Service Quality Policy

Version: 1.00Issue Date: 2/2/2015

This Service Quality Policy Cycle ensures that information technology activity quality goals and objectives are set and results are measured.

1.0 Overview

This Service Quality Policy will help ensure that information technology activity is performed to required standards to meet the business needs.

2.0 Purpose

This Service Quality Policy requires that a quality assurance plan is developed and enforced along with quality standards. It requires that quality is measured where possible, reviewed, and improved upon where possible.

3.0 Scope

This Service Quality Policy applies to all information technology activities and projects and all personnel managing or working on any information technology activities or projects. This policy is effective as of the issue date and does not expire unless superceded by another policy.

4.0 Information Technology Strategy Plan

  • The information technology plan and processes must be aligned to support the business strategy and the business activities.
  • Information Technology services that are linked to the business processes must be prioritized based on their criticality to the business processes and the criticality of the business processes they support.
  • Accountability for ensuring that each supporting process functions correctly must be assigned and agreed upon.
  • Information technology processes and their relationship to the business functionality must be modeled and approved by the business management.
  • Information technology process performance must be evaluated regularly (at least annually) to determine how to make improvements to both the processes and metrics.
  • Processes for maintaining and improving information technology capabilities and performance should utilize capability assessments, feedback mechanisms, and improvement strategies.
  • Services that are critical to the organization should be accredited or certified by an independent party internally or externally before the service is deployed. Security and control mechanisms should be considered in the assessment.
  • Procedures must be developed for the accreditation/certification process for new or existing services or systems.
  • Members of an accreditation/certification team must be properly skilled and qualified by virtue of experience combined with education. Information technology and internal controls must be understood by team members.
  • If external resources are used to perform accredidations or certifications the organization must be contracted agreeing to abide by organizational policy, non-disclosure, and confidentiality terms. Also the contract must specify expected deliverables, scope, liability and other conditions.
  • Accredidations or certifications must conform with best practices and standards.
  • Testing for certifications or accreditation must be done to be sure the system or service meets the system and business requirements.
  • Certification or accreditation test reports must summarize the test results and provide conclusions. This report must be communicated to all stakeholders.
  • Certification or accreditation test results must be kept for several years so they can be reviewed to help improve processes.

5.0 Performance Metrics

  • The type of data to be collected must be aligned to measure useful activities that support the business. The assessment of the performance metrics must consider the effective support of the business.
  • Performance metrics must be developed and set by parties specified by management whether they are internal or external.
  • Contracts must have clearly set metrics approved by information technology management and business management.
  • Service level agreements must require performance levels to be agreed to by the customers, they must be documented, and communicated to all affected parties.
  • Expected performance metrics and performance assessment intervals must be approved by information technology and business management and clearly communicated to all affected parties. Performance assessment is when the measured performance is compared to expected or required performance.
  • When performance assessments are conducted causes or poor or exemplary performance should be determined. Poor performance situations must be mitigated. When goals are exceeded a performance feedback system must be used to reward the performance.
  • Information technology process performance targets must be set to support the business objective.
  • Information technology process performance targets must be based on specific, measurable, attainable, realistic, and timely performance measurements.
  • Performance metrics should be modified based upon changing business needs and stakeholder feedback.
  • Information technology process performance targets must be approved by the business owners whose processes are supported by the information technology process.
  • Information technology process performance targets must be approved by information technology upper management.
  • Information technology process performance targets and metrics must be communicated to all those affected and agreed to by all stakeholders.
  • Information technology process performance targets, metrics, and performance levels should be compared to other industry organizations and averages.

6.0 Performance Monitoring

  • Information technology processes must be monitored to keep information flow efficient and prevent duplication of effort. Required and useful monitoring activities must be defined when the information technology process is created. Monitoring activities should be modified for effectiveness as the process matures.
  • Monitoring activities must comply with regulations and laws.
  • Information technology processes must include methods to measure effectiveness and success or failure at individual, team, and organizational levels. The metrics should be effective at the process and program levels and be used to improve the processes.

