Organisation Structure

Print this Page	1.5 HRM 09. Organisation Structure	Close this Page

15.09. Organisation Structure:

1. The organisation is dominated by ISO 20001 Information Technology Infrastructure Library (ITIL) standard that defined every role and duty that is mandated by an Application Service Provider (ASP).

2. The organisation provides one and only one service as that of the best Application Service Provider in the world where Bespoke Application Services include:

(1) Continual improvements to ensure that a Bespoke Application Service evolves at the same rate as the business that it supports.

(2) Adequate privacy and encrypted security to ensure that business data cannot be stolen and a reportable data breach cannot happen.

(3) Data replication to a large number of secure data centers so data cannot be lost with business continuity that never stops and cannot be stopped.

(4) Support for any number of people in any number of locations using any kind of desktop, laptop, tablet or smart phone without the need to install any software.

(5) Authentication monitored 24*7 to blacklist criminal brhaviour and provide proactive support for approved people who need help.

(6) The elimination of data leaks by phone and email by using business messaging service with replicated encrypted data for all communication.

(7) The elimination of application programming vulnerabilities and patching by using an artificial intelligent assistant to automate many procedures.

Structure:

1. The organisation has a Board of seven Directors with five divisions that represent the five volumes of ITIL roles and duties.

2. The Design Division has eight managers who represent the eight design chapters of ITIL.

3. The Transition Division has seven managers who represent the seven transition chapters of ITIL.

4. The Operations Division has seven managers who represent the seven operations chapters of ITIL.

5. The Improvements Division has three managers who represent the four improvement chapters of ITIL.

1. Board of Directors:

1. Chairman of the Board acts as the Chief Executive Officer and Managing Director. The Chairman provides a kind of Public Relations department when it is demanded, but the public cannot be involved with the organisation.

2. Portfolio Director is responsible for the demonstrable application portfolio. The Portfolio Director provides a kind of Marketing and Sales department when it is demanded, but no active marketing is involved.

3. Demand Director is responsible for balancing capacity with business usage.

4. Finance Director is responsible for investments and open book accounting.

5. Supplier Director is responsible for supplier relationship management.

6. Personnel Director is responsible for people who work with the organisation. The Occupational Health and Safety Officer(OHSO) reports to the Board via the Personnel Director.

7. Architect is the Director responsible for hardware, network, system software and knowledge strategies. The Data Privacy Officer (DPO) reports to the Board via the Architect. A strategy is to use every increasing levels of automation as a means to cut costs, cut delays and cut errors. Eliza as the artificial intelligent assistant will minimise costs, minimise time and maximise quality.

2. Design Division:

1. Service Catalogue Manager is reponsible for the catalogue of services provided within all Bespoke Application Services.

2. Service Level Manager is responsible for measuring and maintaining the service levels expected by approved people using a Bespoke Application Service.

3. Risk Manager is responsible for the ISO 31001 Risk Management Standard (RMS) service that is deployed as an Bespoke Application Service to approved people.

4. Capacity Manager is responsible to measure and monitor the Bespoke Application Service computing requirements of approved people.

5. Availability Manager is responsible to measure and monitor Bespoke Application Service availability to approved people.

6. Business Continuity Manager is responsible for the ISO 22301 Business Continuity Stanard (BCS) service that is deployed by Bespoke Application Services to approved people.

7. Information Security Manager is responsible for the ISO 27001 Information Security Stanard (BCS) service that is built into every Bespoke Application Service. The Information Security Manager represents the organisation as a Cloud Security Alliance (CSA) member.

8. Compliance Manager is responsible to keep everything compliant with local laws, regulations and best practice.

3. Transition Division:

1. Change Manager is reponsible to approve how and when changes are to be applied to Bespoke Application Services.

2. Project Manager is responsible for measuring and managing approved projects in compliance with ISO 9001 Quality Management Standard (QMS) that result in new and improved application service capabilities.

