ITIL Assessment Questionnaire

Changes
Ver. Date Change Changes Performed By
Approved By
V5 Initial ITIL Team ITIL Team
V6 25-Jan-13 Updated with SAM details Sharada , Vathsala , Jigna Sharada
1.Updated with HAM details
V7 2-Apr-13 2. Changed formatting Jigna
3. Review of SACM questions to remove duplicate Sharada
23rd April 13 Updated HAM questionnaire with KPA's(key process
V8 area's) Vathsala SC
Sharada
V9 25th April reviewed and finalized the questionnaire Sharada
11-Sep-13 Refined structure, questions, addition of Weightage to
V10 questions , etc. ITIL Team
Sharada
29th April 2014 All processes checkpoints are reviewed , revised as
part of questionnaire cleanup exercise. Mapped risks Jigna,Sudhakar, Vathsala &
V10.3 Tejinder
from Risk office

V10.4 2nd May 2014 Included CMMI SVC Rajshekhar Burra

9th May 2014 Process controls updated for Access & Change
V10.5 Management Mohit
3rd June 2014 Reviewed and finalized the questionnaire - Released
V11 Version Vathsala SC Tejinder

11th July 2014 Revised version for ServiceNXT Center Process

V11 Assessment Rajesh Nampiar Suprio

Revised Version (V1.1)

CONFIDENTIAL© Copyright 2006 Wipro Technologies Page 1 of 87
Revised on 19-December-2006
 Revised Version (V1.1)
CONFIDENTIAL© Copyright 2006 Wipro Technologies Page 2 of 87
Revised on 19-December-2006
 Revised Version (V1.1)
CONFIDENTIAL© Copyright 2006 Wipro Technologies Page 3 of 87
Revised on 19-December-2006
 Revised Version (V1.1)
CONFIDENTIAL© Copyright 2006 Wipro Technologies Page 4 of 87
Revised on 19-December-2006
 ITIL Processes Assessment
ITIL Process Compliance Compliance %
Availability Management 0%
Change Management 0%
Event Management 0%
Incident Management 0%
Major incident Management 0%
Problem Management 0%

Revised Version (V1.1)

CONFIDENTIAL© Copyright 2006 Wipro Technologies Page 5 of 87
Revised on 19-December-2006
 Event Management Process Date :

Ref. To
Sr No. Assessment Questions
ISO 20000

A. Overall Process
1 Do you have an event management process defined? 8.1
2 Are the scope and objectives of the process clearly defined? 8.1
Does the event management process cover monitoring of both
3 applications and infra CIs? 8.1

Do you have a designated role (IT Operations Manager) for event

4
management identified for the account?
5 Do you follow the defined process? 8.1
6 Are those performing the process aware of how to do so? 8.1
7 Are the tasks within the process documented? 8.1
8 Is everyone in the team trained on ITIL? (at least the processes in scope)
Is the performance of the process measured against specific targets and
9
Key Performance Indicators?
Does the process have a continual service improvement program by which
10
deficiencies in the process are identified and improvements implemented?

B. Event Management Tool

1 Do you have a tool(s) for event monitoring?
2 Are all Cis (production) being monitored by the event monitoring tool(s)?

3 Can the event management tool corelate events from multiple monitorig
tools/Cis?
4 Does the tool facilitate configuring and monitoring thresholds?
5 Does the tool facilitate the filtering of events?
6 Does the tool facilitate prioritization (auto) of events?
7 Does the tool take necessary configured actions based on event type?
8 Does the tool facilitate 'Self-heal'?
9 Does the tool help in trend analysis?
Does the Event Management Tool integrated with the Incident
10
management, Problem Management and Change management Tool?

C. Event Management Process

1 Are events tracked and monitored in any form? (manual/automated) 8.1
2 Are any of the critical Cis or services being monitored manually?
3 Are events categorized and prioritized?
4 Are events tagged to CIs?
5 Do you analyze events and trends?
6 Are you proactively access the events to arrest future incidents?
 7 Are event logs used to analyze and manage the performance of Cis?
Are necessary resources allocated for performing the activities of event
8
mgmt.?
9 Do you have a repository (log files, database, etc.) of all recorded events?
10 Do you periodically update the repository?
11 Is the repository accessed for analysis?
12 Are the SLA's signed for this process?
13 Are all events managed in accordance with the definitions in the SLA?
14 Are all the events noticed, reported and worked upon?
15 Do you track planned events?
16 Is there a matrix to denote/identify significance of events?
17 Are any event reported for the CIs that are not in use?
In case of events reported for the CIs that are not in use, is a change
18
request raised to remove the CI?
Are there any corrective/preventive action taken against the recorded
19
event?
20 Do you monitor the frequency of events in the account?
Are there instances when events are escalated to the higher
21
management?
22 Are actions initiated to remove unwanted alerts?
23 Are actions performed against each event recorded?
Has corrective or preventive event management resulted in improved
24
service levels and availability?

D. Others
1 Does event management work closely with Incident Management?
2 Does event management work closely with problem management?
3 Does event management work closely with change management?
E. Reporting
1 Do you generate event management reports as agreed in SLA?
2 Do you report on trends of events?
3 Do you report on business impact of events?
F. IT Operations (Event) Manager
Do you generate event management reports and share the same with
1 respective stakeholders?
2 Do you monitor the effectiveness of event management process?
Have you identified any opportunity to improve the event management
3 process?
4 Do you drive the efficiency and effectiveness of event management
process?
Have all Event Management issues raised by the customer closed by the IT
5 Ops/Event Manager?
Do you regularly and proactively perform trend analysis and provide trend
6 analysis report to respective stakeholders?
7 Do you ensure quality of update for actions against a event logged?
G. Best practices , templates and process owner details
1 Best practices and templates used for EM process
2 capture process owner details along with attained ITIL certification details
or as applicable and UCF details
 Respondents Name :
Role :
Weight
Risk Office CMMI SVC Interviewee Response (0/1/2/3)
W

3
3

2
2
2
2

2
3

2
2
2
2
2
2

3
2
2
2
2
2
2

2
2
2
2
2
2
2
2
2

2
2
1
2

2
2
1

2
2
1

2
2
1
2
2

2
1
NA

NA
Process 0%
Compliance:
Rating (0/0.5/1) Score
Strengths
R (W*R)

