SlideShare a Scribd company logo

Moving operations to managed services provider

Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

This document outlines best practices for healthcare facilities to follow when moving IT operations to a managed service provider (MSP). It discusses defining board and management responsibilities, conducting risk assessments, defining the scope of outsourced services, selecting an MSP through a rigorous RFP and due diligence process, implementing service level agreements, and ongoing monitoring requirements. Key aspects include tailoring oversight to criticality of services, documenting all procedures, conducting thorough legal reviews of contracts, ensuring adequate performance standards, security, reporting, and business continuity plans are in place.

Technology
1 of 8
Moving Operations to Managed Services Provider [MSP] : 1. Define Board and Management Responsibility: [ExpandwithrespecttoITIL framework]. Ensuringeach MSP relationshipsupportsthe institution’soverall requirementsandstrategic plans; Ensuringthe institutionhassufficientexpertise tooversee andmanage the relationship; Evaluatingprospectiveprovidersbasedonthe scope andcriticalityof managed services; Tailoringthe enterprise-wide,service providermonitoringprogrambasedon initialandongoing riskassessmentsof managedservices; Notifyingitsprimaryregulator[HAAD] regardingmanaged relationships,whenrequiredby regulator Here if Healthcare FacilityProviders[HFP] decidestooutsource itsITservicestomanaged service provider[MSP] thenitmayhave tocheck regulationsprovidedbyHAAD 2. Risk Management : Establishingseniormanagementandboardawarenessof the risksassociatedwith Managed Service agreements [MSA] inordertoensure effective riskmanagementpractices; Ensuringthat an managedService arrangementisprudentfromariskperspective and consistentwiththe businessobjectivesof the institution; Systematicallyassessingneedswhile establishingrisk-basedrequirements; Implementingeffective controlstoaddressidentifiedrisks; Performingongoingmonitoringtoidentifyandevaluatechangesinriskfromthe initial assessment; Documentingprocedures,roles/responsibilities,andreportingmechanisms a. AccessRisk Assessthe riskfrommanagedservice;Involve stakeholdersincreatingrisk-based writtenrequirementstocontrol andmanage service action; Use the writtenrequirementstoguide andmanage the remainderof the manage service process. DocumentRisksassociatedwith: ReputationRisk:Errors,delays,oromissionsininformationtechnology. StrategicRisk:—Inadequate managementexperience andexpertisecanleadtoa lackof understandingandcontrol of keyrisks,inaccurate informationfromTSPscancause the managementof servicedfinancialinstitutionstomake poorstrategicdecisions. Compliance (legal)risk:Outsourcedactivitiesthatfail tocomplywithlegal orregulatory requirementscansubjectthe institutiontolegal actions.[incase of HFPcan leadto sanctionsor cancellationof license] Healthcare financing:Processingerrorsrelatedtoinvestmentincome orrepayment assumptionscouldleadtounwise investmentorliquiditydecisionstherebyincreasing marketrisks.
b. QuantifyRiskConsideration Riskspertainingtothe functionof managedservice include: - Sensitivityof dataaccessed,protected,orcontrolledbythe service provider; - Volume of transactions;and - Criticalitytothe financial institution’sbusiness. Riskspertainingtothe service providerinclude: - Strengthof financial condition; - Turnoverof managementandemployees; - Abilitytomaintainbusinesscontinuity; - Abilitytoprovide accurate,relevant,andtimely ManagementInformationSystems (MIS); - Experience withthe functionoutsourced; - Reliance onsubcontractors; - Location,particularlyif cross-border(See Appendix C,Foreign-BasedThird-Party Service Providers);and - Redundancyandreliabilityof communicationlines.Riskspertainingtothe technology usedinclude: - Reliability; - Security;and - Scalabilitytoaccommodate growth c. RequirementDefinitionof Risk Stakeholderinvolvement—All organizationalgroupswhowill be directlyinvolvedwith the service providerorinusingthe contractedservice shouldbe representedinthe developmentof productandservice requirements. Integration—Thedevelopmentshouldresultinrequirementsthatsupportthe subsequentstepsof solicitation,selection,contracting,andmonitoring. Documentation—Documentationwill greatlyassistinensuringthatthe service contractedand deliveredmeetsthe institution’srequirements.Documentationwill also allowforsubsequentreviewsof the processes’adequacyandintegrity. 3. ServicesToBe OutsourcedtomanagedService Provider a. Define scope andnature of Service description; Technology Customersupport. b. Standardsand service levels Availabilityandperformance;Change management;Financialreporting; Qualityof service; Security;andBusinesscontinuity. c. Minimumacceptable service providercharacteristics Industryexperience; Managementexperience; Technologyandsystemsarchitecture; Processcontrols; Financial condition; Reputation,includingreferences;Degreeof reliance onthirdparties,subcontractors,orpartners; Legal,regulatory,andcompliance history;and Abilitytomeetfuture needs.
d. Monitoringandreporting Measurementsandreportingcriteria; Righttoaudit;Third-partyreports;and Coordinationof responsestosecurityevents. e. Transitionrequirements Initial migrationof datato the service provider; Implementationof necessary communicationsmechanisms; Migrationof data fromthe service providerat terminationof contract;and Staff training f. Contract duration,termination,andassignment Start and term; Conditionsandrightto cancel; Ownershipof data;Timelyreturnof data inmachine-readable format; Costsof transition; Limitations,asappropriate, governingassignmenttothirdparty; Dispute resolution;and Confidentialityof institutiondata. g. Contractual protectionsagainstliability Indemnification; Limitationof liability;and Insurance. 4. Service ProviderSelection a. RequestForProposal Evaluate service providerproposalsinlightof the institution’sneeds,includingany differencesbetweenthe institution’ssolicitationandthe service providerproposal; b. Due Diligence Performdue diligence onthe prospective service providers; Ensure that selectionof affiliatedpartiesasservice providersisdone atarmslengthin accordance withregulationsandguidance issuedbythe institution’sprimaryregulator; and Evaluate foreign-basedthird-partyservice providersinlightof the guidance found inthissection and inAppendix C,Foreign-BasedThird-PartyService Providers. c. Due Diligence aboutManagedService ProviderHistory Existence andcorporate history;Qualifications,backgrounds,andreputationsof companyprincipals,includingcriminal backgroundcheckswhere appropriate; Other companiesusingsimilarservicesfromthe providerthatmaybe contactedfor reference; Financial status,includingreviewsof auditedfinancial statements;Strategyand reputation; Service deliverycapability,status,andeffectiveness; Technologyand systemsarchitecture; Internal controlsenvironment,securityhistory,andaudit coverage; Legal and regulatorycomplianceincludinganycomplaints,litigation,or regulatoryactions; Reliance onandsuccessindealingwiththirdpartyservice providers; Insurance coverage;and Abilitytomeetdisasterrecoveryandbusinesscontinuity requirements 5. Resolve andImplementContracts Ensure the contract clearlydefinesthe rightsandresponsibilitiesof bothparties; Ensure the contract containsadequate andmeasurable service levelagreements;Ensure contracts with affiliatesclearlyreflectanarms-lengthrelationshipandcostsand servicesare atleastas favorable tothe institutionasthose available fromanon-affiliatedprovider; Choose the most appropriate pricingmethodforthe financial institution’s needs; Ensure the contract doesnot
containprovisionsorinducementsthatmayhave a significant,adverse affectonthe institution; Engage legal counsel toreviewthe contract;andEvaluate foreign-basedthird-partyservice providersinlightof the guidance foundinthissection a. Verifythe accuracyof the descriptionof the outsourcingrelationshipinthe contract; b. Ensure the contract is clearlywrittenandcontainssufficientdetailtodefine the rights and responsibilitiesof eachpartycomprehensively. c. Engage legal counsel earlyinthe processtohelpprepare andreview the proposed contract. d. Scope of Service.The contractshouldclearlydescribethe rightsandresponsibilitiesof the partiesto the contract. Considerationsshouldinclude: i. Descriptionsof requiredactivities,timeframesfortheirimplementation,and assignmentof responsibilities.Implementationprovisionsshouldtake into considerationotherexistingsystemsorinterrelatedsystemstobe developedby differentservice providers(e.g.,anInternetbankingsystembeingintegrated withexistingcore applicationsorsystemscustomization). ii. Obligationsof,andservicestobe performedby,the service providerincluding software supportandmaintenance,trainingof employees,orcustomer service. iii. Obligationsof the financialinstitution. iv. The contracting parties’rightsinmodifyingexistingservicesperformedunder the contract. v. Guidelinesforaddingnew ordifferentservicesandforcontract renegotiation. e. Performance Standards. Institutionsshouldinclude performance standardsthatdefine minimumservice level requirementsandremediesforfailuretomeetstandardsinthe contract.For example, commonservice levelmetricsinclude percentsystemuptime,deadlinesforcompleting batch processing,ornumberof processingerrors.Industrystandardsforservice levels may provide areference point.The institutionshouldperiodicallyreview overall performance standardstoensure consistencywithitsgoalsandobjectives. f. Securityand Confidentiality g. Controls. Service providerinternal controls; Compliance withapplicable regulatoryrequirements; Recordmaintenance requirementsforthe service provider; Accesstothe records by the institution; Notificationrequirementsandapproval rightsforanymaterial changes to services,systems,controls,keyprojectpersonnel,andservice locations; Settingand monitoringparametersforfinancial functionsincludingpaymentsprocessingor extensionsof creditonbehalf of the institution;andInsurance coverage maintainedby the service provider. h. Audit.:The institutionshouldincludeinthe contractthe typesof auditreportsitis entitledtoreceive(e.g.,financial,internal control,andsecurityreviews).
