From IT Service Management to Corporate Service Management
By Graham K Draughon, President, Blackthorn Cyber Security, LLC. & Advisory CISO, Onemain Holdings, Inc.
While Help Desk functions are indeed important aspects of service management, request/approval processes are even more so. With highly regulated businesses subject to Sarbanes Oxley, HIPAA, PCI, SEC, and other state and federal regulations, a well-engineered request/approval capability is critical. It is this aspect of service management that plays a fundamental role with Cyber Security controls, enabling the enforcement of ‘least-privileged’ access and requiring proper approvals for any access requested while ensuring that all appropriate reviews and risk assessments are completed and discoverable. Approvals in many instances often must cross multiple areas from Security and Technology to the respective business department(s). Approval workflows can be very sophisticated, must be easily adapted and customized to corporate change, and carefully structured to align and keep current with business policies and procedures. Upon completion of the approval workflow, the Service Management solution should automatically generate a ticket and send communication to the requestor as to status, either approved or rejected. The ticket should auto-populate to the correct work queue(s) for action. From this point, the ticket behaves very much like a standard Help Desk request.
A robust Corporate Service Management solution is extensible to other service management activities across the corporation. Areas such as HR, Legal, Finance, and Call Centers frequently require similar processes and workflow design. Deploying a platform solution that accommodates requirements for these areas as well as for Information Technology and Information Security will provide greater integration and visibility across the corporation while reducing cost and effort required to support a corporate vision of service management. No longer focused solely on IT, the Service Management solution is maturing to become Corporate Service Management.
Support for strong interface capabilities with other business applications is key to moving beyond IT Service Management to Corporate Service Management. These include applications that support HR, Treasury and Finance, Governance, Risk and Compliance (GRC), and Legal. It is also essential to integrate user stores such as Active Directory within IT Service Management to support automation of assignment based on elements such as group ownership and reporting chain for employees.
IT Service Management and the broader extension to Corporate Service Management are important foundations for any business regardless of size and complexity
IT Service Management and the broader extension to Corporate Service Management are important foundations for any business regardless of size and complexity. When choosing a solution or developing implementation strategy and roadmap, it is important to create a long view to the future yet implement incrementally. The ultimate target for success is providing value to your customers while fostering resilient processes and procedures that align with corporate policies to support legal, regulatory, audit, and security requirements.