This policy aims to establish a framework for effective IT Service Management (ITSM) to ensure the delivery of reliable, high-quality IT services that meet the needs of the organization.
This policy applies to all IT services, IT service management processes, and employees involved in delivering and managing IT services within the organization.
Network Management: Monitoring, maintaining, and troubleshooting network infrastructure, including routers, switches, and firewalls.
Server Management: Administration of physical and virtual servers, including provisioning, maintenance, and decommissioning.
Storage Management: Handling data storage solutions, including cloud backup systems.
Internal User Support: Providing technical support for hardware, software, and connectivity issues for internal Encore & Zii employees.
Application Support: Ensuring the availability and performance of enterprise applications, including patch management and upgrades.
Security Management: Implementing and maintaining security measures to protect IT assets and data, including antivirus, firewalls, and access controls.
Incident Management: Responding to and resolving IT incidents in a timely manner.
Change Management: Managing changes to IT infrastructure and services to minimize disruption.
Disaster Recovery and Business Continuity: Planning and implementing disaster recovery and business continuity processes.
Non-Standard Software: Support for software applications not officially approved or managed by the IT department.
Training: Providing direct training or specialized instructions on applications. Employees should consult their manager for training opportunities or external resources.
Business Process Changes: Management of changes in business processes that are not directly related to IT services.
Software Development: Custom software development or support for code written by users or other departments.
Home Network Issues: Support for home network issues unless directly related to remote work setups approved by IT.
Website Management: Design and development of company websites unless they are a core part of the organization's IT services.
Facilities Management: Physical building maintenance, HVAC systems, and other non-IT related facilities issues.
Personal Devices: Support for personal devices.
IT Service: A set of related functions provided by IT Operations to support business processes.
IT Service Management (ITSM): The implementation and management of quality IT services that meet the needs of the business.
Operational Level Agreement (OLA): An internal agreement between the IT department and the business that documents the expected level of service.
Service Design: IT services must be designed to meet business needs, ensuring alignment with organizational goals and compliance with legal and regulatory requirements.
Service Transition: Changes to IT services must be planned, tested, and implemented systematically to minimize disruption.
Service Operation: IT services must be managed to maintain agreed service levels and ensure continuous availability and reliability.
Continuous Improvement: Regular reviews and updates of IT services must be conducted to ensure continuous improvement.
Incident Reporting: All IT incidents must be reported promptly by users to the service desk.
Incident Response: Incidents must be prioritized, responded to, and resolved according to their severity (impact and urgency).
Communication: Users will be contacted every 48 hours, up to three times, before the ticket is closed if no response is received.
Requests Submission: All requests must be documented through a formal ticket via the service desk.
Access Request Approvals: All access requests must be reviewed and approved by the business owner per the Access Management Policy.
Risk Assessment: Potential risks associated with changes must be assessed and mitigated.
Problem Identification: Underlying causes of incidents must be identified and documented by the IT department.
Problem Resolution: Problems must be analyzed and resolved to prevent recurrence of incidents.
Root Cause Analysis: Conduct root cause analysis for significant problems to identify permanent solutions.
Severity Level | Business and Financial Exposure | Description / Work Outage | Response Time | Resolution Time |
1 (Critical) | The issue creates a serious business and financial exposure. | (i) the company experiences a complete or substantial loss of service, or (ii) a mission critical business process is not working, or (iii) where no delay for Resolution is acceptable (impact on customer services or is causing revenue leakage), or (iv) users are unable to work or perform some significant portion, if not all, of their job, and the issue affects over 20% of users and/or customers. | 30 Minutes | 4 Hours |
2 (High) | The issue creates a low business and financial exposure. | (i) the company experiences no loss of service, and the Incident has no significant effect on the usability of the Application, or (ii) the users are unable to perform some small portion of their job, but they are still able to complete most other tasks, or (iii) the issue affects between 5% and 10% of users and/or users. | 1 Hour | 8 Hours |
3 (Normal) | The issue creates minimal business and financial exposure. | All other Incidents not covered within the above (low impact on business and no urgency on fixing the defect). | 4 Hours | 24 Hours |
4 (Low/Request) | The issue creates no business and financial exposure. | These are no longer categorized as incidents. | 8 Hours | 48 Hours |
5 (Project) | Is not categorized as an issue. | These are a set of tasks that must be completed within a defined timeline but are not covered by the Operational Level Agreements (OLAs). | N/A | N/A |
IT Director: Responsible for overall ITSM strategy and policy implementation.
Service Desk Team: First point of contact for incident reporting and resolution.
Business Owners (per service): Reviews and approve all pertaining access requests.
Change Advisory Board (CAB): Reviews and approves all change requests.
Encore & Zii Employees: Responsible for reporting incidents and request ticket submissions directly to the Service Desk
Multiple instances of non-compliance will be reported to the employee's manager and Human Resources (HR) for review. Failure to comply with the ITSM Policy may result in disciplinary actions up to and including termination of employment for employees, or termination of contracts for third parties.