This Control has the following implementation support Control(s):
Communicate trends in service management to all interested personnel and affected parties., CC ID: 13926
Monitor service availability when implementing the service management monitoring and metrics program., CC ID: 13921
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
Financial entities shall report at least yearly to the competent authorities on the number of new arrangements on the use of ICT services, the categories of ICT third-party service providers, the type of contractual arrangements and the ICT services and functions which are being provided. (Art. 28.3. ¶ 3, Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (Text with EEA relevance))
Interfaces for an automated real-time monitoring of the service (minimum capacity, availability as well as elimination of malfunctions) are established to be able to monitor compliance with the service level agreements agreed upon and to promptly respond to deviations. At least once a year, an audit… (Section 5.12 DLL-02 Description of additional requirements (confidentiality and availability) ¶ 1, Cloud Computing Compliance Controls Catalogue (C5))
The purpose of the measurement and reporting practice is to support good decision-making and continual improvement by decreasing the levels of uncertainty. This is achieved through the collection of relevant data on various managed objects and the valid assessment of this data in an appropriate cont… (5.1.5 ¶ 1, ITIL Foundation, 4 Edition)
what needs to be monitored and measured, including: (§ 9.1.1 ¶ 2 a), ISO 45001:2018, Occupational health and safety management systems â Requirements with guidance for use, First Edition)
monitor and report on demand and consumption of services. (§ 8.4.2 ¶ 1(b), ISO/IEC 20000-1:2018, Information technology â Service management âPart 1: Service management system requirements, Third Edition)
Reports on the performance and effectiveness of the SMS and the services shall be produced using information from the SMS activities and delivery of the services. Service reporting shall include trends. (§ 9.4 ¶ 2, ISO/IEC 20000-1:2018, Information technology â Service management âPart 1: Service management system requirements, Third Edition)
Sufficient Relevant Data. Obtain sufficient relevant data to afford a reasonable basis for conclusions or recommendations in relation to any professional services performed. (2.300.001.01 d., AICPA Code of Professional Conduct, August 31, 2016)
Fully maintaining, patching, monitoring, and protecting the portions of PaaS service offering OSs and applications for which they are responsible (which may vary from none to all) as defined in the service offering SLA/description and/or the Mission Owner's SLA/contract. (Section 6.4 ¶ 1 Bullet 4, sub-bullet 3, Department of Defense Cloud Computing Security Requirements Guide, Version 1, Release 3)
Metrics and measurements used to evaluate service management effectiveness. (App A Objective 16:1a Bullet 6, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
Effective planning processes for service management that consider services offered, SLAs and contractual provisions, known limitations, and metrics and measurements. (VI.C Action Summary ¶ 2 Bullet 1, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
Review service performance reports identifying any significant issues and variances, initiating, where necessary, corrective actions and ensuring that all outstanding issues are followed up. (T0389, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
Review service performance reports identifying any significant issues and variances, initiating, where necessary, corrective actions and ensuring that all outstanding issues are followed up. (T0389, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)â, July 7, 2020)
