Business is always in a constant state of flux- more so these days, with disruption happening all around. How do you move from your AS IS state to TO BE architecture in your enterprise transformational journey? What mix and match of people, processes and technology will you blend together, and in what proportion, to drive enterprise value to deliver transformational results? TOGAF has a suite of tools that can help architects to chalk out the architectural roadmap for enterprise success. This talk will also focus on how agility is an underlying thread in this framework, and how value is delivered incrementally, making the process robust and
bankable.
Key Takeaways
Exposes the audience to the features of TOGAF which help plug business technology gaps.
How TOGAF has agility at its core to drive transformational results.
Why it is a good skill and knowledge for a seasoned IT professional to have in their kitty.
High energy IT professional with a niche in improving IT processes, completing projects, improving the top and bottom line with minimal disruption to the workplace and customers across multiple departments and all vertical lines of operations.
Implementing Cloud-Based DevOps for Distributed Agile ProjectsTechWell
Cloud-based development, delivery, and deployment environments are the future of IT operations. Thomas Stiehm shares the hard-learned lessons of setting up and running cloud-based solutions that implement DevOps for geographically distributed agile projects. Thomas describes how to best leverage the cloud to enable your teams to use it effectively. Learn why cloud software delivery is different from traditional software delivery environments, and how to optimize your platform and team to get the most out of the cloud. Geographically-distributed software delivery teams are now the norm for large projects, and the cloud is a perfect enabler to level the playing field for your distributed teams and to give them all the same ability to achieve high productivity. Since the road to the cloud isn’t always paved, learn many of the trade-offs that must be made to implement cloud-based delivery and discover the situations that will derail a move to cloud-based development.
PTC Acquires Leading Internet of Things Platform Provider ThingWorxPTC
PTC (Nasdaq: PTC) today announced it has acquired ThingWorx, creators of an award-winning platform for building and running applications for the Internet of Things (IoT), for approximately $112 million, plus a possible earn-out of up to $18 million. The acquisition of ThingWorx positions PTC as a major player in the emerging Internet of Things era.
Business is always in a constant state of flux- more so these days, with disruption happening all around. How do you move from your AS IS state to TO BE architecture in your enterprise transformational journey? What mix and match of people, processes and technology will you blend together, and in what proportion, to drive enterprise value to deliver transformational results? TOGAF has a suite of tools that can help architects to chalk out the architectural roadmap for enterprise success. This talk will also focus on how agility is an underlying thread in this framework, and how value is delivered incrementally, making the process robust and
bankable.
Key Takeaways
Exposes the audience to the features of TOGAF which help plug business technology gaps.
How TOGAF has agility at its core to drive transformational results.
Why it is a good skill and knowledge for a seasoned IT professional to have in their kitty.
High energy IT professional with a niche in improving IT processes, completing projects, improving the top and bottom line with minimal disruption to the workplace and customers across multiple departments and all vertical lines of operations.
Implementing Cloud-Based DevOps for Distributed Agile ProjectsTechWell
Cloud-based development, delivery, and deployment environments are the future of IT operations. Thomas Stiehm shares the hard-learned lessons of setting up and running cloud-based solutions that implement DevOps for geographically distributed agile projects. Thomas describes how to best leverage the cloud to enable your teams to use it effectively. Learn why cloud software delivery is different from traditional software delivery environments, and how to optimize your platform and team to get the most out of the cloud. Geographically-distributed software delivery teams are now the norm for large projects, and the cloud is a perfect enabler to level the playing field for your distributed teams and to give them all the same ability to achieve high productivity. Since the road to the cloud isn’t always paved, learn many of the trade-offs that must be made to implement cloud-based delivery and discover the situations that will derail a move to cloud-based development.
PTC Acquires Leading Internet of Things Platform Provider ThingWorxPTC
PTC (Nasdaq: PTC) today announced it has acquired ThingWorx, creators of an award-winning platform for building and running applications for the Internet of Things (IoT), for approximately $112 million, plus a possible earn-out of up to $18 million. The acquisition of ThingWorx positions PTC as a major player in the emerging Internet of Things era.
