Percentage of IT operating costs, excluding depreciation/amortization, dedicated to IT project management

This measure calculates the percentage of IT operating costs, excluding depreciation/amortization, allocated to the process “IT project management" which involves establishing project scope, identifying project requirements and objectives, identifying project resource requirements, assessing culture and readiness for project management approach, creating business case and obtaining funding, and developing project measures and indicators. In this measure, operating expense includes internal personnel cost, external personnel cost, hardware cost for both owned and leased hardware excluding hardware dedicated to data and voice networks, software cost to include both purchased software and software as a service, data and voice network costs as well as equipment dedicated to data networks and allocations to IT for shared sites and services (e.g., and allocation for corporate facilities and general overhead). It is part of a set of Supplemental Information measures that help companies evaluate additional variables not covered elsewhere for the "IT project management" process.

Benchmark Data

Lock

Sorry! Not all users have access to all of our resources. Question mark icon

Want to unlock access to all of our resources?

Learn about Membership icon--arrow--right

Measure Category:
Supplemental Information
Measure Id:
106450
Total Sample Size:
551 All Companies
Performers:
25th
Median
75th
Key Performance
Indicator:
No

Compute this Measure

Units for this measure are percent.

Back to Top

Percentage allocation of IT operating costs, excluding depreciation/amortization, to IT project management

Key Terms

Back to Top

Supplemental Information

Supplemental information is data that APQC determines is relevant to decision support for a specific process, but does not fit into the other measure categories such as cost effectiveness, cycle time, or staff productivity.

Measure Scope

Back to Top

Cross Industry (7.2.1)