i. Reports.:Contractual termsshouldincludethe frequencyandtype of reportsthe institutionwill receive(e.g.,performance reports,control audits,financial statements, security,andbusinessresumptiontestingreports). j. BusinessResumptionandContingencyPlans. The contract should addressthe service provider’sresponsibilityforbackupandrecord protection,includingequipment,programanddata files,andmaintenance of disaster recoveryandcontingencyplans. k. Sub-contractingandMultiple Service ProviderRelationships. Some service providersmaycontractwiththirdpartiesinprovidingservicestothe healthinstitution.Institutionsshouldbe aware of andapprove all subcontractors.To provide accountability,the financial institutionshoulddesignate the primarycontracting service providerinthe contract.The contract shouldalsospecifythatthe primary contractingservice providerisresponsible forthe servicesoutlinedinthe contract regardlessof whichentityactuallyconductsthe operations.The institutionshouldalso considerincludingnotificationandapproval requirementsregardingchangestothe service provider’ssignificantsubcontractors. l. Define Pricingmethods The contract shouldfullydescribe the calculationof feesforbase services,includingany development, conversion,andrecurringservices,aswell asanychargesbasedupon volume of activityorfor special requests.Contractsshouldalsoaddressthe responsibilityandadditional costforpurchasingandmaintaininghardware and software.Anyconditionsunderwhichthe coststructure maybe changedshouldbe addressedindetail includinglimitsonanycost increases. m. Bundling n. Contract induce concerns o. OwnershipandLicense: contractshouldaddressthe ownership,rightsto,andallowable use of the institution’sdata,equipment/hardware,systemdocumentation,systemand applicationsoftware,andotherintellectual propertyrights. p. Duration.: shouldconsiderthe appropriate lengthof time requiredtonotifythe service providerof the institutions’intentnot torenew the contractprior to expiration. Institutionsshouldconsidercoordinatingthe expirationdatesof contractsforinter- relatedservices(e.g.,website,telecommunications,programming,networksupport)so that theycoincide,where practical.Suchcoordinationcanminimize the riskof terminatingacontract earlyandincurringpenaltiesasaresultof necessarytermination of anotherrelatedservicecontract q. Dispute Resolution: The institutionshouldconsiderincludingaprovisionforadispute resolutionprocessthatattemptstoresolve problemsinanexpeditiousmanneraswell as a provisionforcontinuationof servicesduringthe dispute resolutionperiod. r. Indemnification: Indemnificationprovisionsshouldrequirethe service providertohold the financial institutionharmlessfromliabilityforthe negligence of the serviceprovider. s. Limitationof Liability:If the institutionisconsideringsuchacontract, management shouldassesswhetherthe damage limitationbearsanadequate relationship tothe
amountof lossthe financial institutionmightreasonablyexperience asaresultof the service provider’sfailure toperformitsobligations t. Termination.:Managementshouldassessthe timelinessandexpense of contract terminationprovisions. u. Assignment:The institutionshouldconsidercontractprovisionsthatprohibit assignmentof the contractto a thirdparty withoutthe institution’sconsent. v. Foreign-basedservice providers w. Institutionsenteringintocontractswithforeign-basedservice providersshouldconsider a numberof additional contractissuesandprovisions. x. RegulatoryCompliance.: Financial institutionsshouldensure thatcontractswithservice providersincludeanagreementthatthe service provideranditsserviceswill comply withapplicable regulatoryguidanceandrequirements 6. Service Level AgreementSLA a. Availabilityandtimelinessof services; b. Confidentialityandintegrityof data; c. Change control; d. Securitystandardscompliance,includingvulnerabilityandpenetrationmanagement; Businesscontinuitycompliance;and e. Helpdesksupport. 7. Pricingmethods: Cost plus,Fixedprice,variableprice,unitprice,incentive basedpricing. Bundling: The providermayentice the institutiontopurchase more thanone system, process,orservice for a single price –referredtoas “bundling.” 8. Contract InducementConcerns: The service providerpurchasescertainassets(e.g.,computerequipmentorforeclosedreal estate) atbookvalue (whichexceedsmarketvalue) orpurchasescapital stockfromthe institution. The service providerofferscashbonusestothe institutionuponcompletionof the conversion.The service provideroffersup-frontcashtothe institution.The providerstatesthat the institutionacquiresthe righttofuture cost savingsorprofitenhancementsthatwill accrue to the institutionbecauseof greateroperational efficiencies.These improvementsare usually withoutmeasurable benchmarks. The institutiondefersexpensesforconversioncostsor processingfeesunderthe termsof the contract. Low installationandconversioncostsin exchange forhigherfuture systemssupportandmaintenance costs. 9. OngoingMonitoring a. KeyService Level Agreementsand contractprovisions A formal policythatdefinesthe SLA program; AnSLA monitoringprocess;A recourse processfor non-performance;Anescalationprocess; A dispute resolutionprocess;and A terminationprocess. b. Financial conditionstoService Providers Payingoff the servicer’screditor(s) andhiringoutside specialiststooperate the center;
Obtainingrequiredequipmentandsoftware forin-house processing;and Transferring data filestoanotherprovider. c. General Control Environmentof the Service Provider The practicalityof the service providerhavinganinternal auditor,andthe auditor'slevel of trainingandexperience; The service providersexternal auditors’trainingand background;and Internal ITaudittechniquesof the service provider. d. Potential Changesdue toExternal Environment 10. Businesscontinuityplanning: Regularlyreviewthe businesscontinuityplansof the service providerorvendortoensure any servicesconsidered“missioncritical”forthe financial institutioncouldbe restoredwithinan acceptable timeframe. Review the service provider’sprogramforcontingencyplantesting.For critical services,annual ormore frequenttestsof the contingencyplanare required. Assess service provider/vendorinterdependenciesformission critical servicesandapplications. a. Outsourcingthe businesscontinuityFunction i. Staffing—Theprovidershouldhave sufficientandknowledgeable staff available to provide appropriate onsite technical supporttoensure timelyresumptionof operationsatthe recoverysite. ii. ProcessingTime Availability—The providershouldallocate sufficientprocessing time,resources,andsecuritycontrolstoaccommodate the potentialfor multiple clients.The institutionshouldensure itcouldprocessnormal volumes of workwithinappropriate timerequirements. iii. AccessRights—The providershoulddiscloseanyaccesslimitations.The provider shouldguarantee the institution’srighttouse the site incase of an emergency. Alternatively,the institutionshouldunderstandany priorityarrangements.For example,some sitesoperateonafirst-come,first-serve basisuntilthe site isat full capacity,butothershave pre-arrangedprioritiesbasedoncontractual agreements. iv. Hardware and Software—The recoverysite shouldhave compatiblehardware and software.The institutionshouldmonitorthe compatibilityof the site to handle itsspecificcomputerhardware andsoftware requirements.Tofacilitate the monitoring,the providershouldbe requiredbycontractto notifythe institutionof anychangesinthe hardware,software,and equipmentatthe recoverysite. v. SecurityControls—Theinstitutionshouldensureitcanmaintainadequate physical andlogical securitycontrolsatthe recoverysite. vi. Testing—The service providercontractshouldaddressaccesstothe recovery site forperiodictesting.Ataminimum, the institutionneedssufficientaccessto performat leastone full-scale testof the recoverysite annually,including verificationof telecommunicationscapabilities vii. Confidentialityof Data—The institutionshouldensurethe providercanmaintain the confidentialityof itsbusinessandcustomerdata.
viii. Telecommunications—The institutionshouldreviewtelecommunications redundancyandcapacityat the recoverysite,includinghow communications fromthe institutionstothe recoverysite willbe established ix. Reciprocal Agreements—Financial institutionscontractingwithanother institutionforarecoverysite shouldconsiderthe above issuesof staffing, processingavailability,accessrightsforrecoveryortesting,compatibility, security,capacity,etc x. Space—The recoverysite shouldhave adequate space toaccommodate the affectedinstitution'srecoverystaff. xi. PrintingCapacity/Capability—The recoverysite shouldmaintainadequate printingcapacityto meetthe demandof the affectedinstitutionunder acceptable levelsof service xii. Contacts—Institutionmanagementshouldknow the proceduresfordeclaringa disasterincludingwhohasthe authoritytodeclare a disasterandinitiate use of the recoverysite. 11. InformationSecurityandsafeguards 12. Multiple service Providerrelationship 13. OutsourcingToforeignService Provider a. RiskManagement:Country,compliance risk b. Due Diligence: Contracts(Security,ConfidentialityandOwnershipof Data) c. RegulatoryAuthorityof othercountry. d. Choice of Law APENDIX: USE ITIL For Movingto ManagedServices: 1. Define Standardsusedtomanage Service ProviderandITIL. 2. Create Service strategytomove towardsManagedServicesModel. 3. Fix Service DesignToMove towardsmanagedServices. 4. Use Service transitioningdefine : transitionplanning,serviceassetsandconfigurationmanagement,ChangeManagement, Service ValidationandTesting,reduceresolutiontime populating Knowledgemanagement, Define deploymentstrategyandinfrastructure,Evaluatereproductionto3rd party provider. 5. Use OperationModule todefine supportstructure replicatingHAADrequirements. define followingfor3rd party to maintainforoperationsstandards: Service Desk,IncidentManagement(thingslikeescalationmatrix),EventManagement,Request Fullfillment,Problemmanagement,AccessManagementfrom3rd party, Application management,ITOperationManagement,Technical Management. 6. Continual Management:forQualitymanagedat3rd party site. Define QualityStandardsneededtomaintainedat3rd party Service Management Service Reporting