Showcasing exemplary stories of success where channel partners have gone to great lengths to implement innovative solutions. Acclaiming those partners who have risen to the challenges of the digital era and transformed their business to a solutions offering. Inspiring channel businesses to become value-added providers and trusted allies to their customers. Stories that made a Difference.
Key stories of the edition are as below:
1. FUELING GROWTH - CDW Middle East & Africa
2. NEW FRONTIERS- EmaxIT International
3. LAYING THE FOUNDATION - Innovative Incorporation
Trading
4. CRITICAL CONNECTIONS- Visiontech Systems International
5. THE BIG PICTURE - BMB Group
6. THE LAST LINE OF DEFENSE - Maxbyte Technologies
7. BANKING ON THE FUTURE - ConSol Enterprising IT
8. TOP GRADE - Cloud Box Technologies
9. EAGLE EYE - Fox Data Dubai
10.SECURE GATEWAYS - Virus Rescuers
After evaluating several leading enterprise resource planning (ERP) platforms and assessing the latest version of its existing solution, The CSL Group chose to deploy Oracle ERP Cloud and Oracle HCM Cloud to modernized its back office operations. The first phase of the overall transformation delivered a strong foundation in only 5 months and allowed the implementation of a new general ledger, chart of accounts, fixed assets module and modern financial reporting platform, along with automated procure to pay process. This session will present CSL roadmap to the Cloud and discuss lessons learned from the project with insights on how to move to the Oracle Cloud ERP successfully.
Running the Business of IT on ServiceNow using IT4ITcccamericas
In this presentation, Michael Fulton, President of CC&C Americas, shares his perspective on the new IT4IT industry standard and how you can use a combination of IT4IT and ServiceNow to transform how you run the business of IT.
Prism-IND is a technology consulting company delivering the professional services of experienced Windchill ESI Professionals (SAP and Oracle Applications) to clients in multiple countries.
Fujitsu Adopts PTC Service Lifecycle Management Solution to Support PC Servic...PTC
PTC (Nasdaq: PTC) today announced that Fujitsu, Ltd, a leading Japanese information and communication technology (ICT) company, has adopted the PTC Service Parts Management solution to optimize its service parts management process. The PTC solution will enable Fujitsu to improve the performance of its service parts function and reduce unnecessary inventory.
Softengi Software Development Company ProfileSoftengi
Softengi is a Ukrainian IT outsourcing service provider, which made its start in 1995, with more than 150 IT professionals daily implementing the business needs of our customers all over the world.
The company is The 2014 Global Outsourcing 100 ranked outsourcer, a member of Intecracy Group IT-consortium and Microsoft Gold certified partner.
Softengi's main competencies are outsourcing software development, establishment of development centers, outsourcing of IT business processes, IT consulting, development of solutions for business (based on Microsoft SharePoint), as well as providing customers its personnel for specific projects (IT-outstuffing).
Among Softengi’s customers there are such world-known companies as Enviance Inc. (cooperating with McDonalds, DuPont, Walmart, Chevron and FujiFilm), Ingersoll-Rand, the Boeing Company, Peterbilt Inc., PZU, Zeppelin and others.
Our exclusive value is “Inspired software engineering” – Softengi makes thoughtful solutions, being totally focused on customer’s expectations and turning into reality the business dreams of our clients.
Showcasing exemplary stories of success where channel partners have gone to great lengths to implement innovative solutions. Acclaiming those partners who have risen to the challenges of the digital era and transformed their business to a solutions offering. Inspiring channel businesses to become value-added providers and trusted allies to their customers. Stories that made a Difference.
