Practicioner Deck APMG-QA Branding - Clauses 5-6 Flashcards Preview

ISO/IEC 20000 > Practicioner Deck APMG-QA Branding - Clauses 5-6 > Flashcards

Flashcards in Practicioner Deck APMG-QA Branding - Clauses 5-6 Deck (47):
1

Design and transition of new or changed services (5)

What is the objective of this process?

to ensure that

new services and changes to services

will be deliverable and manageable

at the agreed cost and service quality

2

Design and transition of new or changed services (5)

General (1)

1. Where is that process applicable?

2. Where does it differentiate from Change Management Process?

1. for all new services and changes to services with the potential to have a major impact on the services or the customer.

The changes that are in scope of this process shall be determined by the change management policy (as part of the change management process)

2. The differentiating factor is the "major impact"

 

3

Design and transition of new or changed services (5)

General (2)

How does this process intersect with Change Management Process?

Assessment, approval, scheduling and reviewing of

new or changed services

shall be controlled by

Change Management Process

4

Design and transition of new or changed services (5)

General (3)

How does this process intersect with the Configuration Management Process?

CIs affected by new or changed services

shall be controlled by

the Configuration Management Process

5

Design and transition of new or changed services (5)

General (5)

What can be the origin of a need (4 bullets) for a new service or a change to a service?

1. The customer

2. The service provider

3. An internal group

4. A supplier

6

Design and transition of new or changed services (5)

Plan new or changed services (5.2) (1)

How are the service requirements for new or changed services are identified and agreed?

The service provider shall identify the requirements and service plan to meet these in agreement with customers and interested parties

7

Design and transition of new or changed services (5)

Plan new or changed services (5.2) (2)

What must be provided as input, when preparing a service plan (2 bullets)?

1. Potential financial, organisational and technical impact

2. Potential impact on the SMS

8

Design and transition of new or changed services (5)

Plan new or changed services (5.2) (3)

What must be included in the service plan?

10 Bullets

1. Authorities and Responsibilities for design, development and transition activities

2. Activities to be performed by the service provider and other parties

3. Communication to interested parties

4. Human, technical information and financial resources

5. Timescales for planned activities

6. Identification, assessment and management of risks

7. Dependencies on other services

8. Testing requirements 

9. Service acceptance criteria

10. Expected outcomes expressed in measurable terms

9

Design and transition of new or changed services (5)

Design and Development of new or changed services (5.3)

What must be included in the Service Design and Development Document (6 bullets)?

 

1. Authorities and Responsibilities for the delivery of the new or changed services

2. Activities to be performed by the service provider and other parties

3. New or changed HR requirements, including Education, training, skills and experience

4. Financial resource requirements for the delivery of the new or changed services

5. Changes to plans and policies, contracts and agreements to match the service requirements

6. Changes to SMS, SLAs, service catalogue, procedures, measures and information to be used for the delivery of the new or changed services

10

Design and transition of new or changed services (5)

Transition of new or changed services (5.4) 

What does this activity stipulate for testing, deployment and reporting (4 bullets)?

1. Services shall be tested to ensure they fulfil requirements

2. Before deployment the services shall be verified by the service provider and interested parties

3. Deployment into the live environment will be controlled via the release and deployment process

4. The outcomes achieved against the expected outcomes shall be reported to all interested parties

11

Service Delivery Processes (6)

Service level management (SLM )  (6.1) (1)

What is the objective of the SLM process?

To define, agree, record and manage levels of service

12

Service Delivery Processes (6)

Service level management (SLM )  (6.1) (2)

Who needs to agree the services to be delivered?

The Service Provider shall agree the services to be delivered with the Customer

13

Service Delivery Processes (6)

Service level management (SLM )  (6.1) (3)

How does the SLM process regulate the service catalogue (3 statements)?

1. The service catalogue shall be agreed between the Service Provider and the Customer

2. The service catalogue shall include the dependencies between services and service components

3. The service catalogue shall be maintained following changes to services and SLAs to ensure that they are aligned

14

Service Delivery Processes (6)

Service level management (SLM )  (6.1) (4)

How does the SLM process regulate the SLAs (4 statements)?

 

1. For each service delivered one or more SLAs shall be agreed between the Service Provider and the Customer

2. The service requirements shall be taken into consideration when creating SLAs

3. SLAs shall include agreed service targets, workload characteristics and exceptions

4. Services and SLAs shall be reviewed with the customer at planned intervals

15

Service Delivery Processes (6)

Service level management (SLM )  (6.1) (5)

How does the SLM process intersect with the Change Management process? 

Changes to the documented service requirements, service catalogue, SLAs and other documented agreements shall be controlled by the Change Management Process

16

Service Delivery Processes (6)

Service level management (SLM )  (6.1) (6)

How does the SLM process involve monitoring and handling results of the monitoring?