Recommended

Arangoya euskara - 2016
Arangoya euskara - 2016Arangoya euskara - 2016
Arangoya euskara - 2016
lucilalarraga
 
Human right-in-cambodia
Human right-in-cambodiaHuman right-in-cambodia
Human right-in-cambodia
KAM ChannRaksmee
 
Pago
PagoPago
Pago
Evgeniy Smolyakov
 
Thermodyamics: calculation of diesel cycle efficiency using EES software
Thermodyamics: calculation of diesel cycle efficiency using EES softwareThermodyamics: calculation of diesel cycle efficiency using EES software
Thermodyamics: calculation of diesel cycle efficiency using EES software
Keerthana Jagirdar.
 
Berrikuntza eta proiektuak aldaketak 2016
Berrikuntza eta proiektuak aldaketak 2016 Berrikuntza eta proiektuak aldaketak 2016
Berrikuntza eta proiektuak aldaketak 2016
lucilalarraga
 
Presentación 3, 2, 1
Presentación 3, 2, 1Presentación 3, 2, 1
Presentación 3, 2, 1
acastellanosfp
 
If steels final
If steels finalIf steels final
If steels final
bandaru pravallika
 
low cost fire alarm circuit
low cost fire alarm circuitlow cost fire alarm circuit
low cost fire alarm circuit
Keerthana Jagirdar.
 

Recommended

Arangoya euskara - 2016
Arangoya euskara - 2016Arangoya euskara - 2016
Arangoya euskara - 2016
lucilalarraga
 
Human right-in-cambodia
Human right-in-cambodiaHuman right-in-cambodia
Human right-in-cambodia
KAM ChannRaksmee
 
Pago
PagoPago
Pago
Evgeniy Smolyakov
 
Thermodyamics: calculation of diesel cycle efficiency using EES software
Thermodyamics: calculation of diesel cycle efficiency using EES softwareThermodyamics: calculation of diesel cycle efficiency using EES software
Thermodyamics: calculation of diesel cycle efficiency using EES software
Keerthana Jagirdar.
 
Berrikuntza eta proiektuak aldaketak 2016
Berrikuntza eta proiektuak aldaketak 2016 Berrikuntza eta proiektuak aldaketak 2016
Berrikuntza eta proiektuak aldaketak 2016
lucilalarraga
 
Presentación 3, 2, 1
Presentación 3, 2, 1Presentación 3, 2, 1
Presentación 3, 2, 1
acastellanosfp
 
If steels final
If steels finalIf steels final
If steels final
bandaru pravallika
 
low cost fire alarm circuit
low cost fire alarm circuitlow cost fire alarm circuit
low cost fire alarm circuit
Keerthana Jagirdar.
 