  • 8.1 - Develop and manage IT customer relationships (20608) - Creating and administering relationships with IT customers. Understanding customer needs including high-level business requirements for IT transformation. Plan for and communicate IT services along with establishing IT service levels, providing transformation guidance, and performance analysis that foster IT customer relationships.
    • 8.1.1 - Understand IT customer needs (20609) - Assessing the customer communities along with current IT operational capabilities and usage.
      • 8.1.1.1 - Understand IT customer communities (20610) - Interacting with IT customers to understand the IT needs through a collaborative community through involvement, connection, and informed communication.
      • 8.1.1.2 - Assess IT customer operational capabilities (20611) - Evaluate the ability of the group of staff dependent on information technology, to align resources and critical processes according to organizational vision being able to deliver effectively and efficiently.
    • 8.1.2 - Identify IT customer transformation needs (20612) - Identifying changing needs of staff dependent on information technology based on continuous improvement to deliver results according to organizational goals.
      • 8.1.2.1 - Understand business requirements for IT capabilities (20613) - Understanding business requirements for the existing IT environment as well as future IT needs.
      • 8.1.2.2 - Understand IT landscape (20614) - Understanding the complete logical structure and working of the organization's IT landscape. Assess the configuration of hardware and software (IT Assets) across the organization that supports overall business operations.
      • 8.1.2.3 - Develop IT visioning (20615) - Developing goals to define IT vision. Define and document ideas, direction, and activities which enable information technology to reach these goals.
      • 8.1.2.4 - Outline IT service expectations (20616) - Defining a roadmap to meet organizational expectations from information technology services while considering how it will affect the business.
    • 8.1.3 - Plan and communicate IT services (20617) - Create and design an organized and curated collection of all IT-related services that can be performed by, for, or within the organization. Maintain and convey information about deliverables, prices, contact points, and processes for requesting an information technology service.
      • 8.1.3.1 - Manage IT customer expectations (20618) - Managing customer expectations of the existing IT environment while considering how it will affect the business.
      • 8.1.3.2 - Define future IT services (20619) - Defining the expected demand and usage of information technology services to meet organization's future business goals. Gather necessary information about the processes, resource requirements, and structures pertaining to planned business growth.
      • 8.1.3.3 - Determine IT performance indicators (20620) - Determining IT KPIs crucial to the organization's success. Measure indicators such as IT costs as percentage of revenue, IT maintenance ratio, and system downtime in an effort to evaluate the performance of IT across the organization.
      • 8.1.3.4 - Create IT marketing messages (20621) - Developing concise statements that position the value proposition around the pressing concerns of the internal IT user base, thereby showing how the IT offerings are the right fit for a segment of IT customers.
      • 8.1.3.5 - Create IT service marketing plan (20622) - Creating a marketing strategy for IT offerings to customers. Plan processes for making budgets; identifying and developing media; and managing marketing content and promotional activities.
    • 8.1.4 - Provide IT transformation guidance (20623) - Understanding the necessity of IT transformation for the business. Collect and analyze customer requirements. Identify opportunities and prioritize outcomes. Develop and support business case for transformation. Develop transformation plan and roadmap.
      • 8.1.4.1 - Develop IT transformation plans (20624) - Developing a robust plan to replace or upgrade an organization's information technology systems. Understanding the business need of IT transformation from current to an expected state for the business. Developing a strategic plan for IT operating model, governance, service delivery, and workforce transformation.
      • 8.1.4.2 - Collect IT customer requirements (20625) - Identifying existing or potential IT gaps between the expected business performance levels and current business outcomes.
      • 8.1.4.3 - Analyze IT customer requirements (20937) - Assessing identified IT gaps to plan for remediation efforts to allow outcomes to meet established performance levels.
      • 8.1.4.4 - Identify and prioritize IT opportunities (20626) - Identifying IT opportunities on the basis of collection and analysis of IT customer requirements, then prioritize the identified IT opportunities on the basis of their importance.
      • 8.1.4.5 - Facilitate solution design activities (20627) - Providing a plan of action to provide solution to IT customers. The solution design should be based on the collection and analysis of IT customer requirements.
      • 8.1.4.6 - Prioritize IT outcomes (20628) - Prioritizing IT outcomes based on need, effectiveness, and efficiency.
      • 8.1.4.7 - Develop business cases (20629) - Create a business case with value proposition indicating current situation, proposed solution, financial analysis, and measurable benefits to the IT customers.
      • 8.1.4.8 - Support business case (20630) - Supporting business case with supporting research, business analysis, and background information on IT transformation.
      • 8.1.4.9 - Develop transformation roadmap (20631) - Creating a blueprint for execution of IT transformation from the existing state to the planned organizational structure based on the value proposition and projected business growth.
    • 8.1.5 - Develop and manage IT service levels (20632) - Establishing and maintaining service levels for the provision of IT services and solutions. Design and maintain the IT services and solution catalogue, as well as service level agreements. Evaluate the performance of IT service level agreements. Communicate the results to the management.
      • 8.1.5.1 - Understand IT service requirements (20633) - Understand requirements related to information technology services considering enterprise-level effects and understand potential achievements in the business environment.
      • 8.1.5.2 - Forecast IT service demand (20634) - Forecasting demand for IT services using current business growth, research, and customer feedback. Refine these forecasts, inspect the approach used in creating forecasts, and determine its accuracy.
      • 8.1.5.3 - Maintain IT services catalog (20635) - Maintain information about IT deliverables, prices, contact points, and processes for requesting a service.
      • 8.1.5.4 - Define service level agreement (20636) - Designing and maintaining commitment of service by performance evaluation of IT services and communicate the results to the management.
      • 8.1.5.5 - Maintain IT customer contracts (20637) - Maintaining and documenting commitment of service to staff for information technology contracts including providing software or hardware solution through communication channels like phone, email, and on-site services.
      • 8.1.5.6 - Negotiate and establish service level agreements (20638) - Establish a service level agreement, which is a negotiated agreement designed to create a common understanding about services, priorities, and responsibilities.
      • 8.1.5.7 - Develop and maintain improvement processes (20640) - Conveying the improvement opportunities for the business and level of IT services. Leverage the results obtained from the performance metrics of the business and IT service levels to identify and recognize any opportunities that would improve or enhance the efficiency of the business and IT service-level structure. Communicate these opportunities to management in order for the improvements to take effect.
    • 8.1.6 - Manage IT customer relationships (20641) - Managing the IT relationship with its customers by systematically coordinating interactions over multiple touch points on a regular basis. Coordinate the IT's efforts to reach out to its customers, which include emails, social-media interactions, newsletters, and direct conversations.
      • 8.1.6.1 - Establish relationship management mechanisms (20642) - Create mechanisms for effective public relationship in order to preserve the image and goodwill of the organization through the process.
      • 8.1.6.2 - Understand IT customer strategy (20643) - Understanding the strategy for staff dependent on information technology. Create a plan to create services and solutions, conduct daily operations, and train new employees.
      • 8.1.6.3 - Understand IT customer environment (20644) - Understanding the environment of staff dependent on information technology. Assess and evaluate services and solutions used by customers to conduct daily operations, and train new employees.
      • 8.1.6.4 - Communicate IT capabilities (20645) - Conveying the goals and objectives of the IT function and how it contributes to the overall business objectives to staff and departments across the organization.
      • 8.1.6.5 - Manage IT requirements (20646) - Managing the IT requirements for business objectives. Identify the requirements of hardware and software equipment to store, retrieve, transmit, and manipulate data related to business operations. Consider factors such as functional, design, growth phases, and delivery schedule while managing IT requirements.
    • 8.1.7 - Analyze service performance (20648) - Proactively manage IT service levels against IT customer requirements.
      • 8.1.7.1 - Assess SLA compliance (20649) - Gather data from each service target defined in an SLA for a time segment or review period to evaluate an overall performance percentage.
      • 8.1.7.2 - Triage SLA compliance issues (20650) - Prioritizing SLA compliance issues and plan for remediation.
      • 8.1.7.3 - Collect feedback about IT products and services (20647) - Collecting customer feedback about IT products and services effectiveness based on overall satisfaction. The data is collected through surveys, customer responses, and feedbacks based on the delivered products/services.
      • 8.1.7.4 - Synthesize and distribute IT performance information (20938) - Providing stakeholders with collected IT performance measures for further development based on evaluation.