0
0

0
0
0
0

0
0

0
0
0
0
0
0

0
0
0
0
0
0
0

0
0
0
0
0
0
0
0
0

0
0
0
0

0
0
0

0
0
0

0
NA NA

NA NA
Opportunities for Improvement
Complaince-Yes/Partially/NO
(Partially & No are NC)
 Process
Request Fulfillment Assessment Date :
Respondents Name : Process 0%
Compliance 0%
Role : Compliance (Access
(SRF): Management):
Weight Complaince-Yes/
Ref. To Rating (0/0.5/1) Opportunities for
Sr No. Assessment Questions Risk Office CMMI SVC Interviewee Response (0/1/2/3) Score (W*R) Strengths Partially/NO
ISO 20000 R Improvement
W (Partially & No are NC)
A. Overall Process
IRP GP3.1
1 Do you have a Request Fulfillment process defined? 8.1 2 0
SD GP3.1
2 Are the scope and objectives of the process clearly defined? REQM SP1.1 2 0
3 Are the request fulfillment activities performed per defined process? 8.1 IRP SP2.2 3 0
4 Are those performing the process aware of how to do so? IRP GP2.5 3 0
5 Are the customers and end users of the process aware of it and conforming to it? REQM SP1.1 3 0
6 Are the tasks within the process documented? IRP GP3.1 2 0
7 Is every team member aware of the concepts of incident, service request, problem etc.? IRP GP2.5 2 0
8 Is everyone in the team trained on Request Fulfillment Process? IRP GP2.5 3 0
Is the performance of the process measured against specific targets and Key Performance
9 6.1 MA SP2.1 2 0
Indicators?
Are users of the process regularly surveyed to measure customer satisfaction with the
10 process? 7.1 2 0
Does the process have a continual service improvement program by which deficiencies in the
11 MA SP2.2 2 0
process are identified and improvements implemented?
13 Are our people and also the Users aware of who to contact for what? WP SP2.6 2 0
B. Request Fulfillment Tool
IRP GP 2.3
1 Do you have a tool for request fulfillment? 2 0
SD SP2.1
Does this tool support IM,PM and Change Mgmt activities? If not, Do you have a separate
2 IRP GP 2.3 1 0
tool integrated with request fulfillment tool?
3 Are people trained on all the tools (ours and customers)? IRP GP2.5 3 0
Is the defined process and tool properly aligned? (All aspects of process must be
4 IRP GP 2.5 3 0
implemented in the tool)

C. Access Management
Weight
Ref. To Rating (0/0.5/1) Opportunities for
Sr No. Assessment Questions Risk Office Interviewee Response (0/1/2/3) Score (W*R) Strengths Strengths
ISO 20000 R Improvement
W
1   Access control policy defined and available CM GP2.1 2 NA
2 Access control matrix is available and updated CM SP1.2 2 NA
3    Access control validated at device level (Sampling) CM SP1.2 3 NA
4    Access control validation frequency CM SP1.2 3 NA
5      Access control role based segregation Yes CM SP1.2 3 NA
6    Access control – test, development and production server Yes CM SP1.2 3 NA
7    Common id usage Yes CM SP1.2 3 NA
8 Same privileges available on Dev / Test / Prod environments Yes 3
9 Is privilege segregation available as part fo Access Control Policy Yes 3
10 Is common ID used for all changes? Yes 3
D. Best practices , templates and process owner details
1 Best practices and templates used for IM process IRP GP3.2
2 capture incident manager details along with attained ITIL certification details or as applicable

CONFIDENTIAL© Copyright 2006 Wipro Technologies Page 21 of 87 Revised Version (V1.1)

Revised on 19-December-2006
 Process
Request Fulfillment Assessment Date :
Respondents Name : Process 0%
Compliance 0%
Role : Compliance (Access
(SRF): Management):
Weight Complaince-Yes/
Ref. To Rating (0/0.5/1) Opportunities for
Sr No. Assessment Questions Risk Office CMMI SVC Interviewee Response (0/1/2/3) Score (W*R) Strengths Partially/NO
ISO 20000 R Improvement
W (Partially & No are NC)

0 NA
10
2 0.5
31

CONFIDENTIAL© Copyright 2006 Wipro Technologies Page 22 of 87 Revised Version (V1.1)

Revised on 19-December-2006
 Incident Management Process

Sr No. Assessment Questions

A. Overall Process

Do you have an incident management process, with scope and objectives

1
of the process clearly defined?

What is the scope of the IM process (is the same process consistently
2
followed across towers eg. Infra and apps - technology towers )

3 Do you have a Incident Manager identified for the account?

Are those performing the process are trained and aware of how to do so?
4 What is the current level of UCF incident management team is holding?
whether the roles and responsibilites are defined for IM team
( rating is provided based on the answers given )

Is every team member aware of the concepts of incident, service request,

5
problem etc.?
6 Is the team is trained on ITIL ( Eg. MS 101, ITIL V3 foundation )

7 Are process KPIs as per contract and the KPIs defined internally and are
being measured?

B. Incident Management Tool

What is the mechanism to do the incident management , is this tool
based or manual?
1
Is the defined process and tool properly aligned? (All aspects of process
must be implemented in the tool)

Do you follow the same process configured in tool and are they any
2 manually managed process?( reason for manaul process and give the
rating accrodingly)

3 Process defined in the EPD is same as process has been configured in tool.
If not what is the reason ?

4 Whether incident module has interface / integration with other processes

in the tool?( Config management , SLM and event management )
5 Do you have single incident-logging tool for the entire IT organisation?
6 Are people trained on all the tools (ours and customers if applicable)?
 Are alerts configured for all systems (or only for critical ones)? if not, does
7
manual monitoring happen religiously or no?

Are incidents being logged/reported by automated alerts from monitoring

8
tools?

C. Incident Detection & Recording

Whether the incidents are being logged as per the modes defined in the
1
EPD and contract
2 Is every incident recorded and given a unique reference number?

3 Does the service desk collate relevant mandatory user/incident details?

Are the incidents being correctly prioritizing based on Impact and Urgency
4 agreed with the customer and same has been documented in EPD? Is this
same as per tool?
5 Are incidents being tagged or mapped to CIs?

Are incidents and Service requests clearly identified without any

6 confusion? Is the definition of SR & Incident has been clearly defined and
documented and team is aware of the difference?

D. Incident Classification & Initial Support

1 Is the Category , Type & Item structure are defined appropriately and
implemented in tool?

Whether the CTIs are effectively used ?(check for relevance and for
2 unused CTIs)

3 Are there missing CTIs? Is there any frequency to review the CTI and
updated regularly)

Are there any ticket hops ( check on the effectiveness and competency of
4 the staff)
Is ticket hopping analysed (why, what, how and action taken?)
in case ticket hops, is the SD informed of who it should go to?
5 Do you perform incident matching? (similar incident tickets) and how this
be handled and resolved?
6 Are the symptoms of incidents compared to a KEDB to identify a
workaround? What is the mechanism followed to escalate to next level
 In case if a functional escalation(eg. L1 to L2) is required then do you
7 document details of the activities that you have performed and your
diagnosis?

E. Investigation & Diagnosis

1 If a ticket belongs to a vendor, are the vendor details along with time
stamp captured in the incident logs?
2 if a ticket is assigned to a vendor, do you follow up with the vendor?
3 Do you miss any SLAs owing to Vendor resolving tickets?
4 Do you have a vendor/Wipro agreements (UCs)?

In case of 3rd party vendors, do we have an Underpinning Contract (UC)

5 with all vendors and are all of these UCs more stringent than SLA? If
vendors managed by Wipro then this is compulsory
6 Are all our vendors technically trained/competent to resolve incidents?
7 Are all our vendors sufficiently staffed at all locations?
9 Is ticket update done properly (actions and resolution should be detailed)?

