| | 4.3 Fulfilment
17. Support by Phone | | |
|---|
| 43.16. Support by Phone: | | 1. Support by telephone as a voice message is administrated by the first level support team under the direction of the Request Fulfilment Manager. | | 2. Approved people have the right to communicate by any means they choose and while the telephone is not the recommended way to communicate private, confidential and sensitive information, if that is acceptable to the approved person then it will be processed. | | 3. Because the telephone is not secure, it must be assumed that every support request by telephone is a criminal phishing attack by an impersonator expecting to use intimidating to get some valuable business information from a first level support person. | | 4. As a policy, every phone call must be recorded as a voice message that can be transcribed into a normal online support request. | | 5. It is recommended that the approved person includes evidence with their voice message to prove that the message is not from an impersonator. |
| 2. New Support by Phone Procedure: | | 1. First level support will listen to the voice message and determine of the message is a phishing attack or from an approved person. | | 2. In the majority of cases, phone called will be from a criminal and the voice recording will simply be physically deleted. | | 3. Where it is proven that the support message is from an approved person, the message is transcribed to the online support request service that the author could have used in the first place. | | 4. The approved person is then able to view the online support service and monitor progress as the request is processed. | | 5. First level support will direct the support request to the most appropriate second level support person who is on duty who will take responsibility to respond and close the request. | | 6. First level support will physically delete the voice recording. As a policy, by the end of every day, all voice messages will be deleted as having no purpose. |
| 3. Phone Leaks: | | 1. The majority of data breaches invoice a phishing attack where a person is fooled or intimidated into leaking business information. | | 2. The request fulfilment manager has managed this risk by ensuring that all phone calls are recorded and first level support do not respond to any intimidation. | | 3. Approved people have the right to do what they choose, including choosing to leak business data by phone. | | 4. The Request Fulfilment Manager has a responsibility to ensure that policies and procedures are first class so they cannot cause a data breach or leak information. |
| Document Control: | | 2018 Jan 27 : Latest edition as (public) page 164317. Part of ITIL by Request Fulfilment Managers responsibilities. |
|
|