  • 8.2 - Develop and manage IT business strategy (20652) - Handling the business of IT. Create a organization-wide strategy for the IT function. Define the organization's IT architecture. Manage the IT portfolio. Research and innovate in the field of IT. Assess and convey the performance and the value of the IT function.
    • 8.2.1 - Define business technology and governance strategy (20653) - Defining the need of technology in business and systematic implementation of IT investments. It comprises of assessing competitive technology components to ensure structural analysis, development, usage and security of technology for efficient business operations.
      • 8.2.1.1 - Build and maintain IT strategic intelligence (20654) - Building and maintaining intelligence towards changing organizational goals, supporting management, and operational or functional levels of the business. It is the ability to understand business trends that present threats or opportunities for IT in an organization.
      • 8.2.1.2 - Monitor and map current and emerging technologies (20655) - Monitoring and evaluating existing and forthcoming technologies to meet the current and future growth plans for business operations.
      • 8.2.1.3 - Define and communicate digital transformation strategy (20656) - Defining the integration of digital technology into business operations and service delivery, and convey the strategy to different segments of business. It is always backed by continuous improvement followed by periodic review and change per requirement of the business.
      • 8.2.1.4 - Develop IT strategic alignment (20657) - Developing the process of aligning the organization's business divisions and staff members with the organization's planned objectives for IT.
      • 8.2.1.5 - Articulate IT alignment principles (20658) - Systematic approach to clearly communicate and operate the usage of information technology as it relates to business objectives.
      • 8.2.1.6 - Maintain IT strategic alignment (20659) - Maintaining alignment of the organization's business divisions and staff members with the organization's planned objectives for IT.
    • 8.2.2 - Manage IT portfolio strategy (20660) - Strategy for systematic management of IT investments, projects, and activities. Analyze and examine the value of the IT portfolio and allocate resources based on business objectives.
      • 8.2.2.1 - Establish and validate IT value criteria (20661) - Create and certify the standards to determine the value of the investments, projects, and activities of IT function for the overall business objectives.
      • 8.2.2.2 - Determine IT portfolio investment balance (20662) - Determining the uninvested amount out of the total approved amount for overall IT management, IT investments, projects, and activities.
      • 8.2.2.3 - Evaluate proposed IT investment projects (20663) - Evaluating IT investment projects to achieve overall business objectives in regard to implementation, efficiency, and profitability.
      • 8.2.2.4 - Prioritize IT projects (20664) - Listing the IT projects in the order of most important to the least. Determining which of many IT projects are most important or critical to business operations.
      • 8.2.2.5 - Align IT resources to strategic priorities (20665) - Aligning physical IT resources like software, IT infrastructure, networks, and non-physical resources like technology expertise, to strategic objectives ranked by their importance in achieving the strategic goals.
      • 8.2.2.6 - Align IT portfolio to business objectives (20667) - Aligning IT investments, projects, and activities to achieve overall business objectives.
    • 8.2.3 - Define and maintain enterprise architecture (20668) - Outlining and maintaining the organization's IT architecture. Establish the IT architecture definition and framework. Ensure the relevance of IT. Create and confirm the approach for IT maintenance. Create rules and regulations to guide IT architecture. Authenticate and finalize all IT related research and innovation that takes place within the organization.
      • 8.2.3.1 - Create and publish enterprise architecture principles (20670) - Creating and publishing high level statements of the fundamental values (principles) based on the organization's objectives that guide Information Technology decision-making and activities, and are the foundation for enterprise architecture.
      • 8.2.3.2 - Establish and operate enterprise architecture governance (20671) - Establishing and operating a structure by which an enterprise defines appropriate strategies and ensures development alignment with those strategies. Create and establish the rules, regulations, policies, and standards that will govern the individual components of the IT architecture, as well as the architecture in its entirety.
      • 8.2.3.3 - Research technologies to innovate IT services and solutions (20672) - Systematically investigating and studying materials and sources relevant to the IT function. Reach meaningful insights and conclusions in the form of new ideas and innovation for delivering IT services and solutions.
      • 8.2.3.4 - Provide input to definition and prioritization of IT projects (20673) - Analyze the value driven through IT projects and redefine and/or reprioritize. Evaluate planning, organizing, and implementation of IT projects based on research outcomes and business objectives.
    • 8.2.4 - Define IT service management strategy (20674) - Defining perspective, position, plans, and patterns needed to execute designing, delivering, managing, and improving the way information technology is used within an organization.
      • 8.2.4.1 - Establish IT service management strategy and goals (20675) - Implementing strategy for designing, delivering, managing, and improving the way information technology be used in the organization. The goal of IT Service Management is to ensure that the right processes, people, and technology are in place to meet business goals.
      • 8.2.4.2 - Identify IT service operating and process requirements (20676) - Identifying operating and process requirement for designing, delivering, managing, and improving the way information technology be used in the organization.
      • 8.2.4.3 - Define IT service catalog (20677) - Create and design an organized and curated collection of all IT-related services that can be performed by, for, or within the organization.
      • 8.2.4.4 - Establish IT service management framework (20678) - Create a layered structure for IT service management framework ensuring right processes, people, and technology are in place to meet business goals.
      • 8.2.4.5 - Define and implement IT service management (20679) - Defining and implementing activities involved in designing, creating, delivering, supporting, and managing the lifecycle of information technology services within an organization.
      • 8.2.4.6 - Define and deploy support service management process tools and methods (20680) - Establishing services for providing support to users of IT services and solutions. Define the plethora of services along with tools and methods by which the organization assists users of computers, software products, or other electronic/mechanical products.
      • 8.2.4.7 - Monitor and report IT performance (20681) - Supervising, analyzing, and reporting performance of information technology to ensure they are on-course and on-schedule in meeting the organizational objectives and performance targets.
    • 8.2.5 - Control IT management system (20682) - Regulating the IT management system through performance measures, governance, analysis, and monitoring through a variety of analytic tools. Evaluate IT finances, resource, services, projects, and value for report out.
      • 8.2.5.1 - Determine IT performance measures (20683) - Determining measures for evaluating the performance of IT services in the organization. Establish key performance indicators, including the IT services performance index.
      • 8.2.5.2 - Define IT control points and assurance procedures governance model (20684) - Establishing a governance model with its own structure and functions from where full or partial control can be exercised over the entire IT management system. Specify evaluation and quality control procedures in the structure.
      • 8.2.5.3 - Monitor and analyze overall IT performance (20685) - Monitoring and analyzing information technology performance measures to ensure timely completion, and that quality assurance is met at all steps of IT services.
      • 8.2.5.4 - Monitor and analyze IT financial performance (20686) - Checking and analyzing predetermined financial targets and timelines of IT management system. Monitoring their profitability, feasibility, and consistency. Study the revenues generated.
      • 8.2.5.5 - Monitor and analyze IT value and benefits (20687) - Examining and analyzing the value and benefits of IT service management to ensure benefits outweigh incurred costs.
      • 8.2.5.6 - Optimize IT resource allocation (20688) - Create process to assign and manage IT assets that support organization's strategic goals.
      • 8.2.5.7 - Manage IT projects and services interdependencies (20689) - Manage capabilities required for the successful delivery of information technology projects, which, by extension, affect the success of the overall IT services.
      • 8.2.5.8 - Report IT service and project performance (20690) - Process of collecting, analyzing, and reporting information regarding the performance of IT services and projects.
      • 8.2.5.9 - Select, deploy, and operate IT performance analytics tools (20692) - Select, establish, and operate analytics tool to analyze data and extract actionable and commercially relevant information on IT performance to evaluate or increase performance.
    • 8.2.6 - Manage IT value portfolio (20693) - Creating and establishing the value portfolio. Defining, analyzing, and examining the value of projects, investments, and activities of the IT function.
      • 8.2.6.1 - Assess performance against IT service and project value criteria (20694) - Process of evaluating performance to collect and analyze IT services and projects. Ensure expected IT service and project value based on established criteria.
      • 8.2.6.2 - Quantify value of IT service and project portfolio investments (20695) - Evaluate the value of the investments, projects, and activities of IT function by assigning it a quantifiable value with a profitable return to business operations.
      • 8.2.6.3 - Communicate business technology value contribution (20696) - Conveying the value addition through adopting technology targeting towards integrated profitable business operations.
      • 8.2.6.4 - Determine and implement IT portfolio adjustments (20697) - Determining and implementing IT investments, projects, and activities based on trending technological advancements in the existing environment in order to achieve overall business objectives.