Are many tickets kept in 'pending' status? (check whether it is needed to

10 be kept in that status). Vendor tickets status also to be checked and same
is captured as pending in EPD also to be checked?
Check on the list of incidents pending status process in EPD

F. Resolution & Recovery

Do you(resolver, Incident Manager) contribute to the Kbase in creating
1 SOP , Standard instruction
2 Are incidents resulting in changes tied appropriately in the ticketing tool?
incident is been tied with Kbase article

3 Whether the ticket status code has been appropriately set before closure
of the incident ?(Eg. From pending to resolved)

Do you validate that resolution codes entered in the ticket for resolution
4 match actual solution?( Kbase or KEDB reference codes has been
recorded in the ticket log)

G. Incident Closure
1 During incident closure, do you summarise cause (ticket summary) of the
incident?(free text)

Do you apply 3-strike rule( or as per the number of strikes agreed with
2 customer) for incident closure (resolution in tool) in case you do not get a
user confirmation?
3 Are they case of reopening of tickets?
what is the % of reopened tickets on a monthly basis ?
4 Do you conduct a ticket CSAT after closure of incident ticket?
 5 Is the average ticket CSAT greater than 4 for scale of 5 and greater than 6
for scale of 7?
6 CTI Verification details updated in tool if relevant before closure of the
ticket
Is there a conflict/confusion about who should close the ticket when
7 multiple resolver groups are involved in the resolution?(Eg. SD , L2, L3
groups)

H. Others
1 Are all teams sufficeently staffed and resources are having the skill levelin
line with SOW?
2 How effective is the Knowledge Management aspect (usage, contribution
to KM etc. ) in the account?
3
Is the Kbase updated by all groups and usage reported regularly?
4 Does SD / Resolver group refer to the knowledge base / KEDB / any other
database to check if solution already exists?
5 Do you update the KEDB / knowledge base for all "new" incidents once
the resolution is provided?
6 Are SMTDs being maintained at a place accessible to all and updated
periodically as per need?
7 Are people using SMTDs?
8 Are Skills matrix, training roster, etc. present?
9 Are every one aware of Information security policies and how to handle
Info
Is theSecurity issues?
ticket audit being done (investigation, diagnosis and resolution
10 steps)?
11 if a ticket is waiting for a user response, do you follow up regularly with
the user?
12 Is every one aware and follow the VIPs ticket handling process &
procedures if applicable ?
13 Are there any Service Level Targets that have been breached?
14 Is the entire team (all towers) aware of the response SLAs?
15 Is the entire team (all towers) aware of the resolution SLAs?

Is periodic communication regarding progress of ticket resolution (for all

16 ticket priority) made in accordance with the guidelines/commitment wrt
user communication?

Are incident priorities upgraded/downgraded often? (without the consent

of the User?)
17 Or visa versa when user asking for increase in priority but not resolved by
resolver , whether such disputes are handled and discussed during
management steering meetings and appropriate actions taken ? (waive off
SLA if appicalbe?
 18 Whether all the team members are MS 101 compliant and have cleared
the exam?

I. Reporting
1 Are all committed reports generated and shared with relevant
stakeholders as per the commitment?

J. Incident Manager
1 Does Incident Manager monitor the effectiveness of incident management
process via KPIs?
2 Do you have a continual service improvement program by which
deficiencies in the process are identified and improvements implemented?
3 Do you check quality of the ticket update is good?

4
Do you ensure that actions are taken on the ticket audit findings?

5 Have all Incident Management issues raised by the customer during CSAT
survey closed by the Incident Manager?

H. Best practices , templates and process owner details

1 Best practices and templates used for IM process

2 capture incident manager details along with attained ITIL certification

details or as applicable
 Respondents Na
Date :
Role

Ref. To
Artifacts to check -additional information Risk Office
ISO 20000

1. EPD
2. SOW
8.1
3. SOPS
4. ITSM

EPD/SoW- how many towers are in scope 8.1

1. SOW- R&R
2. Program Gov structure

1.Training Records/MoM or calendar invite of training sessions 8.1

1.Training Records/MoM or calendar invite of training sessions 8.1

Training record/skill matrix

1. SLA dashboard
2. KPI reports

check the tool on the system

check if the Flow is EPD is in sync with tool

1. map EPD with ticket flow in tool

8.1
2. Check reports as defined in EPD, SOW

1.EPD 8.1
2. Service Management Tool - incident Module

Check tool - incident linkage with CI, Problem ticket

check the tool on the system

Training record/skill matrix
monitoring tools Yes

Check for incidetn logged by auto alerts

Check for unique ticket Id 8.1

Check updates in tools if all fields are filled properly

End user compliants due to hopping of tickets because of unavailability of
information required to resolve the incidents

Impact and urgency table in EPD & tool 8.1 Yes

Check is CI mapped in tool 8.1

EPD/SOW
Check ticket dump/log for any wrong classification

Check the fields in tool

EPD/SOW and Tool, misrouting of the ticket.- record

EPD/SOW and Tool, misrouting of the ticket.- record

Ticket hopping data

Refer to similar ticket logs / parent child relation

KEDB usage/hits.
8.1
 8.1
Check Records on Tool

Ticket updates/Notes in the tool

Ticket updates/Notes in the tool
SLA report/Analysis/SDR/WSR/MSR
UCs/SOW/WSR/MSR
Sow/Ucs
Yes

Vendor contact details

Ticket updates/Notes in the tool 8.1
Historical ticket dump

IM/CM in the tool

Ticket log

Ticket Summary

Check for the process in EPD and ticket logs from pending to resolved to
closure as per agreed strikes ?
Any user complaints on closure of tickets abruptly without resolution?

reopen data/Ticket audit data

CSAT/DSAT/SLA reports
CSAT analysis

EPD/SoW

Sow/Training record/skill matrix Yes

km usage, initiatives

8.1

KEDB updates

SMTD in Knet/ sharepoint

Training record/skill matrix

Training record/skill matrix/SOP Yes

Ticket audit report Yes

Ticket updates/Notes in the tool

Sow/EPD/Training reords
SLA report/Analysis/SDR/WSR/MSR 8.1
if SLA report shared with team in any forum
if SLA report shared with team in any forum 8.1

8.1
Ticket status update / closure communications, mails
Customer esclation reports on incident downgrade?
Contract for such clauses of incident downgrade?

Yes
 8.1
Sow/EPD/WSR/MSR

SLA report/KPI report Analysis/SDR/WSR/MSR

Improvement programs/plan
Ticket audit report

Action taken on ticket audit report

Action tracker/MoM for CSAT analysis

pondents Name :
Process
e :
Compliance:
Weight
CMMI SVC Interviewee Response
(0/1/2/3) W