March 26, 2017
March 26, 2017March 26, 2017
March 26, 2017
triumphantlife
 
Arangoya castellano - 2016
Arangoya castellano - 2016Arangoya castellano - 2016
Arangoya castellano - 2016
lucilalarraga
 
стів джобс
стів джобсстів джобс
стів джобс
Anna Anna
 
3Com 992267-01
3Com 992267-013Com 992267-01
3Com 992267-01
savomir
 
Las proporciones
Las proporcionesLas proporciones
Las proporciones
lolama
 
Power portales educativos f
Power portales educativos fPower portales educativos f
Power portales educativos f
Marcos Rivera
 
Spaten
SpatenSpaten
Spaten
Evgeniy Smolyakov
 
3 segundaa ley
3 segundaa ley3 segundaa ley
3 segundaa ley
Rodolfo Alvarez Manzo
 
TOGAF & FEA Transitional Architecture
TOGAF & FEA Transitional ArchitectureTOGAF & FEA Transitional Architecture
TOGAF & FEA Transitional Architecture
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Outsourcing Strategy Risks Outsourcing strategy is the process of .pdf
Outsourcing Strategy Risks Outsourcing strategy is the process of .pdfOutsourcing Strategy Risks Outsourcing strategy is the process of .pdf
Outsourcing Strategy Risks Outsourcing strategy is the process of .pdf
aparnaagenciestvm
 
Implementing Business Continuity With The Bs25999 Standard By Dennis
Implementing Business Continuity With The Bs25999 Standard By DennisImplementing Business Continuity With The Bs25999 Standard By Dennis
Implementing Business Continuity With The Bs25999 Standard By DennisDiscover JKUAT
 
FSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoVFSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoVFrederic Girardeau-Montaut
 
Gov Out
Gov OutGov Out
Gov Outeuweben01
 
Compliance Audit service
Compliance Audit serviceCompliance Audit service
Compliance Audit service
RahulTripathi330262
 
Billing compliance results management-2013
Billing compliance results management-2013Billing compliance results management-2013
Billing compliance results management-2013nbattah
 
Why Outsource Application Management?
Why Outsource Application Management?Why Outsource Application Management?
Why Outsource Application Management?
oneneckitservices
 
How to Evaluate a Managed Services Firm
How to Evaluate a Managed Services FirmHow to Evaluate a Managed Services Firm
How to Evaluate a Managed Services Firm
oneneckitservices
 
Head of Credit Risk JD-
Head of Credit Risk JD-Head of Credit Risk JD-
Head of Credit Risk JD-Khairi Melhim
 
ISO 37001 Certification.docx
ISO 37001 Certification.docxISO 37001 Certification.docx
ISO 37001 Certification.docx
RankyMathew
 
Provider Credentialing Process Flow Chart.pdf
Provider Credentialing Process Flow Chart.pdfProvider Credentialing Process Flow Chart.pdf
Provider Credentialing Process Flow Chart.pdf
ScottFeldberg
 
Provider Credentialing Process Flow Chart.pptx
Provider Credentialing Process Flow Chart.pptxProvider Credentialing Process Flow Chart.pptx
Provider Credentialing Process Flow Chart.pptx
ScottFeldberg
 
Lessons learned
Lessons learnedLessons learned
Lessons learned
rickmoreno2015
 

More Related Content

Viewers also liked

March 26, 2017
March 26, 2017March 26, 2017
March 26, 2017
triumphantlife
 
Arangoya castellano - 2016
Arangoya castellano - 2016Arangoya castellano - 2016
Arangoya castellano - 2016
lucilalarraga
 
стів джобс
стів джобсстів джобс
стів джобс
Anna Anna
 
3Com 992267-01
3Com 992267-013Com 992267-01
3Com 992267-01
savomir
 
Las proporciones
Las proporcionesLas proporciones
Las proporciones
lolama
 
Power portales educativos f
Power portales educativos fPower portales educativos f
Power portales educativos f
Marcos Rivera
 
TOGAF & FEA Transitional Architecture
TOGAF & FEA Transitional ArchitectureTOGAF & FEA Transitional Architecture
TOGAF & FEA Transitional Architecture
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 

Viewers also liked (9)

March 26, 2017
March 26, 2017March 26, 2017
March 26, 2017
 
Arangoya castellano - 2016
Arangoya castellano - 2016Arangoya castellano - 2016
Arangoya castellano - 2016
 
стів джобс
стів джобсстів джобс
стів джобс
 
3Com 992267-01
3Com 992267-013Com 992267-01
3Com 992267-01
 
Las proporciones
Las proporcionesLas proporciones
Las proporciones
 
Power portales educativos f
Power portales educativos fPower portales educativos f
Power portales educativos f
 
Spaten
SpatenSpaten
Spaten
 
3 segundaa ley
3 segundaa ley3 segundaa ley
3 segundaa ley
 
TOGAF & FEA Transitional Architecture
TOGAF & FEA Transitional ArchitectureTOGAF & FEA Transitional Architecture
TOGAF & FEA Transitional Architecture
 

Similar to Moving operations to managed services provider

Outsourcing Strategy Risks Outsourcing strategy is the process of .pdf
Outsourcing Strategy Risks Outsourcing strategy is the process of .pdfOutsourcing Strategy Risks Outsourcing strategy is the process of .pdf
Outsourcing Strategy Risks Outsourcing strategy is the process of .pdf
aparnaagenciestvm
 
Implementing Business Continuity With The Bs25999 Standard By Dennis
Implementing Business Continuity With The Bs25999 Standard By DennisImplementing Business Continuity With The Bs25999 Standard By Dennis
Implementing Business Continuity With The Bs25999 Standard By DennisDiscover JKUAT
 
Compliance Audit service
Compliance Audit serviceCompliance Audit service
Compliance Audit service
RahulTripathi330262
 
Billing compliance results management-2013
Billing compliance results management-2013Billing compliance results management-2013
Billing compliance results management-2013nbattah
 
Why Outsource Application Management?
Why Outsource Application Management?Why Outsource Application Management?
Why Outsource Application Management?
oneneckitservices
 
How to Evaluate a Managed Services Firm
How to Evaluate a Managed Services FirmHow to Evaluate a Managed Services Firm
How to Evaluate a Managed Services Firm
oneneckitservices
 
Head of Credit Risk JD-
Head of Credit Risk JD-Head of Credit Risk JD-
Head of Credit Risk JD-Khairi Melhim
 
ISO 37001 Certification.docx
ISO 37001 Certification.docxISO 37001 Certification.docx
ISO 37001 Certification.docx
RankyMathew
 
Provider Credentialing Process Flow Chart.pdf
Provider Credentialing Process Flow Chart.pdfProvider Credentialing Process Flow Chart.pdf
Provider Credentialing Process Flow Chart.pdf
ScottFeldberg
 
Provider Credentialing Process Flow Chart.pptx
Provider Credentialing Process Flow Chart.pptxProvider Credentialing Process Flow Chart.pptx
Provider Credentialing Process Flow Chart.pptx
ScottFeldberg
 
Lessons learned
Lessons learnedLessons learned
Lessons learned
rickmoreno2015
 
Enhancing and Sustaining Business Agility through Effective Vendor Resiliency
Enhancing and Sustaining Business Agility through Effective Vendor ResiliencyEnhancing and Sustaining Business Agility through Effective Vendor Resiliency
Enhancing and Sustaining Business Agility through Effective Vendor Resiliency
Cognizant
 
Bovill outsourcing bcp and client money and assets 16 aug16
Bovill outsourcing bcp and client money and assets 16 aug16Bovill outsourcing bcp and client money and assets 16 aug16
Bovill outsourcing bcp and client money and assets 16 aug16
bovill
 
