| ITIL : 4.1 Support Manager |
|---|
| 1. Support Manager | | 1. To accept the operational role of the Support Manager is to manage each event that happens in each data center and in the organization. Many hundreds of attacks take place daily and while the Intrusion Detection and Prevention Server (IDPS) will automatically deal with most events, manual action is needed to ensure that new kinds of events are properly escalated. | | 2. To use Service Incident and Event Management (SIEM) application that monitors traffic and identifies unusual patterns of behaviour. For example a cluster of error or warning messages is an event that needs to be analysed as a special event. | | 3. To understand that criminals and state sponsored agents can be predictable in that they will begin with gentle probing before exposing a major attack. By operating many hundreds of domains, attacks on honeypots provide advance notice that similar attacks can be expected on real production web sites. By analysing and understanding each criminal attack on a lightly defended honeypot web site, mitigating business rules can be designed to build a solid defence for all production web sites. Many in-house application service providers never have the number of domains and manpower needed to build a safe and secure application service that is continually defended against new attack methods. | | 4. To expect that all support activities will be carried out subject to a non-disclosure agreement so any information discovered as part of a support activity is never disclosed, including the fact that any support work was ever undertaken. To ensure that the whole support team are subject to a service agreement that perpetuates the terms of the non-disclosure agreement to all people undertaking any kind of support activity. To instill into the support team the legal privacy requirement to never disclose the name of a person or organization - even if competitors provide a list of client names and even reference persons names. |
| 2. Responsibility | | 1. To be responsible for the Information Technology Department and all information owned by the organization that is managed according to local laws. | | 2. To manage the information privacy policy based on: | | (1) Personally Identifiable Information (PII) that is defined by GDPR laws where people own their own data that is loaned to the organization with consent until that consent is withdrawn or after the information has not been processed for seven years. All human resource and payroll information is PII that must be encrypted and replicated to eliminate the threat of a reportable data breach. All personal emails are PII that must never be disclosed to any other person than the person named as the recipiant. | | (2) Legal Information is any information that is or may be the subject of legal procedings including complaints that are goverened by legal council who will distate what may be disclosed before the information is physically destroyed after ten years. | | (3) Private Business Information is any internal information that cannot be disclosed because it is the subject of a NDA or if disclosed would provide an unfare advantage to a competitor such as financial transactions, HR activies and operational activities that do not need to be made public until is is destroyed after seven years. Opinion is that much of the business informtation that was classified as private could and should be classified as public. | | (4) Public Information is everything else that may be disclosed in an open honest and transparent way, but not all public information will be worthy to be published. | | 3. To anonomise and publish each support request as public information for the benefit of all those who wanted to ask but did not have time. | | 4. To accept that a significant duty of the Support Manager is to educate and to manage policies that keep the organization within all legal boundaries. |
| 3. Support Messages | | 1. To provide every person who has been authorized to sign-in with access to a common application support facility where a new support message can be added and old support messages can be reviewed. | | 2. To treat every support message as an event that will trigger a rapid response by a member of the support team. | | 3. To provide operational facilities please see: Request Fulfilment Manager |
| 4. SIEM | | 1. To record every event as a task with normal workflow state transition from pending though to closed using the Service Incident and Event Management application.. | | 2. To enable the support team to manage an event though its life cycle to identify root cause, to determine avoidance actions and to resolve the incident in such a way that it should not happen again. | | 3. To build-in continual improvements as a means that events are not simply closed so they can happen again and again, but a positive action plan is put in place to minimise work in the future. | | 4. To embrace very high levels of automation that minimise the cost of repetitive support requests. | | 5. To look for and exploit common portability and reject uniqueness between: | | (1) Amazon Web Services | | (2) Microsoft Azure Online | | (3) Google Cloud | | 6. To ride on the back of international standards and proven codes of best practice, rather than any bespoke technology. |
| 5. Proactive Support | | 1. To continually monitor what people do and by trapping every user error message, it is practical to become proactive and can contact the user before the user needs to raise a support message. | | 2. To provice online chat and webinars provide real-time tuition to users when it is applicable. | | 3. To make time for regular calls to each user with the ability to cross sell other services as needed. |
| 6. Priorities | | 1. To automatically monitor all application services so any high priority incident will already be known and people will be working on how to circumvent the issue. | | 2. To understand that where an application service is not working the way that a person expects it to work, then a specification may need to be revised to match exactly what a person want it to do. It can take time for stability to evolve where the documented specification of any procedure matched exactly how the business want to work. As a policy: it is not the business that needs to adapt to how the service works, it is the role of the service to adapt to match what is needed. |
| 7. Privacy and Security | | 1. To make this document public information without copyright for the benefit of humanity. | | 2. To never disclose any information that is covered by a non-disclosure agreement (NDA) and never disclose what NDA may exist. | | 3. To provide job title where applicable but never to disclose the names of people or organizations. |
| 8. Remote Access | | 1. To enable remote access to support people working in a virtual office with a wide variety of computing devices. | | 2. To understand that Microsoft Remote Desktop is limited to MS Windows 10 Professional operating system. | | 3. To promote Google Chrome Remote Desktop as a plugin to Chrome browser for most Windows 10 Home laptops and Android smart phones. |
| Document Control: | | 1. Document Title: Support Manager. | | 2. Reference: 164100. | | 3. Description: Support Manager. | | 4. Keywords: Support Manager. | | 5. Privacy: Public education service as a benefit to humanity. | | 6. Issued: 13 Feb 2017. | | 7. Edition: 2.3. |
| NOTE: Data Import and Export | | Computer to computer data interchange has been a fundamental part of replicated database management for many years. Encrypted message switching facilities enable data to contunually flow between data centers with allowances for transient network interuptions. | | Secure FTP and XML is employed for customer to customer data communications. XML using UTF-8 character encoding is able to most languages in the world and securely transfer structured data between computers. Because XML is the same family as HTML, any browser can be used as an FTP client to XML data transfer. | | The application service includes a secure FTP server that is IP locked with named clients for the transfer of agreed data at agreed times of the day. |
| Approved People |
| Document Control: | | 1. Document Title: Support Manager. | | 2. Reference: 164100. | | 3. Description: Support Manager. | | 4. Keywords: Support Manager. | | 5. Privacy: Public education service as a benefit to humanity. | | 6. Issued: 13 Feb 2017. | | 7. Edition: 2.2. |
|
|