| | 4.3 Fulfilment
01. Self-Service Support | | |
|---|
| 4.3.01. Self-Service Support: | | 1. People have the right to self-determination and self-service support. People must not be left waiting for support from other busy people. It is no longer acceptable to communicate confidential information using telephone or email. | | 2. Self-service is a proven human resource method of working that eliminates delays and gives responsibility to those people that deserve it. The use of the telephone has gone the same way as the fax machine and pager. Call center costs have been eliminated, personality conflicts have been avoided and your application service used to rapidly automate all such task. Never again will anybody have to hang on a busy telephone line or wait for a telephone call back. | | 3. Self-service support is shared information so managers are able to manage with evidence of who did what and when - the state of every request is known. The Request Fulfilment Manager has access to all information at their fingertips with the certainty that everything is always complete and correct. Nobody ever has to ask the status of any request, all interested parties can follow-up and see for themselves the state of every request. | | 4. Self-service support infomation is classified as private, confidential and sensitive so it must never be disclosed to any other party. Every telephone call and every email will be copied by many other parties in all parts of the world - these are not suitable to communicate self-service support information. Online self-service support information is encrypted at all times and can only be viewed by approved people - company confidential information is kept confidential at all times. | | 5. First class self-service support is provided for the benefit of everybody who use the bespoke application service. Level-1 support using telephone and email that were acceptable twenty years ago are no longer safe, secure or fit-for-purpose. Progress has been made to provide the kind of safe and secure self-service that people wish to use for the next twenty years. | | 6. These self-service request forms are optional as any business data can be processed using normal spreadsheets and forms, but that is not always efficient, safe, secure or practical. Where procedures have a low usage, then special fool-proof forms have the benefit of excessive validation without any navigation to make it easy for a person to archive their goal with little chance of failure. |
| Glossary of Terms: | | Eliza is the name of your artificial intelligent assistant that acts for and on behalf of the Request Fulfilment Manager and Access Control Manager. | | GDPR means General Data Protection Regulations that must be complied with. | | SAR means Subject Access Request where a person can demand a copy of all their data. | | OTPP means One-Time Pass-Phrase that has a life cycle of one hour before it expires. | | Staus of any request shall be: (1) Opened, (2) Underway or (3) Closed. |
| 11. New Person Request: | | 1. A one-time pass-phrase is provided to minimise delaysso so the new person can sign-in after a few moments. Internal request code 14 is 311. | | 11 New Person Request... |
| 12. Person Left Request: | | 1. Your application service will instantly respond to a person left request to disable the person from signing in. Internal request code 14 is 312. | | 12 Person Left Request... |
| 13. One-Time Pass-Phrase Request: | | 1. A one-time pass-phrase is provided to minimise delays - the person can sign-in within a few moments. Internal request code 14 is 313. | | 13 One-Time Pass-Phrase Request... |
| 15. Change My-Profile Request: | | 1. The persons profile is shown and the person has the right to alter any field or fields. | | 2. Where the persons branch is changed, they must click the "welcome" button on the main dashboard top menu to activate access to business data for the new branch. Internal request code 14 is 315. | | 15 Change My Profile Request... |
| 02. Support Request: | | 1. Not all people have a manager to assign a new person and the new person request is not applicable to all departments. When any of the previous requests is not applicable, then a support request can be made to handle exceptions. The reason for a support request may include:- | | (1) Improvement. | | (2) Change. | | (3) Defect. | | (4) Help. | | 2. A support request may have any number of support notes where each note has a subject, message and optional attachment. A support note may be used as an email to share the support request with an identified person in a private, safe and secure way. | | 3. The support form has many optional fields that enable your application service to quickly identify the issue being made. If your application service cannot comprehend the scope or details of the support request, then an email is sent the author with a form so extra details can be provided. Where your application service is able to handle the issue, then an email is sent with a confirmation message. | | 4. Your application service has access to many thousands of application guide web pages and most replies should be by reference to the applicable web page. If a suitable web page does not exist, then the Request Fulfilment Manager will schedule the web page to be authored to satisfy the authors request. | | 5. Improvement ideas and changes are welcomed from everybody at any time. Your application service shall manage each improvement and change request to keep the author informed as to progress. | | 6. Improvement requests may include a screen shot image that is uploaded as evidence. Each screen improvement is responded with a screen shot image upload as evidence of when the improvement was applied. Not all improvements may be approved and reasons will be provided where applicable. Internal request code 14 is 302. | | 02 Support Request... |