    • 8.2.7 - Define and manage technology innovation (20699) - Outline and manage the innovation of technology within the organization. Research and understand emerging future technological concepts and capabilities. Plan for IT innovation investments. Plan and execute viable innovation projects.
      • 8.2.7.1 - Establish selection criteria for research initiatives (20700) - Establishing the standard for selecting IT research initiatives to align with organizational criteria for implementing future technologies.
      • 8.2.7.2 - Analyze emerging technology concepts (20701) - Assessing new and future technologies relevant to the organization's vision of its IT capabilities.
      • 8.2.7.3 - Identify technology concepts and capabilities (20702) - Identification of conceptual elements that define the benefits of technology to business.
      • 8.2.7.4 - Execute IT research projects (20703) - Implement information technology research projects that focus on meeting the goals of the organization's IT services and capabilities.
      • 8.2.7.5 - Evaluate IT research project outcomes (20939) - Assessing IT research projects based on defined outcome expectations.
      • 8.2.7.6 - Identify and promote viable concepts (20704) - Determine project viability. Promote relevant IT innovations that meet business objectives.
      • 8.2.7.7 - Develop and plan IT investment projects (20705) - Develop and plan long-term allocation of funds for information technology endeavors to meet business goals.
  • 8.3 - Develop and manage IT resilience and risk (20706) - Develop and include the processes required to rapidly adapt and respond to any internal or external opportunity, demand, disruption, or threat to IT. Develop a more dynamic, strategic, and integrated approach to managing risk and compliance obligations.
    • 8.3.1 - Develop IT compliance, risk, and security strategy (20707) - Ensuring that the organization effectively manages risk. Develop rules and standards for robust IT operations, manage risk, and adopt measures to protect integrity, confidentiality, and security of IT assets.
      • 8.3.1.1 - Determine and evaluate IT regulatory and audit requirements (20708) - Determining and evaluating IT regulatory and audit requirements. Train employees on regulatory and audit requirements. Records for the appropriate regulatory and audit agencies must be maintained and the new product process must be approved by the appropriate regulatory body before it is published to the organization.
      • 8.3.1.2 - Understand business unit risk tolerance (20940) - Understand the risk tolerance levels of individual business units, given risk-return trade-offs for one or more anticipated and predictable consequences.
      • 8.3.1.3 - Establish IT risk tolerance (20709) - Determine the specific maximum risk to take in quantitative terms for each relevant risk sub-category, including strategic, operational, financial, and compliance risks.
      • 8.3.1.4 - Establish risk ownership (20710) - Establish an individual or a group who is ultimately accountable for ensuring that IT risks are managed appropriately.
      • 8.3.1.5 - Establish and maintain risk management roles (20711) - Determine and maintain roles that are specialized in each risk areas and coordinating all risk management activities for IT function with due escalation structure.
      • 8.3.1.6 - Establish compliance objectives (20712) - Establishing compliance objectives which ensures that the organization has systems of internal controls that adequately measure and manage IT risk.
      • 8.3.1.7 - Identify systems to support compliance (20941) - Identifying and adopting information technology solutions to support changing regulatory compliance. Safeguard compliance and manage risk by outlining the risk policies and procedures.
      • 8.3.1.8 - Identify and evaluate IT risk (20713) - Developing a timely and continuous process to identify and evaluate activities that might hinder IT operations or an IT project's goals.
      • 8.3.1.9 - Evaluate IT-related risks resiliency (20714) - Assess IT-related risk resilience strategies to ensure that the organization effectively manages its risk.
      • 8.3.1.10 - Create IT risk mitigation strategies and approaches (20715) - Developing activities to improve performance opportunities and lessen threats in IT. Evolve strategies and policies to attain organizational objectives.
    • 8.3.2 - Develop IT resilience strategy (20716) - Developing resilience strategies of IT across the organization so that prospective risks can be avoided.
      • 8.3.2.1 - Determine IT delivery resiliency (20717) - Determining resilience strategies to ensure that IT effectively manages it's delivery process to mitigate risk.
      • 8.3.2.2 - Determine critical IT risks (20718) - Determining risks that could disrupt objectives of IT.
      • 8.3.2.3 - Prioritize IT risks (20719) - Prioritize potential IT risks based on business need to ensure overall IT stability.
      • 8.3.2.4 - Establish mitigation approaches for IT risks (20720) - Establishing activities to improve opportunities and lessen threats for IT.
    • 8.3.3 - Control IT risk, compliance, and security (20721) - Ensure effective control in overall IT risk management, formulate and execute guidelines in-line with regulatory bodies, and manage organizational security throughout the business operations.
      • 8.3.3.1 - Evaluate enterprise regulatory and compliance obligations (20722) - Evaluation of dynamic, strategic, and integrated approach to manage regulatory requirements and compliance obligations.
      • 8.3.3.2 - Analyze IT security threat impact (20723) - Analyzing the impact of threats to critical IT assets across different departments and functions in the organization in terms of quantifiable results.
      • 8.3.3.3 - Create and maintain IT compliance requirements (20724) - Develop and maintain IT compliance standards. Maintaining requirements set forth by such directives as GRCP, PMI RMP, CGRC, CGEIT, CRMA.
      • 8.3.3.4 - Create and maintain IT security policies, standards, and procedures (20942) - Develop and maintain an architecture for securing and ensuring the privacy of data flows throughout the organization. Create, test, evaluate, and implement IT security policies to ensure the safe use of IT services and solutions.
      • 8.3.3.5 - Develop and deploy risk management training (20725) - Develop and implement training in regard to managing IT risks, understanding criticality, impact, and opportunities associated with business objectives.
      • 8.3.3.6 - Establish risk reporting capabilities and responsibilities (20726) - Establishing processes to communicate IT risk to the organization.
      • 8.3.3.7 - Establish communication standards (20727) - Establishing standards for communications within the organization which creates the road map for successful understanding of strategic initiatives for both business units and information technology services.
      • 8.3.3.8 - Conduct IT risk and threat assessments (20728) - Evaluate IT risk and threat assessments by way of IT assets, information security, and breach points within the organization.
      • 8.3.3.9 - Monitor and manage IT activity risk (20729) - Monitoring and managing risks related to IT adoption within the organization.
      • 8.3.3.10 - Identify, supervise and monitor IT risk mitigation measures (20730) - Identifying and supervising a blueprint of measures for managing risk in IT. Monitor actions to enhance opportunities and reduce threats to project objectives.
    • 8.3.4 - Plan and manage IT continuity (20731) - Planning and managing IT's ability to recover from exposure to internal and external threats.
      • 8.3.4.1 - Evaluate IT continuity (20732) - Evaluating IT business needs and IT's ability to recover from internal or external threat exposure.
      • 8.3.4.2 - Identify IT continuity gaps (20733) - Identifying the limitations of the IT organization's ability to remediate disruptions in IT services.
      • 8.3.4.3 - Manage IT business continuity (20734) - Integrating the disciplines of Emergency Response, Crisis Management, Disaster Recovery (technology continuity) and Business Continuity for IT.
    • 8.3.5 - Develop and manage IT security, privacy, and data protection (20735) - Creating and deploying an architecture for securing and ensuring the privacy of data flows throughout the organization. Create and develop protocols that ensure proper and efficient use of IT services and solutions
      • 8.3.5.1 - Assess IT regulatory and confidentiality requirements and policies (20736) - Evaluate principles or rules employed in controlling, directing, or managing IT services. Assessing requirements and policies related to confidentiality.
      • 8.3.5.2 - Create IT security, privacy, and data protection risk governance (20737) - Defining and managing organization's approach to governing IT security and ensuring the privacy of data flows throughout the organization. Establish and manage tools to support the governance process in order to avoid misuse of information and breach of organizational privacy.
      • 8.3.5.3 - Define IT data security and privacy policies, standards, and procedures (20738) - Outlining and establishing policies, regulations, standards, and procedures for IT data security and privacy.
      • 8.3.5.4 - Review and monitor physical and logical IT data security measures (20739) - Identifying, examining, and reviewing physical and logical IT data security measures such as hardware security (smart cards), cryptographic protocols, and access control.
      • 8.3.5.5 - Review and monitor application security controls (20740) - Identifying, examining, and reviewing security control for IT applications. Test, analyze, and implement security protocols in order to safeguard IT applications.
      • 8.3.5.6 - Review and monitor IT physical environment security controls (20741) - Identifying and examining security controls for physical environment of information technology such as business facilities, equipment, and resources.
      • 8.3.5.7 - Monitor/analyze network intrusion detection data and resolve threats (20742) - Monitoring and evaluating network intrusion detection for any malicious activity or policy violations. Identify the gaps in order to resolve threats and enhance existing network security.
    • 8.3.6 - Conduct and analyze IT compliance assessments (20743) - Evaluate and analyze the IT environment for the compliance of industry regulations and government legislation. Ensure that IT capability and resources meet the set standards.
