Back

Include capacity planning in Service Level Agreements.


CONTROL ID
13096
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a Service Level Agreement framework., CC ID: 00839

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Management of IT functions should ideally formulate a service level agreement with business units to cover system availability and performance requirements, capacity for growth, and the level of support provided to users. The responsible IT functions should ensure that adequate procedures are in pla… (5.1.1, Hong Kong Monetary Authority: TM-G-1: General Principles for Technology Risk Management, V.1 – 24.06.03)
  • ICT performance and capacity planning and monitoring solutions for critical ICT systems and services with defined availability requirements, to detect important performance and capacity constraints in a timely manner; (Title 3 3.3.4(a) 54.b(vii), Final Report Guidelines on ICT Risk Assessment under the Supervisory Review and Evaluation process (SREP))
  • The firm's ability to scale up the outsourced service. (Table 5 Row 8 ¶ 1, SS2/21 Outsourcing and third party risk management, March 2021)
  • Assess current performance and capacity of IT resources to determine if sufficient capacity and performance exist to deliver against agreed-upon service levels. (DS3.2 Current Performance and Capacity, CobiT, Version 4.1)
  • Define and agree to SLAs for all critical IT services based on customer requirements and IT capabilities. This should cover customer commitments; service support requirements; quantitative and qualitative metrics for measuring the service signed off on by the stakeholders; funding and commercial arr… (DS1.3 Service Level Agreements, CobiT, Version 4.1)
  • actual and periodic changes in workload compared to workload limits in the SLA(s). (§ 8.3.3 ¶ 3(b), ISO/IEC 20000-1:2018, Information technology — Service management —Part 1: Service management system requirements, Third Edition)
  • For each service delivered, the organization shall establish one or more SLAs based on the documented service requirements. The SLA(s) shall include service level targets, workload limits and exceptions (§ 8.3.3 ¶ 2, ISO/IEC 20000-1:2018, Information technology — Service management —Part 1: Service management system requirements, Third Edition)
  • expected impact on capacity of agreed service level targets, requirements for service availability and service continuity; (§ 8.4.3 ¶ 2(b), ISO/IEC 20000-1:2018, Information technology — Service management —Part 1: Service management system requirements, Third Edition)
  • The cloud service customer should ensure that the agreed capacity provided by the cloud service meets the cloud service customer's requirements. The cloud service customer should monitor the use of cloud services, and forecast their capacity needs, to ensure performance of the cloud services over ti… (§ 12.1.3 Table: Cloud service customer, ISO/IEC 27017:2015, Information technology — Security techniques — Code of practice for information security controls based on ISO/IEC 27002 for cloud services, First edition 2015-12-15)