advanced help desk software innovation
Help desk software
Click an ITIL featured help desk software product name below for more information:
British Standards Institute BS 7799, BS 15000
sitehelpdesk-IT has been designed to cover the main record keeping requirements of the BS7799 / ISO 17799 Information Security and BS 15000 IT Service Management standards. We also provide the essential mechanisms for tracking, collating, reporting and auditing the processes to provide security and control features recommended in the IT Infrastructure Library (ITIL). Click here for more information about our approach to ITIL
The British Standard 7799 for Information Security Management and the later ISO 17799 are comprehensive documents for formulating policies and procedures covering all security and business continuity related issues. Organisations may obtain certification of compliance to these standards.
British Standard 15000 for IT Service Management provides a code of practice for the provision of a reliable and consistent IT support service and are core to the ITIL recommendations. Conforming to ITIL and the standards provides a framework for companies to achieve a set of procedures and working practices for the provision of quality IT services.
No helpdesk software solution can cover all aspects of these standards. To conform to BS 7799 / ISO 17799 / BS 15000 and ITIL, a certain amount of internal organisation, policy documentation and procedures need to be established outside of any computer software system.
BS 7799 / ISO 17799
Here is a brief summary of the sections of the BS7799 / ISO 17799 and an indication of where sitehelpdesk-IT provides the necessary records and processes to meet the requirements.
BS7799 Part 1 - Code of Practice for Information Security Management
This section covers the main documentation security awareness and policy making requirements. There are certain legislative requirements of an organisation such as intellectual property rights, safeguarding company records, data protection and privacy of personal information. These are best dealt with in conjunction with the Legal department. From an Information Technology view point, the necessary controls for Information Security that are considered best practice are;
a) Information security policy document
A) Information Security Policy
This is the main foundation of all other policies and documentation and needs to be clearly communicated to staff. Employees pose one of the main risks either through ignorance or malicious intent. Mistakes can be made but unless staff are made aware of the seriousness that your business places on security then they cannot help you achieve it.
Click here for a sample security policy based on the recommended Department of Trade and Industry format. You may contact the dti directly: https://www.gov.uk/government/organisations/department-for-business-innovation-skills to obtain a copy of their Guide to Information Security.
B) Allocation of Information Security Responsibilities
These key Internal contacts for business continuity and other security related matters may be held in sitehelpdesk-IT. The Internal contacts are held distinct from other 'User' information under the Business Continuity menu option that requires specific privileges to access. Personal / home telephone numbers may be recorded along with their role in the event of a disaster or security breach. Disasters rarely occur during normal business hours so these are printed on the Disaster Recovery Report which should be printed off regularly and carried and held off site. The keeping of these records in the application allows them to be incorporated with other security related records and helps ensure that they are always kept up to date. ?
C) Information Security Education and Training
Adequate education and training of staff in security related issues is essential and should form part of their induction when joining the company. A specific 'Template' set of tasks may be set up in sitehelpdesk-IT to include this important activity. Templates may be for an individual repetitive action or a number of auto generated calls pre assigned to support staff and automatically launched from a 'Master' template. They could for example, cover any aspect such a 'new starter' procedure. e.g. Order PC, create user account, Security Training etc. Staff should also sign a security policy to ensure enforceable compliance.
D) Reporting Security Incidents
Our products are all about user interaction and participation. A Call type called 'Security Issue' or similar, should be set up so that staff may report any concerns, requests for information, clarification of policies etc.
BS 7799 Part 2 - Specification for information security management
This part details the requirements for establishing, implementing and documenting information security management systems (ISMSs). Each section will be more or less relevant depending on your business but section 11 covering Business Continuity Management will always apply.
Business Continuity Management
sitehelpdesk-IT contains a comprehensive set of registers of all the IT infrastructure components and server recovery procedures. In addition to this there are Back up and Restore registers and off site media archive registers.
One of the main areas of risk is getting a service back on line quickly after a disaster has struck. System outages may be the result such things as floods and thefts where equipment is no longer physically available. Adequate records of the equipment type, it's role, the configuration, who is responsible for rebuilding and restoring data onto it and the priority that things need to be done are all essential but will waste value time if considered after the disaster. sitehelpdesk-IT holds all this and more in the DR report to help you restore services to normal in a timely and efficient manner.
Asset classification and control is managed by sitehelpdesk-IT. There is no type of information asset that cannot be held in sitehelpdesk-IT, either in the Asset register, Loans, Stock, Library or Software Register. The person responsible is assigned and additional relevant information held. Call history and configuration changes are visible from the hardware records.
Many aspects of BS 7799 / ISO 17799 relate to physical security but some records are required of these, such as warranty and maintenance schedules and full asset registration and history. All of these are maintained in sitehelpdesk-IT.
BS 15000 provides a fairly concise over view of the major elements for IT Management and establishes guidelines and initiatives to ensure good working practices. This is supported by PD 0005 - issued by the Department of Trade and Industry as a Code of Practice for IT Service Management which specifically identifies elements of best practice required to meet BS 15000.
sitehelpdesk-IT compliments this standard with full audit trails maintained of asset changes via User request call logs and changes of the allocation, location and direct changes to the configuration. This is achieved by the system even without other formal documentation controls. These controls still need to be implemented for compliance to ITIL but sitehelpdesk-IT audits the change even if the full written procedures are by passed, which can often happen in a busy IT department and technical staff are not renowned for the adherence to written procedures. System driven audit logs are maintained of changes to the records held identifying who, what and when changes were made. This is complimented with integration to network management tools including WMImonitor, Microsoft System Management Server (SMS) and Visual audit Pro for capacity management enquiry and reporting
Service Level management and reporting.
Service Levels are essential for measuring performance of the service being provided and sets the bench mark for expectations of your customers be they internal or external. sitehelpdesk-IT and sitewebdesk provide flexible allocation of service levels of requests for services and these may be notified and escalated via email. Flexible reporting shows the number of call in and outside the SLA plus the percentages achieved.
The call log process combined with SLA provides a mechanism for Incident management and reporting. The features of sitehelpdesk-IT user incident logging ensures that more comprehensive records are maintained. Few technicians have mastered the discipline of recording incidents after the event as this is seen as unnecessary added bureaucracy. Common incidents may be entered after the event in a matter of seconds a via the sitehelpdesk-IT Templates of call types.
Now you have seen the highlights - click here to download a free trial of sitehelpdesk then email a request for an upgrade to sitehelpdesk-IT.
© 2014 sitehelpdesk.com, all rights reserved