IRP GP3.1 3

IRP SP1.1 2

IRP GP2.3 2

IRP GP2.5 3

IRP GP2.5 2

IRP GP2.5 2
STSM SP2.1 1
MA SP2.1
15

IRP SP1.2 2

IRP SP1.2 2

IRP SP1.1 2

IRP SP1.1 3

IRP SP1.2 2
IRP GP2.5 2
IRP SP1.2 3

IRP SP2.1 1

17

IRP SP2.1 2

IRP SP2.1 1

IRP SP2.2 2

IRP SP2.1 3

IRP SP2.1 3

IRP SP 1.1 2

13

IRP SP1.2 1

IRP SP1.2 1

IRP SP1.2 1

IRP SP2.4 2

IRP SP2.3 2

IRP SP2.2 2
IRP SP2.2 1

10

SAM SP2.1 1
SAM SP2.1 1
IRP SP2.4 1
SAM SP1.3 2

SAM SP1.3 3

WP SP2.5 3
SAM GP2.3 2
IRP SP2.4 1

IRP SP2.4 2

16

IRP GP3.2 2

IRP SP2.2 2

IRP SP2.4 2

IRP SP2.3
IRP SP2.4 2

IRP SP2.4 2

IRP SP2.4 2

IRP SP2.5 1
IRP SP2.5 2
 2

IRP SP2.5 1

IRP SP2.4 2

12

IRP GP2.5 3

IRP GP3.2 2

IRP GP3.2 2

IRP SP2.3 3

IRP SP2.4 2

IRP GP3.2 1
2
1
3
3
2

1
2
2
2

IRP SP2.5 2

IRP SP2.4 3
IRP GP2.5 2

38

IRP SP2.5 2

IRP SP2.4 2

IRP SP3.2 1
PPQA SP2.1 2
IRP SP2.2 1

IRP SP2.4 1
7

IRP SP3.2

138
 0%

Rating
Score
(0/0.5/1) Criticality
(W*R)
R

0 Mandatory

0 Mandatory

0 Mandatory

0 Desriable

0 Mandatory

0 Desriable

0 Mandatory

0 Mandatory

0 Mandatory

0 Mandatory

0 Mandatory

0 Mandatory
0 Mandatory
0 Mandatory

0 Mandatory

0 Mandatory

0 Mandatory

0 Mandatory

0 Mandatory

0 Mandatory

0 Mandatory

0 Mandatory

0 Mandatory

0 Mandatory

0 Mandatory

0 Mandatory

0
0

0
0
0

0
0
0

0
0

0
0

0
0
0

0
0

0
Strengths

0%
0%

0%
0%

0%

0%
0%
0%

0%

0%
Opportunities for Improvement
Complaince-Yes/Partially/
NO
(Partially & No are NC)
 Respondents Name :
Major Incident Management Process Date : Process 0%
Role :
Compliance:
Ref. To Rating Complaince-Yes/Partially/
Risk Weight Opportunities for
Sr No. Assessment Questions ISO Interviewee Response (0/0.5/1) Score (W*R) Strengths NO
Office (0/1/2/3) W Improvement
20000 R (Partially & No are NC)
A. Overall Process

Is the Service desk trained to identify major incidents and how aware is 3 0
the team about significance of Major Incidents?
1
Do you have Major Incident Manager identified for the account? 8.1 3 0
2
Is the definition of a Major Incident discussed and agreed with the 3 0
Customer? 8.1
3
All are Major incidents handled according to a documented procedure 2 0
(including escalations)? 8.1
4
5 Do you conduct a review meeting after the major incident is resolved? 8.1 3 0
6 Do you create a MIR and send the same to stakeholders? 3 0
7 Is the problem manager part of the MI process? 3 0
Has the Problem Management process ever been triggered in case the 2 0
8 solution provided was a work around?
Does the communication happen during an MI as agreed with the
9 2 0
customer?
Is the entire communication being sent/done by one person and not 3 0
10 conflicting messages/garbled messages?
11 Is quality of major incident report questioned anytime? <<If applicable>> 1 0
12 Are KPIs for the process defined? 2 0
30 0 0%
B. Major Incident Manager
Do you generate major incident management reports as agreed with the
6.2 3 0
1 customer?
Do you monitor the effectiveness of major incident management process
Yes 3 0
2 via KPIs?
3 How do you drive the process adherence? <<Check How>> 3 0
Do you have a continual service improvement program by which 3 0
4 deficiencies in the process are identified and improvements implemented?
5 Do you ensure that quality of the ticket update is good? 2 0
Do you ensure that all concerned stakeholder for a major incident are 3 0
6 involved during incident resolution?
In case if resolution of major incident requires a change, do you raise the
emergency change request? 2 0
7
Are all Major Incident Management issues raised by the customer during 1 0
CSAT survey closed? 7.1
8
Do you ensure that actions are taken on the major incident ticket audit
3 0
9 findings?
23 0 0%
C.Best practices , templates and process owner details
1 Collect best practices and templates
2 capture Major incident manager details along with attained ITIL
certification details or as applicable
53 0

CONFIDENTIAL© Copyright 2006 Wipro Technologies Page 58 of 87 Revised Version (V1.1)

Revised on 19-December-2006
 Respondents Name :
Problem Management Process Date : Process 0%
Role :
Compliance:
Ref. To Rating Complaince-Yes/Partially/
Artifacts to check -additional Risk CMMI Weight Opportunities for
Sr No. Assessment Questions ISO Interviewee Response (0/0.5/1) Score (W*R) Strengths NO
information Office SVC (0/1/2/3) W Improvement
20000 R (Partially & No are NC)
A. Overall Process
Is the team aware of Problem management (PM) as a process and its -EPD
1 IRP GP2.3 3 0
scope in general? -SOW
-EPD
2 Do you have a documented Problem Management process?(EPD) 8.2 IRP GP3.1 3 0
-SOW
Does the EPD contain clear list of all activities to be carried out during the -EPD
3 PM process lifecycle like raise problem record, assign problem, perform -SOW 8.2 IRP GP3.1 3 0
RCA, updated KEDB etc., as per contract scope?

-EPD
1. Do you have a Problem manager identified for the account?
2. Is the Problem Manager trained on the Problem Mgmt techniques -SOW
4 - Team structure IRP GP2.3 3 0
(5Whys, Fish bone,etc.),
3. Which level of UCF is the problem manager certified. - SMP
- Evidence on Training/ Certifications

- Minutes of Meeting/Mails from customer

5 IS there any customer compliant on problem management effectiveness 2 0
- Monthly reports
14 0 0%
B. Problem Management Activities
Are problem records raised in an ITSM tool?
- EPD
1 - SMP IRP SP2.1 3 0
- ITSM tool
- Problem records
- Monthly reports
Is the team aware of tying incidents to problems?
- Problem records
2 - Incident Records IRP GP2.5 3 0
- ITSM tool

- Problem records
3 Is the exisiting problem ticket status is reviewed before logging similar - Incident Records IRP SP3.1 3 0
problem ticket - ITSM tool
Is every problem record mapped to a impacted CI? If no , what is the
reason? - Problem records
4 - Incident Records IRP SP3.1 3 0
- ITSM tool/ CMDB tool integration
Are problems categorized according to type and item?
5 - Problem Records IRP SP3.1 2 0
- ITSM tool

Is the problem ticket created for incidents where work around from KEDB - EPD
6 is not available(irrespective of priority). - ITSM tool 8.2 IRP SP3.1 3 0
- Problem Record
- Incident Record
Is there a standard RCA template?
- RCA template
7 - EPD IRP SP3.1 2 0
-SMP
8 Are all resolver groups trained on RCA techniques? And what is the IRP GP2.5 1 0
technique being followed and evidences for its effectiveness? - Training Record

Are all RCAs published as per the contract time lines? SLA/KPI - RCA ageing report
9 performance - check for the KPI's associated for timelines of RCA report - RCA report IRP SP3.2 3 0
adherence - Problem Record

- RCA report
10 Who reviews and approves RCA by a designated authorized. - Problem Record IRP SP3.2 1 0
Who tracks the CAPA actions and what is the status of CAPA action CAPA action tracker
Is every known error updated in the KEDB?
- KEDB
11 - ITSM tool 8.2 IRP GP3.2 2 0
- EPD
- SMP
PIR Report
12 do you review PIR and log problem tickets for the failed changes and roll IRP SP3.3 0
back successfully
26 0 0%
C. Proactive Problem Management

- EPD
1 - SMP Yes IRP SP3.1 3 0
Have you identified single points of failure (to avoid potential problems) - Problem Records
by using appropriate techniques like FMEA -FMEA
Do you analyse P1 incidents and the solution provided to close P1 Review of problem reports and MIM reports
incidents
2 Do you analyse how proactively we can avoid such incidents in future by IRP SP3.1 0
proactively logging problem ticket

Have events (alerts, notifications, warning, performance and exception - Event Records (from monitoring tool)
3 reports, etc. - From monitoring tools) been analysed to proactively identify - Problem Record IRP SP3.1 2 0
potential problems? - ITSM tool

- Incident Record
4 - Problem Record IRP SP3.1 3 0
Are you doing repeat incident / trend analysis analysis for potential -Trend analysis
problems ? -repeat incident records
proactive Problem record creation based on anticipated
When any production release , whether the release team will inform the release related issues.
5 problem manager for the anticipated issue , and in the event of issues, IRP SP3.2 0
Problem Manager will proactively create problem ticket for the
proactive problem analysis .
CONFIDENTIAL© Copyright 2006 Wipro Technologies Page 59 of 87 Revised Version (V1.1)
Revised on 19-December-2006
 Respondents Name :
Problem Management Process Date : Process 0%
Role :
Compliance:
Ref. To Rating Complaince-Yes/Partially/
Artifacts to check -additional Risk CMMI Weight Opportunities for
Sr No. Assessment Questions ISO Interviewee Response (0/0.5/1) Score (W*R) Strengths NO
information Office SVC (0/1/2/3) W Improvement
20000 R (Partially & No are NC)
- CAB process
- CAB minutes of meeting
6 - Change Record IRP SP3.3 0
IS the problem manager updated the status of the changes raised through - Test Reports
problem management for workaround/permanent fix

Does problem manager receive the FSC (as part of Change Management)
7 as per the change window cycle? (To prevent future issues owing to clash IRP SP3.2 3 0
in changes) - PM Activity - Change Schedule
8 Does PM does updated in the failues of the patch management activities - Emails/Mailers on patches installed IRP SP3.1 2 0
9 Have there been any recent burst of incidents for any unexplained reason? Yes IRP SP3.1 3 0
16 0 0%
D. Reports
1 Do you measure number or % of recurring incidents? KPI reports from ITSM tool IRP SP3.1 2 0
2 No. of problems resolved and no. of incidents reduced as a result? KPI reports from ITSM tool 8.2 IRP SP3.1 2 0
3 No. of RFCs raised as a result of problem analysis? Change Management reports, KPI reports REQM SP1.3 2 0
4 Number of Proactive problem tickets raised? KPI reports from ITSM tool IRP SP2.1 2 0
5 No. of Known Error records raised Vs No. of problem tickets created? KPI reports from ITSM tool IRP SP3.1 2 0
6 No. of RCA Vs No. of problem tickets created? KPI reports from ITSM tool IRP SP3.1 3 0
KPIs - 0
Problem Tickets closed within due date KPI reports from ITSM tool 3 0
Number of incidents closed referring to KEDB/KM 3 0
Number of Incidents for an open problem record 2 0
7
Number of incidents reduced from last month problem ticket closed 3 0
Number of proactive Problem Tickets logged 2 0
No.of reactive Problem Tickets logged 2 0
Number of RFCs raised as a result of problem ticket 2 0
30 0 0%
E.Best practices , templates and process owner details
1 Best practices and templates followed to be collected IRP GP3.2 NA
2 capture Problem manager details along with attained ITIL certification
details or as applicable NA
86 0

CONFIDENTIAL© Copyright 2006 Wipro Technologies Page 60 of 87 Revised Version (V1.1)

Revised on 19-December-2006
 Respondents Name :
Change Management Process Date : Process 0%
Role :
Compliance:
Artifacts to check - Rating Complaince-Yes/Partially/
Ref. To Weight Opportunities for
Sr No. Assessment Questions additional Risk Office CMMI SVC Interviewe Response (0/0.5/1) Score (W*R) Strengths NO
ISO 20000 (0/1/2/3) W Improvement
information R (Partially & No are NC)
A. Overall Process
1. EPD
Do you have a documented change management process(EPD) with 2. SOW CM GP3.1
1 9.2 3 0
clearly defined policies, objectives, scope, activities/tasks? 3. SOPS REQM GP3.1
4. ITSM
Is the definition of Emergency Change documented including the
2 procedure to manage Emergency changes and agreed with customer ? 9.2 REQM GP3.1 0

1. EPD
Is the single integrated process being followed across geographies / or as 2. SOW
3 3 0
per the applicability . 3. SOPS
4. ITSM

1. SOW- R&R
2. Program Gov structure
3. ZCOP report
4 Do you have a Change Manager identified for the account? 4. Team structure report of the REQM GP2.3 3 0
project
5. SMP

1. EPD
2. SOW
Is that different change types are applicable and defined. Eg. Standard, REQM SP1.3
5 3. SOPS 0
normal, major , minor, emergency types of changes. CM SP1.2
4. SMP

Is everyone in the team trained on MS101 / ITIL? (at least the processes in 1. Team onboarding
6 2. Training reports REQM GP2.5 3 0
scope)
3. ITIL certification reports

1. Optra
2. CSIs
Is the KPIs defined and documented , if yes Is the performance of the 3. SLA performamnce
7 process measured against KPIs? reporting SD SP1.2 2 0
3. SDRs
4. Customer deck reporting
1. SOW
8 Are the CAB And ECAB members identified and documented? 2. SMP CM SP1.2 3 0
3. Prog governance reports

1. CM EPD
Is there CAB and ECAB being scheduled as per defined intervals ? 2. Program governance to see
9 WP SP2.6 0
Whether all the designated people are attending the meetings ? the CAB members
3. Minutes of CAB

17 0 0%
B. Change Management Tool
1. SOW
1 Do you have a tool for change management? 2. SOPs CM GP2.3 3 0
3. EPD

1. Is there a tool to manage RFCs? IS this Wipro managed or customer

managed?
2. If customer managed tool is being used for raising Change, , if yes 1. Onboarding reports
whether the Wipro and customer tool has been integrated? 2. Internal traings
2 3. Whether the documented process has been configured in tool same 9.2 CM GP2.3 3 0
3. Audit review reports
process being followed by the team members ? 4. Previous audit finding
<<Check --> awareness of process in teams; ticket for
periodic updates; >>

3 Is Change module integrated with CMDB & asset management modules ? change management ool CM SP1.2 2 0

8 0 0%

C. Change Logging
Is an RFC raised for introduction or modification to a service or Service 1. RFCs
1 9.2 REQM SP1.3 3 0
component? 2. Change evaluation reports
1. Change authorization board
2 Is the entire team aware of when to raise a change request? <<eg. - R&R REQM GP2.5 3 0
Server restart, patch install, etc.>> 2. EPD
1. Change performance reports
3 Are there any unauthorised changes executed at any time? REQM SP1.3 3 0
2. SLA performance reports

Do you analyze the unauthorized changes of a CI? (To check the instability 1. Backlog CM SP2.1
4 Yes 3
of the CI; From CMDB) CM SP2.2

Whether all the relevant /required details are filled by requester at the
1. RFC template
5 time of submitting an RFC and is this being validated for completeness by 2. completed RFC REQM SP1.3 3 0
Change manager at the time of logging the RFC?

CONFIDENTIAL© Copyright 2006 Wipro Technologies Page 61 of 87 Revised Version (V1.1)

Revised on 19-December-2006
 Respondents Name :
Change Management Process Date : Process 0%
Role :
Compliance:
Artifacts to check - Rating Complaince-Yes/Partially/
Ref. To Weight Opportunities for
Sr No. Assessment Questions additional Risk Office CMMI SVC Interviewe Response (0/0.5/1) Score (W*R) Strengths NO
ISO 20000 (0/1/2/3) W Improvement
information R (Partially & No are NC)
1. EPD
Are changes being categorized into; <<normal changes, standard & 2. RFC trend
6 Emergency changes>> is these being verifed by Change Manager. 3. Customer clarrifications REQM SP1.3 2 0
raised

7 Are changes classified as Major/Minor based on impact on services? 1. Trend on changes

2. Change Mgmnt plan or EPD 9.2 REQM SP1.3 2 0

1. EPD
2. Config management Plan
8 Are changes tied to CIs? 3. Change Mgmt Plan CM SP2.1
9.2 1 0
4. CI relationship with RFC - CM SP2.2
work log

20 0 0%

D. Change Approval & Implementation

1 Are issues arising out of <<Fast 1. Change trends

2. RFCs 3 0
track/Expedited/Retrospective>> changes?
2 Is every change that goes to production approved? 1. CAB approval Yes CM SP3.2 3 0
Are all changes in the organisation going to through Change Management 1. EPD
3 REQM SP1.3 0
process? 2. Change Mgmt plan
Is there any tendency to route most of the changes in <<Fast
4 track/Expedited/Retrospective>> mode to avoid the 1. Chng MgmT plan Yes CM SP2.2 3 0
approval process (any misuse of said change type
found)?
Is impact analysis a mandatory aspect of Change request (including Major 1. Chna mgmt plan
5 9.2 Yes REQM SP1.3 3 0
impact on services)? (Should be documented)
Do you analyze the impact of a change to a CI (service) on other Cis CI 1. Config Mgmt plan
6 9.2 REQM SP1.3 3 0
(services)? (Should be documented) 2. RCA

7 Are the test plans documented and attached to CR? 1. RFC & Test Plan CM SP2.1
3 0
CM SP2.2
8 Are all risks associated with the change documented ? Risk Tracker 9.2 RSKM SP1.2 2 0
9 Is level of Implementation defined based on the criticality of the change? Yes 3 0
Are other Changes being reviewed to optimize the scheduling and WMC SP1.1
10 Change evaluation reports 2 0
implementation of the current Change? WMC SP1.2
Are all changes sent to the CAB members prior to the CAB meeting for
11 CAB Minutes CM SP3.1 2 0
them to go through?
12 Do all the stakeholders attend the CAB meeting? CAB Minutes CM GP2.7 2 0
13 Is change evaluation done thoroughly by the CAB/TAB/CCB? Change evaluation reports CM GP2.7 3 0
Is problem manager involved in CABs to evaluate changes which go to CAB approval , Work around,
14 CM GP2.7 3 0
production to prevent issues from happening later? KEDB
15 Are all testing activities done robustly? Test plans & actual results CM SP2.2 3 0
16 Are test results attached to the CRs? Test plans & actual results 9.2 CM SP2.2 2 0
Is a back out plan prepared in detail ?(The activities required to reverse or
Backout Plan & Actual Action
17 remedy an unsuccessful change shall be planned and, where possible, 9.2 Yes CM SP3.2 3 0
Performed
tested).

18 Is Change readiness checklist being prepared for all changes? CM SP2.2 3 0

19 Is Change and release scheduling an integrated activity of change 1. release & deployment plan CM SP2.1
management 3 0
CM SP2.2
1 KPI reports CM SP2.1
20 Is negotiation on downtime being established? 2. Change impact reports 3 0
CM SP2.2
21 Is an FSC Prepared and FSC circulated to all? FSC 9.2 2 0

22 Is this FSC used to plan for relevant releases and deployments? Change impact reports 9.2 2 0

23 Is the planned outage for a change communicated to concerned user base? 1. release & deployment plan CM SP3.1 3 0

Are any normal changes implemented outside the maintenance window? - 1. release & deployment plan
24 CM SP3.1 3 0
What is the purpose ? Rating in case of Yes/No

25 Is the entire team aware of the Change freeze period? 1. release & deployment plan CM SP3.1 3 0
Any normal / <<Fast track/Expedited/Retrospective>> changes being
26 Change Management plan CM SP3.1 2 0
implemented during the Change Freeze period?

27 Is CMDB updated after Change implementation? CMDB Record CM SP3.2

9.2 2 0
CM GP 3.2

CONFIDENTIAL© Copyright 2006 Wipro Technologies Page 62 of 87 Revised Version (V1.1)

Revised on 19-December-2006
 Respondents Name :
Change Management Process Date : Process 0%
Role :
Compliance:
Artifacts to check - Rating Complaince-Yes/Partially/
Ref. To Weight Opportunities for
Sr No. Assessment Questions additional Risk Office CMMI SVC Interviewe Response (0/0.5/1) Score (W*R) Strengths NO
ISO 20000 (0/1/2/3) W Improvement
information R (Partially & No are NC)
Is a Change request raised and impact assessed when a service is 1. RFSC
28 decommissioned/transferred 2. Change impact assessment 9.2 CM SP3.2 1 0

29 Are Criticality 2 and 3 changes executed by L1 resources Yes 3 0

73 0 0%
E. Change Closure
1 Are post implementation tests performed? 1. Change evalauation reports CM SP2.2 3 0
2 Are post implementation test results shared with change manager? 1. Change evalauation reports CM SP2.2 3 0

Is Post Implementation Review (PIR) conducted periodically as

PIR Reports and minutes of
3 decided/committed to customer? CM SP3.1 3 0
meetings
Are PIR meetings attended by all the identified people?

Are the measured effects of the change being compared with the desired PIR reports
4 effects in order to decide whether the change has met its objectives? change failure records CM SP3.1 3 0

PIR reports , RCA reports on

Are the reasons for change failure investigated, recorded and evaluated? failed changes.
6 9.2 CM SP3.1 3 0
Are agreed actions taken? (RCA done)? Problem record for failed
changes
7 Traceability for change failure analysis available Yes 3 0
18 0 0%
F. Others - Interfaces with other ITIL processes

Does Change management obtain information from the Service Desk or ITSM Tool - incident ticket
1 resolver group concerning incidents and calls relating to change? Whether 3 0
relationship with RFC
the relationship between incident has been established with RFC?

Does Change management exchange information with

1. Service Level Management regarding potential change impact on
service level agreements?
2.Service Desk for notification of change progress, release of change
2 schedule? 3 0
3.Business Continuity Management for assessing impact of change on
contingency plans?
4.Capacity Management regarding performance and capacity issues
relating to change?

Does Change management exchange information with Configuration RFC linkage with CI
3 Management regarding change progress, change closure, change impact Asset registry 2 0
assessment on configuration items ? CMDB

8 0 0%
G. Reports
Are all committed reports generated and shared with relevant Weekly, monthly reports
1 stakeholders as per the commitment from contract ? 3 0

3 0 0%
H. Change Manager
1 Whether the KPIs have been defined as per contract ? Do you monitor the KPI reports
effectiveness of change management process via KPIs and reported? 3 0

Do you have a continual service improvement program by which

2 deficiencies in the process are identified and improvements implemented? CSI plan & EPD 3 0
(Check on EPD for latest updates and as per the change in services)

3 Is the successful implementation of a change confirmed by Change SLA reports , SDR, Change
Manager? Mgmt Plan 2 0

8 0 0%
I.Best practices , templates and process owner details
1 Best practices and templates followed to be collected CM GP3.2 NA
2 capture Change manager details along with attained ITIL certification NA
details or as applicable
155 0

CONFIDENTIAL© Copyright 2006 Wipro Technologies Page 63 of 87 Revised Version (V1.1)

Revised on 19-December-2006
 Availability Management Process Date :

Ref. To
Sr No. Assessment Questions
ISO 20000

A. Overall Process
Do you have a documented availability management process (EPD)with
1 6.3
clearly defined scope, objectives, activities/tasks?

2 Do you have a Availability Manager identified for the account?

3 Are team members aware of the process and follow the same?
<<Check --> awareness of process in teams; ticket for periodic updates; >>
Is the performance of the process measured against specific targets and
4 Key Performance Indicators? 6.3
Are changes to availability plans subject to Change Management?
5 6.3

6 Are availability requirements and recovery aspects considered in the 6.3

availability plan
7 Are recovery procedures documented to meet availability requirement in 6.3
the event of a major loss of service?

8 Are procedures documented for returning to normal conditions post 6.3

unavailability of the services?

B. Availability Management Tool

Do you have a tool to monitor availability of business critical CI and
1 services?
Are people trained on required availability monitoring the tools (ours and
2 customers)?
Is the defined process and tool properly aligned? (All aspects of process
3 must be implemented in the tool) where tool is not compitible is there
manual process defined for availability monitoring?

C. Availability Management
1 Is identification of business critical services done? 6.3

2 Is identification of critical components done (there should also be a 6.3

relationship between critical services and these components)?
3 Is risk assessment with respect to critical components and services done? 6.3

4 Is the availability requirements of the business identified and documented 6.3

at defined duration?
5 Is there a Availability designed for business critical CI and Services?
 6 Are the SLAs considered while preparation of the availability plan? 6.3
7 Do you have availability plan prepared considering the availability targets? 6.3

8 Are availability design criteria reviewed to provide additional resilience to

prevent or minimise the impact on the business?
9 Do you periodically update the availability plan?
10 Are all Services Monitored?
11 Dow you have procedures in place to monitor, analyze and forecast
service availability?
12 Do you monitor and analyze trends for:
availability
reliability
maintainability
serviceability
13 Is RCA done, whenever availability related issues is reported?
14 Is a problem ticket raised when ever unavailability issues are reported?
15 Is there a process in place to continually improve resilience of IT systems?
16 Are changes in the infrastructure affecting availability monitored and
documented?
17 Is unplanned unavailability investigated and actioned upon? 6.3
18 Is availability manager and tower leads aware of FMEA techniques?
19 IS CFIA done to identify vulnerable assets and services?
20 Are people aware of SPoF technique?
21 Are people aware of FTA technique?
22 Do you have Availability Management Information System (AMIS)?
23 Is AMIS integrated with CMDB?
24 Are the availability plans tested? 6.3
25 Are all the availability SLAs being met?

D. Reporting
1 Do you generate availability reports as agreed in SOW and share with the 6.3
Customer?
2 Are availability reports generated? Periodicity of the report?
3 Reports are reviewed internally and by the customer? How and When?
4 Is there any concerned raised by customer on availability management
reports?
5 Is the performance of the process measured against specific targets and 6.3
Key Performance Indicators?

E. Availability Manager
Do you generate availability management reports and share the same
1 with respective stakeholders? And take corrective actions where 6.3
necessary?
2 Do you monitor the effectiveness of availability management process?
 3 Have you identified any opportunity to improve the availability
management process?
4 Do you drive the efficiency and effectiveness of availability management
process?

5 Have all availability issues raised by the customer closed by Availability

Manager?

F.Best practices , templates and process owner details

1 Best practices and templates followed to be collected

2 capture Release & Deployment manager details along with attained ITIL
certification details or as applicable
 Respondents Name :
Role :

Weight
Risk Office CMMI SVC Interviewee Response
(0/1/2/3) W

CAM GP3.1
3

CAM GP2.3
3
CAM GP2.5
2
MA SP1.2
CAM SP1.2

CAM SP1.3
2
CAM SP1.1
CAM GP2.2 2
CAM SP1.1
1

CAM SP1.1
1
14

CAM GP2.3 3

CAM GP2.5 2

CAM GP2.3 2
7

CAM SP1.1 3
CAM SP1.1
3
Yes CAM SP1.2 3
CAM SP1.2
2
CAM SP1.2 2
 CAM SP1.2 3
CAM SP1.2 2
CAM SP2.1
2
CAM SP 2.3 2
CAM SP2.1 2
CAM SP2.2
2
CAM SP2.2 3

CAM SP2.2 3
CAM SP2.2 2
CAM SP1.1 2
CAM SP2.2
2
2
CAM GP 2.5 3
Yes CAM SP2.2 3
CAM GP2.5 2
CAM GP2.5 2
2
2
2
CAM SP2.1 2
58

CAM SP2.3
3
CAM SP2.3 2
CAM SP2.3 2
CAM SP2.3

CAM SP2.3
1
8

CAM SP2.3
2
CAM GP2.8 2
CAM GP3.2 1

CAM GP3.2 1

CAM SP2.3 2
8

CAM GP3.2
Process 0%
Compliance:
Rating (0/0.5/1)
Score (W*R) Strengths
R

0 0%

0 0%

0
0
0
0

0
0

0
0
0
0
0
0
0
0

0
0
0
0
0
0
0
0
0
0 0%

0
0

0 0%

0
 0

0 0%

NA
NA
 Complaince-Yes/Partially/
Opportunities for
NO
Improvement
(Partially & No are NC)
 Service Level Management

Sr No. Assessment Questions

A. Overall Process
Is there a formal SLM process defined & documented? And Is there a service level
1
manager identified to manage the process?
2 Are relevant staff trained on SLM process and activities?
3 How are service level requirements gathered from customer/ business?
4 How are service levels negotiated and agreed?- Do u have a formal process to
follow?
5 Are all the SLAs documented and unambigous?
Whether all the SLA related documents includes SLR, EPDs are stored in
6
centralized location and version controlled?
7 Are all the SLAs measurable? If not which are those non measurable SLA and
reason?
For those SLA's which are not measurable are been informed to customer and
8
signoff taken. Whether such exception reports are being tracked and reported?
9 Are formulae agreed and documented for measurement?
10 Are all staff aware of SLA targets and performance?
11 Are OLAs defined in line with the SLAs?- how is this ensured?
12 Are UCs defined in line with the SLAs?- how is this ensured?
What are the other metrics used for managing service or process performance
13
apart from SLAs (Ex: KPIs)?
Is the historical SLA/ KPI/ perofromance data available from customer? And is this
14
being used for re-baselining of SLA and renogotiations
15 How frequently are Service levels, OLAs and UCs reviewed?
16 How are changes to SLAs or addition of SLAs managed?
Is there a service catalogue that contains service descriptions,
17
attributes/components, service hour descriptions
18 Are improvement initiatives instigated & tracked to improve SLA performance?
20 Is customer satisfaction measured? If yes, how?