1. The Service provider shall monitor trends and performance against service targets at planned intervals

2. Results shall be recorded and reviewed to identify the causes of nonconformities and opportunities for improvement

17

Service Delivery Processes (6)

Service level management (SLM )  (6.1) (7)

How does the SLM process require the SP to handle service components provided by an internal group or the customer (3 statements)?

The service provider shall:

1. Develop, agree and maintain a documented agreement about the activities and interfaces between the two parties

2. Monitor performance of the internal group against agreed service targets and other commitments

3. Review results and identify causes of nonconformities and opportunities for improvement

18

Service Delivery Processes (6)

Service Reporting  (6.2) (1)

What is the objective of the SR Process?

to produce agreed, timely, reliable, accurate reports for informed decision making and effective communication

19

Service Delivery Processes (6)

Service Reporting  (6.2) (2)

Which 6 elements must be documented and agreed among service provider and interested parties, for each Service Report, in context of this process? 

1. Description

2. Identity

3. Purpose

4. Audience

5. Frequency

6. Details of the data sources

20

Service Delivery Processes (6)

Service Reporting  (6.2) (3)

Which 5 elements must be included in a Service Report?

1. Performance against service targets

2. Relevant information about significant events (major incidents, deployment of new or changed services and the service continuity plan invoked)

3. Workload characteristics including volumes and periodic changes in workload

4. Detected nonconformities and their identified causes

5. Customer satisfaction measurements, service complaints and results of their analysis

21

Service Delivery Processes (6)

Service Reporting  (6.2) (4)

How does SR process intersect with decision making (2 bullets)? 

1. The SP shall make decisions and take actions based on the findings in Service Reports

2. The agreed actions shall be communicated to interested parties

22

Service Delivery Processes (6)

Service Continuity and Availability Management  (6.3) (1)

What is the objective of the Service Continuity and Availability Management Process?

To ensure that agreed service continuity and availability

commitments to customers

can be met in all circumstances

23

Service Delivery Processes (6)

Service Continuity and Availability Management  (6.3)

Service Continuity and Availability Requirements (6.3.1) (1)

How are risks handled?

 

The SP shall assess and document the risks to service continuity and availability of the services

24

Service Delivery Processes (6)

Service Continuity and Availability Management  (6.3)

Service Continuity and Availability Requirements (6.3.1) (2)

1. How are Sercice Coninuity and Availability Requirements agreed?

2. What must be taken into consideration when agreeing these requirements? 

1. The SP shall identify and agree with the customer and interested parties the Service Continuity and Availability Requirements

2. Applicable Business Plans, Service Requirements, SLAs and Risks

25

Service Delivery Processes (6)

Service Continuity and Availability Management  (6.3)

Service Continuity and Availability Requirements (6.3.1) (3)

Which 3 elements must be at least included in the Service Continuity and Availability Requirements?

1. Access rights to the services

2. Service Response times

3. End to end availability of the services

26

Service Delivery Processes (6)

Service Continuity and Availability Management  (6.3)

Service Continuity and Availability Plans (6.3.2) (1)

Which 4 elements must be included in a service continuity plan?

 

1. Procedures to be implemented in the event of a major loss of service, or reference to them

2. Availability targets when the plan is invoked

3. Recovery requirements

4. Approach for the return to normal working conditions

27

Service Delivery Processes (6)

Service Continuity and Availability Management  (6.3)

Service Continuity and Availability Plans (6.3.2) (2)

Along with which other 2 elements must the service continuity plan be available when access to normal service locations is prevented?

1. Contact Lists

2. CMDB

28

Service Delivery Processes (6)

Service Continuity and Availability Management  (6.3)

Service Continuity and Availability Plans (6.3.2) (3)

What must the availability plan at least include (2 bullets)?

Can this plan be combined with the Service Continuity Plan?

1. Availability Requirements and Targets

2. Yes

29

Service Delivery Processes (6)

Service Continuity and Availability Management  (6.3)

Service Continuity and Availability Monitoring and Testing (6.3.3) (1)

Which are the 5 requirements set by this activity for Monitoring and Testing?

1. Availability shall be monitored and results shall be recorded and compared to targets

2. Unplanned non-availability must be investigated and action taken

3. Both plans shall be tested against appropriate requirements and re-tested after major changes

4. Test results shall be recorded and reviews shall be conducted after test and after invocation of the plans

5. Deficiencies found shall be addressed by necessary actions which are reported

30

Service Delivery Processes (6)

Budgeting and Accounting for Services  (6.4) (1)

What is the objective of the Budgeting and Accounting Process?

To budget and account for the cost of service provision

31

Service Delivery Processes (6)

Budgeting and Accounting for Services  (6.4) (2)

There shall be policies and documented procedures for which 3 elements?

