cross functional services tower for transnet v1 cross... · transnet cross functional services...

ATTACHMENT V1

CROSS FUNCTIONAL SERVICES TOWER

For

Transnet

TRANSNET

Cross Functional Services Tower

____________________________________________________________________________________________

TRANSNET CONFIDENTIAL INFORMATION Page i

Table of Contents

1.0 Cross-Functional Services Overview and Objectives ................... 1

1.1 Services Overview ....................................................................................................... 1

1.2 Service Objectives ....................................................................................................... 1

2.0 Cross-Functional Services Requirements ..................................... 2

2.1 Service Descriptions and Roles and Responsibilities ................................................... 2

2.2 IT Processes and Activities .......................................................................................... 3

2.3 Service Operations and Support Activities ................................................................. 15

2.4 Exclusions ................................................................................................................. 39

3.0 Service Management ..................................................................... 39

3.1 Objectives .................................................................................................................. 39

3.2 Definitions .................................................................................................................. 39

3.3 Service-Level Requirements (SLRs) .......................................................................... 39

3.4 Reports ...................................................................................................................... 39

4.0 Referenced Appendix, Service and MSA Attachments ............... 40

4.1 Appendix – Financial Responsibilities Matrix ............................................................. 40

List of Tables

Table 1. IT Processes and Activities ..................................................................................... 3

Table 2. Service Delivery Activities ..................................................................................... 15

Table 3. Cross Functional Services Reports ....................................................................... 39

TRANSNET


____________________________________________________________________________________________

TRANSNET CONFIDENTIAL INFORMATION Page 1

This is Attachment V1 (Cross-Functional Services Tower) to Attachment V Transnet Service Towers Index to the Master Services Agreement between Transnet Limited (“Transnet”) and the Service Provider. Unless otherwise expressly defined herein, the capitalised terms used herein shall have the meaning assigned to them in Attachment V Appendix 1 Service Tower Definitions.docx or in the Master Services Agreement Attachment A.

1.0 Cross-Functional Services Overview and Objectives

1.1 Services Overview

This Attachment V1 (Cross-Functional Services Tower) sets forth the roles and responsibilities of the Parties for the set of common services that apply to the provision, delivery and management of all Services (“Cross-Functional Services”) in support of the Transnet Information Technology (IT) infrastructure. Provider will provide Cross-Functional Services across all Service Towers. As depicted in Figure 1 below, Services, activities, and roles and responsibilities described in this Service Tower are within the scope of each of the Service Towers (Attachment V2 to V5) and shall be included within the Fees for each Service Tower specified in Attachment V Transnet Service Towers Index to the Agreement. Figure 1 depicts the relationship between the Cross-Functional Services schedule and all schedules within the scope of the Agreement. Figure 1. Service Tower: Service Towers with Cross-Functional View

1.2 Service Objectives

The following are the key high-level Service objectives Transnet expects to achieve through this Cross-Functional Services schedule:

Ensure that critical IT life cycle and service management functions are included in all IT Service Tower schedules

Receive IT Services that consider an end-to-end enterprise view across all IT Service Towers

Relationship Management

Service Tower

Cross Functional

Service TowerArch &

PlanningEngineer AM CM PM RM . . . . . . Information Security

Data Centre & Hosting

Service TowerH & SD Service

TowerEUC

Service Tower

Mainframe

Platform

Midrange Platform

Project Services

Tower

Help

Desk

Service

Desk

Middleware

Database

PCs

Platform

Storage

Peripherals

B&R

Office Programme

Management

Project

Management

Benefits

Realisation

Collaboration

Service Tower

Email

Unified Communications &

Collaboration

File/Print

Secu

rity

Secu

rity

Secu

rity

Secu

rity

Mobile

Platform

Storage B&R

Disaster Recovery

Storage B&R

Disaster Recovery

TRANSNET


____________________________________________________________________________________________


2.0 Cross-Functional Services Requirements

The Provider is responsible for providing Cross-Functional Services defined in this schedule for Service schedules defined in the following documents:

Attachment V1 - Cross-Functional Service Tower

Attachment V2 - Help and Service Desk Service Tower

Attachment V3 - End User Computing Service Tower

Attachment V4 - Collaboration Service Tower

Attachment V5 - Data Centre and Hosting Service Tower

Attachment V6 - Project Services Tower

Attachment V7 - Relationship Management Service Tower

2.1 Service Descriptions and Roles and Responsibilities

Cross Functional Services include the following services, activities, roles and responsibilities.

TRANSNET



Table 1. IT Processes and Activities

Service Category and Description

Service Entities

Responsibility

Service Provider Transnet

2.2 IT Processes and Activities

Architecture Planning and Analysis

Architecture Planning and Analysis Services are activities associated with the capturing and assessment of requirements that drive the definition of architectural, functional, performance, IT Service Continuity, and security requirements that also comply with regulatory and Transnet policies. Identifies opportunities to improve the efficiency and effectiveness of the Service Towers. Architecture Planning and Analysis Services can also help support competitive business advantage and mitigate risks by reducing defects and improving the quality of IT Services

Requirements Definition

Participate in defining services, standards, timeframes and reporting requirements for Planning and Analysis activities

Participate in appropriate requirements-gathering activities (e.g., focus groups, interviews)

Document requirements required to deliver services in agreed-to formats (e.g., system specifications, data models, upgrade requirements, conversion requirements, design schematics)

Co-develop and agree on architectural standards for in scope services

Define Services, standards, timeframes and reporting requirements for planning, project management, and analysis activities

Conduct interviews, group workshops and surveys to determine user functional, performance, availability, maintainability, IT continuity and other requirements

Define Transnet’s requirements at the enterprise level for all Towers (e.g., business and technology strategy, technology architecture, functional, availability, capacity, performance, backup and IT Service Continuity )

Provide written information in sufficient detail pertaining to the requirements definition to enable development of appropriate requirements documentation (e.g., business requirements documentation)

Review and approve Services, standards and project management practices for Planning and Analysis activities

Make available to Service Provider such information as Service Provider may reasonably request. This includes information about the Service Recipient’s escalation process, IT strategy, and architecture artefacts including application roadmaps and blueprints and, to the extent determined by Service Recipient to be relevant and appropriate, business strategy.

Information Life Cycle Management

Recommend data backup and retention procedures for all Towers that meet Transnet-specified requirements

Define Transnet’s data backup and retention policies and requirements for all Towers

Approve recommended data backup and retention procedures for all Towers

Technical Architecture

Participate, provide technical assistance and subject matter expertise in technical and business planning sessions to establish standards, architecture and project initiatives

Conduct technical and business planning sessions to establish standards, architecture and project initiatives

Evaluate all new and upgraded Tower components or Services for compliance with the Transnet’s security and IT architecture policies, regulations and procedures

TRANSNET




Service Entities

Responsibility


Infrastructure Engineering must be supportive of Service Level Requirements (Standard Architectures to be mutually agreed)

Cooperative delivery of proof of concept testing for service tower components.

Approve service tower component architecture standards and new firmware

Infrastructure Engineering must be supportive of Service Level Requirements (Standard Architectures to be mutually agreed)

Cooperative delivery of proof of concept testing for service tower components.

Technology planning and Innovation

Conduct technical reviews and provide recommendations for improvements that increase efficiency, effectiveness and reduce costs

Perform ad hoc investigations as requested by Transnet and submit recommendations for Transnet’s consideration.

Conduct ongoing, regular planning and recommendations for technology refresh and upgrades

Showcase new technology enhancements to Transnet hence allowing Transnet the option to upgrade to any new productised technology.

Review and approve any technical improvement recommendations

Systems Management Tools

Identify System management tools to monitor the IT Systems infrastructure and Transnet software environment

Provide service towers reporting requirements

Research Continuously monitor technical trends through independent research; document and report on products and services with potential use for Transnet as they align with Transnet’s business and technology strategy

Perform feasibility studies for the implementation of new and existing technologies that best meet Transnet business needs and meet cost, performance and quality objectives

TRANSNET




Service Entities

Responsibility


Security Planning and Analysis

Security Planning and Analysis Services are the activities associated with research of new technical trends, products and services, such as hardware components, System Software, and Networks that offer opportunities to improve the efficiency and effectiveness of the Security Services. Security Planning and Analysis Services can also help support competitive business advantage and mitigate risks by reducing defects and improving the quality of security

Requirements, Policies and Procedures

Participate in technical and business planning sessions to establish security standards, architecture and project initiatives

Recommend best practice IT security policies (e.g. access controls, identity management, virus, malware, spam etc. protection security audits etc.)

Provide a security assessment group dedicated to Transnet’s enterprise that will conduct continual assessments of Transnet’s security effectiveness and be the direct liaison with Transnet's Security Services function for security requirements

Conduct technical and business planning sessions to establish security standards, architecture and project initiatives per the planning and analysis policies and procedures

Define Transnet requirements at the enterprise level for all Security Services (e.g., business, technology strategy, functional, availability, capacity, performance, backup and IT Continuity Service)

Develop and maintain application security policies, planning, guidelines, and architecture

Develop and maintain equipment, software, databases and application security configuration standards e.g. server, and end user device hardening etc.