B. Service Level Management process

How are the requirements assessed for feasibility?- do you check from Cap, Avail,
22 Sec and ITSCM perspective?

Whether Cap Management is providing necessary support for SLM process for
23
the renogotiation of SLA when needed?
Any esclation reported internal/external(from customer) on SLA measurement
24
and reporting?
 25 Whether status of all the contratually agreed SLA's are green ?
Different service levels are agreed documented and accepted with customer
26
during disaster situation?
Whether all the service recovery requirements are agreed and documented in
27
SLA?
For addition of any new services whether the SLRs are ascertained and assessed
28 before starting of service? Adequate measure in place to ensure SLR's of new
requirements are not impacting the existing SLA?

29 How are the OLAs and UCs monitored for performance?

C. Service Level Management Tool

Are there tools in place to monitor, measure and report all the SLAs? Any
30
exceptions?
Are there any SLA being measured manually outside tool? SLA which are not
31 configured in the tool?

D. Service Level Manager

32 Able to identify if the service is within wipro's capability/
Trigger and conduct service performance meeting with customer periodically as
33
per agreed timelines?
34 Are there any measure taken to improve SLA performance and CSAT ?
36 Any Service improvement program planned and being executed ?
37 How are actions to improve customer satisfaction tracked?
38 Is there a process to handle customer and user complaints?

E. Reporting
Are SLA breaches investigated and reasons identified followed by improvement
39 actions?
What are the various reports published related to SLAs including, SLA
40 performance, trend analysis, forecasts, improvement actions planned/
implemented etc.?
Whether all the agreed SLA's are being reported to customer? If not details of
41
SLA's which are not reported and reason?

F.Best practices , templates and process owner details

1 Best practices and templates followed to be collected

2 capture Release & Deployment manager details along with attained ITIL
certification details or as applicable
 Respondents Name :
Date :
Role :

Ref. To
Risk Office CMMI SVC Interviewee Response
ISO 20000

6.1 STSM GP3.2

STSM GP2.5
6.1 STSM SP1.1
STSM SP1.1
6.1 Yes STSM SP1.2

STSM GP2.6

STSM SP1.1

STSM SP1.1

STSM SP1.1
STSM GP2.5
6.1 STSM SP2.1
STSM SP2.1

STSM SP2.1

STSM SP2.2

6.1 STSM SP2.1

6.1 STSM SP2.1

6.1 STSM SP2.2

6.1 & 6.2 STSM SP1.2

6.2

STSM SP1.1
 6.3

6.3

6.1

Yes

7.1

6.2
`
6.2
6.2

6.1 & 6.2

6.2

Yes
 Process 0%
Compliance:
Weight Rating (0/0.5/1)
Score (W*R)
(0/1/2/3) W R

3 0

3 0
2 0
3 0
3 0

2 0

3 0

3 0

3 0
3 0
2 0
2 0

2 0

2 0

2 0
2 0

2 0

2 0
3 0
47 0

2 0

3 0

2 0
3 0

3 0

3 0

3 0

2 0
21 0

2 0

3 0

5 0

3 0

3 0

3 0
3 0
3 0
3 0
18 0

3 0

3 0

3 0

9 0

NA
NA
100 0
 Opportunities for
Strengths
Improvement

0%
0%

0%

0%

0%
Complaince-Yes/Partially/
NO
(Partially & No are NC)
CMMI Process Area Checkpoint
How is the tracebaility maintained between requirements, plans &
REQM SP1.4 deliverables?
WP SP1.4 What life cycle is followed for this program?
WP SP1.5 How are the estimates arrived and any changes to the estimations

WP SP2.3 How is the data for this program is planned and monitored?
WMC SP2.1 Can you explain various reviews conducted in the program and the plan.
Share you configuration management plan and explain the identified
CM SP1.1 configuration items
What is the baselining criteria for configuration items and explain the
CM SP1.3 documentation maintained?
CM SP3.2 Are configuration audits conducted and demonstrate the audit findings
Did you have opportunity to apply DAR in the program and demonstrate the
DAR SP1.1 instances

What strategy do you follow for capacity evaluation and any forecasting
CAM SP1.1 techniques used

RSKM SP1.1 Expalin the sources of risk identification and documentation.

RSKM SP2.1 How are the risk evaluated and prioritized?
RSKM SP2.2 How frequently risks are reviewed and reported?

SST SP1.2 Are there any transitions of systme in progress and demonstrate the plan
Do the program have any 3rd party or vendors services utilized for service
SAM SP1.2 delivery?(if applicable in scope)
If SAM SP1.2 is applicable, explain the scope and related supplier / vendor
SAM SP1.3 agreements in SLA / KPIs
How are the service continuity activities planned and performed in your
SCON SP1.1 & SP1.2 program?

SCON SP2.1 & GP 2.5 Are the required team members undergone training on BCP / DR
When was the last BCP/DR exercise performed and show the related
SCON SP3.1 records
Are the BCP/DR results shared to the customer as per contract if appliable
SCON SP3.2 or to wipro management
Explain how are the process followed in the program are verified and
PPQA SP1.1 validated?
PPQA SP2.1 How are ticket audits performed and demonstrate the results.
Are there any taloring done for the process, if so did you get approval from
OPD SP1.3 MQ
OPD SP1.5 How do you make use of organizational assets for service delivery
Guidence
Look for Traceability Matrix or Contract Compliance Matrix as per VelociQ
guideline
Verify ECUBE and SMP for life cycle defined and tailoring made
Verify RLS, SMP & change requests
Data Management Plan in SMP or Configuration Management Plan stating
the scope of data being maintained. This encompasses both internal &
external data.
SDRs, Minutes

List of configuration items

Baseline criteria to be defined in CM Plan

Verify CM Audits planned in CM Plan and verify the findings
Verify SMP for DAR applicable in the project, Verify DAR work products such
as PUGH Matrix or alternative practices
Verify Capacity Plan as applicable in the scope and verify the usage of
capacity forecasting tool such as time series analysis or any alternative
statistical techniques.
Verify SMP for Risk management section. Additionally risks documented in
either ECUBE or FMEA document.
FMEA Document
FMEA, SDRs, EWS
Verify for instance of any transitions currently on-going and the related
documentation such as Transition Plan, reviews

Verify SMP for scope and vendor details, if applicable

Verify SMP for service continuity in scope or SCON Plan

Look for training records or ITMS records. This training is mandated for all
tower leads and above.
Look for last BCP/ DR testing performed and can be either program specific
or at organization level.

Look for Quality Plan or in SMP. MQ mapping is necessary.

Verify ticket audit criteria and audit reports

Verify any deviations form velociQ practices

May look for awareness of KM, KEDB etc.