Key stories of the edition are as below:
1. FUELING GROWTH - CDW Middle East & Africa
2. NEW FRONTIERS- EmaxIT International
3. LAYING THE FOUNDATION - Innovative Incorporation
Trading
4. CRITICAL CONNECTIONS- Visiontech Systems International
5. THE BIG PICTURE - BMB Group
6. THE LAST LINE OF DEFENSE - Maxbyte Technologies
7. BANKING ON THE FUTURE - ConSol Enterprising IT
8. TOP GRADE - Cloud Box Technologies
9. EAGLE EYE - Fox Data Dubai
10.SECURE GATEWAYS - Virus Rescuers
After evaluating several leading enterprise resource planning (ERP) platforms and assessing the latest version of its existing solution, The CSL Group chose to deploy Oracle ERP Cloud and Oracle HCM Cloud to modernized its back office operations. The first phase of the overall transformation delivered a strong foundation in only 5 months and allowed the implementation of a new general ledger, chart of accounts, fixed assets module and modern financial reporting platform, along with automated procure to pay process. This session will present CSL roadmap to the Cloud and discuss lessons learned from the project with insights on how to move to the Oracle Cloud ERP successfully.
Running the Business of IT on ServiceNow using IT4ITcccamericas
In this presentation, Michael Fulton, President of CC&C Americas, shares his perspective on the new IT4IT industry standard and how you can use a combination of IT4IT and ServiceNow to transform how you run the business of IT.
Prism-IND is a technology consulting company delivering the professional services of experienced Windchill ESI Professionals (SAP and Oracle Applications) to clients in multiple countries.
Fujitsu Adopts PTC Service Lifecycle Management Solution to Support PC Servic...PTC
PTC (Nasdaq: PTC) today announced that Fujitsu, Ltd, a leading Japanese information and communication technology (ICT) company, has adopted the PTC Service Parts Management solution to optimize its service parts management process. The PTC solution will enable Fujitsu to improve the performance of its service parts function and reduce unnecessary inventory.
Softengi Software Development Company ProfileSoftengi
Softengi is a Ukrainian IT outsourcing service provider, which made its start in 1995, with more than 150 IT professionals daily implementing the business needs of our customers all over the world.
The company is The 2014 Global Outsourcing 100 ranked outsourcer, a member of Intecracy Group IT-consortium and Microsoft Gold certified partner.
Softengi's main competencies are outsourcing software development, establishment of development centers, outsourcing of IT business processes, IT consulting, development of solutions for business (based on Microsoft SharePoint), as well as providing customers its personnel for specific projects (IT-outstuffing).
Among Softengi’s customers there are such world-known companies as Enviance Inc. (cooperating with McDonalds, DuPont, Walmart, Chevron and FujiFilm), Ingersoll-Rand, the Boeing Company, Peterbilt Inc., PZU, Zeppelin and others.
Our exclusive value is “Inspired software engineering” – Softengi makes thoughtful solutions, being totally focused on customer’s expectations and turning into reality the business dreams of our clients.
VRX Outsourcing is a leading world supplier of enterprise business solutions and IT/Telecom company that focuses on extremely qualitative, innovative integrated e-business solutions, timely delivered and efficient services. Our competencies exist providing custom created business solutions to world customers and determination a rank of specific tasks on application development.
We have a passionate development team with wonderful vary of skills, deep vertical industries experience and excellence in advanced technologies. By wise mix of business analysis and management with latest technology, VRX Outsourcing styles and develops custom created software and online applications. We’ve a broad vary of technology services that deliver real business results.
VRX Outsourcing includes a huge business for outsourcing, all IT/Telecom services and many more from India. Our main preference is to achieve your trust through our commitment and integrity, extending most prices to you and pains to exceed your expectations.
Aldiablos InfoTech started building the ways for our esteemed clients since 2010.
Aldiablos Technologies is one of the leading BPO in Ahemdabad, Gujrat believes
in innovation and quality services and serves the finest & well-known INDIA,USA,
UK, Australia and Singapore based clients.
CottGroup is the one stop shop provider of Consultancy, Outsourcing, Technology and Training in Istanbul. We are one of the first providers to offer multi-process services.