Establish access profiles and policies for adding, changing, enabling / disabling and deleting log-on access for Transnet employees, agents and subcontractors

Tools Provide and support best available and fit for purpose security analysis tools and monitoring products into Transnet’s system and infrastructure

Provide security reporting requirements

Planning Provide security plans and IT infrastructure based on security requirements, standards, procedures, policies, Transnet, government, and local requirements and risks

Conduct technical reviews and provide recommendations for improvements to the infrastructure that increase efficiency and effectiveness of security and reduce costs in accordance with planning and analysis policies and procedures

Review and approve security plans

Research Actively participate in industry standard security forums and users groups to remain up to date with current security trends, threats, common exploits and security policies and procedures

Perform feasibility studies for the implementation of new and existing security technologies that best meet Transnet business needs and meet cost, performance and quality objectives

TRANSNET




Service Entities

Responsibility


Infrastructure Design/Engineering Planning

Develop infrastructure design, engineering and security testing and integration procedures that meet requirements and adhere to defined policies

Policies and Procedures

Define Tower component Implementation and Migration policies and procedures

Develop Integration and Testing policies and procedures

Participate in and review Infrastructure policies and procedures, as appropriate

Review and approve Tower component policies and procedures

Detailed Infrastructure Design Planning

Develop, document and maintain technical design plans and environment configuration based on Transnet's design specifications, standards and requirements including IT architecture, functional, performance, availability, maintainability, security and IT Continuity and Disaster Recovery requirements

Conduct site surveys for design efforts as required

Define test to production migration requirements

Coordinate and review all Implementation and Migration plans and schedules with Transnet and all appropriate Help Desks in advance in accordance with change management policies in the Procedures Manual

Provide the necessary written information in sufficient detail to enable accurate and effective infrastructure planning

Review and approve design plans through coordination with the appropriate Transnet technology standards group and design architects

Perform infrastructure, configuration, technical and service planning and analysis based on Transnet’s requirements (e.g., availability, capacity, performance, backup, IT Service Continuity, DR)

Participate in defining and approving test-to-production migration requirements

Integration Testing

Manage Integration and Testing environment(s)

Perform proof of concept and prototyping to mitigate risks

Assess and communicate the overall impact and potential risk to Tower components prior to implementing changes

Test new releases of supported hardware and software to ensure conformance with the Service Levels

Stage new and upgraded equipment, software or services to smoothly transition into existing environment

Conduct integration and security testing for all new and upgraded equipment, software or services to include unit, systems, integration and regression testing

Perform modifications and performance‑enhancement adjustments to system software and utilities as needed

Maintain software release matrices across development, QA, and production environments

TRANSNET




Service Entities

Responsibility


Infrastructure Transition and Migration

Develop the implementation, transition, migration plans and schedules in accordance with Change Management policies and process

Assist in data migration

Configure in scope infrastructure elements to meet Transnet security configuration standards e.g. server hardening

Review and approve the Implementation, transition and migration plans and schedules.

Perform data migration, including data conversion for in-scope applications, by electronic or manual methods as a result of implementation or migration (e.g., databases, system management repositories, address tables, Management Information Bases (MIBs))

Infrastructure Improvement and Innovation

Conduct ongoing, regular planning and recommendations for technology refresh and upgrades

Conduct technical reviews and provide documented recommendations for improvements to the infrastructure that increase efficiency and effectiveness and reduce costs to Transnet

Provide infrastructure installation and upgrade recommendations

Work with appropriate IT service delivery personnel to install new or enhanced Service Tower infrastructure components (e.g., hardware, software, middleware, utilities, peripherals, configurations)

Perform Configuration Management and Change Management activities related to Implementation

Participate in regular planning for technology refresh and upgrades

Approve plans for technology refresh and upgrades

Production Acceptance Criteria

Define Acceptance test criteria

Provide documented requirements and acceptance test criteria per approved requirements standards

Conduct and document End-User acceptance tests (UAT) plans and results

Participate in defining Acceptance test criteria

Review and approve all Acceptance test criteria

Ensure requirements meet security policies

Approve UAT plans and results

Project Management Services

Transnet may from time to time request that the Service Provider perform a discrete set of activities from and in

Project Management Approach

Utilise project management methodologies, knowledge, skills, tools, and techniques consistent with leading internationally recognised and accepted project management practices such as those contained in the Guide to the Project Management Body of Knowledge (PMBOK) or Prince2 or Project Lifecycle Process (PLP)

Maintaining applicable levels of industry knowledge to provide support of and recommendations for Projects

Define enterprise-level project management policies, procedures and requirements (e.g., project feasibility analysis, cost-benefit analysis, scheduling, costing, resource planning, communication planning, procurement, risk management and quality management

Perform project management review and oversight, and provide liaison function to Transnet and End-Users

TRANSNET




Service Entities

Responsibility


addition to the ongoing obligations in the Services (a “Project”).

In performing Projects and providing Project Management Services Service Provider shall apply best practices including with respect to its planning, execution and management of Projects.

Define Project Plan

Provide project definition and plan, identify major critical milestones, overall budgets and project deliverables

Provide, maintain and update detailed project planning, identify critical path dependencies.

Approve project plan

Manage Execution of the Project Plan

Manage, follow up and track execution of project plan.

Perform project management review and oversight, and provide liaison function to Transnet and End-Users

Monitor Project Progress

Report on project progress, budget, risk, issues Review and escalate any issues risks etc. for action to higher governance authorities as required

Acquisition and Management

The acquisition and management process includes the purchase of all service equipment, including new equipment, upgrades to existing equipment, or purchases resulting from a service or repair request. Also maintains buying catalogue, execution of purchase orders, provides quotations, deals with goods handling.

Policies and Process

Develop, document and maintain in the Standards and Procedures Manual Acquisition and Management procedures that meet requirements and adhere to defined policies

Define Acquisition and Management requirements and policies

Establish audit procedures to ensure compliance with leading practices and best pricing

Review and approve acquisition Acceptance process and procedures

Quotations Provide quotation for service requests that are not included in the base service cost

Review and approval/rejection of quotations

Vendors Contract Management

Develop and issue acquisition requests for Service Provider owned service tower components as required

Evaluate proposals against clearly defined objective criteria

Negotiate contracts for Service Provider-purchased/leased service Tower components

Develop and maintain list of provider preferred suppliers/vendors

Develop and issue acquisition requests for Transnet owned service tower components as required

Evaluate proposals against clearly defined objective criteria

Negotiate contracts for Transnet-purchased/leased service schedule (Tower) components

Develop and maintain list of Transnet preferred suppliers/vendors

Procurement Manage the ordering, procurement, contract management, and delivery processes in compliance with Service Provider procurement and acceptance

Manage the ordering, procurement, contract management, and delivery processes in compliance with Transnet

TRANSNET




Service Entities

Responsibility


processes for Service Provider purchased/ leased tower related components

Manage and track Service Provider purchase orders and service orders

Ensure that all new components and software provisioned are included in the asset management system

Register Extended warranties with vendors as per the vendors process

procurement and acceptance processes for Transnet purchased/leased tower related components

Manage and track Transnet purchase orders and service orders

Standards Compliance

Ensure that new equipment/ hardware complies with established Transnet IT standards and architectures

Maintain buying catalogue based on architecture standards

Review and approve selection of hardware platform types to be installed in Transnet facilities and software to be installed on Transnet hardware

Goods Handling and Warehousing

Provide equipment warehousing and logistics

Packaging and transportation of equipment

Establish and maintain appropriate equipment sparing requirements and spares inventory levels to meet SLR obligations

Provide secure facilities for Transnet on-site storage if required

Auditing Perform periodic audits of procurement procedures Assist in periodic audits of procurement procedures

Training and Knowledge Transfer

Services consist of the following: Provision of training for the improvement of skills through education and instruction for Service Provider personnel and managed employees.


Develop and document training and knowledge database requirements and policies

Develop and document procedures that meet training requirements and adhere to defined policies

Develop and implement knowledge transfer procedures to ensure that more than one individual understands key components of the business and technical environment

Participate in development of and review and approve training requirements

Approve training procedures

Develop Knowledge Transfer Programme

Develop program to instruct Transnet personnel on the provision of the services (e.g., “rules of engagement”, requesting services)

Develop and document training requirements that support the ongoing provision of the services, including refresher courses as needed and instruction on new functionality

Approve Service Provider developed training program

Approve knowledge transfer implementation procedures

TRANSNET




Service Entities

Responsibility


Service Provider will participate in any initial and on-going training delivered by Transnet, as required by Transnet, which would provide a learning opportunity Transnet’s business and technical environment. Provision of training for Transnet’s retained technical staff (including the retained personnel) for the express purpose of exploitation of the

functions and features of Transnet’s computing environment. Delivery methods may include classroom style, computer-based, individual, or other appropriate means of instruction. Provision of Transnet-selected classroom-style and computer-based training (case-by-cases basis) for standard Commercial-off-the-Shelf (COTS) applications, including new employee training, upgrade classes and specific skills.