3. Development Manager is responsible for managing the team of engineers who develop bespoke application services that match what approved people have requested. The Development Manager hire people with the demonstrable skills to achieve a specified component in an agreed time with an acceptable quality. Once the business rules have been transformed into knowledge, the unique skills of that development person may never ben needed again. GitHub is home to over 20 million developers working together with a capacity that no other industry can comprehend.

4. Deployment Manager is responsible for merging new and existing application services into an infrastructure that will work as planned.

5. Validation Manager is responsible to test, trial and validate that bespoke application service match the mission and specification of business requirements. It costs more to validate an improvement than to develop the improvement because designing applicable test conditions is time consuming.

6. Configuration Manager is responsible to create the infrastructure and data stores needed to operate each bespoke application service. The Configuration Managers team includes Data Administrators and Network Administrators who have no reason to know the name of the customer who will use a networked data store.

7. Knowledge Manager is responsible to build and assemble a knowledge base of application tutorials, guides and associated help and advice. The Knowledge Managers team who have no reason to know the name of the customers or the names of the people approved to use the Bespoke Application Services. Data can be stolen, taxed and traded as intellectual property, but knowledge cannot be stolen, cannot be taxed, cannot be traded and is not intellectual property. Twenty years of knowledge aquisition is a trade secret.

4. Operations Division:

1. Support Manager is reponsible to continually monitor and detect events that need to be contained, stopped and prevented.

2. Incident Manager is responsible for managing each data center incident to ensure that it does not spread to other data centers and the effects can be reversed.

3. Request Fulfilment Manager is responsible for the First and Second Level Support teams that work on behalf of approved people.

4. Access Manager is responsible for authentication with functional and data access request management.

5. Problem Manager is responsible to take over from the Support manager and Incident Manager when an event becomes an incident and an incident becomes a problem.

6. Operations Manager is responsible to manage the very high value computing infrastructure that delivers Bespoke Application Services. The Operations Manager has automated all the work that was once done by System Adminstrators so the role of a System Administrator is now obsolete. The threat of criminals blackmailing a System Administrator by kidnaping their family has been eliminated.

7. Facilities Manager is responsible for the buildings, fire suppression, CCTV, energy management and property related fixed assets. The Facilities Manager runs the Environmental Management Service in compliance with ISO 14001 EMS with an emphasis on all equipment running from batteries and all batteries being charged by solar and renewable energy. The Facilities Manager represents the organisation with the Data Center Alliance (DCA) in compliance with EN50600 EU Code of Conduct for Data Centers (Energy Efficiency), BSI IST/46 Sustainability and ISO 20134 Power Usage Effectiveness (PUE).

5. Improvements Division:

1. Service Evaluation Manager is reponsible to continually evaluate Bespoke Application Services in comparison with competitive offerings to determine where improvements can be made.

2. Process Audit Manager is responsible for internal audits on how Bespoke Application Services are used and how those processes could be improved.

3. Improvement Manager is responsible for creating improvement requests that feed back though the Request Fulfilment Manager to the Change Manager. Many improvements are of a technical nature that may not impact on an approved person in any way.

Document Control:

1. Document Title: Organisation Structure.

2. Reference: 161509.

3. Keywords: ITIL Organisation Structure.

4. Description: ITIL Organisation Structure.

5. Privacy: ITIL public shared with all approved people.

6. Issued: 11 Jun 2017.

7. Edition: 1.4.

Addendum

1. The organisation is large, complex and dominated by International Standards such as ITIL, ISS, BCS, RMS, EMS, QMS and OHS. It is fair and reasonable to add a few extra factors that dictate how the organisation is structured, organised and brought together as a federation. The organisation does not have a brand, does not promote any products, does not have a Marketing and Sales department and does not have a Public Relations department. The organisation does not have a web site, does not have a twitter account, does not have a FaceBook page and does not have a public face.

2. As a statement of intent, all server racks are powered by batteries and all batteries are charged by solar or renewable energy. All lighting is battery powered 12 volt LED and heating is driven by battery powered air pumps heated by underground pipes. The organisation does not have a single point of failure and is not dependent on local electrical supplies, however local electricity may be used to charge batteries at night for a few winter months.

A1. Artificial Intelligent Assistant:

1. The one thing that dramatically differenciates the organisation from any other Application Service Provider is the the orgganisation has evolved to replace application programming with knowledge engineering.

2. The elimination of application programming means that software vulnerabilities, software patching, software defects and downtime is eliminated.

3. Eliza is the name of the artificial intelligent assistant that operates in a large number of data centers in different countries with replicated encrypted data. Eliza is configured and operated never to stop and cannot be stopped.

4. In the event that a data center is not available, business continues to be provided by other data centers. Encrypted data is replicated so backups, restarts or decovery procedures have been eliminated.

5. Because data is replicated to many data centers, data cannot be lost. A benefit of having more then ten distributed copies of business data is that fraudulent changes to all copies of the data is not practical. Missing data in one data center can be recreated from other data centers.

6. All business data is stored as Pseudonymised and Replicated Encrypted Data (PARED) that is meaningless and worthless to a criminal. A benefit of PARED is that a reportable data breach is not possible because no readable business data can be leaked to the detriment of its owner.

7. Eliza enables improvements to be made in real-time while people are using the Bespoke Application Service. Knowledge as business rules can be added, changed and disabled using online facilities that are used by Eliza to dynamically create web forms, lists and pages. Knowledge has continued to evolve for the past twenty years to the point where many business procedures can now be done automatically.

A2. Defect Escalation:

1. Built into the organisation structure are several escalation mechanisms to ensure that defects are handled in the most professional way.

2. ITIL and associated international standards promote best practice to include:

(1) Event Support Manager has a team continually monitoring events identified by the Intrusion Detection Server (IDS) as abnormal behaviour. In most cases, events can be resolved by the Event Support Managers team, but in some cases, an event will be escalated to be an incident.

(2) Incident Manager has a team continually monitoring incidents raised by the Event Support team as abnormal behaviour that needs specialist skills. In most cases, incidents can be resolved by the Incident Managers team, but in some cases, an incident will be escalated to be a problem.

(3) Problem Manager has a team to contain and stop problems by using specialist skills to reverse engineering changes that may have caused the problem or stop criminals that are causing the problem. The Problem Manager may call upon the skills of all other manager to contain a criminal attack and that may involve a switch of the production transactions to a different data center in a remote place.

3. The act of escalation brings into play new people with new ideas that can help to resolve defects that need a different set of skills and experience. The three layers of defect resolution means that criminal attacks will be stopped faster than by any other process.

A3. Improvement Escalation:

1. ITIL defines the interaction of roles to deploy improvements as to include:

(1) Request Fulfilment Manager with teams of First and Second Level support people who evolve business requirements into a formal improvement request that is shared with the Change Manager.

(2) Change Manager will prioritise and select what components are involved and need to be released to a Project Manager.

(3) Project Manager will schedule an action plan of tasks that must be designed and developed with little regard to the author of the improvement or the nature of the Bespoke Application Service.

(4) Development Manager will manage the Knowledge Engineering team who teach the artificial intelligent assistant new business rules - development people only have access to those components that they need to design and develop the improvement request.

(5) Deployment Manager will merge the developed components into an infrastructure so the new business rules can be tested, trialed and verified.

(6) Test and Validation Manager is responsible to design and develop test data and test conditions that will validate the behaviour of the new business rules.

(7) Configuration Manager is responsible to improve and manage the production infrastructure to be able to support the operation of the improvement to a Bespoke Application Service.

2. Rapid application deployment is achieved by very high levels of automation and the elimination of application programming. By eliminating programmers, programming defects are eliminated so validation is all about matching a stated business requirement. Very high levels of automation means that Project Managers can schedule improvements to be deployed during the working day while hundreds of people are using a Bespoke Application Service. The Configuration Manager can dynamically switch a new set of business rules between different approved people in different places without any downtime.