      • 8.3.6.1 - Conduct projects to enhance IT compliance and remediate risk (20744) - Conducting projects in order to enhance set standards, established guidelines, and risk preventive measures for IT risk and resilience.
      • 8.3.6.2 - Conduct IT compliance control auditing of internal and external services (20745) - Examine compliance control systems and tools implemented for internal and external IT services.
      • 8.3.6.3 - Perform IT compliance reporting (20746) - Execute IT compliance reporting in order to review processes, standards, regulations, and laws are followed as laid out by the regulatory bodies.
      • 8.3.6.4 - Identify and escalate IT compliance issues and remediation requirements (20747) - Identify and escalate issues related to IT compliance to ensure that corrective measures are taken.
      • 8.3.6.5 - Support external audits and reports (20748) - Supporting audits and reports through external resources. This process requires the organization to follow all the regulations set forth by external auditors.
    • 8.3.7 - Develop and execute IT resilience and continuity operations (20749) - Create and execute a process to rapidly adapt and respond to any internal or external opportunity, demand, disruption, or threat in IT. Maintain continuous IT operations to protect employees, assets, and overall brand equity.
      • 8.3.7.1 - Conduct IT resilience improvement projects (20750) - Conducting projects to improve the strategy and process for rapidly adapting to any threat in IT.
      • 8.3.7.2 - Develop, document, and maintain IT business continuity planning (20751) - Develop, document, and maintain plans to ensure uninterrupted operations of critical IT services. Determine resources such as specialized personnel, equipment, support infrastructure, legal and financial aspects.
      • 8.3.7.3 - Implement and enforce change control procedures (20752) - Implement and enforce procedures and policies in order to control changes in IT services and solutions. Manage changes in a rational and predictable manner for optimum resource utilization.
      • 8.3.7.4 - Execute recurring IT service provider business continuity (20753) - Review and implement resources (including external parties) necessary to support uninterrupted operations of critical IT services.
      • 8.3.7.5 - Provide IT resilience training (20754) - Conduct and manage employee training programs on IT resilience so that prospective risks can be avoided.
      • 8.3.7.6 - Execute recurring IT business operations continuity (20755) - Implement regular resources supporting uninterrupted operations of critical IT services.
    • 8.3.8 - Manage IT user identity and authorization (20756) - The process of identifying, authenticating, and authorizing IT users to have access to applications, systems, IT components, or networks by associating user rights and restrictions with established identities.
      • 8.3.8.1 - Support integration of identity and authorization policies (20757) - Create and implement policies that integrate authorization policies with authorized profiles of users meant to access network resources.
      • 8.3.8.2 - Manage IT user directory (20758) - Managing directory of user profiles and access requirements across different levels in the organization's IT network.
      • 8.3.8.3 - Manage IT user authorization (20759) - Managing the process of authorizing IT users to access applications, systems, IT components, or networks by associating user rights.
      • 8.3.8.4 - Manage IT user authentication mechanisms (20760) - Create and manage the process to authenticate IT users from user directory based on the internal policies.
      • 8.3.8.5 - Audit IT user identity and authorization systems (20761) - Examine the processes responsible for reviewing IT user identity and authorization.
      • 8.3.8.6 - Respond to IT information security and network breaches (20762) - Address any form of unauthorized network breach such as unauthorized access or usage of data, applications, services, networks, and/or devices. Identify the root cause and take corrective measures to resolve the breach.
      • 8.3.8.7 - Conduct penetration testing (20763) - Conduct penetration testing (pen test) through an authorized stimulated attack to identify security weakness in an IT environment by evaluating the system or network with various harmful techniques.
      • 8.3.8.8 - Audit integration of user identity and authorization systems (20764) - Reviewing the processes responsible for integration of user identity and access authorization in order to confirm that all the required regulations are followed.
  • 8.4 - Manage information (20765) - Creating strategies to manage the organization's information and content. Outline the architecture for information. Administer information resources. Administer the management of data and content.
    • 8.4.1 - Define business information and analytics strategy (20766) - Create an organization-wide strategy for the IT function by combining skills, technologies, applications, and processes in order to attain organizations objectives.
      • 8.4.1.1 - Establish data, information, and analytic objectives (20767) - Implementing strategies for securing and ensuring the privacy of data flows throughout the organization. Create protocols and guidelines for individual IT components. Outline analytic objectives in order to avoid misuse of information.
      • 8.4.1.2 - Establish data, information, and analytic governance (20768) - Creating a set of guidelines that ensure effective and efficient use of IT. Define data, information, and analytic governance to reach the organization's goal.
      • 8.4.1.3 - Access IT data/analytic capabilities (20769) - Determining the request for data accessibility and analysis. Review the details based on internal data security policies and permit data access only if internal policies and data access parameters are met.
    • 8.4.2 - Define and maintain business information architecture (20770) - Creating strategies to manage the organization's information and content. Outline the architecture for information collection and communication. Administer information resources, data management and content.
      • 8.4.2.1 - Determine enterprise business information requirements (20771) - Determining strategies to manage the enterprise wide flow of business information and content. Outline the required architecture for information resources.
      • 8.4.2.2 - Define enterprise data models (20772) - Define different ways of representation, usage, and identification of data with independent or interdependent sources across the organization.
      • 8.4.2.3 - Identify and understand external data sources (20773) - Identifying and understanding external sources of data in relevance of reliability, security, and authenticity.
      • 8.4.2.4 - Establish data ownership and stewardship responsibilities (20774) - Establishing entities responsible for data accuracy, integrity, and timeliness that can authorize or deny access to certain data. Develop data utilizing governance processes to ensure fitness of data elements.
      • 8.4.2.5 - Maintain and evolve enterprise data and information architecture (20775) - Creating and maintaining the process of designing, creating, deploying, and managing strategies to maintain enterprise data and information architecture.
    • 8.4.3 - Define and execute business information lifecycle planning and control (20776) - Develop and implement strategies to plan and manage the flow of an information system's data from creation and initial storage to the time when it becomes obsolete and deleted.
      • 8.4.3.1 - Define and maintain enterprise information policies, standards, and procedures (20777) - Outlining and establishing policies for information and setting information standards and procedures. Establish policies to regulate the creation, use, storage, access, communication, and dissemination of information.
      • 8.4.3.2 - Implement and execute data administration responsibilities (20778) - Implementing and executing strategies for processes and technologies that support the collection, managing, and storing of data.
    • 8.4.4 - Manage business information content (20779) - Creating strategies to administer information and content. Understand the needs of the organization for information and content management. Realize the role of IT services for implementing the overall business strategy. Assess the implications of new technologies for managing information and content. Identify and prioritize the most effective and efficient actions for managing information and content.
      • 8.4.4.1 - Monitor and control business information (20780) - Defining the rules, diction, and logic that make up the framework of the organization's information architecture. Monitoring and controlling information attributes that flow through the IT framework.
      • 8.4.4.2 - Maintain business information feeds and repositories (20781) - Maintain information feedstock along with IT hardware and software needed for storage, access, and retrieval of business information.
      • 8.4.4.3 - Perform internal usage audits (20782) - Verification of information access and usage through regular reports on organizational performance.
      • 8.4.4.4 - Implement and administer business information access (20783) - Implement and manage the process for accessing information including issues related to copyright, open source, privacy, and security.
  • 8.5 - Develop and manage services/solutions (20784) - Designing and maintaining the IT services/solutions catalogue. Evaluate the performance of IT services/solutions. Communicate the results to the management.
    • 8.5.1 - Develop service/solution and integration strategy (20785) - Developing service/solution along with creating a strategy that provides a base for delivering service/solution aligned with overall business needs. Conduct research within the services/solutions field for development and integration.
      • 8.5.1.1 - Determine IT service/solution development (20786) - Determining the development of IT service/solution. Analyze the pros and cons of IT service/solution and it's methods on the basis of their cost effectiveness and development value.
      • 8.5.1.2 - Define IT service/solution development processes/standards (20787) - Establishing the methods and processes as the foundation for developing new IT platforms, components, software, and explore new standards for better IT usage in the organization.
      • 8.5.1.3 - Identify, deploy, and support development methodologies and tools (20788) - Identifying and implementing techniques and tools for development based on overall value addition to the IT environment.
      • 8.5.1.4 - Establish service component criteria (20789) - Establishing standards for selection of IT service components.