Service Provider Training

Participate in Transnet delivered instruction on the business and technical environment

Take training classes as needed to remain current with systems, software, features and functions for which Service Provider Help Desk support is provided in order to improve service performance (e.g., First Call Resolution)

Provide instruction material pertaining to Transnet business and IT strategy that is relevant to the service provider

Develop and Maintain Training Material

Develop, implement and maintain a Transnet accessible knowledge database/portal

Provide training materials for Transnet technical staff for Level 1 supported applications

Provide training to IT personnel and users on request when substantive technological changes as defined by Transnet (e.g. new systems or functionality) are introduced into the Transnet environment to facilitate full exploitation of all relevant functional features

Provide ongoing training materials for Help Desk personnel on Transnet business and technical environments

Provide Transnet selected classroom-style and computer-based training (case-by-cases basis) for standard Commercial-off-the-Shelf (COTS) applications (quotable by the service provider)

TRANSNET




Service Entities

Responsibility


Documentation

Documentation Services are the activities associated with developing, revising, archiving, maintaining, managing, reproducing, and distributing Tower information (e.g., project planning materials, System design specifications, Procedures Manuals, operations guides) in hard copy and electronic form.

Define Document Requirements

Identify and recommend documentation requirements

Specify the content, purpose, format and production schedule of all documents

Participate in identifying service documentation requirements

Approve recommended documentation requirements, formats and production schedules

Document Provision

Provide timely creation, updating, maintenance and provision of all appropriate project plans, project time and cost estimates, technical specifications, management documentation and management reporting in a form/format that is acceptable to Transnet for service tower projects and major service activities

Provide Transnet with a copy of or access to any Service Provider (or Third Party-supplied) documentation (including updates thereto) for any new, enhanced or modified in scope service tower infrastructure installed by the Service Provider

Manage all documentation in accordance with Configuration Management standards and guidelines

Review and approve documentation as needed

Document Transfer

Provide full documentation of the entire infrastructure upon the end of the contract period.

Verify completeness of documentation provided

Technology Refresh and Replenishment

Technology Refreshment and Replenishment (TR&R) Services are the activities associated with modernizing the services infrastructure on a continual basis. Technology Refreshment and Replenishment (TR&R)


Participate and recommend TR&R life cycle management policies, procedures and plans appropriate for support of Transnet's business requirements

Develop, document and maintain in the Standards and Procedures Manual TR&R procedures and develop TR&R plans that meet requirements, adhere to defined policies and Change and Release Management processes

Define TR&R life cycle management policies, procedures and plans

Review and approve TR&R policies, procedures and plans

TR&R Implementation

Perform the necessary tasks required to fulfil the TR&R plans (defined by Equipment Refresh Policy)

Manage replenishment and decommissioning/disposal in accordance with Transnet approved policies and procedures if the equipment is determined to be in need of replacement

Periodically review the approved TR&R implementation plans to ensure they properly support Transnet's business requirements

TRANSNET




Service Entities

Responsibility


Services is a continual process for review of system components to ensure that the infrastructure stays current with evolving industry-standard technology platforms. This refers to upgrading existing equipment to new levels of technology and establishing a time frame for formal refresh of existing equipment based on agreed life cycles.

Reporting Provide management reports on the progress of the TR&R plans

Review reports during service management meetings

Asset Management

Asset Management Services are the activities associated with ongoing management and tracking of new and upgraded Network components (e.g., hardware, Software, circuits) in the Asset Management system. Minimum Asset Details to include: Manufacturer Model Serial number Asset identification number Asset location Ownership information Asset cost information Maintenance information and history including the age of the Asset


Develop, document and maintain in the Standards and Procedures Manual Asset Management procedures that meet requirements and adhere to defined policies

Define Asset Management requirements and policies Review and approve Asset Management procedures

Storage Facilities

Manage stores function Provide facilities within reason

Asset Management System

Deploy and manage an Asset Management system that meets Transnet's requirements and adheres to defined policies

Review and approve system design and reporting capabilities

Asset Record Definition

Develop Asset type list and minimum information requirements that would be included in the Asset Management system

Review Asset type list and maintain Asset types in the Asset Management system

Asset Life Cycle Management

Input, maintain, update, track and report all in-scope assets throughout the asset life cycle (e.g., acquisition to retirement)

Maintain the accuracy related to all Change activities (e.g., Install/Move/Add/Change activities, Break/Fix activities, company reorganization and Change

Provide the Service Provider with accurate asset information for Transnet purchased assets that will be managed by the Service Provider

TRANSNET




Service Entities

Responsibility


Warranty information Other billing information (e.g., lease information, Transnet-specific information) Transaction edit history (e.g., locations, billing and user)

Management) of the data of in-scope assets in the Asset Management System according to SLRs

Advise Transnet in a timely manner of expiration of equipment leases

IT Asset Cascading and Disposal

Store equipment removed from active service until redeployed

Dispose of equipment no longer required in compliance with Transnet ’s property disposal and/or investment recovery policies and procedures

Document changes to inventory use and configuration

Assist Service Provider with the disposal of equipment

Asset Audit and Deficiency Remediation

Perform ongoing Asset audit, in accordance with Asset Management SLRs, to validate that data in the database is accurate and current and Transnet has information that Transnet requires for internal chargeback systems

Provide reports of Asset Management audit results Provide and, upon Transnet approval, implement Asset Management remediation plan for Asset Management deficiencies

Any Transnet requested manual service inventory task to be treated as a quotable project

Periodically review and approve audit reports and remediation plans of Asset inventory management information

Reporting Provide Transnet inquiry and reporting access into the asset Management System for all in scope assets

Provide electronic feed file of asset data for various internal Transnet systems (e.g., financial system, Transnet internal billing system)

Provide list of users requiring Asset Register access.

TRANSNET




Service Entities

Responsibility


Financial/ Chargeback Management and Invoicing

Financial/Chargeback Management and Invoicing Services are the activities associated with providing data that allows Transnet to charge back its internal business units for actual usage of IT Resources and to receive accurate invoices that meet Transnet's requirements.


Develop, document and maintain in the Standards and Procedures Manual Financial/Chargeback Management and Invoicing procedures that meet requirements and adhere to defined policies

Define Financial/Chargeback Management and Invoicing requirements and policies

Review and approve Financial/Chargeback Management and Invoicing procedures

Invoicing and Reporting

Provide invoices per Transnet requirements

Provide chargeback reports

Review and approve invoices

Review and approve chargeback reports

Providing Service Provider such information as it may reasonably request in order for it to perform charge-back.

End-User Satisfaction Management

Consistent with the Master Services Agreement, Transnet and the Service Provider shall establish a mutually agreed-upon End-User Satisfaction survey that may be facilitated by a Third Party and designed with Transnet and Provider input.

End-User Satisfaction Surveys

Define the End-User Satisfaction Survey process, questionnaires, methods and deliverables

Conduct end-user satisfaction survey

Participate in defining the End-User Satisfaction Survey process, questionnaires, methods and deliverables

Reporting The Service Provider (or designated Third Party) shall provide semi-annual reporting of the results of Transnet business End-User Satisfaction Surveys, integrating the results of ongoing End-User Satisfaction surveys for each IT Service Tower.

Review results of End-User Satisfaction Surveys as part of the Performance Management Process

Dissatisfaction Resolution Planning

Participate in identify any areas of End-User dissatisfaction.

Develop an action plan to Resolve End-User dissatisfaction.

Identify any areas of End-User dissatisfaction

Participate input into developing a project plan to resolve End-User dissatisfaction

Approve the action plan

TRANSNET



Table 2. Service Delivery Activities


Service Entities

Responsibility


2.3 Service Operations and Support Activities

Operations and Administration Services are the activities associated with providing a stable IT System infrastructure and to effectively and efficiently perform procedures to ensure the Services meet the Service Level Performance Targets and requirements

Requirements and Management Tools

Establish and document comprehensive operational processes, procedures and supporting management tools for the effective and efficient operations of the service tower infrastructure


Provide operations requirements and policies, including schedules for the operation of Tower components

Define and develop operational documentation requirements (run books, contact lists, operations scripts, etc.)

Participate in developing operations procedures that meet requirements and adhere to defined policies

Approve operations policies and procedures, documentation and reporting

Implement System Management Tools

Install and configure system management tools in such a fashion that incidents, issues and events are proactively identified, reported and resolved according to prescribed Service Levels

Allow Transnet read only real-time access to the event console tools

Participate in developing requirements and operation procedures for the system management tools.

Monitor Transnet managed services

Reporting Develop and provide operational reports (daily, weekly, monthly) that provide status of operational activities, production issues, and key operational metrics

Review operational reports

Service Maintenance and Repair

Maintenance and repair services are the activities associated with the maintenance and repair of service tower elements (e.g. hardware, software, etc.) to include "Break/Fix" (hardware, software), software revision


Develop, document and maintain in the Standards and Procedures Manual

Maintenance procedures that meet requirements and adhere to defined policies

Ensure appropriate Maintenance coverage for all service sites and infrastructure components

Define Maintenance requirements and policies

Define dispatch requirements and point-of-service locations that are Transnet locations

Office Space and Facilities

Provide Service Recipient with office requirements Provide suitable office space for Service Provider On-site personnel within reason

Maintenance Planning

Develop Maintenance schedules Review and approve Maintenance procedures and schedules

Service Component Maintenance and Repair

Provide maintenance and Break/Fix (hardware & software) support in Transnet’s defined locations, including dispatching repair technicians to the point-of-service location if necessary

Conduct Maintenance and parts management and monitoring during warranty and off-warranty periods

On equipment owned by Transnet the maintenance contract and SLA should be aligned e.g. 24x7 maintenance for 24x7 service requirement

TRANSNET




Service Entities

Responsibility


maintenance and diagnostic services.