CottGroup operates with the boundless professional knowledge and expert competencies of its management. CottGroup’s expertise focuses on assistance in all specific aspects of making business such as business development, human resource management, accounting, and technology based solutions.
Our organization envisions itself as becoming the most admired and preferred partner on holistic back-end solutions for different areas of the industry and worldwide businesses.
Customers can count on our global knowledge and local eperience to deliver the best solutions for their needs.
We are able to provide service to any industry. Our customers cover a broad range of industries including IT, banking/finance, insurance, education, energy, government, retail, manufacturing and healthcare.
We serve clients from Fortune 500 to mid-size companies across Turkey.
T/DG - Business Process Outsourcing Increase Productivity and ProfitabilityThe Digital Group
Today BPO units are involved in the transfer of business processes and so to say entire business functions. BPO industry acts as partner in the decision making structure surrounding the outsourced processes and functional areas. Performance metrics are primarily tied to customer service and strategic business value.
Poly Only Cleared Job Fair Job Seeker Handbook November 18, 2015, Dulles, VaClearedJobs.Net
If you have an active CI or FS polygraph please join us Wednesday (register at http://clearedjobs.net/job-fair/fair/30/) at the Hyatt Dulles to meet with employers, network with other cleared professionals and have your resume professionally reviewed. The Job Seeker Handbook contains a listing of all employers and the positions they will be seeking to fill at the Cleared Job Fair.
Logicalis disruptive innovation for legal services brochureStuart Lewis
Logicalis UK Legal Services vertical brochure which, outlines how we help law firms achieve disruptive innovation by delivering business outcome focused strategies for:
- Business Intelligence and Analytics
- Workspace Transformation and Collaboration
- Agile DC and Cloud
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
JMeter webinar - integration with InfluxDB and Grafana
Risk management Consulting For Municipality
1. EnrollHostel Privileged and Confidential Page 1 of 65
DAN GRIBBLE
SOURCETEKIT | 365, Suite 20, Healey Rd, Bolton, ON L7E 5C1
Response to RFP – Peel Region
Enterprise Risk and Audit
Services
KIND ATTN:XXX
2. EnrollHostel Privileged and Confidential Page 2 of 65
Confidentiality Agreement
This document is confidential and may not be copied without the permission of EnrollHostel.
This document contains information proprietary to EnrollHostel. Transmittal, receipt or possession of this
document does not express licenseor imply rights to use,sell,and design, develop or have developed products
or services from this information. No reproduction, publication or disclosure of this information in whole or in
part, electronic or otherwise, shall be mad without prior written authorization from a signing office of
EnrollHostel. Authorized transfer of this document from the custody and control of EnrollHostel constitutes
a loan for limited purposes, and this document must be returned to EnrollHostel upon request, and in allevents
upon the conclusion of the loan.
Copyright 2018 EnrollHostel
ON L7E 5C1
3. EnrollHostel Privileged and Confidential Page 3 of 65
To:
Jason Edgmon
Senior Director of IT Infrastructure & Operations
Pharmaceutical Research and Manufacturers of America
jedgmon@School.org
Dear Jason,
EnrollHostel thanks Pharmaceutical Research and Manufacturers of America(School) for providing the
opportunity to respond to this RFP for the provisioning of one single team that combines IT, Network and
Security operations for their Network & IT infrastructure.
Value is found in knowledge. EnrollHostel is renowned for its expertise in Asset Management, and
Infrastructure management through its state-of-the-art NOC and SOC. A Professional Services’ company
specializing in large-scale urban infrastructure engagements, EnrollHostel lends its expertise to leading Value-
added re-sellers and construction companies from the design phase through final testing throughout hospitals
in North America. EnrollHostel understands that engineering and technical prowess within its organization is
of prime importance at a time when our society demands data to be integrated, automated and secured. Our
Managed IT Services’ offering is something we’re intimately familiar with and have deployed numerous times
over the last year in environments comparable to your prescribed size and scope.