A New Era of Compliance: Innovations in ServiceNow GRC 
A New Era of Compliance: Innovations in ServiceNow GRC A New Era of Compliance: Innovations in ServiceNow GRC 
A New Era of Compliance: Innovations in ServiceNow GRC 
Aelum Consulting
 
Outsourcing Customer Service Operations.pdf
Outsourcing Customer Service Operations.pdfOutsourcing Customer Service Operations.pdf
Outsourcing Customer Service Operations.pdf
Help ARC
 
DCAA Consulting's Proven Strategies for Confident Contracting.pdf
DCAA Consulting's Proven Strategies for Confident Contracting.pdfDCAA Consulting's Proven Strategies for Confident Contracting.pdf
DCAA Consulting's Proven Strategies for Confident Contracting.pdf
dcaaconsultant
 
QCDR or QR (Selecting the Correct Reporting Mechanism)
QCDR or QR (Selecting the Correct Reporting Mechanism)QCDR or QR (Selecting the Correct Reporting Mechanism)
QCDR or QR (Selecting the Correct Reporting Mechanism)
CitiusTech
 
corvel-corporation-credentialing-program
corvel-corporation-credentialing-programcorvel-corporation-credentialing-program
corvel-corporation-credentialing-programAna Cordova
 

Similar to Moving operations to managed services provider (20)

Outsourcing Strategy Risks Outsourcing strategy is the process of .pdf
Outsourcing Strategy Risks Outsourcing strategy is the process of .pdfOutsourcing Strategy Risks Outsourcing strategy is the process of .pdf
Outsourcing Strategy Risks Outsourcing strategy is the process of .pdf
 
Implementing Business Continuity With The Bs25999 Standard By Dennis
Implementing Business Continuity With The Bs25999 Standard By DennisImplementing Business Continuity With The Bs25999 Standard By Dennis
Implementing Business Continuity With The Bs25999 Standard By Dennis
 
FSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoVFSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoV
 
Gov Out
Gov OutGov Out
Gov Out
 
Compliance Audit service
Compliance Audit serviceCompliance Audit service
Compliance Audit service
 
Billing compliance results management-2013
Billing compliance results management-2013Billing compliance results management-2013
Billing compliance results management-2013
 
Why Outsource Application Management?
Why Outsource Application Management?Why Outsource Application Management?
Why Outsource Application Management?
 
How to Evaluate a Managed Services Firm
How to Evaluate a Managed Services FirmHow to Evaluate a Managed Services Firm
How to Evaluate a Managed Services Firm
 
Head of Credit Risk JD-
Head of Credit Risk JD-Head of Credit Risk JD-
Head of Credit Risk JD-
 
ISO 37001 Certification.docx
ISO 37001 Certification.docxISO 37001 Certification.docx
ISO 37001 Certification.docx
 
Provider Credentialing Process Flow Chart.pdf
Provider Credentialing Process Flow Chart.pdfProvider Credentialing Process Flow Chart.pdf
Provider Credentialing Process Flow Chart.pdf
 
Provider Credentialing Process Flow Chart.pptx
Provider Credentialing Process Flow Chart.pptxProvider Credentialing Process Flow Chart.pptx
Provider Credentialing Process Flow Chart.pptx
 
Lessons learned
Lessons learnedLessons learned
Lessons learned
 
Enhancing and Sustaining Business Agility through Effective Vendor Resiliency
Enhancing and Sustaining Business Agility through Effective Vendor ResiliencyEnhancing and Sustaining Business Agility through Effective Vendor Resiliency
Enhancing and Sustaining Business Agility through Effective Vendor Resiliency
 
Bovill outsourcing bcp and client money and assets 16 aug16
Bovill outsourcing bcp and client money and assets 16 aug16Bovill outsourcing bcp and client money and assets 16 aug16
Bovill outsourcing bcp and client money and assets 16 aug16
 
A New Era of Compliance: Innovations in ServiceNow GRC 
A New Era of Compliance: Innovations in ServiceNow GRC A New Era of Compliance: Innovations in ServiceNow GRC 
A New Era of Compliance: Innovations in ServiceNow GRC 
 
Outsourcing Customer Service Operations.pdf
Outsourcing Customer Service Operations.pdfOutsourcing Customer Service Operations.pdf
Outsourcing Customer Service Operations.pdf
 
DCAA Consulting's Proven Strategies for Confident Contracting.pdf
DCAA Consulting's Proven Strategies for Confident Contracting.pdfDCAA Consulting's Proven Strategies for Confident Contracting.pdf
DCAA Consulting's Proven Strategies for Confident Contracting.pdf
 
QCDR or QR (Selecting the Correct Reporting Mechanism)
QCDR or QR (Selecting the Correct Reporting Mechanism)QCDR or QR (Selecting the Correct Reporting Mechanism)
QCDR or QR (Selecting the Correct Reporting Mechanism)
 
corvel-corporation-credentialing-program
corvel-corporation-credentialing-programcorvel-corporation-credentialing-program
corvel-corporation-credentialing-program
 

More from Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

Management Consultancy Saudi Telecom Digital Transformation Design Thinking
Management Consultancy Saudi Telecom Digital Transformation Design ThinkingManagement Consultancy Saudi Telecom Digital Transformation Design Thinking
Management Consultancy Saudi Telecom Digital Transformation Design Thinking
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Digital transformation journey Consulting
Digital transformation journey ConsultingDigital transformation journey Consulting
Digital transformation journey Consulting
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Agile Jira Reporting
Agile Jira Reporting Agile Jira Reporting
Agile Jira Reporting
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Lnt and bbby Retail Houseare industry Case assignment sandeep sharma
Lnt and bbby Retail Houseare industry Case assignment sandeep sharmaLnt and bbby Retail Houseare industry Case assignment sandeep sharma
Lnt and bbby Retail Houseare industry Case assignment sandeep sharma
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Risk management Consulting For Municipality
Risk management Consulting For MunicipalityRisk management Consulting For Municipality
Risk management Consulting For Municipality
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
GDPR And Privacy By design Consultancy
GDPR And Privacy By design ConsultancyGDPR And Privacy By design Consultancy
GDPR And Privacy By design Consultancy
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Real implementation Blockchain Best Use Cases Examples
Real implementation Blockchain Best Use Cases ExamplesReal implementation Blockchain Best Use Cases Examples
Real implementation Blockchain Best Use Cases Examples
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Ffd 05 2012
Ffd 05 2012Ffd 05 2012
Ffd 05 2012
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Biztalk architecture for Configured SMS service
Biztalk architecture for Configured SMS serviceBiztalk architecture for Configured SMS service
Biztalk architecture for Configured SMS service
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Data modelling interview question
Data modelling interview questionData modelling interview question
Data modelling interview question
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Pmo best practices
Pmo best practicesPmo best practices
Pmo best practices
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Agile project management
Agile project managementAgile project management
Agile project management
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Enroll hostel Business Model
Enroll hostel Business ModelEnroll hostel Business Model
Enroll hostel Business Model
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Cloud manager client provisioning guideline draft 1.0
Cloud manager client provisioning guideline draft 1.0Cloud manager client provisioning guideline draft 1.0
Cloud manager client provisioning guideline draft 1.0
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Bpm digital transformation
Bpm digital transformationBpm digital transformation
Bpm digital transformation
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Digital transformation explained
Digital transformation explainedDigital transformation explained
Digital transformation explained
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Government Digital transformation trend draft 1.0
Government Digital transformation trend draft 1.0Government Digital transformation trend draft 1.0
Government Digital transformation trend draft 1.0
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Enterprise architecture maturity rating draft 1.0
Enterprise architecture maturity rating draft 1.0Enterprise architecture maturity rating draft 1.0
Enterprise architecture maturity rating draft 1.0
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Organisation Structure For digital Transformation Team
Organisation Structure For digital Transformation TeamOrganisation Structure For digital Transformation Team
Organisation Structure For digital Transformation Team
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 

