Information security is also part of the Service Integration and Management (SIAM).
An essential part of a multi-vendor landscape is to have an overview of what services you buy by which providers and how these services are used by business. What then is the big challenge? What do ITIL have in its framework?
When it comes to information security and ITIL, this is about how the confidentiality, integrity and access to information processed by the individual role or function. It is also about security design, testing and control. What can SIAM contribute with in this relationship?
How and who ensures continuous monitoring in accordance with laws, regulations and rules for the treatment of regulated information? How is the distribution of responsibilities? How to manage known demands and new requirements when companies are thinking more and more digitization and cloud-based solutions and provider landscape is changing faster and faster?
Suppliers depends on whether direct or indirect access to enterprise information and information systems to carry out agreed tasks.
Businesses should have physical and / or logical access to suppliers’ information when production and delivery processes should be controlled or monitored.
Consequences of constant changes is that both business and suppliers can cause security risks for each other.
In addition, this means that this type of risk must also be considered in relation to both their customers and other stakeholders.
Software Asset Management
A known problem is that suppliers alerts about “end of life” on custom software and terminate support, without the customers awareness of necessarily upgrade or replacement.
Service Integration and Management
What is it we seek to SIAM context? This is where we can use ITIL framework, and take this to the next level. This can be done through having structures suited Service Management tools and features to understand the relationship between Software Asset Management, Asset Management, Information Security Management, Access Management, Supplier Management, and how linking relationships between these areas.
Risk management of information security must be part of any organization’s daily life. All risks should be assessed and treated to ensure the implementation of appropriate measures. Managing risk, types of controls decided and then be able to track that this is something that are safeguarded should be part of all businesses every day.
Similarly, there is a safety check reveals gaps in service delivery from a vendor that is corrected with a fix. Similarly, if a security check reveals gaps in service delivery from a vendor that is corrected with a fix. Then it must be an ensured and controlled change and secure that users are actually up on the new version and that this is verified.
We in OptimiseIT have methodology for a systematic and comprehensive approach to this field. In our ranks we have expert knowledge on information security that can assist our clients in defining, implementing and managing threats. We assist in implementing the defined risk measures and ensure that they are safeguarded. We are a ServiceNow partner, a service management tool that covers all functional areas discussed.