EnrollHostel’s Managed IT solution services ensure that our clients’ applications are managed and operated on
a 24x7 basis, ensuring both secure and high performance. Our services allow clients to benefit from scalable
project operations and cross-functional/discipline-knowledge sharing between teams, enabling EnrollHostel to
provide best in class Managed IT services.
The advantage of a partnership with EnrollHostel will ensure that this experience and qualification is leveraged
to;
Mitigate transitional risk
Provide best in class quality services at significantly lower costs
Quickly construct ateam of experienced and knowledgeable personnel for onsite –offshore based delivery,
thereby assuring excellence in operations
EnrollHostel follows amanaged serviceapproach, basedon ITILbest practices,that provides for aset of process
frameworks and flexiblegovernance models that transform support services;improving productivity, achieving
higher operational efficiency and increasing cost predictability.
Adopting a multi-phased approach from transition to continual improvement, the managed service model
provides:
Scalability and resource efficiency
Less client involvement in routine operational tasks
Predictability in delivery through experience and understanding of application environment
Resource utilization and shift work load balancing
Service Level Agreement (SLA) driven metrics
Total quality management through well-defined processes and ITIL best practices
4. EnrollHostel Privileged and Confidential Page 4 of 65
EnrollHostel understands School’s key objective to partner with a MSP that can demonstrate how their value-
added services will provide critical helpdesk, security, network engineering, business continuity, and disaster
recovery capabilities in a cost-effective manner while providing superior customer service to our users in a
24x7x365 environment.
In partnering with EnrollHostel over other “large” IT Consulting Firms, School will benefit by leveraging our:
Proven past performances of successfully deploying end-to-end managed IT services to many similar scale
organizations
10+ years of proven experience in collaboration, security and Infrastructure management
Agile and dynamic business model that quickly adapts to customer needs and environment
Value proposition: Lower cost; maximize process efficiency
Process oriented, result driven methodology focused on maximizing business value
Value proposition: Process standardization and consolidation
Thought leadership and unparalleled technology “know-how”
Value proposition: Lower cost; maximize process efficiency; fast and safe technology
implementation
Focused on customer satisfaction
Value proposition: Maximize process efficiency; enable customers to do more
High priority on Quality and Operational Excellence
Value proposition: Maximize brand value; increase revenue.
Best Regards
Dan Gribble
VP-Sales, EnrollHostel
dgribble@EnrollHostel.com
(412) 418 3159
5. EnrollHostel Privileged and Confidential Page 5 of 65
TABLE OF CONTENTS
1 PART I – GENERAL INFORMATION .................................................................................................................................................................7
1.1 EXECUTIVESUMMARY..................................................................................................................................................................................7
1.2 SCOPEOF SERVICES.......................................................................................................................................................................................7
X1.3 EXCEPTIONS TO RFP REQUIREMENTS ......................................................................................................................................................13
2 PART II – DESCRIPTION OF SERVICES...........................................................................................................................................................14
2.1 AUDITING/ASESSING IT SERVICES COMPLAINCE ...................................................................................................................................14
2.1.1 COMPLAINCE AUDIT/ ASSESSMENT METHODOLOGY ...............................................................................................................14
.............................................................................................................................................................................................................................14
2.1.2 RISK What has Changed? ................................................................................................................................................................17
2.1.3 RISK Governance Framework. ........................................................................................................................................................18
2.1.4 ............................................................................................................................................................Error! Bookmark not defined.
............................................................................................................................................................................Error! Bookmark not defined.