Perform diagnostics and maintenance on tower service components including hardware, software, peripherals and special-purpose devices as appropriate

Replace defective parts including preventive maintenance, according to the manufacturer’s published mean-time-between failure rates

Equipment Failure Tracking and Corrective Actions

Monitor, track, and analyze equipment failures to identify any emerging or developing trends that will have negative impact on operational performance and develop recommendations on corrective action plans

Implement corrective action plans for those corrective actions that do not require prior review and approval from Transnet

Provide Transnet with management reports with recommended corrective actions plans for those corrective actions that require Transnet approval prior to undertaking such corrective action

Implement approved corrective action plans

Monitor and report on the success of the corrective actions

Review management reports and approve recommendations for corrective actions, where appropriate

Software Revision Maintenance

Perform maintenance and software revision software distribution of manufacturer field change orders, patches, service packs, firmware and software maintenance releases, etc.

None

Reporting Provide monthly reporting of Service Tower maintenance statistics

Review during monthly Service Tower Account and Service Delivery Meetings

Incident Management

The activities associated with restoring normal service operation as quickly as possible and to minimize the adverse impact on Transnet business operations, thus ensuring that the best possible levels of service

Requirements, Policies, Process and Procedures

Develop, document and maintain in the Standards and Procedures Manual Incident Management procedures that meet requirements and adhere to defined policies

Establish Incident workflow, escalation, communication and reporting processes that help to achieve the SLR requirements

Participate in defining Incident Management requirements and policies

Review and approve Incident Management procedures

Review and approve Incident classification, prioritization and workflow, communication, escalation and reporting processes

Single Point of Contact

Provide a single point of contact telephone number for all Service related queries, service requests, logging and clearing of all IT Data Services related incidents.

None

Incident Management

Scenario 1

Use Service Provider owned Incident Management system Provide Incident Management reporting requirements Scenario 1

TRANSNET




Service Entities

Responsibility


quality and availability are maintained.

and Tracking System

that tracks incidents

Service Provider shall provide for simultaneous record creation and updates in Transnet’s Incident tracking system for the Incidents tracked and managed by Service Provider, mirroring instantaneously in real time in the Transnet Incident tracking system the record creations and updates in Service Provider’s Incident tracking system.

Scenario 2

Implement and utilise the Transnet owned Incident Management System

Implement the necessary infrastructure to effectively support the Incident Management and Tracking system.

Assist with the integration of the Service Providers Incident Management System into Transnet’s system

Scenario 2

Architect and select system that allow for the effective incident management of the service tower infrastructure components.

Operational Incident Management

Implement measures for proactive monitoring and self-healing capabilities to limit service outages

Perform event management monitoring of the Services to detect abnormal conditions or alarms, log abnormal conditions, analyse the condition and take corrective action

Manage entire Incident life cycle including detection, diagnosis, status reporting, repair and recovery

Coordinate and take ownership of incident resolution by managing an efficient workflow of incidents including the involvement of Third Party providers (e.g., vendors).

Assign problems to L2 & L3 technical maintenance and repair staff as required

Periodically review the state of open Incidents and the progress being made in addressing these incidents.

Regular feedback by phone, e-mail or SMS to Transnet regarding the restoration progress

Interface with Help Desk(s) and Transnet for Incident Management activities

Manage and coordinate subcontractors and third parties in order to meet resolve problems

Participate in Incident review sessions and provide listing and status of Incidents categorized by business impact

Transnet to report all service related incidents to the Service Provider Help and Service Desk

Completion and Closure of Incidents

An Incident will not be resolved until all updates have been made to the CMDB to reflect the final resolution of the Incident, any Changes, the date and time of resolution, the final classification and priority of the Incident, the Services/End Users/functions that were affected, the CIs

Authorise Close of Transnet-initiated Incidents and supply the Service Provider with a reference number

TRANSNET




Service Entities

Responsibility


identified as the cause of the Incident, and any workarounds.

When an Incident has been resolved, Service Provider will record the Incident as resolved and communicate this fact to Transnet.

Service Provider shall participate in Incident post mortem and improvement activities to prevent the re-occurrence of the Incident and to improve the Incident Management process.

Improvement Planning

Identify possible enhancement opportunities for improved operational performance and potential cost savings

Implement approved projects to implement enhancement opportunities

Review and approve projects to implement enhancement opportunities

Incident Management Outputs

The outputs of Incident Management Services include:

Incident Management Procedures;

Up-to-date electronic records in the Incident tracking system (updated with information about each Incident relating to status, solutions, and workarounds);

Requests for Change (RFCs) implemented to resolve Incidents; and

Management information relating to Incident Management Services as requested by Transnet from time to time (e.g., status, updates, efficiency and effectiveness, other management or performance metrics).

Review of Incident Management outputs

Reporting Provide status report detailing the Incident Management logs. This shall include, but not be limited to, a daily report by Operating Division and geographical area on Incidents that have not yet been Resolved and are beyond the resolution target time.


Problem Management Services

Problem Management is the process responsible for managing the lifecycle of all


Develop, document and maintain in the Standards and Procedures Manual Problem Management and Root Cause Analysis processes and procedures that meet requirements and adhere to defined policies

Service Provider shall incorporate Transnet’s comments on such procedures and include such revised procedures in the Standards and Procedures Manual promptly.

Define Problem Management requirements and policies

Review and approve Problem Management process and procedures

Review and approve RCA procedures

Problem Management

Scenario 1

Use Service Provider owned Problem Management system Provide Problem Management reporting requirements Scenario 1

TRANSNET




Service Entities

Responsibility


problems. The primary objectives of Problem Management are to prevent problems and resulting incidents from happening, to eliminate recurring incidents and to minimize the impact of incidents that cannot be prevented. Problem Management includes the activities required to diagnose the root cause of incidents and to determine the resolution to those problems. It is also responsible for ensuring that the resolution is implemented through the appropriate control procedures, especially Change Management and Release Management. Problem Management will also maintain information about problems and the appropriate workarounds and resolutions, so that Transnet is able to reduce the number and impact of incidents over time. In this respect, Problem Management has a strong interface with Knowledge Management, and tools such as the Known Error Database will be used for both.

and Tracking System

that tracks problems

Service Provider shall provide for simultaneous record creation and updates in Transnet’s Problem tracking system for the Problems tracked and managed by Service Provider, mirroring instantaneously in real time in the Transnet Problem tracking system the record creations and updates in Service Provider’s Problem tracking system.

Scenario 2

Implement and utilise the Transnet defined Problem Management System

Implement the necessary infrastructure to effectively support the Problem Management and Tracking system.

Assist with the integration of the Service Providers Problem Management System into Transnet’s system

Scenario 2

Architect and select system that allow for the effective problem management of the service tower infrastructure components.

Problem Identification, Classification and Recording

Be responsible for identifying, classifying (per defined priority levels)and promptly logging problem records relating to issues within the Service Environment that the Service Provider becomes aware of in the course of the performance of the services

Associate Incidents caused by one or more Problem(s) with such Problem(s), including Incidents that recur or are expected to recur, as well as any single significant Incident.

These priority levels shall be updated to reflect any changes during the resolution of the Problem. For example, new Incidents may increase the Impact and Urgency, and accordingly Priority, of a Problem.

Define Incident and Problem priority levels

Problem Investigation and Resolution

Use Commercially Reasonable Efforts to proactively prevent Problems, including by means of performing trend analysis and identifying potential Incidents before they occur

Identify and investigate weaknesses of infrastructure components.

Correctly identify, investigate and diagnose each Problem to achieve resolution.

If a temporary fix requires modification of infrastructure, Service Provider shall implement it in accordance with the Change Management Procedures.

Flag all Incidents that require Root Cause Analysis per the agreed to procedures

Conduct a formal root cause analysis to identify the origin

Assist in finding root cause of problems which may fall outside of Service Provider area of responsibility but has an impact upon services.

Approve corrective actions or solutions to address recurring problems or failure

Review Known Error Records that have reached the end of their monitoring period, and reassess the Problem and the implemented solution.

TRANSNET




Service Entities

Responsibility


of each Problem that: (i) gave rise to a Service Level Failure; (ii) result from a Major Incident; or (iii) repeat Incident.

Document the root cause and the corrective actions required to prevent a recurrence of the Problem which will be recorded as a Known Error, including an estimate of the costs (if any), timelines and benefits of the proposed solution.

Conduct proactive trend analysis to identify recurring Problems and predict future Problems and points of failure, where practical, from occurring or developing

After a solution has been successfully implemented create/update the knowledge records for Problems and where necessary provide any training required to Transnet's Service Desk to support this knowledge.

Participate in cross-functional Problem determination activities, including facilitating Problem Management review and Problem Management investigation meetings as reasonably required by Transnet.

Adhere to the mutually agreed Problem escalation path for each Problem priority level.