3. By purposefully using many different skills, roles and experiences to deploy each improvement, a higher quality of service is achieved with lower possibilities of a defect getting into a service. The Project Manager manages the Quality Manual and Quality Management Service as a detailed evidence trail that can track and trace every field value change in every record in every data center. If a procedural defect is identified, the Project Manager will change the work instructions in the Quality Manual to ensure that such a defect could never happen again.

A4. Evolution and Rights:

1. The organisation has a duty of care for its people who have rights:

(1) The right to choose where in the world to work. The very best people in the world can only become part of the organisation by granting this right.

(2) The right to choose when to work in any time zone; including the hours of the day and days of the week.

(3) The right to choose what holidays and vacation to take; including local public holidays and festivals.

(4) The right to choose their own commuting time and costs; including the right to choose their own vehicle, vessel and aircraft.

(5) The right to sign-in and continually monitor shared alerts, alarms and requests.

(6) The right to sign-in and manage their own data; including the right to be forgotten.

(7) The right to sign-in and communicate (chat) with other business associates; including customers and suppliers.

2. The organisation has evolved so that procedures that were once done by people who may forget things are now fully automated to dramatically reduce the cost of doing business.

3. The organisation has evolved so that HR procedures that were once done by a manager on behalf of people are now done using self-service facilities.

4. The organisation has evolved so that people can work from any location with an Internet connection. The cost justification for a head office has been eliminated.

5. The organisation provides a 24*7 service to people in all parts of the world. It is cheaper and better to hire people in many different time zones to provide a 24*7 service, than to try to operate an unsocial shift pattern from one location.

6. Shared business information enables people who do not have English as their first language to actively contribute according to their skills, qualifications and experience.

7. Face-to-face meetings have evolved into continual chat using an encrypted business message service with considerable productivity improvements and cost reduction.

8. A disruptive business model has evolved over many years that no competitor can hope to emulate in terms of being faster to respond, cheaper to deploy or more effective in operation.

A5. Privacy:

1. People working with the organisation have the right to privacy and the names of people shall not be disclosed for any reason, other than a legal order. In general, the distributed structure with publicly documented standard responsibilities creates an privacy and security culture with less opportunties for leaks.

2. Customer and suppliers associated with the organisation have the right to privacy and the names of those companies and ther contact people shall not be disclosed for any reason. In general, most people working with the organisation have no access to any Bespoke Application Service and have no way to discover the names of customer or suppliers.

3. People working with the organisation are bound by contract to confidentiality to not disclose any business information and never to be involved in a survey that could leak secret trade information such as the hardware used, system software used or architectures used. In general, most people working with the organisation manage data that is encrypted and have no way to figure out how to decrypt such data.

4. The smart mobile phone network created an infrastructure that means that location is no longer of any significance. People can work in any location in any country at any time of the day or night without any constraints, other than legal authentication. The smart phone enabled the office working normal business hours with one desktop per person to evolve to smart people working anywhere and everywhere at any time. Every office with computers leak data between people and computer data will be stolen, but distributed people with smart phones can become private, secure and safe.

5. By design, the organisation does not have a brand, does not have any products and does not get involved in marketing or public relations. Each customer is paramount and more important than a brand - the Bespoke Application Service is owned by the customer and so the ASP does not need to have a brand.

A6. Protection and Security:

1. Data protection is the single most significant factor that drives the Application Service Provider. Whatever it takes to eliminate the possibility of a reportable data breach MUST be taken.

5. More important than all the servers in all the data centers is the security of knowledge because knowledge cannot be protected by patents or copyright. Equipment is replaced every few years, but knowledge has simply exploded over the past twenty years and will do so for the next twenty years.

A7. Venture Capital Foundation:

1. At the heart of the organisation is an offshore venture capital foundation that invests in projects around the world. To protects its investments, the only customers of the VC foundation are independent fixed asset companies that are federated to work together without direct ownership.

