...INSEAD The Business School for the World Universitet St.Gallen 603-020-1 Sainsbury's (A): Transforming the SupPlY Chain 0l12008-5166 ThiscasewaswrittenbyRegineslagmuldel'AssocialePlofegso!ofAccountingandconirolatlNsEAD.andDanie] coor.n, es"o"iute proressoi ot supity ctrain vanagemenr and Technology ai lhe universrty of st. Galen's KrihneIi is intended to be used as a Insrirute of Logisrics, with assistan;tuom Dan crotl;D, Resealch Associate at INSEAD. siluatron basis for clas;iscussion ralher lhan 10 itluslrate either effeciive or inefrective handling of an administrative Resealch Initiative on High The aulhors gratefuly acknowledge rhe financial suppor( provided by lhe INSEAD-PWC Pedormance Organizalions. Copy ght O 2003 INSEAD/University ot St. Callen, France/Switzerland N, B.: To oRDER coPIEs or INSEAD crsEs sEE DEraL! oN EA.K covER CoPrEs vaY Nor Gitll - v'- the case for learninq ' *:::f:::*'***^ iiliLi:H- :fiiIi"il"., " " INSEAD The Business School for the World Universidit St.Gallen 603-020-1 Sainsbury's (A): Transforming the SupPlY Chain 0l12008-5166 ThiscasewaswrittenbyRegineS]agmuldel'AssocialePlolesso!ofAccountingandcontrolatlNsEAD.andDaniel Kiihnecor"r.n, es"o"iute professo; of supply chain Management anct Technology a.t lhe universrty of st. Galen's be used as a ir"riiri.'.r L"gi"it*, *tth assistan;tuom Dan crofl;D, Resealch Associate ar INSEAD. Ir is inrended to siluatron basis for class-discussion...
Words: 4323 - Pages: 18
...4.3.1.1 The broadcast will contain a condensed incident summay and stratification detail as defined in the ITSM Critical Incident Process. 4.3.1.2 Affiliate, Operational, or other Corporate P1 P1 communication, response, and policies are independent of this Policy and triggered as appropriate by this broadcast. (See Critical Incident Communication Map). 4.4 Incident Ownership 4.4.1 Incident ownership will be aligned with the root cause of the incident. 4.4.1.1 Vendor incidents will be assigned to the support resources that manage the vendor relationship. 4.4.1.2 Incident Ownership can evolve based on investigation during the incident resolution as well as during the ITSM Post Incident Review Process. 5.0 POLICY APPROVAL 5.1 This policy must be reviewed and approved at least semi-annually. 5.2 The Risk Management Governance department must review this policy prior to submission for policy approval to validate governance elements are correctly included. 5.3 This policy must be submitted for approval accompanied...
Words: 1669 - Pages: 7
...Service-specific details are defined in the appendix. Changes to this plan are not permitted unless negotiated and approved by signers referenced at the end of this document. Support Overview Scope This plan defines roles and expectations for operation of all ITS provided services. Production support needs that extend beyond the levels described here must be negotiated, approved, and detailed as exceptions in the provided template and attached to the plan. This document is not intended to define internal team procedures. Support Overview/Key Points ● All ITS services are supported using the tiered service model where tier 1 and 2 reside at the Service Center and tier 3 are the subject matter experts. ● Support groups are configured in ITSM which is the ITS support tool of choice. ● Incident, Problem, Change, Availability, Capacity, Release, and Knowledge Management processes will be utilized by all support teams and are defined at the organizational level. ● Monitoring events will follow established ITS processes and procedures to ensure integrations with production support activities. ● The Significant Incident process will be utilized by all services covered under this plan. ● Service releases and/or changes will utilize the ITS Release Calendar and ITS Service Status Page, as well as defined ITS communication standards. ● The Service...
Words: 1084 - Pages: 5
...helps enterprises to create optimal value from IT by maintaining a balance between realising benefits and optimising risk levels and resource use. 5 Principles to build an effective framework to practise governance: Meeting stakeholder needs Covering the Enterprise End to end Applying a single integrated framework Enabling a holistic approach Separating governance from Management 7 Enablers to optimise information and technology investments and minimize IT risks Principles, Policies and framework Processes Organisation structure Culture, ethics and behaviour Information Services, infrastructure and applications People, skills and competencies ITIL ITIL provides a consistent, and coherent framework of best practices for ITSM and related processes, which promotes a quality approach for...
