| Professional Service: |
| 2.1 Catalogue Management. |
| Each company has its own unique catalogue of application services. |
| 2.2 Service Level Agreement. |
| Where a company needs a SLA with an agreed quality of service, then availability of 99.99% can be delivered and backed with applicable professional indemnity insurance. |
| 2.3 Risk Management. |
| Threat analysis from criminals and insider with hacking skills is continually reviewed and revised in the light of measured and monitored events. |
| 2.4 Capacity Management. |
| Continual monitoring of performance and throughput means regular tuning and hardware upgrades in advance of any bottleneck that could impact on the SLA. |
| 2.5 Availability Management. |
| Availability must be managed on a daily basis and service levels will not be achieved unless data availability is professionally managed. |
| 2.6 Business Continuity. |
| Companies that depend on the application service will demand business continuity planning where recovery times are are measured in minutes rather than days. |
| 2.7 Information Security. |
| Information security is not cheap and the liability of a breach of security can be damaging on any company. |
| 2.8 Compliance Management. |
| A company will know the legal framework that it must comply with. Legal regulations are increasing year-on-year so this is not a one-off cost but an increasing cost. |
| 3.1 Change Management. |
| Continual improvements must be managed in accordance with privaleged user procedures, begining with approval by the Change Manager. |
| 3.2 Planning and Project Management. |
| Planning the interaction between different improvements must be scheduled to prevent conflicts or cascading changes. |
| 3.3 Development and Customization. |
| Customization is continual by Information Engineers who can only change functions approved by the Change Manager. |
| 3.4 Release and Deployment. |
| Each change creates its own release that is deployed for each company at the applicable time. |
| 3.5 Validation and Test. |
| Each change creates its own release that is deployed for each company at the applicable time. |
| 3.6 Asset and Configuration. |
| Services are built up as a configuration of functions and assets that must be professionally documented. |
| 3.7 Knowledge Management. |
| Requests are indexed and archived as a knowledgebase. |
| 4.1 Event Support. |
| Events are escolated to 1st, 2nd and 3rd level support teams. |
| 4.2 Incident Management. |
| Data center incidents must be analysed and things returned back to normal. |
| 4.3 Request Fulfilment. |
| Requests car continually monitored and responded to according to agreed service levels. |
| 4.4 Access Management. |
| Data and functional access controls must be managed for each user. |
| 4.5 Problem Management. |
| Problems will be rapidly issolated, circumvented, recovered and avoided from happening again. |
| 4.6 Operations Management. |
| Infrastructure as racks of servers in each data center are continually patched and maintained. |
| 4.7 Facilities Management. |
| Data center physicla access, power supplies, air conditioning. |
| 5.1 Service Evaluation. |
| To continually monitor and report service levels. |
| 5.2 Process Audit Management. |
| To undertake penetration testing of the external and internal application stack. |
| 5.4 Continual Service Improvement. |
| To undertake penetration testing of the external and internal application stack. |
| Cheap Service: |
| 2.1 Catalogue Management. |
| Companies can share reusable services with other companies. |
| 2.2 Service Level Agreement. |
| Service levels for local councils are between 80% and 90% for reference purposes. |
| 2.3 Risk Management. |
| Threats from criminals can be ignored where data integrity and the loss of data is not critical to the company. Each company will undertake their own risk analysis and act accordingly. |
| 2.4 Capacity Management. |
| Capacity can be ignored until a bottleneck causes some problem and then action can be taken to order extra infrastructure. |
| 2.5 Availability Management. |
| Availaibility does not need to be managed where the company is conforatable with a SLA does not impose any constraints. |
| 2.6 Business Continuity. |
| Where recovery times can be measured in days then data replication can be downgraded to periodic backup. |
| 2.7 Information Security. |
| Security costs can be cut to reduce security testing and assume that the application service will not be attacked. Each company can determine their own risk and level of security. |
| 2.8 Compliance Management. |
| Compliance costs can be reduced where compliance with legal regulation is not required. |
| 3.1 Change Management. |
| Change management does not been to be handled in accordance with privaleged user procedures. |
| 3.2 Planning and Project Management. |
| Project planning costs can be reduced by not undertaking very much planning of project management. |
| 3.3 Development and Customization. |
| Development and customization costs can be cut to match each company requrement. |
| 3.4 Release and Deployment. |
| Deployment and release management costs can be reduced by doing one change at a time. |
| 3.5 Validation and Test. |
| User acceptance trials can reduce the need to pay for validation testing. |
| 3.6 Asset and Configuration. |
| A small application with few assets does not need very much configuration and that can keep the costs down. |
| 3.7 Knowledge Management. |
| Requests do not need to be built up into a knowledgebase of technical support information. |
| 4.1 Event Support. |
| Where a very small number of servers are employed then the number of events to be managed will not cost very much. |
| 4.2 Incident Management. |
| Incidents in all servers must be managed back to normal, but costs can be reduced where delays can be accepted. |
| 4.3 Request Fulfilment. |
| Requests can be handled eventually with a lower reaction time to reduce costs. |
| 4.4 Access Management. |
| Data and function access control can be simplified with costs reduced with just a few user roles. |
| 4.5 Problem Management. |
| The lifecycle of problems must be managed but costs can be reduced by bringing in specialists only when needed. |
| 4.6 Operations Management. |
| Patch management of servers is critical but where the number of servers is minimised, the cost of operations can be reduced with the use of second hand machines. |
| 4.7 Facilities Management. |
| Only one data center is involved so physical access and power supply costs can be reduced. |
| 5.1 Service Evaluation. |
| Without any SLA liabilities the service does not need to be evaluated, monitored and measured. |
| 5.2 Process Audit Management. |
| A company may choose to avoid or reduce penetration testing. |
| 5.4 Continual Service Improvement. |
| The rate of continual improvement can be reduced to match what a company can cost justify. |