Service Monitoring Policy

Version: 1.00Issue Date: 2/18/2015

This Service Monitoring Policy ensures that information technology service quality goals and objectives are set and results are measured, reported to appropriate officials and acted upon appropriately.

1.0 Overview

This Service Monitoring Policy will help ensure that information technology services meet required standards to meet the business needs.

2.0 Purpose

This Service Monitoring Policy requires that a quality assurance plan is developed and enforced along with quality standards. It requires that quality is measured where possible, reviewed, and improved upon where possible.

3.0 Scope

This Service Monitoring Policy applies to all information technology services and all personnel managing or working on any information technology services or service oriented projects. This policy is effective as of the issue date and does not expire unless superceded by another policy.

4.0 Service Monitoring Approach and Processes

  • An information technology service performance management system must created to provide processes for the creation and maintenance of the service performance management system, processes to define what metrics should be monitored, processes for the monitoring of performance, processes for the reporting of performance, and processes for taking action based on the results of the reports. This system must be approved by upper management.
  • Information technology processes must support the business strategy and ensure the business function is being supported.
  • Relative levels of importance of information technology processes must be documented based on their support of the business processes and the criticality of the business process importance. Business management should agree with the relative levels of importance of each process.
  • Each information technology process must have an objective and roles for accountability for each process must be set, communicated and agreed upon by all affected parties.
  • Information technology service monitoring activities must be defined and documented.
  • Processes for the measurement of information technology service quality must be created. Measurements must consider activities at the organizational, departmental, group, individual, and project levels.
  • Measurement processes must be able to measure success or indicate where improvements can be made.
  • Performance targets must be defined, documented, and approved by upper information technology management and business management where the performance targets apply to their business processes.
  • Performance metrics and expected performance levels must be communicated to and agreed to by all affected parties.
  • Collection of performance level data must be aligned with the need to determine performance, the ability of the organization to collect data, the value of the data relative to the cost of collection, and the organization's ability to automate data collection.
  • When the method of data collection and type of data to be collected are determined, the ability to obtain accurate data reliably must be considered. The ability to securely store and use the data, timeliness of the data, and the measurement technique must all be considered.
  • The service monitoring approach and processes must be reviewed annually and updated as required.
  • The collection of data including the data being collected, the methods used to collect the data, and means of storage and use, and ability of data to determine useful performance metrics must all be considered annually and changes must be made as necessary.
  • A process for reviewing the service monitoring approach, processes, and data collection must be created. The process must include updating the approach and gaining approvals.
  • A data model showing data sources for performance indicators should be created. This model should cover the organization and identify systems with useful data, the useful data, and frequencies of data collection required to make the data useful for monitoring information technology service performance.
  • A process for being sure that performance data are complete, accurate, and timely must be created and utilized.
  • The ability to measure information technology service effectiveness must be included as a requirement when new services are established or developed.
  • Inclusion of monitoring capabilities and measuring effectiveness must be built into the project development process or any processes that creates new services.
  • A process for measuring information technology service effectiveness, reporting the information, and acting upon it must be created and followed.
  • The reporting of information technology service effectiveness must include performance targets compared with actual results.
  • The methods used to determine information technology service effectiveness must be documented including algorithms and any assumptions.
  • Reports that document information technology service effectiveness must be analyzed to be sure they reflect actual performance and must be reviewed by management.
  • Reports about information technology service effectiveness must be sent to managers that have the ability to enforce action to remediate any shortfalls.
  • Reviewers of information technology service effectiveness reports must be skilled assessors and be independent of the department providing the service or product being assessed.
  • Reviewers must compare the information technology service effectiveness with expected information technology service effectiveness using alternate solutions to determine whether there is a more cost effective way to provide equivalent service.
  • Training must be provided for staff collecting service performance monitoring data or staff analyzing the data so they have proper skills.
  • Project processes must include data collection requirements which include service performance monitoring requirements.
  • The service level performance data must retain its integrity and controls must be in place to retain data integrity and confidentiality where applicable.
  • A knowledge base of service level performance data should be created so trends and performance changes in service levels can be more easily analyzed over the long term.

