Defining Policies, Processes and Procedures
Policies describe the organisation’s guidelines and expectations for a particular area. They are effectively “what” should be done.
Processes describe the flow of activities for a particular area. They explain “how” it should be done.
Procedures describe detailed steps for a particular area. They also explain “how” things should be done. The term could be used interchangeably with processes.
In this section we focus on processes and procedures only as they are more operational. Policies are defined at an organisation level. We use processes generally to describe ITIL related processes (Incident, Request, Problem, Change, etc) and procedures to refer to others.
Service Management Processes
Incident: An unplanned interruption to a service or reduction in the quality of a service.
Incident Management: The process responsible for managing the lifecycle of all Incidents. The purpose of the incident management process is to minimise the negative impact of incidents by restoring normal service operation as quickly as possible.
Objective: To restore service operation within agreed timescales and with minimum disruption to the business. This may involve providing a workaround while a Problem is investigated and a fix developed. The agreed timescales for service response and restoration are defined in a Service Level Agreement.
Major incident management
Major Incident: An unplanned interruption or risk of interruption of a critical service.
Major Incident Management: The process responsible for managing Severity 1 and Severity 2 incidents based on their impact to business operations.
To resolve Major Incidents as quickly as possible by restoring the affected services to normal operation (or as close as possible to it) either via a workaround or a permanent fix.
To ensure frequent and clear communications with relevant stakeholders and management.
Service Request Management
Service Request: A request from a user or a user’s authorised representative that initiates a service action which has been agreed as a normal part of service delivery.
Service Request Management: The process responsible for managing the lifecycle of all service requests. The purpose of the service request management process is to support the agreed quality of a service by handling all pre-defined, user-initiated service requests in an effective and user-friendly manner.
Objective: To execute Service Requests within agreed timescales as defined in a Service Level Agreement.
Change: The addition, modification, or removal of anything that could have a direct or indirect effect on services
Change management: The process responsible for managing the lifecycle of all changes to services in the production environment
Objective: To enable beneficial changes to be made to the production environment with minimum disruption to technology services
Release: A version of a service or other configuration item, or a collection of configuration items, that is made available for use
Release management: The process that manages making new and changed services and features available for use. Release management plans, schedules and controls the build, test and deployment of releases.
Objective: To deliver new service functionality and fixes to issues while protecting the integrity of existing services through planning and controlling the build, test and deployment phases. A release is deployed via the Change Management process.
Problem: A cause, or potential cause of one or more incidents
Problem Management: The purpose of the problem management process is to reduce the likelihood and impact of incidents by identifying actual and potential causes of incidents and managing workarounds and known errors. Problem Management includes all activities needed to diagnose the root cause of Incidents and initiates the submission of any necessary Changes to resolve those Problems
Objective: To prevent the occurrence of Incidents and to minimise the impact of Incidents that could not be prevented from materialising
Service Onboarding: The process of making new and changed services and features available for use, aligned with agreed processes and support model. Service Onboarding commences after the completion Testing & UAT. This process describes the onboarding of the service into the technology support model. The Release Management process will describe the Service deployment activities
Objective: To bring IT services into the IT Support model that meet SLAs and stakeholder expectations
Technology Asset management
Technology Asset: Any financially valuable component that can contribute to the delivery of a technology service. Common technology assets include: laptops, monitors, servers, displays/TVs, phones, network equipment, IoT sensors, software and databases.
Technology Asset management: The act of ensuring an organisation’s technology assets are accounted for, deployed, maintained, upgraded, and disposed of when needed
Objective: To optimise the value, control costs, manage risks, support decision-making and ensure the best return on investment for organisation assets.
In general technology asset management is focused on tracking assets with financial value whereas configuration management is focused on tracking assets or components involved in the delivery of a service and their relationships
Configuration Item (CI): Technology assets that form part of a technology service. Examples include: Laptops, servers, virtual machines, software, network equipment, databases
Configuration management: The act of ensuring that the technology assets required to deliver services (i.e configuration items) are properly controlled and reliable information about those CI’s is available. This information includes how they are configured and the relationships between them.
Objective: To make accurate information available on the configuration items used in services. To keep configuration databases up to date and support other key processes such as Incident, Request, Change and Problem Management.
Other relevant procedures
(will depend on the specific project)
Spectrum licensing period
Spectrum terms and conditions
Spectrum approval and use of wireless devices
Spectrum interference resolution
Spectrum test and tag
Non-compliant devices management & reporting
Radio loss and damage
Radio handling and charging
Backup & restore procedure
Fixed telephone / mobile device allocation
To be defined by Cyber Security team
Venue Technology management
Technology space handover
TER shutdown / startup
Venue spares management
Start of shift / end of shift tasks
Manual call logging
Spare / replacement equipment
Lost, damaged, stolen equipment
Other Service Management
Service Continuity Plan
Disaster Recovery Plan
Access rights management
Monitoring and event management
Protection of technology assets