Take ‘ownership’ for all Problems assigned to Service Provider by Transnet, including using Commercially Reasonable Efforts to manage Third Party Suppliers where necessary in order to determine the root cause of or resolve the Problem.

Monitor and manage Known Errors until they are successfully resolved (‘Error Control’). Service Provider shall perform Error Control in accordance with the Change Management Procedures and evaluate the changes in a Post-Implementation Review (PIR).

Problem Closure and Post-Implementation Review (PIR)

When they are resolved, record Problems and Known Errors as resolved.

Once implemented, all Changes to resolve Problems and Known Errors shall be reviewed in a Post-Implementation Review (PIR).

For Problems designated as major, in Transnet’s reasonable judgment, a separate Major Problem Review

Transnet will not close the Problem until (i) the PIR has been completed, (ii) any other steps mandated in the Standards and Procedures Manual have been completed, and (iii) the Parties agree (acting reasonably) that the Change(s) was (were) implemented in such a fashion so as to Resolve the Problem or Known Error.

TRANSNET




Service Entities

Responsibility


shall promptly be undertaken jointly by Service Provider and Transnet to identify:

what was done well;

what was done badly;

how it can be done better the next time; and

further steps the Service Provider should take to prevent a recurrence.

Reporting Provide Transnet with a daily report detailing problems raised, a clear description of the problem, the associated impact, the number of incidents related to the problem, open/closed status of problem and actions taken by the Service Provider to resolve the problem.

Service Provider’s obligations shall include:

Alerting Transnet of any Problems in accordance with the Service Levels; and

At Transnet’s request, providing a preliminary report of the Problem on an expedited basis to Transnet.

Review status report as part of the daily operational meetings

Root Cause Analysis

Root Cause Analysis Services are the activities associated with diagnosing and analyzing the root cause of a Problem and/or trends, and recommending and taking corrective measures to prevent the reoccurrence of such Problems and/or trends.


Develop policies and procedures for Root Cause Analysis (e.g., events that trigger an RCA)

Define RCA requirements and policies

Review and approve RCA procedures

Problem Tracking and Analysis

Conduct proactive trend analysis to identify recurring Problems and predict future Problems and points of failure, where practical, from occurring or developing

Track and report on recurring Problems and trends or failures and identify associated consequences of problems

Flag all Incidents that require Root Cause Analysis per the agreed to procedures

Recommend corrective actions or solutions to address recurring Problems or failures

Approve corrective actions or solutions to address recurring problems or failures

Reporting Provide status report detailing the root cause of and procedure for correcting recurring Problems and Severity Levels 1 and 2 Incidents until closure as determined by Transnet


TRANSNET




Service Entities

Responsibility


Performance Management

Performance Management Services are the activities associated with tuning Service Tower components

for optimal performance.

Requirements, Policies Procedures

Develop, document and maintain in the Standards and Procedures Manual Performance Management procedures that meet requirements and adhere to defined policies

Define Performance Management requirements and policies

Review and approve Performance Management process and procedures

Infrastructure and Tools

Define, develop and implement tools that allow for the effective performance monitoring of the service tower infrastructure components

Define performance management reporting requirements

Performance Monitoring and Tuning

Perform service tower infrastructure component tuning by proactively evaluating, identifying and recommending configurations or changes to configurations to maintain optimum performance to meet performance SLRs in accordance with Change Management procedures

None

Performance Improvement Planning

Develop and deliver improvement plans as required to meet SLRs

Implement improvement plans and coordinate with Third Parties as required

Provide technical advice and support to the application maintenance and development staff as required

Review and approve improvement plans

Reporting Provide monthly reporting of Service Tower component performance, utilization and efficiency


Capacity Management

Capacity Management Services are the activities associated with ensuring that the capacity of the service tower infrastructure components matches the evolving demands of Transnet business in the most cost-effective and timely manner. The process encompasses the following:


Establish a comprehensive Capacity Management planning process

Recommend a service component capacity thresholds required to consistently meet service level obligations

Develop, document and maintain in the Standards and Procedures Manual Capacity Management procedures that meet requirements and adhere to defined policies

Review and approve Capacity Management planning process and procedures

Review and approve service component capacity planning thresholds


Define, develop and implement tools that allow for the effective capacity monitoring/trending of the service tower systems software and IT infrastructure components

Define capacity management reporting requirements

Monitoring and Management

Assess capacity impacts when adding, removing or modifying applications

Recommend changes to capacity to improve service performance

Assess impact/risk and cost of capacity changes

Continually monitor infrastructure component resource usage

Identify future business requirements that will alter capacity requirements and inform the Service Provider

Participate in all capacity planning activities

Approve capacity-related change recommendations, as appropriate

Validate infrastructure asset utilisation and capital efficiency

TRANSNET




Service Entities

Responsibility


Monitoring of performance and throughput of IT Services and supporting IT components

Understanding current demands and forecasting for future requirements

Developing capacity plans which will meet demand and SLRs

Conducting risk assessment of capacity recommendations

Identifying financial impacts of capacity plans

Undertaking tuning activities

Assess incidents/problems relate to throughput performance to enable proactive identification of capacity and performance issues

Capture trending information and forecast future Transnet capacity requirements based on Transnet-defined thresholds

Maintain capacity levels to optimize use of existing infrastructure resources and minimize Transnet costs to deliver Services at agreed-to SLRs taking into account daily, weekly and seasonal variations in capacity demands

Reporting Provide asset utilisation and capacity/trending reporting Validate asset utilization & capital efficiency based upon reporting during Account and Service Delivery meetings

Configuration Management

The purpose of Configuration Management is to:

Identify, control, record, report, audit and verify configuration items, including versions, baselines, constituent components, their attributes, and relationships

Account for, manage and protect the integrity of configuration items through the service lifecycle by ensuring that only


Develop, document and maintain in the Standards and Procedures Manual Configuration Management procedures that meet requirements and adhere to defined policies.

Incorporate Transnet’s comments on such procedures and include such revised procedures in the Standards and Procedures Manual promptly.

Define Configuration Management requirements and policies

Review and approve Configuration Management procedures

Periodically Audit Configuration Management process for completeness

Approve Configuration Management CI records and Systems interface/data transfer requirements

Configuration Management Database (CMDB)

Prepare a work plan (the ‘CMDB Plan’) to implement the CMDB regardless of chosen scenario.

Scenario 1

Use Service Providers own CMDB

Responsible for designing, populating, maintaining and updating an aggregate, single, consolidated Configuration Management database for Transnet, including all configuration items (‘CIs’) that are to be provided or otherwise managed by Service Provider (the ‘CMDB’). The CMDB shall be hosted by Service Provider and Service Provider shall provide all database administration, maintenance and support for the CMDB. Service Provider

Review and approve Configuration Management database and reporting capabilities

Scenario 1

Review and approve Configuration Management data elements and Systems interface/data transfer requirements.

Scenario 2

Architect and select tools that allow for the effective management of service component configurations

Provide the CMDB system and sufficient licensing for use by the Service Provider

TRANSNET




Service Entities

Responsibility


authorised components are used and only authorized changes are made

Ensure the integrity of the configurations required to control the services and IT infrastructure by establishing and maintaining an accurate and complete Configuration Management Database (CMDB).

Note:

Transnet requires that Service Provider establish within the Transition Period real time, electronic connectivity between the systems that Transnet and the SPOC use for configuration management.

shall design, populate, maintain, and update the CMDB so that it:

(a) is an effective configuration management tool addressing topics typically addressed in such configuration management systems including type, ownership status, age, functionality, configuration and the like;

(b) is consistent with ITIL; (c) is an electronic, enterprise-wide integrated tool that

is capable of: (i) providing output in common non-proprietary format (e.g., CSV, XML); (ii) facilitating data import into tools specified by Transnet; and (iii) reconciliation with the Transnet CMDB.

(d) conforms to Transnet’s Technology Standards as such Technology Standards may be updated from time to time;

(e) permits Transnet to query the database in real-time, create ad hoc reports, and provide data output to Transnet in user configurable formats; and

(f) highlights changes to CIs and tracks deviations from any pre-defined standards or baselines for such items.

Scenario 2

Use Transnet’s CMDB the Service Provider shall use the schemas and standards defined in the Transnet CMDB.

CI Relationships

The CMDB shall include information regarding the relationships between CI’s

Relationships must be maintained between each CI and the following records:

Change records (i.e., Change records currently or formerly open for the CI);

Problem records (i.e., Problem records currently or formerly open for the CI);

Incident records (i.e., Incident records currently or formerly related to the CI)

Provide standard relationship names

Naming Conventions and Labeling

Give each CI a unique and systematic name to ensure it can be distinguished from other CI’s. In this regard, employ the naming conventions employed by Transnet.

Provide the IT component naming convention standards and guidelines

TRANSNET




Service Entities

Responsibility


Status Accounting

Assign a status code to each stage in the lifecycle of a CI (e.g., Requisition, Under Configuration, In Service, In Inventory, Out of Service, Transferred, Obsolete, etc.) that is consistent with the code employed by Transnet.

Record in the CMDB the date of each status change of each CI.