More from Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW (20)

Management Consultancy Saudi Telecom Digital Transformation Design Thinking
Management Consultancy Saudi Telecom Digital Transformation Design ThinkingManagement Consultancy Saudi Telecom Digital Transformation Design Thinking
Management Consultancy Saudi Telecom Digital Transformation Design Thinking
 
Major new initiatives
Major new initiativesMajor new initiatives
Major new initiatives
 
Digital transformation journey Consulting
Digital transformation journey ConsultingDigital transformation journey Consulting
Digital transformation journey Consulting
 
Agile Jira Reporting
Agile Jira Reporting Agile Jira Reporting
Agile Jira Reporting
 
Lnt and bbby Retail Houseare industry Case assignment sandeep sharma
Lnt and bbby Retail Houseare industry Case assignment sandeep sharmaLnt and bbby Retail Houseare industry Case assignment sandeep sharma
Lnt and bbby Retail Houseare industry Case assignment sandeep sharma
 
Risk management Consulting For Municipality
Risk management Consulting For MunicipalityRisk management Consulting For Municipality
Risk management Consulting For Municipality
 
GDPR And Privacy By design Consultancy
GDPR And Privacy By design ConsultancyGDPR And Privacy By design Consultancy
GDPR And Privacy By design Consultancy
 
Real implementation Blockchain Best Use Cases Examples
Real implementation Blockchain Best Use Cases ExamplesReal implementation Blockchain Best Use Cases Examples
Real implementation Blockchain Best Use Cases Examples
 
Ffd 05 2012
Ffd 05 2012Ffd 05 2012
Ffd 05 2012
 
Biztalk architecture for Configured SMS service
Biztalk architecture for Configured SMS serviceBiztalk architecture for Configured SMS service
Biztalk architecture for Configured SMS service
 
Data modelling interview question
Data modelling interview questionData modelling interview question
Data modelling interview question
 
Pmo best practices
Pmo best practicesPmo best practices
Pmo best practices
 
Agile project management
Agile project managementAgile project management
Agile project management
 
Enroll hostel Business Model
Enroll hostel Business ModelEnroll hostel Business Model
Enroll hostel Business Model
 
Cloud manager client provisioning guideline draft 1.0
Cloud manager client provisioning guideline draft 1.0Cloud manager client provisioning guideline draft 1.0
Cloud manager client provisioning guideline draft 1.0
 
Bpm digital transformation
Bpm digital transformationBpm digital transformation
Bpm digital transformation
 
Digital transformation explained
Digital transformation explainedDigital transformation explained
Digital transformation explained
 
Government Digital transformation trend draft 1.0
Government Digital transformation trend draft 1.0Government Digital transformation trend draft 1.0
Government Digital transformation trend draft 1.0
 
Enterprise architecture maturity rating draft 1.0
Enterprise architecture maturity rating draft 1.0Enterprise architecture maturity rating draft 1.0
Enterprise architecture maturity rating draft 1.0
 
Organisation Structure For digital Transformation Team
Organisation Structure For digital Transformation TeamOrganisation Structure For digital Transformation Team
Organisation Structure For digital Transformation Team
 

Recently uploaded

By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 

Recently uploaded (20)

