manage Performance and Capacity

  • Availability and performance requirements

  • Monitoring and reporting

  • Modeling tools

  • Proactive performance management

  • Workload forecasting

  • Capacity management of resources

  • Resources availability

  • Resources schedule

4. Ensure Continuous Service

  • IT continuity framework

  • IT continuity plan strategy and philosophy

  • IT continuity plan contents

  • Minimizing IT continuity requirements

  • Maintaining the IT continuity plan

  • Testing the IT continuity plan

  • IT continuity plan training

  • IT continuity plan distribution

  • User department alternative processing backup procedures

  • Critical IT resources

  • Backup site and hardware

  • Off-site backup storage

  • Wrap-up procedures

5. Ensure Systems Security

  • Manage security measures

  • Identification, authentication, and access

  • Security of online access to data

  • User account management

  • Management review of user accounts

  • User control of user accounts

  • Security surveillance

  • Data classification

  • Central identification and access rights management

  • Violation and security activity reports

  • Incident handling

  • Reaccredidation

  • Counterparty trust

  • Transaction authorization

  • Nonrepudiation

  • Trusted path

  • Protection of security functions

  • Cryptographic key management

  • Malicious software prevention, detection, and correction

  • Firewall architectures and connections with public networks

  • Protection of electronic value

6. Identify and Allocate Costs

  • Chargeable items

  • Costing procedures

  • User billing and chargeback procedures

7. Educate and Train Users

  • Identification of training needs

  • Training organization

  • Security principles and awareness training

8. Assist and Advise Customers

  • Help desk

  • Registration of customer queries

  • Customer query escalation

  • Monitoring of clearance

  • Trend analysis and reporting

9. Manage the Configuration

  • Configuration recording

  • Configuration baseline

  • Status accounting

  • Configuration control

  • Unauthorized software

  • Software storage

  • Configuration management procedures

  • Software accountability

10. Manage Problems and Incidents

  • Problem management system

  • Problem escalation

  • Problem tracking and audit trail

  • Emergency and temporary access authorizations

  • Emergency processing priorities

11. Manage Data

  • Data preparation procedures

  • Source document authorization procedures

  • Source document data collection

  • Source document error handling

  • Source document retention

  • Data input authorization procedures

  • Accuracy, completeness and authorization checks

  • Data input error handling

  • Data processing integrity

  • Data processing validation and editing

  • Data processing error handling

  • Output handling and retention

  • Output distribution

  • Output balancing and reconciliation

  • Output review and error handling

  • Security provision for output reports

  • Protection of sensitive information during transmission and transport

  • Protection of disposed sensitive information

  • Storage management

  • Retention periods and storage terms

  • Media library management system

  • Media library management responsibilities

  • Backup and restoration

  • Backup jobs

  • Backup storage

  • Archiving

  • Protection of sensitive messages

  • Authentication and integrity

  • Electronic transaction integrity

  • Continued integrity of stored data

12. Manage Facilities

  • Physical security

  • Low profile of the IT site

  • Visitor escort

  • Personnel health and safety

  • Protection against environmental factors

  • Uninterruptible power supply

13. Manage Operations

  • Processing operations procedures and instructions manual

  • Startup process and other operations documentation

  • Job scheduling

  • Departures from standard job schedules

  • Processing continuity

  • Operations logs

  • Safeguard special forms and output devices

  • Remote operations

Advertisements
No comments yet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: