Process Assessment
Process Assessment
Changes
Ver. Date Change Changes Performed By
Approved By
V5 Initial ITIL Team ITIL Team
V6 25-Jan-13 Updated with SAM details Sharada , Vathsala , Jigna Sharada
1.Updated with HAM details
V7 2-Apr-13 2. Changed formatting Jigna
3. Review of SACM questions to remove duplicate Sharada
23rd April 13 Updated HAM questionnaire with KPA's(key process
V8 area's) Vathsala SC
Sharada
V9 25th April reviewed and finalized the questionnaire Sharada
11-Sep-13 Refined structure, questions, addition of Weightage to
V10 questions , etc. ITIL Team
Sharada
29th April 2014 All processes checkpoints are reviewed , revised as
part of questionnaire cleanup exercise. Mapped risks Jigna,Sudhakar, Vathsala &
V10.3 Tejinder
from Risk office
Ref. To
Sr No. Assessment Questions
ISO 20000
A. Overall Process
1 Do you have an event management process defined? 8.1
2 Are the scope and objectives of the process clearly defined? 8.1
Does the event management process cover monitoring of both
3 applications and infra CIs? 8.1
3 Can the event management tool corelate events from multiple monitorig
tools/Cis?
4 Does the tool facilitate configuring and monitoring thresholds?
5 Does the tool facilitate the filtering of events?
6 Does the tool facilitate prioritization (auto) of events?
7 Does the tool take necessary configured actions based on event type?
8 Does the tool facilitate 'Self-heal'?
9 Does the tool help in trend analysis?
Does the Event Management Tool integrated with the Incident
10
management, Problem Management and Change management Tool?
D. Others
1 Does event management work closely with Incident Management?
2 Does event management work closely with problem management?
3 Does event management work closely with change management?
E. Reporting
1 Do you generate event management reports as agreed in SLA?
2 Do you report on trends of events?
3 Do you report on business impact of events?
F. IT Operations (Event) Manager
Do you generate event management reports and share the same with
1 respective stakeholders?
2 Do you monitor the effectiveness of event management process?
Have you identified any opportunity to improve the event management
3 process?
4 Do you drive the efficiency and effectiveness of event management
process?
Have all Event Management issues raised by the customer closed by the IT
5 Ops/Event Manager?
Do you regularly and proactively perform trend analysis and provide trend
6 analysis report to respective stakeholders?
7 Do you ensure quality of update for actions against a event logged?
G. Best practices , templates and process owner details
1 Best practices and templates used for EM process
2 capture process owner details along with attained ITIL certification details
or as applicable and UCF details
Respondents Name :
Role :
Weight
Risk Office CMMI SVC Interviewee Response (0/1/2/3)
W
3
3
2
2
2
2
2
3
2
2
2
2
2
2
3
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
1
2
2
2
1
2
2
1
2
2
1
2
2
2
1
NA
NA
Process 0%
Compliance:
Rating (0/0.5/1) Score
Strengths
R (W*R)
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
NA NA
NA NA
Opportunities for Improvement
Complaince-Yes/Partially/NO
(Partially & No are NC)
Process
Request Fulfillment Assessment Date :
Respondents Name : Process 0%
Compliance 0%
Role : Compliance (Access
(SRF): Management):
Weight Complaince-Yes/
Ref. To Rating (0/0.5/1) Opportunities for
Sr No. Assessment Questions Risk Office CMMI SVC Interviewee Response (0/1/2/3) Score (W*R) Strengths Partially/NO
ISO 20000 R Improvement
W (Partially & No are NC)
A. Overall Process
IRP GP3.1
1 Do you have a Request Fulfillment process defined? 8.1 2 0
SD GP3.1
2 Are the scope and objectives of the process clearly defined? REQM SP1.1 2 0
3 Are the request fulfillment activities performed per defined process? 8.1 IRP SP2.2 3 0
4 Are those performing the process aware of how to do so? IRP GP2.5 3 0
5 Are the customers and end users of the process aware of it and conforming to it? REQM SP1.1 3 0
6 Are the tasks within the process documented? IRP GP3.1 2 0
7 Is every team member aware of the concepts of incident, service request, problem etc.? IRP GP2.5 2 0
8 Is everyone in the team trained on Request Fulfillment Process? IRP GP2.5 3 0
Is the performance of the process measured against specific targets and Key Performance
9 6.1 MA SP2.1 2 0
Indicators?
Are users of the process regularly surveyed to measure customer satisfaction with the
10 process? 7.1 2 0
Does the process have a continual service improvement program by which deficiencies in the
11 MA SP2.2 2 0
process are identified and improvements implemented?
13 Are our people and also the Users aware of who to contact for what? WP SP2.6 2 0
B. Request Fulfillment Tool
IRP GP 2.3
1 Do you have a tool for request fulfillment? 2 0
SD SP2.1
Does this tool support IM,PM and Change Mgmt activities? If not, Do you have a separate
2 IRP GP 2.3 1 0
tool integrated with request fulfillment tool?
3 Are people trained on all the tools (ours and customers)? IRP GP2.5 3 0
Is the defined process and tool properly aligned? (All aspects of process must be
4 IRP GP 2.5 3 0
implemented in the tool)
C. Access Management
Weight
Ref. To Rating (0/0.5/1) Opportunities for
Sr No. Assessment Questions Risk Office Interviewee Response (0/1/2/3) Score (W*R) Strengths Strengths
ISO 20000 R Improvement
W
1 Access control policy defined and available CM GP2.1 2 NA
2 Access control matrix is available and updated CM SP1.2 2 NA
3 Access control validated at device level (Sampling) CM SP1.2 3 NA
4 Access control validation frequency CM SP1.2 3 NA
5 Access control role based segregation Yes CM SP1.2 3 NA
6 Access control – test, development and production server Yes CM SP1.2 3 NA
7 Common id usage Yes CM SP1.2 3 NA
8 Same privileges available on Dev / Test / Prod environments Yes 3
9 Is privilege segregation available as part fo Access Control Policy Yes 3
10 Is common ID used for all changes? Yes 3
D. Best practices , templates and process owner details
1 Best practices and templates used for IM process IRP GP3.2
2 capture incident manager details along with attained ITIL certification details or as applicable
0 NA
10
2 0.5
31
A. Overall Process
What is the scope of the IM process (is the same process consistently
2
followed across towers eg. Infra and apps - technology towers )
Are those performing the process are trained and aware of how to do so?
4 What is the current level of UCF incident management team is holding?
whether the roles and responsibilites are defined for IM team
( rating is provided based on the answers given )
7 Are process KPIs as per contract and the KPIs defined internally and are
being measured?
Do you follow the same process configured in tool and are they any
2 manually managed process?( reason for manaul process and give the
rating accrodingly)
3 Process defined in the EPD is same as process has been configured in tool.
If not what is the reason ?
Are the incidents being correctly prioritizing based on Impact and Urgency
4 agreed with the customer and same has been documented in EPD? Is this
same as per tool?
5 Are incidents being tagged or mapped to CIs?
Whether the CTIs are effectively used ?(check for relevance and for
2 unused CTIs)
3 Are there missing CTIs? Is there any frequency to review the CTI and
updated regularly)
Are there any ticket hops ( check on the effectiveness and competency of
4 the staff)
Is ticket hopping analysed (why, what, how and action taken?)
in case ticket hops, is the SD informed of who it should go to?
5 Do you perform incident matching? (similar incident tickets) and how this
be handled and resolved?
6 Are the symptoms of incidents compared to a KEDB to identify a
workaround? What is the mechanism followed to escalate to next level
In case if a functional escalation(eg. L1 to L2) is required then do you
7 document details of the activities that you have performed and your
diagnosis?
3 Whether the ticket status code has been appropriately set before closure
of the incident ?(Eg. From pending to resolved)
Do you validate that resolution codes entered in the ticket for resolution
4 match actual solution?( Kbase or KEDB reference codes has been
recorded in the ticket log)
G. Incident Closure
1 During incident closure, do you summarise cause (ticket summary) of the
incident?(free text)
Do you apply 3-strike rule( or as per the number of strikes agreed with
2 customer) for incident closure (resolution in tool) in case you do not get a
user confirmation?
3 Are they case of reopening of tickets?
what is the % of reopened tickets on a monthly basis ?
4 Do you conduct a ticket CSAT after closure of incident ticket?
5 Is the average ticket CSAT greater than 4 for scale of 5 and greater than 6
for scale of 7?
6 CTI Verification details updated in tool if relevant before closure of the
ticket
Is there a conflict/confusion about who should close the ticket when
7 multiple resolver groups are involved in the resolution?(Eg. SD , L2, L3
groups)
H. Others
1 Are all teams sufficeently staffed and resources are having the skill levelin
line with SOW?
2 How effective is the Knowledge Management aspect (usage, contribution
to KM etc. ) in the account?
3
Is the Kbase updated by all groups and usage reported regularly?
4 Does SD / Resolver group refer to the knowledge base / KEDB / any other
database to check if solution already exists?
5 Do you update the KEDB / knowledge base for all "new" incidents once
the resolution is provided?
6 Are SMTDs being maintained at a place accessible to all and updated
periodically as per need?
7 Are people using SMTDs?
8 Are Skills matrix, training roster, etc. present?
9 Are every one aware of Information security policies and how to handle
Info
Is theSecurity issues?
ticket audit being done (investigation, diagnosis and resolution
10 steps)?
11 if a ticket is waiting for a user response, do you follow up regularly with
the user?
12 Is every one aware and follow the VIPs ticket handling process &
procedures if applicable ?
13 Are there any Service Level Targets that have been breached?
14 Is the entire team (all towers) aware of the response SLAs?
15 Is the entire team (all towers) aware of the resolution SLAs?
I. Reporting
1 Are all committed reports generated and shared with relevant
stakeholders as per the commitment?
J. Incident Manager
1 Does Incident Manager monitor the effectiveness of incident management
process via KPIs?
2 Do you have a continual service improvement program by which
deficiencies in the process are identified and improvements implemented?
3 Do you check quality of the ticket update is good?
4
Do you ensure that actions are taken on the ticket audit findings?
5 Have all Incident Management issues raised by the customer during CSAT
survey closed by the Incident Manager?
Ref. To
Artifacts to check -additional information Risk Office
ISO 20000
1. EPD
2. SOW
8.1
3. SOPS
4. ITSM
1. SOW- R&R
2. Program Gov structure
1.EPD 8.1
2. Service Management Tool - incident Module
EPD/SOW
Check ticket dump/log for any wrong classification
Ticket log
Ticket Summary
Check for the process in EPD and ticket logs from pending to resolved to
closure as per agreed strikes ?
Any user complaints on closure of tickets abruptly without resolution?
EPD/SoW
km usage, initiatives
8.1
KEDB updates
Sow/EPD/Training reords
SLA report/Analysis/SDR/WSR/MSR 8.1
if SLA report shared with team in any forum
if SLA report shared with team in any forum 8.1
8.1
Ticket status update / closure communications, mails
Customer esclation reports on incident downgrade?
Contract for such clauses of incident downgrade?
Yes
8.1
Sow/EPD/WSR/MSR
Improvement programs/plan
Ticket audit report
IRP GP3.1 3
IRP SP1.1 2
IRP GP2.3 2
IRP GP2.5 3
IRP GP2.5 2
IRP GP2.5 2
STSM SP2.1 1
MA SP2.1
15
IRP SP1.2 2
IRP SP1.2 2
IRP SP1.1 2
IRP SP1.1 3
IRP SP1.2 2
IRP GP2.5 2
IRP SP1.2 3
IRP SP2.1 1
17
IRP SP2.1 2
IRP SP2.1 1
IRP SP2.2 2
IRP SP2.1 3
IRP SP2.1 3
IRP SP 1.1 2
13
IRP SP1.2 1
IRP SP1.2 1
IRP SP1.2 1
IRP SP2.4 2
IRP SP2.3 2
IRP SP2.2 2
IRP SP2.2 1
10
SAM SP2.1 1
SAM SP2.1 1
IRP SP2.4 1
SAM SP1.3 2
SAM SP1.3 3
WP SP2.5 3
SAM GP2.3 2
IRP SP2.4 1
IRP SP2.4 2
16
IRP GP3.2 2
IRP SP2.2 2
IRP SP2.4 2
IRP SP2.3
IRP SP2.4 2
IRP SP2.4 2
IRP SP2.4 2
IRP SP2.5 1
IRP SP2.5 2
2
IRP SP2.5 1
IRP SP2.4 2
12
IRP GP2.5 3
IRP GP3.2 2
IRP GP3.2 2
IRP SP2.3 3
IRP SP2.4 2
IRP GP3.2 1
2
1
3
3
2
1
2
2
2
IRP SP2.5 2
IRP SP2.4 3
IRP GP2.5 2
38
IRP SP2.5 2
IRP SP2.4 2
IRP SP3.2 1
PPQA SP2.1 2
IRP SP2.2 1
IRP SP2.4 1
7
IRP SP3.2
138
0%
Rating
Score
(0/0.5/1) Criticality
(W*R)
R
0 Mandatory
0 Mandatory
0 Mandatory
0 Desriable
0 Mandatory
0 Desriable
0 Mandatory
0 Mandatory
0 Mandatory
0 Mandatory
0 Mandatory
0 Mandatory
0 Mandatory
0 Mandatory
0 Mandatory
0 Mandatory
0 Mandatory
0 Mandatory
0 Mandatory
0 Mandatory
0 Mandatory
0 Mandatory
0 Mandatory
0 Mandatory
0 Mandatory
0 Mandatory
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Strengths
0%
0%
0%
0%
0%
0%
0%
0%
0%
0%
Opportunities for Improvement
Complaince-Yes/Partially/
NO
(Partially & No are NC)
Respondents Name :
Major Incident Management Process Date : Process 0%
Role :
Compliance:
Ref. To Rating Complaince-Yes/Partially/
Risk Weight Opportunities for
Sr No. Assessment Questions ISO Interviewee Response (0/0.5/1) Score (W*R) Strengths NO
Office (0/1/2/3) W Improvement
20000 R (Partially & No are NC)
A. Overall Process
Is the Service desk trained to identify major incidents and how aware is 3 0
the team about significance of Major Incidents?
1
Do you have Major Incident Manager identified for the account? 8.1 3 0
2
Is the definition of a Major Incident discussed and agreed with the 3 0
Customer? 8.1
3
All are Major incidents handled according to a documented procedure 2 0
(including escalations)? 8.1
4
5 Do you conduct a review meeting after the major incident is resolved? 8.1 3 0
6 Do you create a MIR and send the same to stakeholders? 3 0
7 Is the problem manager part of the MI process? 3 0
Has the Problem Management process ever been triggered in case the 2 0
8 solution provided was a work around?
Does the communication happen during an MI as agreed with the
9 2 0
customer?
Is the entire communication being sent/done by one person and not 3 0
10 conflicting messages/garbled messages?
11 Is quality of major incident report questioned anytime? <<If applicable>> 1 0
12 Are KPIs for the process defined? 2 0
30 0 0%
B. Major Incident Manager
Do you generate major incident management reports as agreed with the
6.2 3 0
1 customer?
Do you monitor the effectiveness of major incident management process
Yes 3 0
2 via KPIs?
3 How do you drive the process adherence? <<Check How>> 3 0
Do you have a continual service improvement program by which 3 0
4 deficiencies in the process are identified and improvements implemented?
5 Do you ensure that quality of the ticket update is good? 2 0
Do you ensure that all concerned stakeholder for a major incident are 3 0
6 involved during incident resolution?
In case if resolution of major incident requires a change, do you raise the
emergency change request? 2 0
7
Are all Major Incident Management issues raised by the customer during 1 0
CSAT survey closed? 7.1
8
Do you ensure that actions are taken on the major incident ticket audit
3 0
9 findings?
23 0 0%
C.Best practices , templates and process owner details
1 Collect best practices and templates
2 capture Major incident manager details along with attained ITIL
certification details or as applicable
53 0
-EPD
1. Do you have a Problem manager identified for the account?
2. Is the Problem Manager trained on the Problem Mgmt techniques -SOW
4 - Team structure IRP GP2.3 3 0
(5Whys, Fish bone,etc.),
3. Which level of UCF is the problem manager certified. - SMP
- Evidence on Training/ Certifications
- Problem records
3 Is the exisiting problem ticket status is reviewed before logging similar - Incident Records IRP SP3.1 3 0
problem ticket - ITSM tool
Is every problem record mapped to a impacted CI? If no , what is the
reason? - Problem records
4 - Incident Records IRP SP3.1 3 0
- ITSM tool/ CMDB tool integration
Are problems categorized according to type and item?
5 - Problem Records IRP SP3.1 2 0
- ITSM tool
Is the problem ticket created for incidents where work around from KEDB - EPD
6 is not available(irrespective of priority). - ITSM tool 8.2 IRP SP3.1 3 0
- Problem Record
- Incident Record
Is there a standard RCA template?
- RCA template
7 - EPD IRP SP3.1 2 0
-SMP
8 Are all resolver groups trained on RCA techniques? And what is the IRP GP2.5 1 0
technique being followed and evidences for its effectiveness? - Training Record
Are all RCAs published as per the contract time lines? SLA/KPI - RCA ageing report
9 performance - check for the KPI's associated for timelines of RCA report - RCA report IRP SP3.2 3 0
adherence - Problem Record
- RCA report
10 Who reviews and approves RCA by a designated authorized. - Problem Record IRP SP3.2 1 0
Who tracks the CAPA actions and what is the status of CAPA action CAPA action tracker
Is every known error updated in the KEDB?