      • 8.5.1.5 - Understand and select reusable service components (20790) - Understanding and selecting reusable service components so that they can be cost-effective and efficient.
      • 8.5.1.6 - Maintain service component portfolio (20791) - Creating and establishing service component portfolio by defining investments, and activities. Analyze and examine the value of the service component portfolio, and allocate resources towards it.
      • 8.5.1.7 - Establish development standards exception governance (20792) - Creating standards and procedures for developing IT services/solutions outside of defined business parameters.
    • 8.5.2 - Manage service/solution lifecycle planning (20793) - Executing life-cycle planning for IT services and solutions. Develop new requirements and feature-function enhancements. Create and design a life cycle plan that addresses the current and future state of IT services and solutions.
      • 8.5.2.1 - Monitor and track emerging technology capabilities (20794) - Perform a systematic investigation to new and future technology capabilities for future upgrades.
      • 8.5.2.2 - Identify IT services/solutions (20795) - Identifying processes and supporting procedures that are performed by an organization to design, plan, deliver, operate, and control information technology services/solutions offered to customers.
      • 8.5.2.3 - Determine IT service/solution approach (20796) - Determining an approach to create a base for delivering IT service/solution aligned with overall business needs while maintaining a tight control on delivery and costs.
      • 8.5.2.4 - Define IT solution lifecycle (20797) - Defining solutions to satisfy business needs. IT solution lifecycle provides a means to address the full life cycle of an information technology solution and addresses the current and future state of IT services and solutions.
      • 8.5.2.5 - Develop IT service/solution "sunset" plans (20798) - Developing plans to retire IT service/solution resources when the service/solution is no longer feasible.
    • 8.5.3 - Develop and manage service/solution architecture (20799) - Creating the architecture for the IT services and solutions. Assess architecture and business constraints in order to understand integration requirements. Promote existing architecture. Manage exceptions.
      • 8.5.3.1 - Assess IT application and infrastructure architecture constraints (20800) - Assessing limitations in IT application and infrastructure architecture that may hinder expected performance.
      • 8.5.3.2 - Assess business constraints on IT service/solution (20801) - Evaluate business limitations that may hinder IT service/solution performance.
      • 8.5.3.3 - Determine IT component integration requirements (20802) - Determining the requirements to integrate IT components such as hardware, software, database, telecommunication, and network.
      • 8.5.3.4 - Identify opportunities for IT component reuse (20803) - Identification of opportunities for reusing IT components so that they can be cost-effective and efficient.
      • 8.5.3.5 - Promote adoption of existing service/solution architecture (20804) - Encouraging acceptance of existing IT service/solution architecture in the organization.
      • 8.5.3.6 - Develop and maintain service/solution architectures (20805) - Creating and maintaining a services and solutions architecture over a network that can be revised as needed or even eliminated in case of inefficiencies.
      • 8.5.3.7 - Assess IT service/solution architecture conformance (20806) - Assessing functional compliance of the IT service/solution architecture. Safeguard compliance with guidelines for the architecture.
      • 8.5.3.8 - Manage architectural exceptions (20807) - Identifying and resolving any architectural exceptions. Address the internal inquiries related to architecture that cannot be addressed immediately. Research inquiries that require the need of exceptional methods.
    • 8.5.4 - Execute IT service/solution creation and testing (20808) - Understanding customer requirements. Design the IT services and solutions based on the requirements. Develop components for providing the requirements. Train resources to provide support. Test the IT services and solutions in advance. Confirm the customer experience post-sale.
      • 8.5.4.1 - Execute IT service/solution development lifecycle (20809) - Executing an information system, aiming to produce a high quality system that meets or exceeds customer expectations, reaches completion within time and cost estimates, and is inexpensive to maintain and cost-effective to enhance.
        • 8.5.4.1.1 - Assess and validate IT service/solution requirements (20810) - Evaluating and validating the requirements and needs of IT service/solution.
        • 8.5.4.1.2 - Create service/solution design (20811) - Formulating a design for service/solution that helps an organization to meet its objectives. Develop a new framework for molding the service/solution processes into a coherent and structured form.
        • 8.5.4.1.3 - Build and test IT service/solution components (20812) - Building and testing new components required for the development of IT services and solutions.
        • 8.5.4.1.4 - Integrate IT components and services (20813) - Combining the newly built IT component along with IT services in order to gain optimum output.
        • 8.5.4.1.5 - Execute IT service/solution validation (20814) - Validating that the proposed IT service/solution is feasible and provides the needed services for the customer.
        • 8.5.4.1.6 - Bundle service/solution deployment packaging (20815) - Creating and implementing a strategy for the deployment of IT service/solution by defining all of the activities that make the IT function available for use. Define the deployment process, procedures, and tools. Select the most feasible and practical methodologies for the deployment process.
        • 8.5.4.1.7 - Manage service/solution process exceptions (20816) - Identifying and resolving internal needs/inquiries for service/solution that cannot be resolved immediately. Research inquiries that require the need of exceptional solutions.
    • 8.5.5 - Perform service/solution maintenance and testing (20817) - Engaging in all aspects of service/solution maintenance and testing includes all preventative, routine, and corrective activates. Ensure that IT service/solution are functioning properly and regulations where applicable.
      • 8.5.5.1 - Execute IT service/solution maintenance lifecycle (20818) - Executing IT service/solution maintenance lifecycle in order to reduce maintenance costs and increase reliability of IT infrastructure concerning service/solution related problems.
        • 8.5.5.1.1 - Assess IT remediation (20819) - Evaluate plans to address information technology environmental adulteration for rectification efforts.
        • 8.5.5.1.2 - Modify service/solution design (20820) - Redesign the roadmap to seek solution or service with an overall process flow and impact timeframe.
        • 8.5.5.1.3 - Perform IT service/solution remediation (20821) - Administering the efforts and activities for IT service/solution remediation. This process element requires the organization to create plans for corrective action in collaboration with government agencies and pertinent professional services agencies which specialize in remediation efforts relevant to the organization's service/solution. Additionally, the organization needs to consult experts to validate the plan, determine resources allocation, resolve any legal concerns, and formulate a company-wide policy for IT service/solution remediation.
        • 8.5.5.1.4 - Manage service/solution operations (20822) - Understanding customer requirements. Managing services/solutions based on the requirements. Develop components for providing the requirements. Train resources to provide support. Confirm the customer experience post-sale. Evaluate the performance of service/solution. Communicate the results to the management.
        • 8.5.5.1.5 - Prepare fixed/enhanced service/solution packaging (20823) - Developing packaging for fixed/enhanced service/solution based on the standalone or bundled offerings to be used by the organization.
  • 8.6 - Deploy services/solutions (20824) - Executing IT services/solutions by creating a strategy for deployment. Plan and execute the changes. Plan and administer the release of its IT services and solutions.
    • 8.6.1 - Develop and manage service/solution deployment strategy (20825) - Creating and implementing a strategy for the deployment of IT service/solution. Define all of the activities that make the IT function available for use. Establish the change policies for IT services and solutions. Define the deployment process, procedures, and tools. Select the most feasible and practical methodologies for the deployment process.
      • 8.6.1.1 - Assess IT deployment business impact (20826) - Evaluate the impact of IT deployment (products/services) on the business. Compare pre and post development performance, behavior of resources, and cost to assess organizational benefit.
      • 8.6.1.2 - Establish IT deployment policies (20827) - Defining deployment policies regarding IT services and solutions to allow employees to plan accordingly. Reduce the negative impact to the user community.
      • 8.6.1.3 - Define and create deployment procedure workflow (20828) - Outlining processes, methods, and equipment for deployment of IT solutions. Manage core operations servers like subversion server, production server, and development server, to make the IT services and solutions available for internal/client use.
      • 8.6.1.4 - Define IT change/release standards (20829) - Establishing guidelines for the changed/released IT services and solutions to meet business objectives with optimum utilization.
      • 8.6.1.5 - Assign deployment approval responsibilities (20830) - Coordinating development approval responsibilities based on defined change standards.
      • 8.6.1.6 - Analyze deployments outcomes (20831) - Evaluating the impact (pros and cons) of IT services deployment.
    • 8.6.2 - Plan service and solution implementation (20832) - Strategizing and executing changes in IT solutions and services. Create a plan for deploying the changes. Communicate with stakeholders about the changes. Administer and implement the changes. Train the resources who will be affected by these changes. Install changes and verify their effect.
      • 8.6.2.1 - Assess IT deployment risk (20833) - Accessing threats and potential failures related to the deployment of IT services/solutions.