| 03. My Personal Information: | | 1. Every person has a requirement to store private personal information in an encrypted storage service. The type and quality of information stored is totally up to each person as no other person can ever see what has been stored. | | 2. The kind of private information stored may include:- | | (1) My Task List. | | (2) My To-Do List. | | (3) My Password List. | | (4) My Address List. | | (5) My Wish List. | | (6) My Shopping List. | | (7) My Training List. | | (8) My Skill List. | | 3. A subject of up to 100 characters may be added and as many subject as needed may be added. | | 4. This is an open-ended private information service that will expand and grow as different people propose new ideas as continual improvements. Internal request code 14 is 303. | | 03 My Personal Information... |
| 04. Hide Direct Rep Letter Request: | | 1. Your application service will instantly respond to a hide imports Direct Representation Letter (DRL) request. When the current DRL data is moved into a customer note, refresh the customer form and a new DRL can be uploaded. Internal request code 14 is 304 for Ties applications. | | 04 Hide Direct Letter Request... |
| 05. New Airport Request: | | 1. Your application service will instantly respond to a new airport request. Airport data is an asset shared by many different departments and all branches. Internal request code 14 is 305 for Ties applications. | | 05 New Airport Request... |
| 07. Person Switch Request: | | 1. Your application service will instantly respond to a person switch request. | | 2. Select the name of the existing person and select the name of the replacement person. Where the existing person was scheduled to do work, the replacement person is scheduled to do the work. Internal request code 14 is 307 for Eliza applications. | | 07 Person Switch Request... |
| Security Audit Requirement: | | 1. Regular security audit penetration tests are contracted to external exports to act as white-hat hackers and replicate the attack journey taken by criminals. A key part of these audits is where phishing attacks are made on support people using telephone and email messages to check if they can be intimidated into disclosing any business information and to check what evidence trails are used to manage all such requests. | | 2. Every email is copied by many agencies in many countries where that data may be read, processed, consolidated and sold to third parties. Every telephone call is recorded and processed by many agencies in many countries. Criminals can reuse parts of telephone calls to impersonate a person as a way to gain business information. The majority of data breaches have been from email servers that contain many years worth of valuable information that can be sold to many other parties. | | 3. Following the belated actions taken by Hillary Clinton and Bank of Panama, all emails have been physically destroyed so they can never be disclosed. Email and telephone are no longer fit-for-purpose to communicate private, confidential and sensitive business information. All business information shall always be stored in a fully encrypted database and shall only be communicated using secure encrypted networked application services. Email and telephone are suitable for private social interchange that can take place at the end of each day, but must not be used for business. | | 4. Phishing and impersonation by a criminal has been eliminated because only an approved person can sign-in to create a support request. Business data is always encrypted and never communicated by public Internet where it will be copied, processed and sold by many agencies. Conformance with ISO 27001 Information Security Standard is mandated - email and phone calls cannot comply with such security standards. |
| GDPR Rights: | | 1. People have GDPR rights to view their own data, to have their own data corrected and to have their own data forgotten. | | 2. Compliance with these rights may be via expensive manual Subject Access Request (SAR) or the person may be granted sign-in rights to view their own data. | | 3. People must formally subscribe to be communicated with before an email or phone call can be made to them. Every communication must include the option for the person to unsubscribe. The company should manage each subscription as evidence of when the person subscribed and unsubscribed and share that evidence with the person. | | 4. Employee HR and authentication data does not belong to the company, but to the person who the data is about. The same is true of quotation contact data, import customer contact data and customer concern contact data. |
| One-Time Pass-Phrase: | | 1. A one-time pass-phrase (OTPP) has a life cycle of one hour before it expired and cannot be used. When a person signs in using the OTPP, they are shown their permanent pass-phrase that must be used in the future. | | 2. The OTPP is designed to be easy to communicate by spoken word by not using any upper or lower case letters. Any keyboard with any lanuage setting can be used with the number pad being recommended. |
| Threat Analysis: | | 1. Threat analysis by external security auditors identified phishing attacks where support desks can be intimidated by criminals impersonating approved people by phone and email. Auditors also reported that evidence of every support request was inadequate for management reporting, statistical analysis and long term planning. Auditors identified where private, confidential and sensitive business data was leaked by public email and phone messages to other parties. | | 2. Compliance has been achieved by switching every kind of support from public email and phone, to private encrypted application services where encrypted shared evidence is automatically collected. Compliance with ISO 27001 Information Security Standard (ISS) demanded that all identified threats must be eliminated or counter measures put into operation. |
| Document Control: | | 1. Document Title: Self-Service Support. | | 2. Reference: 164301. | | 3. Keywords: Self-Service, Support, Requst, Change, Improvement. | | 4. Description: All kinds of application service support is provided with the use of online forms that create an evidence chain that is shared with all interested parties. | | 5. Privacy: ITIL public shared with all approved people. | | 6. Issued: 12 Nov 2016. | | 7. Edition: 1.2. |
|
|