Provisions and Guidelines for IT Service Management
The “Provisions and Guidelines for Information Technology Service Management” (hereafter “ITSM Provisions”) aims to further promote and ensure safe and sound practices regarding Information Technology Service Management (hereafter “ITSM”) of the institutions subjected to the supervision (hereafter “supervised institutions”) of the Centrale Bank van Curaçao en Sint Maarten (hereafter “the Bank”).
The objective of ITSM Provisions is to deliver Information Technology (IT) service support to the supervised institutions, in order to fulfill their IT requirements and thus provide internal and external customers with high quality service. This includes the design, transition, delivery, monitoring and improvement of IT services that support business processes.
Furthermore, the ITSM Provisions aims to further align IT and business processes. In order to do so, a paradigm shift needs to be made. IT should no longer be considered as the technology supplier, but as a business enabler. Institutions can adapt to new IT service models such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). These new models can exist next to the classical IT service model, where IT is an internal department delivering IT services to the organization. ITSM involves the delivery of efficient and effective end-to-end IT services to meet the changing demands of the organization, and to measure and show improvements in the quality of IT services offered.
In the earlier issued “Provisions and Guidelines for Business Continuity Management”, the business impact analysis is created with the business processes in mind. In the business impact analyses we determined the “Recovery Time Objective (RTO)” and the “Recovery Point Objective (RPO)” per business process. Both objectives are part of the service level that is demanded from IT in case of a disruptive event. Single points of failure in the organization and IT are eliminated and other measurements are taken in order to achieve appropriate resilience levels for the business.
Also the earlier issued “Provisions and Guidelines for Information Security Management” was created with the business processes in mind. An important aspect of this guideline is to perform a risk analyses per business process and to indentify information assets, its owners, assigning accountability and responsibility, establish policies and procedures and adapt the organization to improve the internal control environment. Risk is also mitigated or better controlled by changing or enhancing business applications with preventive and detective controls.
DOWNLOAD THE ENTIRE DOCUMENT
^ Back to top
Last updated 11.07.2014 15:57