5.0 Service Performance Metrics

  • Information technology process performance targets must be based on specific, measurable, attainable, realistic, and timely performance measurements.
  • Performance metrics should be modified based upon changing business needs and stakeholder feedback.
  • Information technology process performance targets must be approved by the business owners whose processes are supported by the information technology process.
  • Information technology process performance targets must be approved by information technology upper management.
  • Information technology process performance targets and metrics must be communicated to all those affected and agreed to by all stakeholders.
  • Information technology process performance targets, metrics, and performance levels should be compared to other industry organizations and averages.
  • The type of data to be collected must be aligned to measure useful activities that support the business. The assessment of the performance metrics must consider the effective support of the business.
  • Performance metrics must be developed and set by parties specified by management whether they are internal or external.
  • Contracts must have clearly set metrics approved by information technology management and business management.
  • Service level agreements must require performance levels to be agreed to by the customers, they must be documented, and communicated to all affected parties.
  • Expected performance metrics and performance assessment intervals must be approved by information technology and business management and clearly communicated to all affected parties. Performance assessment is when the measured performance is compared to expected or required performance.
  • When performance assessments are conducted causes or poor or exemplary performance should be determined. Poor performance situations must be mitigated. When goals are exceeded a performance feedback system must be used to reward the performance.

6.0 Results Activities

  • Reviews of the performance levels should be independently evaluated.
  • A process for receiving performance and satisfaction reports, analysis of the reports, reporting on the results, and taking appropriate action must be created by information technology management.
  • Performance reports must be easy to understand considering the audiences. The report formats should be evaluated to determine ways to improve them to make the decision making process more accurate and easier.
  • Performance reports should be designed to make the interprocess dependencies and how they affect the measured performance easy to understand.
  • Results of measurements and customer feedback should be put into scorecards and other reporting tools.
  • Results of measurements and customer feedback should be evaluated in light of the information technology goals and strategy.
  • Independent experts should review the information technology internal controls and make recommendations for improvements.
  • Results of measurements and customer feedback should be compared to industry trends.
  • Reports and conclusions must be communicated to management who are empowered to make changes where they are necessary or helpful.
  • Effectiveness of evaluated information technology functions must be reviewed and modifications agreed upon by management directly responsible for those functions.
  • Data reported by measurements and customer feedback must be reviewed by skilled and qualified staff to be sure it is accurate and reflects actual conditions. The reviewers must be independent of the organization responsible for the service under review.
  • A process should be created to compare the relative costs of information technology services to industry trends considering effectiveness and quality.
  • Results of performance level reviews should be compared to target goals ag intervals that are agreed to by business management and management of the service provider.
  • A process must be created and used to report the measured levels of service compared with the goals using the previously agreed upon metrics.
  • The format and distribution list for reporting measured levels of service should be defined before the service is started. All affected management should receive the reports.

7.0 Problem Resolution

  • A issue or problem resolution system must be used to ensure performance resolution problems are addressed in a proper timeframe and resolved using an agreed method.
  • The issue or problem resolution system should be used to track any performance deviations and correct them.

8.0 Service Monitoring

  • Monitoring activities must be compliant with applicable laws.
  • Monitoring activities must be supported by policy.
  • Trends in performance must be monitored and used to help identify issues hindering performance.
  • Issues hindering performance must be analyzed and resolved.

9.0 User Feedback

  • Users and customers should be able to provide information about information technology service effectiveness through satisfaction surveys.
  • Customer satisfaction surveys should be compared to internal measurements of information technology service effectiveness. Any inconsistencies found should be investigated and corrections should be made to the monitoring system or service as is appropriate.
  • User feedback must be adequately protected to provide integrity and prevent disclosure of specific individual information from reaching parties affected by the feedback. Affected parties should be informed of compiled results and trends without violating the confidentiality of customer feedback.
  • User satisfaction feedback must be reported to stakeholders as including the customers, the business owners, and the management of the service provider. The reports should show the results of performance measures.

9.0 Enforcement

Since following the Service Monitoring Policy is important to meet the business needs of the organization, employees that purposely violate this policy may be subject to disciplinary action up to and including denial of access, legal penalties, and/or dismissal. Any employee aware of any violation of this policy is required to report it to their supervisor or other authorized representative.

10.0 Other Policies

  • Change Management Policy
  • Development Life Cycle Policy
  • Quality Policy
  • Service Level Policy
  • Confidential data/information disposal policy (electronic and hard copy)
  • Internal Control Policy

11.0 Additional Requirements

  • A process for reviewing the service monitoring approach, processes, and data collection must be created.
  • A process for being sure that performance data are complete, accurate, and timely must be created and utilized.
  • Inclusion of monitoring capabilities and measuring effectiveness must be built into the project development process or any processes that creates new services.
  • A process for measuring information technology service effectiveness, reporting the information, and acting upon it must be created and followed.

Approval

Approved by:__________________________ Signature:_____________________ Date:_______________