      • 8.6.2.2 - Define implementation schedule and roll-out sequence (20834) - Defining the schedule for implementation of change. Plan and carry out a process or procedure to implement the predefined changes.
      • 8.6.2.3 - Determine implementation requirements (20835) - Determine requirements for implementation of IT deployment. Carry out a pre-implementation audit to assess the impact and use case. Gauge the possible vulnerabilities and impact the business operations during and after the implementation.
      • 8.6.2.4 - Plan and align user testing and resources (20836) - Plan methodologies and align resources for user testing of IT deployment.
      • 8.6.2.5 - Develop IT training (20837) - Create and manage employee training programs by considering the need and availability of these programs. Manage all aspects related to the training programs.
      • 8.6.2.6 - Create implementation communications (20838) - Coordinating change implementation in IT services and solutions communications with employees and stakeholders.
      • 8.6.2.7 - Manage IT roll-back procedures (20839) - Managing procedures to return to initial pre-deployment stage or previous state from current environment.
    • 8.6.3 - Manage change deployment control (20840) - Creating and deploying an architecture for securing the changes deployed in the organization. Create and develop protocols that ensure proper and efficient use of deployed IT services and solutions. Test, evaluate, and implement the policies and protocols.
      • 8.6.3.1 - Asses IT change/release impact (20841) - Evaluating the impact of IT change/release on the business.
      • 8.6.3.2 - Confirm change/release compliance (20842) - Ensure that change/release meets change guidelines set by the organization.
      • 8.6.3.3 - Assess IT change/release risk (20843) - Evaluating for any kind of risks or threats which could be caused due to IT change/release deployment.
      • 8.6.3.4 - Consolidate IT change (20844) - Integrate all forms of changes in IT in order to make more efficient use of resources and down time, and optimizing results.
      • 8.6.3.5 - Create and communicate deployment schedule (20845) - Defining and communicating the schedule for implementation to related stakeholders and functions.
      • 8.6.3.6 - Approve change/release deployment (20846) - Permitting for the change/release deployment. Approve deployment based on the evaluation of business impact due to change/release.
      • 8.6.3.7 - Document IT change/release outcome (20847) - Recording outcomes related to the change/release deployment.
    • 8.6.4 - Implement technology solutions (20848) - Deploy the identified solutions for information technology important for healthy business operations. Confirm status and operational availability of IT resources. Perform testing and distribution of change. Execute roll-back protocol if necessary.
      • 8.6.4.1 - Confirm hardware/software operational status (20849) - Confirm if hardware/software are operating as per the expectation.
      • 8.6.4.2 - Confirm operational availability (20850) - Confirm if operational activities of IT services could be performed.
      • 8.6.4.3 - Execute internal IT implementation plan (20851) - Executing IT implementation plan to make the IT services and solutions available for internal use.
      • 8.6.4.4 - Confirm implementation completion (20852) - Confirming the completion of IT implementation.
      • 8.6.4.5 - Implement software change/release (20853) - Executing changes in software and services as per change/release schedule.
      • 8.6.4.6 - Perform post-installation testing (20854) - Perform testing after installation to confirm expected performance is met.
      • 8.6.4.7 - Distribute software components network-wide (20855) - Distributing and implementing the release of changed IT solutions. Administer, implement, and install the releases onto internal systems. Provide methods for installing releases on client users.
      • 8.6.4.8 - Verify change/release implementation success (20856) - Confirming that the release has met expectations.
      • 8.6.4.9 - Execute roll-back plan (20857) - Execution of plan to return to the previous operating state if the change/release impedes operational expectations.
    • 8.6.5 - Perform service and solution rollout (20858) - Strategizing and executing changes in IT solutions and services. Create a plan for deploying the changes. Communicate with stakeholders about the changes. Administer and implement the changes. Train the resources who will be affected by these changes. Install changes and verify their effect.
      • 8.6.5.1 - Conduct IT training (20859) - Preparing users for changes in IT solutions. Conduct training sessions and engagement activities to familiarize users with the new changes. Implementing the programs for training IT employees.
      • 8.6.5.2 - Prepare and distribute service/solution communications (20860) - Coordinating communications regarding the changes in IT services and solutions with employees in the organization.
      • 8.6.5.3 - Support organizational changes (20861) - Creating a strategy for providing support for organizational changes. Providing support to users of IT services and solutions.
      • 8.6.5.4 - Execute rollout plans (20862) - Executing a plan for introducing the IT services and solutions to the organization's end user base.
      • 8.6.5.5 - Provide rollout support (20863) - Establishing services for providing support to users of IT services and solutions for rollout. Define the plethora of services by which the organization assists users of technology products.
      • 8.6.5.6 - Manage rollout support capabilities (20864) - Managing the necessary skills and competencies required to efficiently provide IT resolution for rollout through the support structure. Identify the gaps and needs in support structure.
      • 8.6.5.7 - Monitor and record rollout issues (20865) - Track and record any issues being faced due to rollout. Define methodology of assessment for measuring and monitoring issues.
  • 8.7 - Create and manage support services/solutions (20866) - Establishing and managing services for providing support to users of IT services and solutions. Define the plethora of services by which the organization assists users of computers, software products, or other information technology products.
    • 8.7.1 - Define and establish service delivery strategy (20867) - Defining and establishing strategy for delivering IT services and solutions to the users. Design an IT service delivery model that defines the processes and procedures needed to deliver the IT services and solutions.
      • 8.7.1.1 - Assess business objectives and IT service delivery (20868) - Assessing the goals and objectives of IT service delivery and how it contributes to the overall business objectives. Align with the business objectives of the organization.
      • 8.7.1.2 - Define IT service delivery portfolio (20869) - Creating and establishing a repository of IT service delivery offerings.
      • 8.7.1.3 - Create and maintain IT service delivery model (20870) - Design and maintaining an IT service delivery model that defines the processes and procedures needed to deliver the IT services and solutions.
      • 8.7.1.4 - Determine IT service delivery locations and activities (20871) - Determining locations and types of IT services and solutions which need to be delivered.
      • 8.7.1.5 - Define IT service delivery sourcing strategy (20872) - Defining a strategy for sourcing delivery of IT services and solutions. Examine the pros and cons of various sources that can support the delivery process. Select the most feasible and cost-effective sources.
    • 8.7.2 - Define and develop service support strategy (20873) - Defining and creating a strategy for provision of support to users of IT services and solutions.
      • 8.7.2.1 - Assess business objectives and IT service support delivery (20874) - Assessing the goals of IT service support delivery and how it aligns to contribute to the overall business objectives.
      • 8.7.2.2 - Define IT service support portfolio (20875) - Defining different IT support services and solutions such as remote support and cloud support. Include planned IT initiatives and ongoing IT services (such as application support).
      • 8.7.2.3 - Create and maintain IT support model (20876) - Design and maintaining an IT support model that defines the processes and procedures needed to support users of IT services and solutions.
      • 8.7.2.4 - Develop IT support service sourcing strategy (20877) - Developing a strategy for sourcing resources to support users of IT services and solutions. Establish sources that will make use of e-mail, live support software online, or a tool where users can log a call or incident in order to retrieve IT support.
      • 8.7.2.5 - Establish support service framework (20878) - Creating an agenda for the rules and regulations of support service that deal with providing support to users of IT services and solutions.
      • 8.7.2.6 - Provide service support tools and technology (20879) - Providing the tools and techniques to support users of IT services and solutions, and choosing the most appropriate tools and techniques. Evaluate the pros and cons of all the methodologies and tools available. Choose the most efficient and effective methodology.
    • 8.7.3 - Plan and manage service delivery control (20880) - Determine and manage service delivery flow across different business functions. Understand the level of services needed by different stakeholders. Identify major service delivery touch points and criticality associated. Ensure timely communication with users.
      • 8.7.3.1 - Plan operational activities for IT service delivery (20881) - Planning different delivery services for operational activities within the IT function. Use service delivery systems to manage the IT service delivery services.
        • 8.7.3.1.1 - Schedule service delivery resources (20882) - Scheduling resources to provide service delivery to IT users. Ensure design, development, deployment, and operations are aligned with the business objectives.
        • 8.7.3.1.2 - Maintain/optimize batch job schedule (20883) - Maintaining and scheduling batch jobs to run in the background at a certain date and time.
        • 8.7.3.1.3 - Schedule change/release windows (20884) - Determine the timely change or release of IT services or support. Assign periodic release/change to IT systems or services.
        • 8.7.3.1.4 - Schedule/optimize backup and archive activities (20885) - Schedule or optimize backup and archive activities for IT services and solutions. Use a backup system or application and archive operations data for future retrieval.