Words: 419 - Pages: 2
...Journal of Enterprise Information Management Analysis of risk dynamics in information technology service delivery Özge Naz#mo#lu Yasemine Özsen Article information: Downloaded by SEGi International Bhd At 09:35 13 July 2015 (PT) To cite this document: Özge Naz#mo#lu Yasemine Özsen, (2010),"Analysis of risk dynamics in information technology service delivery", Journal of Enterprise Information Management, Vol. 23 Iss 3 pp. 350 - 364 Permanent link to this document: http://dx.doi.org/10.1108/17410391011036102 Downloaded on: 13 July 2015, At: 09:35 (PT) References: this document contains references to 37 other documents. To copy this document: permissions@emeraldinsight.com The fulltext of this document has been downloaded 1723 times since 2010* Users who downloaded this article also downloaded: Norita Ahmad, Noha Tarek Amer, Faten Qutaifan, Azza Alhilali, (2013),"Technology adoption model and a road map to successful implementation of ITIL", Journal of Enterprise Information Management, Vol. 26 Iss 5 pp. 553-576 http://dx.doi.org/10.1108/JEIM-07-2013-0041 F. Ponsignon, P.A. Smart, R.S. Maull, (2011),"Service delivery system design: characteristics and contingencies", International Journal of Operations & Production Management, Vol. 31 Iss 3 pp. 324-349 http://dx.doi.org/10.1108/01443571111111946 Kakoli Bandyopadhyay, Peter P. Mykytyn, Kathleen Mykytyn, (1999),"A framework for integrated risk management in information technology", Management Decision, Vol. 37 Iss 5 pp. 437-445...
Words: 7780 - Pages: 32
...Backup solutions for data storage will need to be set in place to ensure integrity of Finman’s data and meets industry standards. Statement of Intent Auditing, encryption and threat management will need to be set in place to ensure no misuse of Finman’s resources are allowed. IT Security Management guidelines will need to be followed to ensure customers are educated and no misuse or abuse to Finman’s IT services or resources are allowed. Finman’s Intellectual property such as patents, copyrights, and trademarks are to be protected by identifying, labeling, locking it up, and educating employees. Utilizing Windows software trace preprocessor (WPP) can help with the tracing of software components. Justifications IT service management (ITSM) focuses on control access by utilizing various functions, processes, and systems necessary to manage the full lifecycle of IT services ( IT Service Management by Ernest Brewster, Richard...
Words: 452 - Pages: 2
...Diverse experience in many industries including technology, finance, entertainment, and consulting. Natural leader with the unique ability to empower and motivate teams. Big picture focus and flawless execution. Proven areas of expertise include: • Budget planning/management • Negotiations with clients & vendors • IT systems integration • Relationships development management • Software development/implementation • Program/Project management • Vendor Selection & Management • Proposal/project planning and WBS development • Global Project Team • Risk assessment/management • IT service management • Configuration/Asset Management QUALIFICATION HIGHLIGHTS • A tried and tested “hands-on” IT PM professional with experience in IT, ITSM, ERP, QA, Strategy Development, Process Improvement, Team Building and Client Relationships. • Designed and developed packaged work products that enhanced CA Service Software Offerings, provided solution integrations with many third party ticketing systems and improved process integrations thru automation. • Engagement experience includes Program/Project Management, Business Analysis, PM methodology/process development, PMO, formal PM training,...
Words: 4744 - Pages: 19
...sits within the Service Delivery area and it is broken down into four capability groupings: Service Delivery; IS; Technology Audit; and Emerging Technology Monitoring. The competencies are mapped onto the Framework based on complexity of work; expected level of experience for each of the Australian Department of Defense’s Development and Competency Assessment Framework (DeCAF) level; expected level of S and K required; proposed level of responsibility including management and leadership capability; expected degree of supervision required and classification level of supervisor; and a logical grouping of particular competencies. The second part of the document maps only two roles: IT Security Manager/Auditor (ITSM/A) and IT Security Officer. The required capabilities for ITSM/A for example in Service Delivery are the following: Supports System Security: reviews reports on, or analyses information on, security incidents and patterns to determine remedial actions to correct vulnerabilities; Delivers Service Excellence: develops and manages customer service performance requirements for IS; ensures information ownership responsibilities are established for each information system and implements a role based access scheme; liaises with stakeholders to establish mutually acceptable contracts and service agreements; Leads and Develops People: performs project management duties where appropriate; directs the implementation of appropriate operational structures and processes to ensure...