Maintain the status history of each CI in the CMDB

Naming conventions for status codes

Configuration Control

Keep the CMDB up-to-date. Whenever an activity changes the recorded characteristics of the CI, or the relationships between CI’s, promptly record the change in the CMDB

Changes to status or characteristics of CI’s can only be made through the Change Management Procedure.

A Change shall not be deemed to have been completed until the CMDB has been updated.

Use Configuration Management to control all CIs that are within the scope of this Agreement and shall ensure that each such item is recorded timely in the CMDB.

Update the CMDB upon the occurrence of any of the following actions: (a) a CI is added; (b) a CI changes its status; (c) a CI changes ownership; (d) a CI changes in relationship to another CI; (e) a CI is removed; (f) a CI gets other relationships with a service,

documentation or other CI’s; (g) a CI’s license is renewed or modified; (h) a CI’s details are updated after an audit; or (i) prior to using any new or replacement CI to perform

the Services.

Review change requests through the Change Management Procedure

Verification and Audits of the CMDB

Periodically conduct audits, using automated tools, where possible, to verify the accuracy of the details in the CMDB.

Conduct such audits as per the Configuration Management SLR’s and in the following situations:

(i) after the creation and population of the new CMDB; (ii) before and after Major Changes; (iii) after a Disaster.

Provide Configuration Management audit requirements

Periodically review and approve audit reports and remediation plans of IT Asset inventory management information

Transnet reserves the right to conduct such audits itself or through a Third Party designee.

TRANSNET




Service Entities

Responsibility


Any discrepancies found between the CMDB and the actual information about any CI must be logged as Incidents and must be investigated and dealt with retrospectively through the Incident Management Procedure (and, if necessary, the Problem Management Procedure and Change Management Procedure), including to determine if Change Management Procedures were bypassed

Reporting Provide Transnet Configuration Management reports as

required and defined by Transnet Review configuration management reports

Change Management

The activities associated with ensuring that standardised methods and procedures are used for efficient and prompt handling of all Changes, in order to minimise the impact of Change upon Service Quality and consequently to improve the day-to-day operations of Transnet. Change Management covers all aspects of managing the introduction and implementation of all Changes affecting the services and in any of the management processes, tools and methodologies designed and utilised to support the service components. The Change Management process includes the following process steps:


Participate in the development of the Change Management Standards and procedures

Comply with the Transnet Change Management Standards and procedures as reasonably amended by Transnet and notified in writing to the Service Provider from time to time

All Transnet in scope infrastructure changes will be submitted to Transnet's Change Management System

Define Change Management requirements and policies

Define and implement the Transnet Change Management Standards including the post change accountability process.

Establish change classifications, such as impact, priority and risk, and change authorisation processes


Provide Change Management System for Service Provider internal change management

Provide the Change Management System. To be used for Change Management of changes that would impact in the Transnet environment.

Change Planning

Document and classify proposed changes to the services, which shall include cost and risk impact and back-out plans of those changes and establish change management plans for major changes

Participate in Transnet Change Advisory Board meetings (as and when such meetings are called on reasonable notice) to include the review of planned Changes and results of Changes made.

Participate in the Technical Advisory Board as reasonably required by Transnet

In Transnet’s complete discretion authorise and approve scheduled changes or alter the schedule change requests as defined in the Change Management Standard

Convene a Change Advisory Board comprising of Transnet and Supplier representatives, which will review the business impact / benefit of each change (dependent on complexity) and approve or reject as appropriate

Convene a Technical Advisory Board comprising of Transnet and Service Provider representatives.

Implement Approved Changes

Notify Transnet affected clients of change timing and impact

Determine change logistics and implement change and adhere to detailed change management plans

Schedule, manage and execute change according to change classification, including carrying out all actions required to support the change.

Conduct user acceptance tests, as required

Perform quality control audits and approve change control results

Advise the Service Provider of any fixes or back-out requirements for changes as and when needed.

TRANSNET




Service Entities

Responsibility


Request process

Recording/tracking process

Prioritisation process

Responsibility assignment process

Impact/Risk assessment process

Review/approval process

Implementation process

Verification (test) process

Release process

Closure process

Modify Configuration database, Asset management items and Service catalogue (if applicable) to reflect any implemented Changes

Subsequent to first time changes promptly (and in any event within 5 days) update the knowledge database to identify both successful and unsuccessful changes

Verify that Change met objectives and expected outcomes and resolve negative impacts from the change

Fix or back-out (at Transnet’s request) the change if the impact of the change does not meet the expected outcome

Monitor changes and report results of changes and impacts

Secure and maintain master copies of all new in-scope software versions in a secured Software library and update CMDB.

Quality Assessment

Conduct UATs as required

Follow the post change accountability process as documented in the Transnet Change Management Standards in the event that a Change causes a Priority 1 Incident.

Immediately investigate and report to Transnet any operational change that is undertaken in contravention of the Change Management Standards.

Implement processes, training, disciplinary and other necessary corrective actions to ensure that failures to adhere to the Change Management Standards are not repeated.

Perform Quality control audits and approve change control results

Release Management

Release Management Services are activities associated with providing a holistic view of a Change to a Service to ensure that all aspects of a release, both technical and non-technical,


Participate in the development of the Release Management Standards

Adhere to Release Management Acceptance Criteria based on the broader requirements of the Transnet Release Policy.

As part of the Release Management process, Service Provider will have access to, and raise requests for change on, Transnet's Change Management System (see Change Management Section).

Define release policies and standards for the testing and live environments

Define and implement the Transnet Release Management Standards including the post release accountability process.

Adhere to Release Management processes.

Release Planning

Release software and hardware into the testing environments for testing and live environment for live use according to the release criteria specified by Transnet. This

Maintain a consolidated Release Plan with a rolling 12 month view for the overall Transnet environment and provide Service Provider with a minimum 8 weeks

TRANSNET




Service Entities

Responsibility


are considered together and to plan and oversee the successful rollout of software, hardware and design and implement efficient procedures for distribution and installation of Changes. The activities also ensure that only correct, authorised and tested versions are installed and that changes are traceable and secure.

is subject to all design, build and configuration documentation being supplied to Transnet's Release Manager for approval prior to such release. This condition applies to all Project and operational releases.

Full testing shall include the handover of User Acceptance Testing results including providing code, scripts, release notes, deployment and installation guides, a test environment and test completion reports

In respect of the release process, will provide Transnet's Release Manager with the Release Management Plans.

Ensure that all Changes follow the Release Management process. Service Provider will provide, for all Service Provider owned components, the necessary back-out plans, change criteria and Acceptance Criteria for changes.

Release Manager will participate in Transnet's Change Advisory Board where allocation of release slots for testing are discussed and agreed (including emergency sessions for emergency changes).

Change Manager will attend the weekly Change Advisory Board where final decision on change into live environment is sanctioned.

visibility of requirements

Ensure that the Release Management process successfully delivers and deploys packages through the approved certification testing, UAT and pilot processes. This service will be accountable for the delivery and deployment of selected application packages for all in scope components (e.g. server, laptops, desktops etc.).

Approve changes to Releases.

Authorise each Release formally

Communication to end users to ensure adherence to the Release Policy.

Release Implementation

Implementation of toolsets to cater for mobile equipment such as tablets and smartphones.

Configure the toolset to endeavour to obtain maximum volume of data is released during the available time period.

Make software available to users via a profile-based software control and distribution system and control this within the Release Management System

Deploy software updates on all in-scope service devices following written authorisation from Transnet Release Manager

Update anti virus/spyware/malware signature files when released

Apply bug fixes obtained from software vendors for problems experienced

Provide Patch & Service Pack Management

Provide application software release updates

Maintain accurate records of levels of microcode, firmware

At its sole discretion make a decision to backout a Release.

In the event of a failed testing or live distribution, Transnet's Release Manager will advise of the next available appropriate release slot.

TRANSNET




Service Entities

Responsibility


and software of all service tower components deployed.

Emergency Release Implementation

Perform the following functions for Emergency Releases at Transnet's request:

Raise an Operational Change Record in accordance with the Change Management Service.

Deploy the Release following written authorisation from Transnet Release Manager.

Back out the Release if, in Transnet's opinion, the Change has not been successful.

Distribute emergency and standard patches according to current Transnet standards.

Test patches according to approved testing standards prior to their release unless otherwise directed by Transnet.

Conduct software deployment reviews

Where appropriate authorise each Release formally in writing to the Service Provider

Reporting On a monthly basis notify Transnet of devices, which are not current with the latest releases and table a recommended deployment schedule of steps to be taken to update it.

Review report at monthly Account and Service Delivery meetings

TRANSNET




Service Entities

Responsibility


Software Asset Management

The activities associated with the acquisition and ongoing tracking and management of the financial, physical, licensing and contractual aspects of software assets throughout their life cycle.


Develop, document and maintain in the Standards and Procedures Manual Software Asset Management best practices, processes and procedures that meet requirements and adhere to defined policies.

The following SAM processes need defining: o Inventory management and reporting o Entitlement management o Consumption management o Reconciliation and reporting o Investigation and reporting o Remediation and reporting o Renewals management o Audit management

Define Software Asset Management requirements and policies

Review and approve Software Asset Management processes and procedures

Contracts and licensing information

Manage the contract information

Perform initial load of licensing information and perform initial inventory to license entitlement reconciliation

Prove the Service Provider with all necessary contract information for in scope software assets that need to be managed.