        • 8.7.3.1.5 - Balance operational workloads across available infrastructure components (20886) - Balancing workloads of all the processes and services that are provisioned to their internal or external clients, across available components of IT infrastructure. No component should be over or under utilized with the workflow of the IT operations.
        • 8.7.3.1.6 - Determine specific problem support procedures (20887) - Determining process and procedure to provide support for specific IT service problems.
    • 8.7.4 - Develop and manage infrastructure resource planning (20888) - Developing and managing the resources required for administration of infrastructure. Manage the IT inventory and assets to meet organization's IT resource capacity.
      • 8.7.4.1 - Develop IT service delivery strategy (20889) - Creating a strategy for delivering IT services and solutions. Establish the sourcing strategy. Establish the delivery process procedures and tools. Examine and choose the most effective methodologies and tools.
      • 8.7.4.2 - Assess IT infrastructure business objectives (20890) - Assessing the goals and objectives of IT infrastructure and how it contributes to the overall business objectives.
      • 8.7.4.3 - Determine ongoing IT infrastructure capabilities (20891) - Determining existing IT infrastructure capabilities. Identify the gaps and needs in order to enhance the existing IT infrastructure to meet growth objectives.
      • 8.7.4.4 - Plan IT infrastructure change (20892) - Identify the gaps and needs of existing IT infrastructure. Plan and develop strategies to upgrade/replace existing IT infrastructure.
      • 8.7.4.5 - Plan and budget IT license usage volumes (20893) - Creating a plan associated with usage volumes of IT licenses. Develop a framework to govern the licensing of an IT services along with identified usage volumes. Determine the amount of investment in IT license usage volumes and how would the license volumes be financed.
    • 8.7.5 - Define service support planning (20895) - Develop strategies and methodologies to provide service support. Examine service levels, support complexity, stakeholder requirements to offer service support.
      • 8.7.5.1 - Understand IT support demand patterns (20896) - Evaluate criticality catered by the IT support and expectations to resolve raised or identified issues. Determine the usual requests received for IT support for each area of IT operations. Ensure resolution to every identified or reported issue within specified SLAs.
      • 8.7.5.2 - Determine required support resource levels, responsibilities, and capabilities (20897) - Determining levels of required support resources along with their responsibilities, and capabilities to resolve IT issues. Evaluate and ensure that support resources are fulfilling their responsibilities n a timely manner.
      • 8.7.5.3 - Maintain service support knowledge repository (20898) - Create and maintain service support knowledge repository. Store, maintain, access, revise, and use knowledge for IT services. Review knowledge trends and implement knowledge transfer methodologies for competitive advantage.
      • 8.7.5.4 - Maintain service support learning (20943) - Maintaining and transfer of knowledge towards service support with the change/upgrade in technology over a stipulated period. Ensure IT staff is well trained and tested on the new learning of service support.
      • 8.7.5.5 - Communicate service support needs (20899) - Conveying service support needs within the organization, with the objective of providing required support services. Define processes and procedures needed to support users of IT services and solutions. Convey these procedures to appropriate governing authority.
      • 8.7.5.6 - Define IT escalation mechanisms (20900) - Determining mechanisms to report for a higher degree of decision making depending on the criticality of IT escalations. Define the processes and procedures needed to follow for IT escalation at different levels. Convey the mechanisms within the organization.
      • 8.7.5.7 - Manage IT service support resources (20901) - Managing resources required for administration of IT service support. Establish sources that will make use of e-mail, live support software online, or a tool where users can log a call or incident in order to retrieve IT support.
      • 8.7.5.8 - Coordinate with external support providers (20902) - Developing a strategy that will make use of multiple resources to coordinate with external support providers in order to make the support services work more smoother.
      • 8.7.5.9 - Triage IT service delivery incidents (20903) - Sorting the incidents of IT service delivery in certain order so that the services could be delivered based on the criticality.
      • 8.7.5.10 - Monitor IT service support performance (20904) - Defining methodology and frequency of assessment for measuring and monitoring performance of various processes and activities of IT service support against standard set goals.
    • 8.7.6 - Develop and manage service delivery operations (20905) - Developing and managing different delivery services using service delivery systems for operational activities within the IT function in order to achieve organizations goal.
      • 8.7.6.1 - Operate and monitor online systems (20906) - Operating and defining methodology of assessment for measuring and monitoring performance of online systems against its expected result.
      • 8.7.6.2 - Run and monitor batch job schedule (20907) - Operate and monitor the application of scheduling batch jobs to be run in the background at a certain date and time.
      • 8.7.6.3 - Manage service delivery workloads (20908) - Analyze and manage workload needs in relation to service delivery. Plan resources and mechanism around those workload needs so that services could be delivered smoothly.
      • 8.7.6.4 - Manage infrastructure performance and capacity (20909) - Managing the performance and capacity of infrastructure by using key performance indicators to routinely track the performance and capacity levels. Review performance. Evaluate the efficiency and effectiveness of the infrastructure.
      • 8.7.6.5 - Respond to unplanned operational issues (20910) - Addressing to an issue in operational activities within the IT function, that occur outside of normal routine or preventative maintenance.
      • 8.7.6.6 - Produce and distribute output media (20911) - Identify and introduce resources to display output in a viewable form to key decision makers and evaluators.
      • 8.7.6.7 - Monitor IT infrastructure security (20912) - Identifying, examining, and recognizing any flaw or breach in security of IT infrastructure. Ensure that protocols and guidelines for individual IT components are being followed and there is no misuse of information and breach of individual or organizational privacy.
      • 8.7.6.8 - Manage IT infrastructure/data recovery (20913) - Managing resources of IT infrastructure and their recovery capacity. Manage storage, computer hardware, software, and infrastructure resources that can be stored as inventory or provided by the organization as needed. Managing backup/recovery for IT services and solutions. Use a backup system or application.
    • 8.7.7 - Manage infrastructure resource administration (20914) - Managing the resources required for administration of IT infrastructure. Manage the IT inventory and assets. Take care of the organization's IT resource capacity.
      • 8.7.7.1 - Manage infrastructure configuration (20915) - Identifying and tracking individual configuration items, documenting functional capabilities and interdependencies of IT infrastructure. Determining the gaps and needs in order to enhance existing infrastructure configuration.
      • 8.7.7.2 - Perform infrastructure component maintenance (20916) - Evaluating and maintaining all aspects of infrastructure component maintenance. Ensure that all components of an IT infrastructure are functioning properly as per the expectation. Maintenance includes all preventative, routine, and corrective measures.
      • 8.7.7.3 - Install/configure/upgrade infrastructure components (20917) - Installing/configuring/upgrading all the components required for operational activities within IT infrastructure. Ensure that all components of an IT infrastructure are functioning properly and updated to latest version/technology.
      • 8.7.7.4 - Maintain IT asset records (20918) - Maintaining the complete list of IT items or resources available with the organization with the details on date of purchase, licenses, deployment and SLAs.
      • 8.7.7.5 - Administer IT licenses/user agreements (20919) - Administering and overseeing the terms and policies associated with licensing the IT intellectual property. Create and manage the policies and terms governing the possible granting of a license to any external agent. Demarcate a clear framework that governs the licensing of any patents or copyrights held by the organization.
      • 8.7.7.6 - Provide IT infrastructure service and capabilities (20920) - Providing all the infrastructure services and capabilities required for operational activities within the IT function supporting overall business objectives.
    • 8.7.8 - Operate IT user support (20921) - Managing systematic user support functionality and capability through defined procedures. Determine, record, and monitor user requests. Execute issue/request resolution. Utilize escalation path when needed. Resolve issue/request.
      • 8.7.8.1 - Triage IT issues/requests (20922) - Evaluate and assign IT issues/requests accordingly to allow for the correct routing of IT issues to the relevant support teams.
      • 8.7.8.2 - Provide IT resolution capabilities (20923) - Providing the necessary skills and competencies required to efficiently provide IT resolution through the support structure.
      • 8.7.8.3 - Manage IT user requests (20925) - Creating an effective plan and structure to address and resolve requests of IT users. Determine, record, and monitor user requests. Obtain information about the effectiveness and performance of the user request handling process from the IT users through various means.
      • 8.7.8.4 - Escalate IT requests (20926) - Follow processes and procedures to escalate IT requests to required levels for resolution or effective decision making when necessary.
      • 8.7.8.5 - Resolve IT issues/requests (20927) - Creating a structure to resolve issues/requests of IT services using different mechanisms.
      • 8.7.8.6 - Execute IT continuity and recovery action (20928) - Successfully implement preventive measures to manage IT risk of exposure to internal and external threats. Integrating the disciplines of Emergency Response, Crisis Management, Disaster Recovery (technology continuity) and Business Continuity for IT.