2.1.5 EnrollHostel Audit Knowledge Repository ....................................................................................................................................19
2.1.6 Audit Plan...........................................................................................................................................................................................22
2.1.7 Compliance Dashboards ....................................................................................................................................................................0
2.1.8 VULNERABILITY TESTING ...................................................................................................................................................................3
2.2 EXECUTIONPLAN...........................................................................................................................................................................................4
2.2.1 SERVICE DELIVERY APPROACH .........................................................................................................................................................4
2.2.2 INCEPTION ...........................................................................................................................................................................................6
2.2.3 KNOWLEDGE TRANSFER ....................................................................................................................................................................6
2.2.4 STEADY STATE OPERATIONS .............................................................................................................................................................8
2.2.5 AUDIT STRATEGY ................................................................................................................................................................................9
2.3 ACCOUNT MANAGEMENT & TECHNOLOGY TEAM STRUCTURE..........................................................................................................11
2.3.1 AUDIT ACCOUNT MANAGEMENT ..................................................................................................................................................11
2.3.2 PROJECT TEAM STRUCTURE............................................................................................................................................................13
2.3.2.1 TEAM STRUCTURE..................................................................................................................................................................... 13
2.3.2.2 TEAM ROLES & RESPONSIBILITES.............................................................................................................................................. 14
3 PART III – REFERENCES & ENROLLHOSTEL CAPABILITIES ........................................................................................................................16
3.1 CASE STUDIES ...............................................................................................................................................................................................16
3.1.1 CASE STUDY 1 ....................................................................................................................................................................................17
3.1.2 CASE STUDY 2 ....................................................................................................................................................................................17
3.1.3 CASE STUDY 3 ....................................................................................................................................................................................18
3.2 ENROLLHOSTEL | CAPABILITY....................................................................................................................................................................19
3.2.1 PROGRAM GOVERNANCE ...............................................................................................................................................................20
3.2.2 CONTINUAL SERVICE IMPROVEMENT (CSI)..................................................................................................................................20
3.2.3 KNOWLEDGE MANAGEMENT.........................................................................................................................................................20
3.2.4 TEAM COMPETENCY AND SKILLS ENHANCEMENTS ...................................................................................................................21
3.3 ENROLLHOSTEL | PROJECTMANAGEMENT PROCESS...........................................................................................................................21
3.3.1 REPORTING METRICS .......................................................................................................................................................................22
3.3.2 ESCALATION HANDLING ..................................................................................................................................................................23
3.3.3 COMMUNICATION PLAN .................................................................................................................................................................23
3.3.4 RISK MANAGEMENT PLAN..............................................................................................................................................................24
3.3.5 CHANGE MANAGEMENT PROCEDURE..........................................................................................................................................24
3.4 ENROLLHOSTEL | COMPLIMENTARY VALUE ADDED SERVICES ...........................................................................................................26
3.5 ENROLLHOSTEL | DIFFERENTIATORS .......................................................................................................................................................26
3.5.1 CYBERSECURITY SERVICES ...............................................................................................................................................................28
3.5.1.1 Penetration Testing................................................................................................................................................................... 28
3.5.1.2 Corporate Trainings - Cybersecurity......................................................................................................................................... 28
3.5.1.3 Email Securityand Office 365 Integration................................................................................................................................ 30
3.5.1.4 Cyber-Forensics......................................................................................................................................................................... 31
3.5.1.5 Social Engineering..................................................................................................................................................................... 32
3.5.2 SECURITY ASSESSMENT AND COMPLIANCE .................................................................................................................................33
3.5.3 SECURITY OPERATIONS CENTER.....................................................................................................................................................35
4 PART IV – PROJECT COST................................................................................................................................................................................38
4.1 FIXED PRICE ..................................................................................................................................................................................................38
6. EnrollHostel Privileged and Confidential Page 6 of 65
4.2 RATE CARD FOR ADDITIONALWORK........................................................................................................................................................38
4.2.1 ADDITIONAL INITIATIVES.................................................................................................................................................................38
4.3 ASSUMPTIONS .............................................................................................................................................................................................39
4.3.1 USER COUNT AND DEMOGRAPHIC................................................................................................................................................40
4.3.2 ON-PREMISE & HOSTED ENVIRONMENT.....................................................................................Error! Bookmark not defined.