- KEDB
11 - ITSM tool 8.2 IRP GP3.2 2 0
- EPD
- SMP
PIR Report
12 do you review PIR and log problem tickets for the failed changes and roll IRP SP3.3 0
back successfully
26 0 0%
C. Proactive Problem Management
- EPD
1 - SMP Yes IRP SP3.1 3 0
Have you identified single points of failure (to avoid potential problems) - Problem Records
by using appropriate techniques like FMEA -FMEA
Do you analyse P1 incidents and the solution provided to close P1 Review of problem reports and MIM reports
incidents
2 Do you analyse how proactively we can avoid such incidents in future by IRP SP3.1 0
proactively logging problem ticket
Have events (alerts, notifications, warning, performance and exception - Event Records (from monitoring tool)
3 reports, etc. - From monitoring tools) been analysed to proactively identify - Problem Record IRP SP3.1 2 0
potential problems? - ITSM tool
- Incident Record
4 - Problem Record IRP SP3.1 3 0
Are you doing repeat incident / trend analysis analysis for potential -Trend analysis
problems ? -repeat incident records
proactive Problem record creation based on anticipated
When any production release , whether the release team will inform the release related issues.
5 problem manager for the anticipated issue , and in the event of issues, IRP SP3.2 0
Problem Manager will proactively create problem ticket for the
proactive problem analysis .
CONFIDENTIAL© Copyright 2006 Wipro Technologies Page 59 of 87 Revised Version (V1.1)
Revised on 19-December-2006
Respondents Name :
Problem Management Process Date : Process 0%
Role :
Compliance:
Ref. To Rating Complaince-Yes/Partially/
Artifacts to check -additional Risk CMMI Weight Opportunities for
Sr No. Assessment Questions ISO Interviewee Response (0/0.5/1) Score (W*R) Strengths NO
information Office SVC (0/1/2/3) W Improvement
20000 R (Partially & No are NC)
- CAB process
- CAB minutes of meeting
6 - Change Record IRP SP3.3 0
IS the problem manager updated the status of the changes raised through - Test Reports
problem management for workaround/permanent fix
Does problem manager receive the FSC (as part of Change Management)
7 as per the change window cycle? (To prevent future issues owing to clash IRP SP3.2 3 0
in changes) - PM Activity - Change Schedule
8 Does PM does updated in the failues of the patch management activities - Emails/Mailers on patches installed IRP SP3.1 2 0
9 Have there been any recent burst of incidents for any unexplained reason? Yes IRP SP3.1 3 0
16 0 0%
D. Reports
1 Do you measure number or % of recurring incidents? KPI reports from ITSM tool IRP SP3.1 2 0
2 No. of problems resolved and no. of incidents reduced as a result? KPI reports from ITSM tool 8.2 IRP SP3.1 2 0
3 No. of RFCs raised as a result of problem analysis? Change Management reports, KPI reports REQM SP1.3 2 0
4 Number of Proactive problem tickets raised? KPI reports from ITSM tool IRP SP2.1 2 0
5 No. of Known Error records raised Vs No. of problem tickets created? KPI reports from ITSM tool IRP SP3.1 2 0
6 No. of RCA Vs No. of problem tickets created? KPI reports from ITSM tool IRP SP3.1 3 0
KPIs - 0
Problem Tickets closed within due date KPI reports from ITSM tool 3 0
Number of incidents closed referring to KEDB/KM 3 0
Number of Incidents for an open problem record 2 0
7
Number of incidents reduced from last month problem ticket closed 3 0
Number of proactive Problem Tickets logged 2 0
No.of reactive Problem Tickets logged 2 0
Number of RFCs raised as a result of problem ticket 2 0
30 0 0%
E.Best practices , templates and process owner details
1 Best practices and templates followed to be collected IRP GP3.2 NA
2 capture Problem manager details along with attained ITIL certification
details or as applicable NA
86 0
1. EPD
Is the single integrated process being followed across geographies / or as 2. SOW
3 3 0
per the applicability . 3. SOPS
4. ITSM
1. SOW- R&R
2. Program Gov structure
3. ZCOP report
4 Do you have a Change Manager identified for the account? 4. Team structure report of the REQM GP2.3 3 0
project
5. SMP
1. EPD
2. SOW
Is that different change types are applicable and defined. Eg. Standard, REQM SP1.3
5 3. SOPS 0
normal, major , minor, emergency types of changes. CM SP1.2
4. SMP
Is everyone in the team trained on MS101 / ITIL? (at least the processes in 1. Team onboarding
6 2. Training reports REQM GP2.5 3 0
scope)
3. ITIL certification reports
1. Optra
2. CSIs
Is the KPIs defined and documented , if yes Is the performance of the 3. SLA performamnce
7 process measured against KPIs? reporting SD SP1.2 2 0
3. SDRs
4. Customer deck reporting
1. SOW
8 Are the CAB And ECAB members identified and documented? 2. SMP CM SP1.2 3 0
3. Prog governance reports
1. CM EPD
Is there CAB and ECAB being scheduled as per defined intervals ? 2. Program governance to see
9 WP SP2.6 0
Whether all the designated people are attending the meetings ? the CAB members
3. Minutes of CAB
17 0 0%
B. Change Management Tool
1. SOW
1 Do you have a tool for change management? 2. SOPs CM GP2.3 3 0
3. EPD
3 Is Change module integrated with CMDB & asset management modules ? change management ool CM SP1.2 2 0
8 0 0%
C. Change Logging
Is an RFC raised for introduction or modification to a service or Service 1. RFCs
1 9.2 REQM SP1.3 3 0
component? 2. Change evaluation reports
1. Change authorization board
2 Is the entire team aware of when to raise a change request? <<eg. - R&R REQM GP2.5 3 0
Server restart, patch install, etc.>> 2. EPD
1. Change performance reports
3 Are there any unauthorised changes executed at any time? REQM SP1.3 3 0
2. SLA performance reports
Do you analyze the unauthorized changes of a CI? (To check the instability 1. Backlog CM SP2.1
4 Yes 3
of the CI; From CMDB) CM SP2.2
Whether all the relevant /required details are filled by requester at the
1. RFC template
5 time of submitting an RFC and is this being validated for completeness by 2. completed RFC REQM SP1.3 3 0
Change manager at the time of logging the RFC?
1. EPD
2. Config management Plan
8 Are changes tied to CIs? 3. Change Mgmt Plan CM SP2.1
9.2 1 0
4. CI relationship with RFC - CM SP2.2
work log
20 0 0%
7 Are the test plans documented and attached to CR? 1. RFC & Test Plan CM SP2.1
3 0
CM SP2.2
8 Are all risks associated with the change documented ? Risk Tracker 9.2 RSKM SP1.2 2 0
9 Is level of Implementation defined based on the criticality of the change? Yes 3 0
Are other Changes being reviewed to optimize the scheduling and WMC SP1.1
10 Change evaluation reports 2 0
implementation of the current Change? WMC SP1.2
Are all changes sent to the CAB members prior to the CAB meeting for
11 CAB Minutes CM SP3.1 2 0
them to go through?
12 Do all the stakeholders attend the CAB meeting? CAB Minutes CM GP2.7 2 0
13 Is change evaluation done thoroughly by the CAB/TAB/CCB? Change evaluation reports CM GP2.7 3 0
Is problem manager involved in CABs to evaluate changes which go to CAB approval , Work around,
14 CM GP2.7 3 0
production to prevent issues from happening later? KEDB
15 Are all testing activities done robustly? Test plans & actual results CM SP2.2 3 0
16 Are test results attached to the CRs? Test plans & actual results 9.2 CM SP2.2 2 0
Is a back out plan prepared in detail ?(The activities required to reverse or
Backout Plan & Actual Action
17 remedy an unsuccessful change shall be planned and, where possible, 9.2 Yes CM SP3.2 3 0
Performed
tested).
19 Is Change and release scheduling an integrated activity of change 1. release & deployment plan CM SP2.1
management 3 0
CM SP2.2
1 KPI reports CM SP2.1
20 Is negotiation on downtime being established? 2. Change impact reports 3 0
CM SP2.2
21 Is an FSC Prepared and FSC circulated to all? FSC 9.2 2 0
22 Is this FSC used to plan for relevant releases and deployments? Change impact reports 9.2 2 0
23 Is the planned outage for a change communicated to concerned user base? 1. release & deployment plan CM SP3.1 3 0
Are any normal changes implemented outside the maintenance window? - 1. release & deployment plan
24 CM SP3.1 3 0
What is the purpose ? Rating in case of Yes/No
25 Is the entire team aware of the Change freeze period? 1. release & deployment plan CM SP3.1 3 0
Any normal / <<Fast track/Expedited/Retrospective>> changes being
26 Change Management plan CM SP3.1 2 0
implemented during the Change Freeze period?
Are the measured effects of the change being compared with the desired PIR reports
4 effects in order to decide whether the change has met its objectives? change failure records CM SP3.1 3 0
Does Change management obtain information from the Service Desk or ITSM Tool - incident ticket
1 resolver group concerning incidents and calls relating to change? Whether 3 0
relationship with RFC
the relationship between incident has been established with RFC?
Does Change management exchange information with Configuration RFC linkage with CI
3 Management regarding change progress, change closure, change impact Asset registry 2 0
assessment on configuration items ? CMDB
8 0 0%
G. Reports
Are all committed reports generated and shared with relevant Weekly, monthly reports
1 stakeholders as per the commitment from contract ? 3 0
3 0 0%
H. Change Manager
1 Whether the KPIs have been defined as per contract ? Do you monitor the KPI reports
effectiveness of change management process via KPIs and reported? 3 0
3 Is the successful implementation of a change confirmed by Change SLA reports , SDR, Change
Manager? Mgmt Plan 2 0
8 0 0%
I.Best practices , templates and process owner details
1 Best practices and templates followed to be collected CM GP3.2 NA
2 capture Change manager details along with attained ITIL certification NA
details or as applicable
155 0
Ref. To
Sr No. Assessment Questions
ISO 20000
A. Overall Process
Do you have a documented availability management process (EPD)with
1 6.3
clearly defined scope, objectives, activities/tasks?
3 Are team members aware of the process and follow the same?
<<Check --> awareness of process in teams; ticket for periodic updates; >>
Is the performance of the process measured against specific targets and
4 Key Performance Indicators? 6.3
Are changes to availability plans subject to Change Management?
5 6.3
C. Availability Management
1 Is identification of business critical services done? 6.3
D. Reporting
1 Do you generate availability reports as agreed in SOW and share with the 6.3
Customer?
2 Are availability reports generated? Periodicity of the report?
3 Reports are reviewed internally and by the customer? How and When?
4 Is there any concerned raised by customer on availability management
reports?
5 Is the performance of the process measured against specific targets and 6.3
Key Performance Indicators?
E. Availability Manager
Do you generate availability management reports and share the same
1 with respective stakeholders? And take corrective actions where 6.3
necessary?
2 Do you monitor the effectiveness of availability management process?
3 Have you identified any opportunity to improve the availability
management process?
4 Do you drive the efficiency and effectiveness of availability management
process?
2 capture Release & Deployment manager details along with attained ITIL
certification details or as applicable
Respondents Name :
Role :
Weight
Risk Office CMMI SVC Interviewee Response
(0/1/2/3) W
CAM GP3.1
3
CAM GP2.3
3
CAM GP2.5
2
MA SP1.2
CAM SP1.2
CAM SP1.3
2
CAM SP1.1
CAM GP2.2 2
CAM SP1.1
1
CAM SP1.1
1
14
CAM GP2.3 3
CAM GP2.5 2
CAM GP2.3 2
7
CAM SP1.1 3
CAM SP1.1
3
Yes CAM SP1.2 3
CAM SP1.2
2
CAM SP1.2 2
CAM SP1.2 3
CAM SP1.2 2
CAM SP2.1
2
CAM SP 2.3 2
CAM SP2.1 2
CAM SP2.2
2
CAM SP2.2 3
CAM SP2.2 3
CAM SP2.2 2
CAM SP1.1 2
CAM SP2.2
2
2
CAM GP 2.5 3
Yes CAM SP2.2 3
CAM GP2.5 2
CAM GP2.5 2
2
2
2
CAM SP2.1 2
58
CAM SP2.3
3
CAM SP2.3 2
CAM SP2.3 2
CAM SP2.3
CAM SP2.3
1
8
CAM SP2.3
2
CAM GP2.8 2
CAM GP3.2 1
CAM GP3.2 1
CAM SP2.3 2
8
CAM GP3.2
Process 0%
Compliance:
Rating (0/0.5/1)
Score (W*R) Strengths
R
0 0%
0 0%
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0 0%
0
0
0 0%
0
0
0 0%
NA
NA
Complaince-Yes/Partially/
Opportunities for
NO
Improvement
(Partially & No are NC)
Service Level Management
A. Overall Process
Is there a formal SLM process defined & documented? And Is there a service level
1
manager identified to manage the process?
2 Are relevant staff trained on SLM process and activities?
3 How are service level requirements gathered from customer/ business?
4 How are service levels negotiated and agreed?- Do u have a formal process to
follow?
5 Are all the SLAs documented and unambigous?
Whether all the SLA related documents includes SLR, EPDs are stored in
6
centralized location and version controlled?
7 Are all the SLAs measurable? If not which are those non measurable SLA and
reason?
For those SLA's which are not measurable are been informed to customer and
8
signoff taken. Whether such exception reports are being tracked and reported?
9 Are formulae agreed and documented for measurement?
10 Are all staff aware of SLA targets and performance?
11 Are OLAs defined in line with the SLAs?- how is this ensured?
12 Are UCs defined in line with the SLAs?- how is this ensured?
What are the other metrics used for managing service or process performance
13
apart from SLAs (Ex: KPIs)?
Is the historical SLA/ KPI/ perofromance data available from customer? And is this
14
being used for re-baselining of SLA and renogotiations
15 How frequently are Service levels, OLAs and UCs reviewed?
16 How are changes to SLAs or addition of SLAs managed?
Is there a service catalogue that contains service descriptions,
17
attributes/components, service hour descriptions
18 Are improvement initiatives instigated & tracked to improve SLA performance?
20 Is customer satisfaction measured? If yes, how?
Whether Cap Management is providing necessary support for SLM process for
23
the renogotiation of SLA when needed?
Any esclation reported internal/external(from customer) on SLA measurement
24
and reporting?
25 Whether status of all the contratually agreed SLA's are green ?
Different service levels are agreed documented and accepted with customer
26
during disaster situation?
Whether all the service recovery requirements are agreed and documented in
27
SLA?
For addition of any new services whether the SLRs are ascertained and assessed
28 before starting of service? Adequate measure in place to ensure SLR's of new
requirements are not impacting the existing SLA?
E. Reporting
Are SLA breaches investigated and reasons identified followed by improvement
39 actions?
What are the various reports published related to SLAs including, SLA
40 performance, trend analysis, forecasts, improvement actions planned/
implemented etc.?
Whether all the agreed SLA's are being reported to customer? If not details of
41
SLA's which are not reported and reason?
2 capture Release & Deployment manager details along with attained ITIL
certification details or as applicable
Respondents Name :
Date :
Role :
Ref. To
Risk Office CMMI SVC Interviewee Response
ISO 20000
STSM GP2.5
6.1 STSM SP1.1
STSM SP1.1
6.1 Yes STSM SP1.2
STSM GP2.6
STSM SP1.1
STSM SP1.1
STSM SP1.1
STSM GP2.5
6.1 STSM SP2.1
STSM SP2.1
STSM SP2.1
STSM SP2.2
STSM SP1.1
6.3
6.3
6.1
Yes
7.1
6.2
`
6.2
6.2
6.2
Yes
Process 0%
Compliance:
Weight Rating (0/0.5/1)
Score (W*R)
(0/1/2/3) W R
3 0
3 0
2 0
3 0
3 0
2 0
3 0
3 0
3 0
3 0
2 0
2 0
2 0
2 0
2 0
2 0
2 0
2 0
3 0
47 0
2 0
3 0
2 0
3 0
3 0
3 0
3 0
2 0
21 0
2 0
3 0
5 0
3 0
3 0
3 0
3 0
3 0
3 0
18 0
3 0
3 0
3 0
9 0
NA
NA
100 0
Opportunities for
Strengths
Improvement
0%
0%
0%
0%
0%
Complaince-Yes/Partially/
NO
(Partially & No are NC)
CMMI Process Area Checkpoint
How is the tracebaility maintained between requirements, plans &
REQM SP1.4 deliverables?
WP SP1.4 What life cycle is followed for this program?
WP SP1.5 How are the estimates arrived and any changes to the estimations
WP SP2.3 How is the data for this program is planned and monitored?
WMC SP2.1 Can you explain various reviews conducted in the program and the plan.
Share you configuration management plan and explain the identified
CM SP1.1 configuration items
What is the baselining criteria for configuration items and explain the
CM SP1.3 documentation maintained?
CM SP3.2 Are configuration audits conducted and demonstrate the audit findings
Did you have opportunity to apply DAR in the program and demonstrate the
DAR SP1.1 instances
What strategy do you follow for capacity evaluation and any forecasting
CAM SP1.1 techniques used
SST SP1.2 Are there any transitions of systme in progress and demonstrate the plan
Do the program have any 3rd party or vendors services utilized for service
SAM SP1.2 delivery?(if applicable in scope)
If SAM SP1.2 is applicable, explain the scope and related supplier / vendor
SAM SP1.3 agreements in SLA / KPIs
How are the service continuity activities planned and performed in your
SCON SP1.1 & SP1.2 program?
SCON SP2.1 & GP 2.5 Are the required team members undergone training on BCP / DR
When was the last BCP/DR exercise performed and show the related
SCON SP3.1 records
Are the BCP/DR results shared to the customer as per contract if appliable
SCON SP3.2 or to wipro management
Explain how are the process followed in the program are verified and
PPQA SP1.1 validated?
PPQA SP2.1 How are ticket audits performed and demonstrate the results.
Are there any taloring done for the process, if so did you get approval from
OPD SP1.3 MQ
OPD SP1.5 How do you make use of organizational assets for service delivery
Guidence
Look for Traceability Matrix or Contract Compliance Matrix as per VelociQ
guideline
Verify ECUBE and SMP for life cycle defined and tailoring made
Verify RLS, SMP & change requests
Data Management Plan in SMP or Configuration Management Plan stating
the scope of data being maintained. This encompasses both internal &
external data.
SDRs, Minutes