2. The independent fixed asset companies operate data centers in countries where it is cost effective to operate a data center, but will only sell services to customers who are independent associate companies that are federated to work in unison. Local entrepreneurs own and operate their own associate companies but by being part of the federation, gain economies of scale without the liabilities of a multi-national.

3. At least one associate company operates in each country that has customers with some customers having shared ownership in some associate companies. In general, ownership of any federated company is independent of any other federated company where the terms of being a member of the federation are a trade secret.

4. Associate companies in each country are Application Service Providers who have customers who own the own Bespoke Application Service. By design, an Application Service Provider does not own any software products and does not own any intellectual property to ensure that the customer can be seen as the owner of all intellectual property involved with any Bespoke Application Service.

5. The old business model where one person at the top of the pyramid owns everything below has been replaced with a federation of a large number of independent companies operating in many countries. The federation gives local companies the strength and power of a multi-national with the flexibility and agility of a local entrepreneur.

6. Ownership of companies is very public and easy to trace, but being a member of the federation is private and cannot be traced. A very large number of independent companies is much more stable in the long term than a large multi-national where public shareholders demand short term dividends. Independent companies can operate in a more effective way in some local countries where multi-nationals are restricted.

7. Fixed asset companies running data centers in their local country are totally independent of any entrepreneurs associate company. This means that the associate company is free to buy computing power from any data center they choose in any country - regardless of ownership.

8. Investment in local entrepreneurs with their own federated companies provides a framework and culture of a gentle disruptive business with very little overheads, but very stable foundations. Eliza is the common artificial intelligent assistant that operates every Bespoke Application Service with knowledge of business rules for many diverse market sectors. A business rule is to watch what others do and then do something different because most other people fail in the longer term. Investing in a large number of entrepreneurs in many countries working as a single integrated federation is what Google should have done to create many local country cultural identities.

A8. Open Book Accounting:

1. For some customers, open book accounting is provided to give the customer financial control. The entrepreneur acting as the account manager with or without the customer will form an independent company that is part of the federation.

2. The federation will invest many thousands of pounds in that independent company as a one-percent loan to cover set up costs and expenses. The customer will choose to pay an amount of revenue into the company each month to cover operating costs that provide their Bespoke Application Service, including improvements. The customer pays nothing for the Bespoke Application Service, but pays for the service levels and that the customer choose to impose. Where the customer chooses to have a five million liability payment in the event of a disaster, the customer pays extra revenue needed to pay for the relevant insurance.

3. An objective of the financial plan is to break even each year. If the financial plan shows a surplus, then that is carried forward to reduce the following years monthly subscription payments. If the financial plan shows a deficit, then that is carried forward to increase the following years monthly subscription payments.

4. An objective of the financial plan is to give the customer complete control of their business and their Bespoke Application Service. When the customer wishes to grow their business, the customer can pay more to get more computing power to handle new business opportunities. When the customer wishes to reduce their business, the customer can pay less to get less computing power to handle less transactions.

5. When the customer finds a more economical way of operating their Bespoke Application Service, they can switch to a different Application Service provider. The only liability placed on the customer is to pay for the service they have received - get the service for a month and pay for that month.

A9. Need to Know:

1. The organisation has a duty to treat each customer as if they were the only customer. Least privaledge and a need to know principles are deployed with chinese walls between departments where one department do not need to know what others are doing.

2. Insider threats are minimised by no person having access to information they do not need to do their job. Access control is unique to each job title and most people can manage with only the data they have authored.

3. Customer data is fully encrypted using a plethora of methods that nobody can understand and decrypt. Other business data is encrypted as needed using different methods so if a method is cracked, other data remains safe and secure.

4. Senior executives have no need to know who the business associates are by name as each has a unique identifier that serves the same purpose. Names are private and the organisation is designed to operate without people knowning the names of other people or business associates. In many cases, the names of people will be known, but the organisation is designed to operate perfectly well without such private information.