1. Budgeting and accounting for service components

2. Apportioning indirect costs and allocating direct costs to services, to provide an overall cost for each service

3. Effective financial control and approval

32

Service Delivery Processes (6)

Budgeting and Accounting for Services  (6.4) (3)

Budgeting and accounding for service components must contain at least, which 7 elements?

1. Assets, including licenses, used to provide the services

2. shared resources

3. overheads

4. capital and operating expenses

5. externally supplied services

6. personnel

7. facilities

33

Service Delivery Processes (6)

Budgeting and Accounting for Services  (6.4) (4)

What are the 2 main reasons for which this process stipulates that costs shall be budgeted? 

1. to enable effective financial control

2. to enable effective decision making for services delivered

34

Service Delivery Processes (6)

Budgeting and Accounting for Services  (6.4) (5)

How does this process handle cost monitoring and reporting?

The SP shall monitor and report costs against the budget, review the financial forecasts and manage costs

35

Service Delivery Processes (6)

Budgeting and Accounting for Services  (6.4) (6)

To which other process does this process provide input and for what reason? 

To the change management process to support the costing of RFCs

36

Service Delivery Processes (6)

Capacity Management  (6.5) (1)

What is the objective of the Capacity Management Process?

To ensure that the SP has, at all times, sufficient capacity to meet the current and future agreed demands of customer’s business needs

37

Service Delivery Processes (6)

Capacity Management  (6.5) (2)

What must be taken into consideration when preparing a capacity plan?

How are changes handled after its creation?

1. Human and technical information and financial resources

2. Changes shall be controlled by the change management process

38

Service Delivery Processes (6)

Capacity Management  (6.5) (3)

The capacity plan shall include at least these 6 elements:

1. Current and forecast demand for services

2. expected impact of agreed requirements for availability, service continuity and service levels

3. time-scales, thresholds and costs for upgrades to service capacity

4. potential impact of statutory, regulatory, contractual or organisational changes

5. potential impact of new technologies and techniques

6. procedures to enable predictive analysis, or reference to them

39

Service Delivery Processes (6)

Capacity Management  (6.5) (4)

How does capacity management process intersect with monitoring and performance?

The SP shall monitor capacity usage, analyse capacity data and tune performance to fulfil agreed requirements

40

Service Delivery Processes (6)

Information Security Management  (6.6)

What is the objective of the Information Security Management process?

To manage information security effectively within all service activities

41

Service Delivery Processes (6)

Information Security Management  (6.6)

Information security policy (6.6.1) (1)

By whom shall the information security policy be approved?

What shall be taken into consideration when creating the policy?

By Management with sufficient authority

Service, statutory/regulatory and contractual requirements.

42

Service Delivery Processes (6)

Information Security Management  (6.6)

Information security policy (6.6.1) (2)

What must by provided by Management in context of the information security policy?

6 bullets

1. Communicate the policy and the importance of conforming to it

2. ensure that the information security management objectives are established

3. define the approach to be taken for the management of information security risks and the criteria for accepting risks

4. ensure that information security risk assessments are conducted at planned intervals

5. ensure that internal audits of information security are conducted

6. ensure that audit results are reviewed to identify opportunities for improvement 

43

Service Delivery Processes (6)

Information Security Management  (6.6)

Information security controls (6.6.2) (1)

What is the purpose of the physical, administrative and technical information security controls that the service provider shall implement and operate?

4 bullets

1. preserve confidentiality, integrity and accesibility of information assets

2. fulfil the requirements of the information security policy

3. achieve information security management objectives

4. manage risks related to information security 

44

Service Delivery Processes (6)

Information Security Management  (6.6)

Information security controls (6.6.2) (2)

How are the information security controls documented and reviewed (2 bullets)?

1. The information security controls shall describe the risks to which they relate, their operation and maintenace

2. The SP shall review the effectiveness of information security controls and take necessary actions and report on the actions taken

45

Service Delivery Processes (6)

Information Security Management  (6.6)

Information security controls (6.6.2) (3)

How do information security controls handle external organisations? 

1. The SP shall identify external organisations that have a need to access, use or manage the SP's information or services

2. The service provider shall document, agree and implement information security controls with these external organisations

46

Service Delivery Processes (6)

Information Security Management  (6.6)

Information security changes and incidents (6.6.3) (1)

Requests for change shall be assessed to identify these 2 elements:

1. new or changed information security risks

2. potential impact on the existing information security policy and controls

47

Service Delivery Processes (6)

Information Security Management  (6.6)

Information security changes and incidents (6.6.3) (2)

How shall information security incidents be managed?

3 bullets

1. by using the incident management process, with a priority appropriate to the information security risks

2. the SP shall analyse the types, volumes and impacts of information security incidents.

3. Information security incidents shall be reported and reviewed to identify opportunities for improvement