By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 

Moving operations to managed services provider

  • 1. Moving Operations to Managed Services Provider [MSP] : 1. Define Board and Management Responsibility: [ExpandwithrespecttoITIL framework]. Ensuringeach MSP relationshipsupportsthe institution’soverall requirementsandstrategic plans; Ensuringthe institutionhassufficientexpertise tooversee andmanage the relationship; Evaluatingprospectiveprovidersbasedonthe scope andcriticalityof managed services; Tailoringthe enterprise-wide,service providermonitoringprogrambasedon initialandongoing riskassessmentsof managedservices; Notifyingitsprimaryregulator[HAAD] regardingmanaged relationships,whenrequiredby regulator Here if Healthcare FacilityProviders[HFP] decidestooutsource itsITservicestomanaged service provider[MSP] thenitmayhave tocheck regulationsprovidedbyHAAD 2. Risk Management : Establishingseniormanagementandboardawarenessof the risksassociatedwith Managed Service agreements [MSA] inordertoensure effective riskmanagementpractices; Ensuringthat an managedService arrangementisprudentfromariskperspective and consistentwiththe businessobjectivesof the institution; Systematicallyassessingneedswhile establishingrisk-basedrequirements; Implementingeffective controlstoaddressidentifiedrisks; Performingongoingmonitoringtoidentifyandevaluatechangesinriskfromthe initial assessment; Documentingprocedures,roles/responsibilities,andreportingmechanisms a. AccessRisk Assessthe riskfrommanagedservice;Involve stakeholdersincreatingrisk-based writtenrequirementstocontrol andmanage service action; Use the writtenrequirementstoguide andmanage the remainderof the manage service process. DocumentRisksassociatedwith: ReputationRisk:Errors,delays,oromissionsininformationtechnology. StrategicRisk:—Inadequate managementexperience andexpertisecanleadtoa lackof understandingandcontrol of keyrisks,inaccurate informationfromTSPscancause the managementof servicedfinancialinstitutionstomake poorstrategicdecisions. Compliance (legal)risk:Outsourcedactivitiesthatfail tocomplywithlegal orregulatory requirementscansubjectthe institutiontolegal actions.[incase of HFPcan leadto sanctionsor cancellationof license] Healthcare financing:Processingerrorsrelatedtoinvestmentincome orrepayment assumptionscouldleadtounwise investmentorliquiditydecisionstherebyincreasing marketrisks.
  • 2. b. QuantifyRiskConsideration Riskspertainingtothe functionof managedservice include: - Sensitivityof dataaccessed,protected,orcontrolledbythe service provider; - Volume of transactions;and - Criticalitytothe financial institution’sbusiness. Riskspertainingtothe service providerinclude: - Strengthof financial condition; - Turnoverof managementandemployees; - Abilitytomaintainbusinesscontinuity; - Abilitytoprovide accurate,relevant,andtimely ManagementInformationSystems (MIS); - Experience withthe functionoutsourced; - Reliance onsubcontractors; - Location,particularlyif cross-border(See Appendix C,Foreign-BasedThird-Party Service Providers);and - Redundancyandreliabilityof communicationlines.Riskspertainingtothe technology usedinclude: - Reliability; - Security;and - Scalabilitytoaccommodate growth c. RequirementDefinitionof Risk Stakeholderinvolvement—All organizationalgroupswhowill be directlyinvolvedwith the service providerorinusingthe contractedservice shouldbe representedinthe developmentof productandservice requirements. Integration—Thedevelopmentshouldresultinrequirementsthatsupportthe subsequentstepsof solicitation,selection,contracting,andmonitoring. Documentation—Documentationwill greatlyassistinensuringthatthe service contractedand deliveredmeetsthe institution’srequirements.Documentationwill also allowforsubsequentreviewsof the processes’adequacyandintegrity. 3. ServicesToBe OutsourcedtomanagedService Provider a. Define scope andnature of Service description; Technology Customersupport. b. Standardsand service levels Availabilityandperformance;Change management;Financialreporting; Qualityof service; Security;andBusinesscontinuity. c. Minimumacceptable service providercharacteristics Industryexperience; Managementexperience; Technologyandsystemsarchitecture; Processcontrols; Financial condition; Reputation,includingreferences;Degreeof reliance onthirdparties,subcontractors,orpartners; Legal,regulatory,andcompliance history;and Abilitytomeetfuture needs.
  • 3. d. Monitoringandreporting Measurementsandreportingcriteria; Righttoaudit;Third-partyreports;and Coordinationof responsestosecurityevents. e. Transitionrequirements Initial migrationof datato the service provider; Implementationof necessary communicationsmechanisms; Migrationof data fromthe service providerat terminationof contract;and Staff training f. Contract duration,termination,andassignment Start and term; Conditionsandrightto cancel; Ownershipof data;Timelyreturnof data inmachine-readable format; Costsof transition; Limitations,asappropriate, governingassignmenttothirdparty; Dispute resolution;and Confidentialityof institutiondata. g. Contractual protectionsagainstliability Indemnification; Limitationof liability;and Insurance. 4. Service ProviderSelection a. RequestForProposal Evaluate service providerproposalsinlightof the institution’sneeds,includingany differencesbetweenthe institution’ssolicitationandthe service providerproposal; b. Due Diligence Performdue diligence onthe prospective service providers; Ensure that selectionof affiliatedpartiesasservice providersisdone atarmslengthin accordance withregulationsandguidance issuedbythe institution’sprimaryregulator; and Evaluate foreign-basedthird-partyservice providersinlightof the guidance found inthissection and inAppendix C,Foreign-BasedThird-PartyService Providers. c. Due Diligence aboutManagedService ProviderHistory Existence andcorporate history;Qualifications,backgrounds,andreputationsof companyprincipals,includingcriminal backgroundcheckswhere appropriate; Other companiesusingsimilarservicesfromthe providerthatmaybe contactedfor reference; Financial status,includingreviewsof auditedfinancial statements;Strategyand reputation; Service deliverycapability,status,andeffectiveness; Technologyand systemsarchitecture; Internal controlsenvironment,securityhistory,andaudit coverage; Legal and regulatorycomplianceincludinganycomplaints,litigation,or regulatoryactions; Reliance onandsuccessindealingwiththirdpartyservice providers; Insurance coverage;and Abilitytomeetdisasterrecoveryandbusinesscontinuity requirements 5. Resolve andImplementContracts Ensure the contract clearlydefinesthe rightsandresponsibilitiesof bothparties; Ensure the contract containsadequate andmeasurable service levelagreements;Ensure contracts with affiliatesclearlyreflectanarms-lengthrelationshipandcostsand servicesare atleastas favorable tothe institutionasthose available fromanon-affiliatedprovider; Choose the most appropriate pricingmethodforthe financial institution’s needs; Ensure the contract doesnot
  • 4. containprovisionsorinducementsthatmayhave a significant,adverse affectonthe institution; Engage legal counsel toreviewthe contract;andEvaluate foreign-basedthird-partyservice providersinlightof the guidance foundinthissection a. Verifythe accuracyof the descriptionof the outsourcingrelationshipinthe contract; b. Ensure the contract is clearlywrittenandcontainssufficientdetailtodefine the rights and responsibilitiesof eachpartycomprehensively. c. Engage legal counsel earlyinthe processtohelpprepare andreview the proposed contract. d. Scope of Service.The contractshouldclearlydescribethe rightsandresponsibilitiesof the partiesto the contract. Considerationsshouldinclude: i. Descriptionsof requiredactivities,timeframesfortheirimplementation,and assignmentof responsibilities.Implementationprovisionsshouldtake into considerationotherexistingsystemsorinterrelatedsystemstobe developedby differentservice providers(e.g.,anInternetbankingsystembeingintegrated withexistingcore applicationsorsystemscustomization). ii. Obligationsof,andservicestobe performedby,the service providerincluding software supportandmaintenance,trainingof employees,orcustomer service. iii. Obligationsof the financialinstitution. iv. The contracting parties’rightsinmodifyingexistingservicesperformedunder the contract. v. Guidelinesforaddingnew ordifferentservicesandforcontract renegotiation. e. Performance Standards. Institutionsshouldinclude performance standardsthatdefine minimumservice level requirementsandremediesforfailuretomeetstandardsinthe contract.For example, commonservice levelmetricsinclude percentsystemuptime,deadlinesforcompleting batch processing,ornumberof processingerrors.Industrystandardsforservice levels may provide areference point.The institutionshouldperiodicallyreview overall performance standardstoensure consistencywithitsgoalsandobjectives. f. Securityand Confidentiality g. Controls. Service providerinternal controls; Compliance withapplicable regulatoryrequirements; Recordmaintenance requirementsforthe service provider; Accesstothe records by the institution; Notificationrequirementsandapproval rightsforanymaterial changes to services,systems,controls,keyprojectpersonnel,andservice locations; Settingand monitoringparametersforfinancial functionsincludingpaymentsprocessingor extensionsof creditonbehalf of the institution;andInsurance coverage maintainedby the service provider. h. Audit.:The institutionshouldincludeinthe contractthe typesof auditreportsitis entitledtoreceive(e.g.,financial,internal control,andsecurityreviews).