5. For example: the Request Fulfilment Manager does a first class job with open and transparent requests that all interested parties can see without the need for anybody to known the names of the people who provide that role. The Compliance Manager has an internal audit role to keep everything legal and in full compliance with International standards and regulations, without the need to anybody to known the name of the incumbant Compliance Manager. The role of the Compliance Manager does not mean endless meetings to debate an interpretation of legal clauses, the role is simply to accept or reject aspects of a Bespoke Application Service as fundamental part of the design, development, validation and testing process.

6. As a policy, roles are fragmented to prevent collusion, accidents, fraud and errors. For example: data privacy responsibility is split with the Data Protection Officer managing the strategic Privacy Impact Assessment and the Information Security Manager deploying the applicable controls. For example: encryption responsibility is split with the Development Manager creating thousands of encryption methods and the Configuration Manager deploying different encryption methods to different fields.

A10. Exceptions:

1. The Federation is made up of people with a moral backbone who will not be involved with any business that may not be legal in any local country. The local entreneur who works as account manager to local customers will decide what customer to accept and what customer to decline.

2. At the current time, "payroll" is not permitted to be integrated into any Bespoke Application Service for insurance purposes. Interfaces are provided to Government sponsored payroll systems in some countries.

3. Once a customer is taken into the federation, it is very unusual for that customer to be lost. Where the customer is not able embrace the privacy and data protection of other people, then the customer may have to find a different ASP with a different attitude towards privacy.

4. At the current time, Gambling and Gaming is not permitted because the current entrepreneurs do not know enough about these market sectors. It is likely that Gambling is a market where artificial intelligence could make a massive difference, but this is yet to be proven.

A11. Business of One:

1. By the time that a person has gained the qualifications, skills and experience to become part of the organisation, they will have learned the business of one. People do not have a job for life, they will work with many different organisations to pursue different interests at different times in their life.

2. People MUST develop the skill of selling themselves, of being able to articulate their worth and being able to demonstrate that they can add value. People are only hired because the organisation can earn more revenue than it will cost to hire the person.

3. People do not work FOR the organisation, they work WITH the organisation, while it is to the mutual benefit of both parties. Employer to employee relationships have evolved with an open and transparent method of working where the contribution made by each person is in plain sight. By definition, no employee exists that does not make a positive contribution to the organisation. It would be unfair to keep an employee working with the organisation when they are no longer making a contribution and should be doing something more effective.

4. People work for themselves - the business of one, even while they are an employee and working WITH a company. A person leaves when the company does not give them what they want. The company is employing people because the person makes a revenue contribution for the company. The person leaves when they are not making a contribution.

A12. Pseudonymised Data:

1. Pseudonymise is a complicate word for a simple security measure that is recommended in Article 32(1a) of the General Data Protection Regulation. Pseudonymise is like annonymised data, except that it is reversable.

2. A business data field like a person name is replaced in a record with an artificial token. An agorithmically altered version of the token is stored in a different file together with an encrypted version of the persons name.

3. When the person name is to be displayed to an approved person, the token is used to find the persons name using built in decryption methods. in practice, many thousands of different encryption methods are deployed for both the token and the field value to be protected.

4. Each field value to be protected is assigned its own unique set of encryption methods for its tokens and fields - some fields need more protection than others. Pseudonymised files are hidden in photographs that are hidden in massive photo libraries.

5. Pseudonymised data cannot be decrypted by agencies with massive processing power because tokens are arbitary and can represent any field value. Many tokens have the same value as other tokens because it is the context of where the token is stored that implies which pseudonymised file to be used for decryption. Token values can also be associated with fake test data that looks plausible, but is all made up.

6. The level of complexity is continually increasing as Eliza learns new ways to encrypt private information and new ways to provide alternative decryption results that is just fake data. Many decryption tools will stop processing when they discover a field value that looks plausible and they may never know that thousands of alternative results are plausible, but all fake.