SAM Tools Select, configure and implement SAM applications and database(s)

Design and develop interfaces for sharing SAM data with Transnet systems

Provide functional guidelines and asset record detail requirements for software asset management and licensing tools

Provide information and integration requirements for SAM data.

Software Life Cycle Management

Develop and maintain inventory of all software licenses

Maintain relationship between discovered inventory data and license entitlement records

Manage entitlement and consumption, reconcile, investigate and remediate misalignments

Perform Demand Management

Perform Renewals Management

Obtain approval from Transnet for any license change or replacement

Assign licenses in SAM databases to comply with contract terms and license conditions

Assign licenses to Operating Divisions to support accurate chargeback and financial accountability for budgets and costs.

Assign licenses to enable license recycling and cost optimisation to meet budget reduction and cost-saving initiative

Review any changes recommended by the Service Provider

TRANSNET




Service Entities

Responsibility


Reassign unused existing licenses

Manage and maintain (e.g., monitor, track status, verify, audit, perform contract compliance, renew, reassign) software licenses and media through software license life cycle

Continuous Improvement

Perform continuous process improvement to improve the maturity and effectiveness of Software Asset Management

Review and approve improvement plans

Software License Negotiations

For Service Provider software, be responsible for negotiations.

Assist and provide software contract negotiations expertise

Lead and be accountable for any contract negotiations for Transnet licensed software

Software Contracts

For Service Provider contracts, be responsible for maintenance or upgrade costs and vendor relationship.

Coordinate Software license and maintenance agreement reviews, allowing for sufficient time prior to expiration for negotiation.

For Transnet-retained contracts, be responsible for maintenance or upgrade costs and vendor relationship

Responsible for all commercial aspects of license compliance for all Transnet owned licenses

Periodically review Software license and maintenance agreements

Licence Compliance

Manage and perform audits and reconcile the number of licenses to the number of installs

Provide recommendations to purchase additional license capacity, recommending alternatives, or curtailing usage where necessary and appropriate, to restore, or continue to maintain, license compliance

Identify and report license compliance issues to Transnet

Hold periodic reviews and ensure review is conducted 90 days prior to expiration of all Software and hardware license and maintenance agreements

Provide Service Provider with software license entitlements

Procure software licenses based on requests from the Service Provider to meet compliance obligations

Periodically review software license and maintenance agreements, allowing for sufficient time prior to expiration for negotiations

Identify and report license compliance issues to End-Users

Review license compliance issues with End-Users

Participate in periodic software reviews

Reporting Report any exceptions to vendor terms and conditions

Report on software usage and licensing compliance

Provide reports and recommendations to use in making Software acquisition and discontinuance decisions

Review and make decisions on reported usage and Service Provider recommendations

TRANSNET




Service Entities

Responsibility


Service Level Monitoring

Service Level Monitoring and Reporting Services are the activities associated with monitoring and reporting of Service delivery with respect to the Service Levels, which shall be performed consistent with this Service Tower. In addition, the Service Provider shall report systems management information (e.g., performance metrics, and systems accounting information) to the designated Transnet representatives in a format agreed to by Transnet.


Develop, document and maintain in the Standards and Procedures Manual Service Level Monitoring and Reporting procedures that meet requirements and adhere to defined policies

Define Service Level Monitoring and Reporting requirements and policies

Define and document Service Level requirements and agreements

Review and approve Service Level Monitoring and Reporting procedures

Service Improvements

Develop and deliver SLR improvement plans where appropriate

Implement SLR improvement plans

Report on SLR performance and improvement results

Review and approve SLR improvement plans

Review and approve SLR metrics and performance reports

Monitoring and Reporting

Measure, analyze and provide management reports on performance relative to SLRs

Coordinate SLR monitoring and reporting with designated Transnet representative and Third Parties

Provide Transnet portal access to performance and SLR reporting and monitoring system


TRANSNET




Service Entities

Responsibility


IT Service Continuity and Disaster Recovery

The activities associated with providing prioritised IT Service Continuity and DR Services for Transnet applications, and their associated infrastructure (e.g., CPU, servers, network, data and output devices, End-User devices). Provider must demonstrate that it will consistently meet or exceed Transnet’s Service Continuity and Disaster Recovery Services requirements. The DR service is dedicated to Transnet. There are no risks such as with traditional shared DR services, which are based on a first come first serve basis Manage and maintain the entire end-to-end ITSCM process for Transnet. The program includes daily initiatives, actions and work effort, to facilitate Transnet in ensuring that the service capability of the disaster recovery services residing in


Perform in-depth reviews of Transnet’s existing business continuity management policies, strategies, processes and procedures

Recommend best practices for IT Service Continuity and Disaster Recovery Services strategies, policies and procedures

Document IT Service Continuity and Disaster Recovery Services procedures that adhere to Transnet's requirements and policies

Establish processes to ensure DR plans are kept up to date and reflect Changes in Transnet environment

As needed, assist Transnet in other IT continuity and emergency management activities

Conduct ongoing alignment of the ITSCM plans with Transnet’s business continuity plans in accordance with the ITSCM policy and processes

Ongoing scrutiny and optimisation of the recovery process ensuring all SLAs are met ensuring alignment with service level management

Communicating and maintaining awareness of ITSCM objectives

Define Transnet’s Business Impact Analysis (BIA) for IT Service Continuity and Disaster Recovery Services strategy, and Transnet emergency management requirements and policies

Determine and define Transnet application criticality, availability, and recovery requirements pertaining to Transnet Critical Infrastructure

Define data (file system, database, flat files, etc.) replication, backup and retention requirements

Review and approve IT Service Continuity and Disaster Recovery Services procedures

Communicating and maintaining awareness of ITSCM objectives

DR Planning Provide advice and guidance to all areas of the business and IT on all continuity related issues

Provide business continuity subject matter expertise to assist in developing the DR plan to meet Transnet Business Continuity and Disaster Recovery requirements.

Plan shall include plans for data, backups, storage management and contingency operations that provide for recovering Transnet’s systems within established recovery requirement time frames after a disaster affects Transnet’s use of the services,

Plans for recovery of Service Provider-owned and provided systems and services that are critical for supporting Transnet business operations.

Plan to switch to standard mode of operation after a disaster event

Develop a hosting services plan to switch to standard

mode of operation after a disaster event.

Review and ensure that all risks and activities underpin and align with all business continuity management, risks and activities and are capable of meeting the agreed and documented targets.

Participate in defining the DR

TRANSNET




Service Entities

Responsibility


the disaster recovery data centre can be restored to a target level of serviceability in the event of a major capability outage or disaster.

Undertake quality reviews of all plans, associated procedures and ensure changes are incorporated into the testing

Assess potential service continuity issues

Undertake risk assessments for all new services (single points of failure and/or component failure impact assessments) against defined business objectives to optimise risks mitigation

Assess all changes weekly for their potential impact on the plans, including attendance at CAB meetings and conducting an assessment on any new services in accordance with the overall requirements of Transnet. Ensure plans are under very strict change and configuration management control

Maintain a recovery configuration 24x7x365

Submit the updated DR Plan to Transnet

Maintain Business Alignment

Conduct monthly DR Forum meetings with agreed Transnet business representatives to give an overview of all topics in the DR services agreement for risks containment and produce minutes for tracking purposes

Transnet business to participate in the DR Forum

DR Site Services

Maintain the DR Data centre services (environmental, physical security… etc). to include

An executive boardroom with LAN points & telephony. The boardroom serves as a crisis command centre.

The recovery location includes a back office environment with 10 seats (chair, LAN point, desk, telephone & desktop/PC).

Synchronous & Asynchronous data replication (SRM, Data Domain & TruCopy), off-site backups, exchange & AD are active and requires daily monitoring & reporting.

Provide ongoing UNIX, Wintel, Mainframe, Connectivity… etc administration & availability management -firmware, patches, etc. Ensure environment is current through retrofitting any changes in production environment to the DR environment.

Ongoing assessment and capacity management of hardware resources during upgrades ensuring disaster recovery resources are acceptable to Transnet

Provide Service Provider with information pertaining to and DR site requirements or changes in requirements

Periodically review the capability and capacity of the DR Site and infrastructure.

