Back

Include the organizational structure for service level management in the Service Level Agreement framework.


CONTROL ID
13633
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a Service Level Agreement framework., CC ID: 00839

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • service level management: mechanisms to monitor, manage and align IT security with business objectives; (ΒΆ 54(e), The AD_offical_Name should be: APRA Prudential Practice Guide 234: Management of security risk in information and information technology, May 2013)
  • the involvement of business lines, internal control functions and other individuals in respect of outsourcing arrangements; (4.7 42(b), Final Report on EBA Guidelines on outsourcing arrangements)
  • retain a clear and transparent organisational framework and structure that enables them to ensure compliance with legal and regulatory requirements; (4.6 39(b), Final Report on EBA Guidelines on outsourcing arrangements)
  • Define a framework that provides a formalised service level management process between the customer and service provider. The framework should maintain continuous alignment with business requirements and priorities and facilitate common understanding between the customer and provider(s). The framewo… (DS1.1 Service Level Management Framework, CobiT, Version 4.1)
  • Manage the internal relationship with information technology (IT) process owners supporting the service, assisting with the definition and agreement of Operating Level Agreements (OLAs). (T0379, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)