Words: 911 - Pages: 4
...Chapter 1 Analyzing Business Goals and Constraints This chapter serves as an introduction to the rest of the book by describing top-down network design. The first section explains how to use a systematic, top-down process when designing computer networks for your customers. Depending on your job, your customers might consist of other departments within your company, those to whom you are trying to sell products, or clients of your consulting business. After describing the methodology, this chapter focuses on the first step in top-down network design: analyzing your customer’s business goals. Business goals include the capability to run network applications to meet corporate business objectives, and the need to work within business constraints, such as budgets, limited networking personnel, and tight timeframes. This chapter also covers an important business constraint that some people call the eighth layer of the Open System Interconnection (OSI) reference model: workplace politics. To ensure the success of your network design project, you should gain an understanding of any corporate politics and policies at your customer’s site that could affect your project. The chapter concludes with a checklist to help you determine if you have addressed the business issues in a network design project. Using a Top-Down Network Design Methodology According to Albert Einstein: 000200010270745975 “The world we’ve made as a result of the level of thinking we have...
Words: 8812 - Pages: 36
...IT [pic] Australian Government Department of Defence Information System Audit Guide VERSION 11.1 January 2012 Table of Contents 1. Introduction to Accreditation 4 2. The Information System Audit – Checklist 7 2.1. What is an Information System Audit? 7 2.2. Why is an Information System Certification needed? 7 2.3. Assessing an Information System’s Security Risks 7 2.4. Selecting an Information System’s Security Controls 7 3. Purpose of the Checklist 8 4. How to Use the Checklist 8 4.1. The Checklist Structure 8 4.2. Security Objectives 9 4.3. Guidance for IRAP Assessors 9 4.4. Information System Compliance 10 5. Guidance for IRAP Assessors 10 6. The Checklist 11 6.1. The Information Security Policy & Risk Management 11 6.2. Information Security Organisation 14 6.3. Information Security Documentation 17 6.4. Information Security Monitoring 20 6.5. Cyber Security Incidents 22 6.6. Physical & Environmental Security 24 6.7. Personnel Security for Information Systems 26 6.8. Product & Media Security 27 6.9. Software, Network & Cryptographic Security 30 6.10. Access Control & Working Off-site Security 33 Appendix A – Accreditation Governance 36 The ISM & Certification 36 Compliance Levels 37 Compliance Report 37 Compliance Comments 37 Audit Documentation Submissions 38 Appendix B – Standards 39 ...
Words: 6447 - Pages: 26
...Sample Essay for termpaper Presented Problem After examining the incident, there are some key things that stick out as major risks, these include: • Accounts existed before EHR system was deployed. • Accounts were undocumented. • Non Authorized remote users had access to the EHR application. • Undocumented account was created/added to a new system. • Method or Vulnerability to gain privilege escalation outside of change control policy. This led me to propose three policies, each address some of these key issues from separate fronts. The three policies include a Remote Access Policy, Application Deployment, and a Routine Maintenance policy. The Remote Access policy aims to correct the issue that non-authorized users were able to access the EHR system. HIPAA has included provision in the Security Rule that allows for remote access, but with certain limitations. I have included provision that restricts remote access based on Job Role and Job Necessity(ISO 27002:2005, 7.1.1), and restricted to assets that are owned by the hospital which have enhanced security (ISO 27002:2005, 7.1.1) (NIST, 164.312(a)(1))(ISO 27002:2005, 11.4.2). The Application Deployment policy aims to close security loop holes that appear to have been open for months before the EHR system was even deployed. There were no check on accounts when importing, and no alerts when permissions were escalated. Some of the key standards that I see as aiding in creating this policy is better change management...
Words: 1204 - Pages: 5
...White Paper November 2006 BMC® Best Practice Process Flows for Asset Management and ITIL Configuration Management Copyright 2006 BMC Software, Inc. All rights reserved. BMC, the BMC logo, all other BMC product or service names, BMC Software, the BMC Software logos, and all other BMC Software product or service names, are registered trademarks or trademarks of BMC Software, Inc. All other trademarks belong to their respective companies. BMC Software, Inc., considers information included in this documentation to be proprietary and confidential. Your use of this information is subject to the terms and conditions of the applicable end user license agreement or nondisclosure agreement for the product and the proprietary and restricted rights notices included in this documentation. Restricted Rights Legend U.S. Government Restricted Rights to Computer Software. UNPUBLISHED -- RIGHTS RESERVED UNDER THE COPYRIGHT LAWS OF THE UNITED STATES. Use, duplication, or disclosure of any data and computer software by the U.S. Government is subject to restrictions, as applicable, set forth in FAR Section 52.227-14, DFARS 252.227-7013, DFARS 252.227-7014, DFARS 252.227-7015, and DFARS 252.227-7025, as amended from time to time. Contractor/Manufacturer is BMC Software, Inc., 2101 CityWest Blvd., Houston, TX 77042-2827, USA. Any contract notices should be sent to this address. Contacting Us If you need technical support for this product, contact Customer Support by email at customer_support@bmc...