7.0 Problem Resolution

  • A issue or problem resolution system must be used to ensure performance resolution problems are addressed in a proper timeframe and resolved using an agreed method.

8.0 Customer Feedback

  • Metrics that should be used to determine customer satisfaction must be identified.
  • A customer feedback must be created by a combination of business management, upper information technology management, and other internal and external experts.
  • Surveys and other methods must be used to determine customer satisfaction.
  • Performance metrics that indicate the level of customer satisfaction must be monitored and reported to stakeholders. The customers must alse be informed about the results of these metrics.
  • Performance metrics must be acted upon while maintaining integrity and confidentiality of customer survey information.

9.0 Results Activities

  • Reviews of the performance levels should be independently evaluated.
  • A process for receiving performance and satisfaction reports, analysis of the reports, reporting on the results, and taking appropriate action must be created by information technology management.
  • Performance reports must be easy to understand considering the audiences. The report formats should be evaluated to determine ways to improve them to make the decision making process more accurate and easier.
  • Performance reports should be designed to make the interprocess dependencies and how they affect the measured performance easy to understand.
  • Results of measurements and customer feedback should be put into scorecards and other reporting tools.
  • Results of measurements and customer feedback should be evaluated in light of the information technology goals and strategy.
  • Independent experts should review the information technology internal controls and make recommendations for improvements.
  • Results of measurements and customer feedback should be compared to industry trends.
  • Reports and conclusions must be communicated to management who are empowered to make changes where they are necessary or helpful.
  • Effectiveness of evaluated information technology functions must be reviewed and modifications agreed upon by management directly responsible for those functions.
  • Data reported by measurements and customer feedback must be reviewed by skilled and qualified staff to be sure it is accurate and reflects actual conditions. The reviewers must be independent of the organization responsible for the service under review.
  • A process should be created to compare the relative costs of information technology services to industry trends considering effectiveness and quality.

10.0 Quality and Compliance

  • The Quality Policy conditions apply to this policy.
  • All staff members, contractors, and services must comply with applicable laws, policies, contracts, and regulations.
  • A process must be created to be aware of changes in laws or regulations and inform appropriate staff so they can make changes to remain compliant.
  • Laws or regulations regarding data storage or transmission must be complied with and methods must exist to be sure these regulations are complied with.
  • Laws or regulations regarding technology use at various locations must be complied with and methods must exist to be sure these regulations are complied with.
  • Experts should periodically review compliance with regulations and laws.
  • The information technology section must include a quality assurance capability which has sufficient independence from the information technology functions that it must monitor.
  • Upper management must properly support and sponsor the information technology quality assurance function.
  • The quality assurance function must assure that the organizations policies, procedures, and standards are being observed and followed.
  • The quality assurance function should participate in the development of policies, procedures, and standards.
  • The quality assurance function must be properly staffed so it can perform its required function. The staffing requirements must include the proper skill sets.
  • The quality assurance process should provide a method to identify, report, escalate, and resolve problems.
  • Feedback from stakeholders is used to improve the quality assurance function and process.
  • The quality assurance function and process must be reviewed a minimum of annually and recommendations to improve must be acted upon in a timely manner.

11.0 Enforcement

Since following the Service Quality Policy is important to meet the business needs of the organization, employees that purposely violate this policy may be subject to disciplinary action up to and including denial of access, legal penalties, and/or dismissal. Any employee aware of any violation of this policy is required to report it to their supervisor or other authorized representative.

12.0 Other Policies

  • Change Management Policy
  • Development Life Cycle Policy
  • Quality Policy

13.0 Additional Requirements

  • A process for receiving performance and satisfaction reports, analysis of the reports, reporting on the results, and taking appropriate action must be created by information technology management.
  • Procedures must be developed for the accreditation/certification process for new or existing services or systems.
  • A process must be created to be aware of changes in laws or regulations and inform appropriate staff so they can make changes to remain compliant.

Approval

Approved by:__________________________ Signature:_____________________ Date:_______________