Sample – Corporate Implementation Services
August 31, 2019Policy
Executive Summary
Corporate recognizes the importance of adherence to policies and procedures when implementing new customer projects. In an effort to mitigate both the Corporate risk as well Customer risk this Implementation Policy has been developed. The policy will serve as the implementation guidelines which will be utilized to support all new customer implementation projects. The Policy will be reviewed on a regular basis to ensure the implementation policy reflects business process and best practice implementation procedures.
This policy and the identified supporting controls will provide reasonable assurance that new system implementation projects are approved and accepted.
There are 5 implementation controls associated to this policy. They are as follows:
- Policies and procedures for implementing new Customer systems have been documented.
- Customer Implementation project is initiated and authorized by the customer sales order signature prior to initiating the build.
- Customer add on cloud service implementation project is initiated and authorized by customer sales order signature or ITSM ticket per applicable signed Cloud Services Schedule.
- Corporate Engineering personnel perform Quality Assurance (QA) testing for operating system and hardware infrastructure prior to delivering the new system to the Customer.
- Corporate issues a request for acceptance which is sent to the Customer for each project.
- Implementations for Customers subscribing to the Self-Managed Cloud Service and who have elected to convert to the ‘Manage Server Management’ option undergo a process to harden the server to be in compliance with Corporate required standards.
Controls
Corporate policy calls for 5 controls in support of new customer implementation projects. They are as follows and outlined below.
- Policies and procedures for implementing new Customer systems have been documented.
- Customer Implementation project is initiated and authorized by the customer sales order signature prior to initiating the build.
- Customer add on cloud service implementation project is initiated and authorized by customer sales order signature or ITSM ticket per applicable signed Cloud Services Schedule.
- Corporate Engineering personnel perform Quality Assurance (QA) testing for operating system and hardware infrastructure prior to delivering the new system to the Customer.
- Corporate issues a request for acceptance which is sent to the Customer for each project.
- Implementations for Customers subscribing to the Self-Managed Cloud Service and who have elected to convert to the ‘Manage Server Management’ option undergo a process to harden the server to be in compliance with Corporate required standards.
Performance indicators
Internal and external audits will be performed to ensure that for each customer project implementation, the following evidence is collected and retained:
- For customer add on cloud services, a signed sales order or ITSM ticket per applicable signed Cloud Services Schedule
- New implementation project Engineering Build QA Checklist
- Completion Notice/ Request for Acceptance email
- Control 1: Documented Policies and Procedures
- Control Description
- Policies and procedures for implementing new Customer systems have been documented.
Responsibility
- It is the responsibility of the Implementation Services Vice President to verify that the documentation exists and is properly maintained.
Control 2: Customer Authorization
Control Description
Customer Implementation project is initiated and authorized by the customer sales order signature prior to initiating the build. In the case of customer cloud services add on components customer initiation can be authorized by either a signed Sales Order document or a customer initiated ITSM ticket as allowed by the Corporate Cloud Services Schedule.
Responsibility
- It is the responsibility of the Corporate Deal-Pack team to complete this control.
- It is the responsibility of the Project Manager to verify that the Sales Order is signed by the customer and retained in the customer’s vault folder before build activities begin.
Control 3: Build Quality Assurance
Control Description
Corporate Engineering personnel perform Quality Assurance (QA) testing for operating system and hardware infrastructure prior to delivering the new system to the Customer.
Responsibility
- It is the responsibility of engineering resources to complete this control.
- It is the responsibility of the Vice President of Infrastructure Services to verify engineering resource compliance to this control.
- It is the responsibility of the Project Manager to verify that the Build QA Checklist has been completed by the engineer and saved in the SharePoint Customer Vault before hand-off activities begin.
Control 4: Customer Acceptance
Control Description
Corporate issues a Completion Notice/ request for acceptance which is sent to the Customer for each project.
Responsibility
- It is the responsibility of the Corporate Project Manager to complete this control.
- It is the responsibility of the Project Manager to verify that the Request for Acceptance has been sent and archived in the Customer SharePoint Vault before billing activities begin.
Control 5: Manage
Control Description
Implementations for Customers subscribing to the Self-Managed Cloud Service and who have elected to convert to the ‘Manage Server Management’ option undergo a process to harden the server to be in compliance with Corporate required standards. This process owned by Engineering.
Responsibility
- It is the responsibility of Engineering resources to complete this control.
- It is the responsibility of the Vice President of Customer Engineering to verify engineering resource compliance to this control.
- It is the responsibility of the Project Manager to verify that the Build QA Checklist has been completed by the engineer and saved in the SharePoint Customer Vault before hand-off activities begin.
- It is the responsibility of the Project Manager to verify that the Completion Notice Request for Acceptance has been sent and archived in the Customer SharePoint Vault before billing activities begin.