Words: 5623 - Pages: 23
...Disney’s ITIL® Journey Glen Taylor, Vice President of Technology, Architecture and Security, Parks & Resorts, The Walt Disney Company Case Study October 2010 © Disney © The APM Group and The Stationery Office 2010 2 Disney’s ITIL® Journey Contents Introduction Disney’s ITIL journey Getting widespread adoption Choosing ITIL experts Glen’s advice for organizations adopting ITIL Acknowledgements Trademarks and statements 3 3 3 4 4 4 4 © The APM Group and The Stationery Office 2010 Disney’s ITIL® Journey 3 Introduction The Walt Disney Company (TWDC) has five major segments: Studios, Consumer Products, Media Networks, Interactive Media and Theme Parks & Resorts. Glen Taylor is VP of Technology for Theme Parks & Resorts (TP&R). It is the largest division in the organization and in 2009 generated $10.7 billion – approximately 30% of TWDC’s revenue. The division currently manages 11 parks, two water parks, 42 resorts and two cruise ships. The scale of the organization is extraordinary. Over 118 million people visit the parks every year. In comparison, the 2010 World Cup brought around 350,000 visitors to South Africa. Theme Parks & Resorts is the only segment of TWDC that interacts face-to-face with its customers every day, 365 days a year. During peak times some parks are open and full of guests for 18 hours a day. The 42 resorts have over 36,000 rooms worldwide. Cosmic Ray’s restaurant at Magic Kingdom in Orlando is the busiest quick-service restaurant...
Words: 1605 - Pages: 7
...and turn-up, Use of Site to Site Tunnel Please check appropriate box ox Remote Support of BSHSI Systems by Vendor o Application Access by vendor of BSHSI Systems Vendor Contact Information Street address City, State, ZlP 901con Foothill Ranch, CA 92610 BSHSI Contact Information Business Point of Contact Title I Department Local System I Facility E-mail Address Sep. 12. 2011 9:59AM BON SECOURS MT ALVERNO 3ra Fl IT No. 0238 P. 2 Application | | Environnlent and Local System | UserCmmt | Printing? Yes/No | | | | | | | - - | | | | | | | | | | | AlPPIrICarlOll Access Informatlon Server List Ticket Tracking (for BSHSIUse Only) - Heat Ticket # - ITSM Request # ·- .-·.-, Cisco ASA 5540 7.2 *Pre-shared key will be exchanged over the phone during testing phase.*...
Words: 303 - Pages: 2
...The IT Manager’s Guide to ITIL v3 an IT Management eBook contents] [ The IT Manager's Guide to ITIL v3 This content was adapted from Internet.com's bITa Planet, CIO Update, and ITSM Watch Web sites. Contributors: Jennifer Zaino, Mike Tainter, Martin Likier, Drew Robb, Augusto Perazzo, Glen Willis, and Troy DuMoulin 2 5 2 ITIL Version 3 is All Business Drew Robb Bridging the Gap Between IT and Business Augusto Perazzo and Glen Willis 9 5 9 Q&A with Robert Stroud, Member of the ITIL Advisory Group Jennifer Zaino 12 15 The Evolution of Service Management Philosophy Troy DuMoulin Key Differences Between ITIL v2 and v3 Mike Tainter and Martin Likier 12 15 The IT Manager's Guide to ITIL v3, an Internet.com IT Management eBook. © 2008, Jupitermedia Corp. 1 [ The IT Manager's Guide to ITIL v3 ] ITIL Version 3 is All Business By Drew Robb Shrek III” was better. So were "Rocky III" and "Mission Impossible III." But while ITIL III is no blockbuster, it is getting decent ratings from the IT community overall. In particular, it is earning kudos for attempting to bridge the chasm between IT and the various business units within organizations. IT Infrastructure Library (ITIL) made its debut in 1989 and since then has become the de facto standard for IT service management best practices. Since the release of v2 at the start of the millennium, there have been new business regulations and mandates, technology advancements, and general shifts in how IT is valued. In light of...
Words: 8563 - Pages: 35