TRANSNET




Service Entities

Responsibility


DR Testing Conduct pre-test process to establish agreement on the scope and objective of the test

Perform scheduled IT Service Continuity, DR, and emergency management tests per Transnet-approved policies and procedures

Track and report IT Service Continuity and DR test results to Transnet

Develop action plan to address any issues arising from IT Service Continuity and DR testing results

Implement approved action plan and provide ongoing status until completion to Transnet’s satisfaction

Instigate and oversee all corrective actions are remediated emanating from all post-test analysis and recommendations

Execute plan to switch to standard mode of operation after a DR test

Test system operations to ensure full functionality

Secure, remove, and relocate all sensitive materials at the DR site

Schedule required test with the Service provider. Limited to 2 tests per annum roughly at 6 monthly intervals

Attend the pre-test and post –test meetings

Coordinate involvement of Operating Divisions for IT Services Continuity and DR testing

Participate in IT Service Continuity and DR tests

Review & approve IT Service Continuity and DR testing results

Review and act on recommendations in the test report(s) action plan

DR Event Notify Transnet in the event of a disaster situation, per DR policies and procedures

Initiate the DR plan in the event of a Service Provider DR situation and notify Transnet per DR policies and procedures

Provide all actions required to guarantee that Transnet system operations will be re-established within a predetermined service level time period

Coordinate with Transnet during a Service Provider DR situation per DR policies and procedures

Notify SP in the event of a disaster situation, per DR policies and procedures

Approve the switch to DR mode

Initiate the DR plan in the event of a Transnet DR situation per the DR policies and procedures

Return to Standard Mode of Operation

Roll back to move from a disaster recovery mode of operation to a

Continuously monitor the site or facility's fitness for reoccupation

Verify that the site is free from aftereffects of the disaster and that there are no further threats

Ensure that all needed infrastructure services, such as power, water, telecommunications, security, environmental controls, office equipment, and supplies, are operational

Execute plan to switch to standard mode of operation after a disaster event

Test system operations to ensure full functionality

Activate project plan to switch to standard mode of operation after a disaster event.

Confirm return to standard mode of operation after a after a disaster event.

TRANSNET




Service Entities

Responsibility


standard mode of operation

Arrange for operations staff to return to the original facility

Terminate DR Site operations

Secure, remove, and relocate all sensitive materials at the DR site.

Security Services

Security Services are the activities associated with physical and logical security of all Service components (hardware and Software) and data, virus protection, access protection and other Security Services in compliance with Transnet security requirements and all applicable regulatory requirements.

Security Incident Logging and Resolution

Log and report security violations to Transnet per Transnet policies and standards

Implement immediate measures to react to an identified security Incident and take actions to isolate and minimize the negative impact to the Transnet infrastructure in accordance with Transnet security procedures

Escalate and resolve security violations originating both externally and internally of the hosted Network(s) (e.g., denial of service attacks, spoofing, Web exploits) in accordance with Transnet security procedures

Resolve violations of security and security policy which are determined to be internal to the Service Provider

Resolve violations of security and security policy which are determined to be internal to Transnet

System Audit Logs

Real-time provision of all system audit logs to Transnet/nominated 3rd party

Provide Service Provider with system log requirements and integration into Transnet Security Intelligence Centre

Certificate Management

Provide solution and processes for the management of certificates.

Issuing

Renewal; and

Revocations

Request certificates for in scope services as required

Vulnerability Testing

Conduct security vulnerability scans & penetration testing as necessary to maintain current security posture using third party providers as necessary to demonstrate objectivity and validate results

Provide detailed reporting on Vulnerability Test & Penetration test results

Review testing results and escalate and define actions (sign-off of remediation plan) as required

Virus/Malware Control

Advise on good working practices to help prevent infection by viruses

When a virus is detected or suspected, carry out or advise on virus containment, checking and disinfection procedures

Promptly install upgrades to the virus protection program, on all appropriate servers. Notify Transnet of the new versions and provide recommendations for their use (if applicable)

Supply and approve virus protection software and virus protection programme

TRANSNET




Service Entities

Responsibility


Security Patches

Review all security patches ,“bug fix,” service pack relevant to the Transnet IT environment and classify the need and speed in which the security patches should be installed as defined by security policies, standards, and best practices

Install security patches, “bug fix,” service pack in accordance with Transnet security requirements, standards, procedures and policies

Approve production rollout of patch, “bug fix”, service pack installation and upgrades to the current installed version

Security Audits Provide technical expertise for security audits

Perform security audits every six months including a report of active user IDs, to be submitted to the Security Portfolio Manager and summarised in the monthly report

Maintain all documentation required for security audits and internal control and control testing

Maintain a central repository of log files in accordance with Transnet policies and Service Levels including application specific and System specific log files

Allow third party security audits as authorised by Transnet Security Services Function

Conduct risk assessment to identify control or security gaps

Perform periodic security audits

Directory Administration

Manage and administer the Enterprise Directory o Directory design best practices adhered to, signed off

by Microsoft o Manage the directory schema o Manage and operate the directory servers, replication

and overall health and stability of the directory o Administer the directory contents

Monitoring system event logs

Integrate the Enterprise Directory with external entities and systems as requested

Administer directory objects under Transnet business entity control for those divisions that have elected to do so

Access Monitoring

Monitoring contractor review dates (contractor access is usually granted for a 3 or 6 month term)

Monitoring overdue passwords (and following up to request password changes)

Monitoring privileged account use for server operating system, database and firewall (internal and external)

Monitoring log-in failures and other activity

Monitoring files share access and application access (usually ad hoc and at the owner’s request)

Monitor account usage

Provide timely information pertaining to contractor or any guest access requirements

TRANSNET




Service Entities

Responsibility


Intrusion Detection/ Prevention

Provide Intrusion Detection / Prevention Services and reporting

Allow for independent Intrusion Detection / Prevention Services

When an attack is detected or suspected, carry out or advise on immediate actions necessary for mitigating and remedying any problems and restoring full secure functionality with minimum Transnet impact

Develop recommendations for improved security methods as determined by IDS / IPS findings

Implement approved recommendations

Review and approve recommendations for improved security methods

Security Awareness Programme

Contribute, as requested, to Transnet in managing Transnet's “Security Awareness Programme” for Transnet

Implement a “Security Awareness Programme” that addresses the support and delivery within Transnet’s organisation

Reporting Generate reports as requested by Transnet Request reports as needed

TRANSNET


____________________________________________________________________________________________


2.4 Exclusions

The following items are specifically excluded from this statement of work:

a. None

3.0 Service Management

3.1 Objectives

A key objective of the Agreement is to attain Service levels with Service Credits where business is impacted through failure to meet Service performance requirements. SLRs are detailed in the following sections and those associated with Service Credits are identified in Attachment J —Service Credit Methodology of the Master Services Agreement.

The Service Provider shall provide written reports to Transnet regarding the Service Provider’s compliance with the SLRs specified in this Service Tower.

3.2 Definitions

Attachment V Appendix 1 - Service Tower Definitions.docx of the Master Services Agreement provides a list of definitions and terms that apply to this Service Tower and the following SLRs.

3.3 Service-Level Requirements (SLRs)

The following minimum Service levels are required at the end of the Transition Period. The Service Provider must consistently meet or exceed the following SLRs.

The Service Credit methodology and the identification of Service Levels associated with Service Credits are detailed in Attachment J—Service Credit Methodology of the Master Service Agreement.

3.4 Reports

Provider shall provide reports to Transnet regarding the Service Provider’s compliance with the SLRs. Reports are required per the following table:

Table 3. Cross Functional Services Reports

Report Description SLA Metrics Addressed Timing

Availability of Professional Services Personnel Professional Services Quarterly

TRANSNET



4.0 Referenced Appendix, Service and MSA Attachments

4.1 Appendix – Financial Responsibilities Matrix

Service Component

Asset Ownershi

p

Refresh Refresh Cycle

Upgrades / Enhancements

Party Responsible for Growth

Disaster Recovery (Services)

Infrastructure Provision for

Disaster Recovery

Maintenance & Support

CMDB

Scenario 1

Service Provider

Service Provider

5 years Service Provider Service Provider

Service Provider

Service Provider

Service Provider

CMDB

Scenario 2

Service Recipient

Service Provider

5 years Service Provider Service Recipient

Service Provider

Service Provider

Service Provider

Service Reporting Infrastructure

Service Provider

Service Provider


Service Provider

Service Provider

Service Provider

Service Catalogue Infrastructure

Service Provider

Service Provider


Service Provider

Service Provider

Service Provider

Asset Management See CMDB

Service Provider

Service Provider


Service Provider

Service Provider

Service Provider

Reporting Portal Infrastructure

Service Provider

Service Provider


Service Provider

Service Provider

Service Provider

Security Operations Centre Infrastructure

Service Provider

Service Provider


Service Provider

Service Provider

Service Provider

Vulnerability Management Infrastructure

Service Provider

Service Provider


Service Provider

Service Provider

Service Provider

TRANSNET


____________________________________________________________________________________________


Software1

Service Component License Fees 3rd Party Charges (Maintenance & Support)

Service

Recipient Service Provider

Service Recipient

Service Provider

Cross Functional Services

Public Key Encryption Infrastructure Software

Yes Yes

Patch Management and Software Distribution

Yes Yes

Help & Service Desk Scenario 1

Yes Yes

Help & Service Desk Scenario 2

Yes Yes

CMDB Scenario 1 Yes Yes

CMDB Scenario 2 Yes Yes

Antivirus licenses for Service Recipient owned servers where Service Provider is not responsible for server support

Yes Yes

Management Portal Software Yes Yes

All Service Recipient-owned application software

Yes Yes

Note: This Financial Responsibility Matrix will be completed with the preferred respondent during the Due Diligence phase of the evaluation and selection process.

1 Software included under the Service Provider columns represents the products to be implemented/continued with during the Transition Period and can be replaced by a functionally equivalent product during the term at the Service Providers election.

cross functional services tower for transnet v1 cross... · transnet cross functional services...

Documents