  • 5. i. Reports.:Contractual termsshouldincludethe frequencyandtype of reportsthe institutionwill receive(e.g.,performance reports,control audits,financial statements, security,andbusinessresumptiontestingreports). j. BusinessResumptionandContingencyPlans. The contract should addressthe service provider’sresponsibilityforbackupandrecord protection,includingequipment,programanddata files,andmaintenance of disaster recoveryandcontingencyplans. k. Sub-contractingandMultiple Service ProviderRelationships. Some service providersmaycontractwiththirdpartiesinprovidingservicestothe healthinstitution.Institutionsshouldbe aware of andapprove all subcontractors.To provide accountability,the financial institutionshoulddesignate the primarycontracting service providerinthe contract.The contract shouldalsospecifythatthe primary contractingservice providerisresponsible forthe servicesoutlinedinthe contract regardlessof whichentityactuallyconductsthe operations.The institutionshouldalso considerincludingnotificationandapproval requirementsregardingchangestothe service provider’ssignificantsubcontractors. l. Define Pricingmethods The contract shouldfullydescribe the calculationof feesforbase services,includingany development, conversion,andrecurringservices,aswell asanychargesbasedupon volume of activityorfor special requests.Contractsshouldalsoaddressthe responsibilityandadditional costforpurchasingandmaintaininghardware and software.Anyconditionsunderwhichthe coststructure maybe changedshouldbe addressedindetail includinglimitsonanycost increases. m. Bundling n. Contract induce concerns o. OwnershipandLicense: contractshouldaddressthe ownership,rightsto,andallowable use of the institution’sdata,equipment/hardware,systemdocumentation,systemand applicationsoftware,andotherintellectual propertyrights. p. Duration.: shouldconsiderthe appropriate lengthof time requiredtonotifythe service providerof the institutions’intentnot torenew the contractprior to expiration. Institutionsshouldconsidercoordinatingthe expirationdatesof contractsforinter- relatedservices(e.g.,website,telecommunications,programming,networksupport)so that theycoincide,where practical.Suchcoordinationcanminimize the riskof terminatingacontract earlyandincurringpenaltiesasaresultof necessarytermination of anotherrelatedservicecontract q. Dispute Resolution: The institutionshouldconsiderincludingaprovisionforadispute resolutionprocessthatattemptstoresolve problemsinanexpeditiousmanneraswell as a provisionforcontinuationof servicesduringthe dispute resolutionperiod. r. Indemnification: Indemnificationprovisionsshouldrequirethe service providertohold the financial institutionharmlessfromliabilityforthe negligence of the serviceprovider. s. Limitationof Liability:If the institutionisconsideringsuchacontract, management shouldassesswhetherthe damage limitationbearsanadequate relationship tothe
  • 6. amountof lossthe financial institutionmightreasonablyexperience asaresultof the service provider’sfailure toperformitsobligations t. Termination.:Managementshouldassessthe timelinessandexpense of contract terminationprovisions. u. Assignment:The institutionshouldconsidercontractprovisionsthatprohibit assignmentof the contractto a thirdparty withoutthe institution’sconsent. v. Foreign-basedservice providers w. Institutionsenteringintocontractswithforeign-basedservice providersshouldconsider a numberof additional contractissuesandprovisions. x. RegulatoryCompliance.: Financial institutionsshouldensure thatcontractswithservice providersincludeanagreementthatthe service provideranditsserviceswill comply withapplicable regulatoryguidanceandrequirements 6. Service Level AgreementSLA a. Availabilityandtimelinessof services; b. Confidentialityandintegrityof data; c. Change control; d. Securitystandardscompliance,includingvulnerabilityandpenetrationmanagement; Businesscontinuitycompliance;and e. Helpdesksupport. 7. Pricingmethods: Cost plus,Fixedprice,variableprice,unitprice,incentive basedpricing. Bundling: The providermayentice the institutiontopurchase more thanone system, process,orservice for a single price –referredtoas “bundling.” 8. Contract InducementConcerns: The service providerpurchasescertainassets(e.g.,computerequipmentorforeclosedreal estate) atbookvalue (whichexceedsmarketvalue) orpurchasescapital stockfromthe institution. The service providerofferscashbonusestothe institutionuponcompletionof the conversion.The service provideroffersup-frontcashtothe institution.The providerstatesthat the institutionacquiresthe righttofuture cost savingsorprofitenhancementsthatwill accrue to the institutionbecauseof greateroperational efficiencies.These improvementsare usually withoutmeasurable benchmarks. The institutiondefersexpensesforconversioncostsor processingfeesunderthe termsof the contract. Low installationandconversioncostsin exchange forhigherfuture systemssupportandmaintenance costs. 9. OngoingMonitoring a. KeyService Level Agreementsand contractprovisions A formal policythatdefinesthe SLA program; AnSLA monitoringprocess;A recourse processfor non-performance;Anescalationprocess; A dispute resolutionprocess;and A terminationprocess. b. Financial conditionstoService Providers Payingoff the servicer’screditor(s) andhiringoutside specialiststooperate the center;
  • 7. Obtainingrequiredequipmentandsoftware forin-house processing;and Transferring data filestoanotherprovider. c. General Control Environmentof the Service Provider The practicalityof the service providerhavinganinternal auditor,andthe auditor'slevel of trainingandexperience; The service providersexternal auditors’trainingand background;and Internal ITaudittechniquesof the service provider. d. Potential Changesdue toExternal Environment 10. Businesscontinuityplanning: Regularlyreviewthe businesscontinuityplansof the service providerorvendortoensure any servicesconsidered“missioncritical”forthe financial institutioncouldbe restoredwithinan acceptable timeframe. Review the service provider’sprogramforcontingencyplantesting.For critical services,annual ormore frequenttestsof the contingencyplanare required. Assess service provider/vendorinterdependenciesformission critical servicesandapplications. a. Outsourcingthe businesscontinuityFunction i. Staffing—Theprovidershouldhave sufficientandknowledgeable staff available to provide appropriate onsite technical supporttoensure timelyresumptionof operationsatthe recoverysite. ii. ProcessingTime Availability—The providershouldallocate sufficientprocessing time,resources,andsecuritycontrolstoaccommodate the potentialfor multiple clients.The institutionshouldensure itcouldprocessnormal volumes of workwithinappropriate timerequirements. iii. AccessRights—The providershoulddiscloseanyaccesslimitations.The provider shouldguarantee the institution’srighttouse the site incase of an emergency. Alternatively,the institutionshouldunderstandany priorityarrangements.For example,some sitesoperateonafirst-come,first-serve basisuntilthe site isat full capacity,butothershave pre-arrangedprioritiesbasedoncontractual agreements. iv. Hardware and Software—The recoverysite shouldhave compatiblehardware and software.The institutionshouldmonitorthe compatibilityof the site to handle itsspecificcomputerhardware andsoftware requirements.Tofacilitate the monitoring,the providershouldbe requiredbycontractto notifythe institutionof anychangesinthe hardware,software,and equipmentatthe recoverysite. v. SecurityControls—Theinstitutionshouldensureitcanmaintainadequate physical andlogical securitycontrolsatthe recoverysite. vi. Testing—The service providercontractshouldaddressaccesstothe recovery site forperiodictesting.Ataminimum, the institutionneedssufficientaccessto performat leastone full-scale testof the recoverysite annually,including verificationof telecommunicationscapabilities vii. Confidentialityof Data—The institutionshouldensurethe providercanmaintain the confidentialityof itsbusinessandcustomerdata.
  • 8. viii. Telecommunications—The institutionshouldreviewtelecommunications redundancyandcapacityat the recoverysite,includinghow communications fromthe institutionstothe recoverysite willbe established ix. Reciprocal Agreements—Financial institutionscontractingwithanother institutionforarecoverysite shouldconsiderthe above issuesof staffing, processingavailability,accessrightsforrecoveryortesting,compatibility, security,capacity,etc x. Space—The recoverysite shouldhave adequate space toaccommodate the affectedinstitution'srecoverystaff. xi. PrintingCapacity/Capability—The recoverysite shouldmaintainadequate printingcapacityto meetthe demandof the affectedinstitutionunder acceptable levelsof service xii. Contacts—Institutionmanagementshouldknow the proceduresfordeclaringa disasterincludingwhohasthe authoritytodeclare a disasterandinitiate use of the recoverysite. 11. InformationSecurityandsafeguards 12. Multiple service Providerrelationship 13. OutsourcingToforeignService Provider a. RiskManagement:Country,compliance risk b. Due Diligence: Contracts(Security,ConfidentialityandOwnershipof Data) c. RegulatoryAuthorityof othercountry. d. Choice of Law APENDIX: USE ITIL For Movingto ManagedServices: 1. Define Standardsusedtomanage Service ProviderandITIL. 2. Create Service strategytomove towardsManagedServicesModel. 3. Fix Service DesignToMove towardsmanagedServices. 4. Use Service transitioningdefine : transitionplanning,serviceassetsandconfigurationmanagement,ChangeManagement, Service ValidationandTesting,reduceresolutiontime populating Knowledgemanagement, Define deploymentstrategyandinfrastructure,Evaluatereproductionto3rd party provider. 5. Use OperationModule todefine supportstructure replicatingHAADrequirements. define followingfor3rd party to maintainforoperationsstandards: Service Desk,IncidentManagement(thingslikeescalationmatrix),EventManagement,Request Fullfillment,Problemmanagement,AccessManagementfrom3rd party, Application management,ITOperationManagement,Technical Management. 6. Continual Management:forQualitymanagedat3rd party site. Define QualityStandardsneededtomaintainedat3rd party Service Management Service Reporting