4.3.2.1 Desktops/Laptops ..................................................................................................................................................................... 40
4.3.2.2 On-Premise Network................................................................................................................................................................. 40
4.3.2.3 Hosted Cloud Environment....................................................................................................................................................... 40
4.3.2.4 Legacy Business Applications.................................................................................................................................................... 40
4.3.2.5 Third Party Vendors .................................................................................................................................................................. 40
7. EnrollHostel Privileged and Confidential Page 7 of 65
1 PART I – GENERAL INFORMATION
1.1 EXECUTIVE SUMMARY
EnrollHostel is pleased to provide this proposal for Accessing/Auditing Compliance to RISK For School student
from Spain [Europe]. EnrollHostel understands the importance of these services School provides to Students.
EnrollHostel brings to this engagement a significant advantage to Education Sector, in terms of technology
expertise, security, operations architecture, strategy and advisory skills, process maturity and a consistent and
reliable track record providing operational and infrastructure support across multiple technologies.
EnrollHostel also proposes the advantages it brings on board as compared to other MSPs.
1.2 SCOPE OF SERVICES
EnrollHostel understands that School is looking for the following RISK compliance services.
Below is EnrollHostel’s compliance to the scope of services detailed by School in their RFP document:
8. EnrollHostel Privileged and Confidential Page 8 of 65
Our proposed solution has been detailed in the Section: PART II – DESCRIPTION OF SERVICES
SNo Stages
1 To Identify Risks
2 To Evaluate Risks
3 To Treat (Manage/Action)
Risks
4 To Monitor (Review) Risks
5 To Report on Risks
6 To View/Update Validation
Rules
9. EnrollHostel Privileged and Confidential Page 9 of 65
Risk Management PRINCIPLES
Risk Management should:
1
create value – resources expended to mitigate risk should be less than the
consequence of inaction
2 be an integral part of organizational processes
3 be part of decision making
4 explicitly address uncertainty and assumptions
5 be systematic, structured and timely
6 be based on the best available information
7 be tailorable
8 take human and cultural factors into account
9 be transparent and inclusive
10 be dynamic, iterative and responsive to change
11 facilitates continual improvement and enhancement of the organization
12 be continually or periodically re-assessed
Risk Management BENEFITS
1 Increase the likelihood of achieving objectives;
2 Encourage proactive management;
3
Be aware of the need to identify and treat risk throughout the
organization;
4 Improve the identification of opportunities and threats;
10. EnrollHostel Privileged and Confidential Page 10 of 65
5
Achieve compatible risk management practices between organisations
and nations;
6
Comply with relevant legal and regulatory requirements and international
norms;
7 Improve governance;
8 Improve stakeholder confidence and trust;
9 Establish a reliable basis for decision making and planning;
10 Improve controls;
11 Effectively allocate and use resources for risk treatment;
12 Improve operational effectiveness and efficiency;
13 Enhance health & safety performance and environmental protection;
14 Improve loss prevention and incident management;
15 Minimize losses;
16 Improve organizational learning; and
17 Improve organizational resilience.
Risk Assessment & Management Plan
Stage Stage2 # Work Needs to be done
Development
of Risk
Framework
Communicate
andConsult
1 (38) Has the board and executiveexpressedtheirsupportfor
a risk managementprogramme?
2 (39) Has the risk committee (orequivalent) andthe board
reviewedandapprovedthe riskpolicy/strategy?
Establish the
Context
3 (1) Have you identifiedaperson whowill be responsible for
implementingriskmanagement?
4 Doesthe risk manager,or equivalent,have reasonable
access to staff andmanagementacrossthe
organisation?
5 (2) Have you definedcategoriesof riskrelevanttoyour
organisationand industry?
6 Do your riskcategoriesreflectall operational riskareas
of the businessaswell asmore strategicrisk
categories?
7 (3) Is there a clearorganisational strategy(orobjectives)
articulatedforthe organisation?
8 (4) Have you definedandagreedalikelihoodscale toassess
the potential forthe riskto occur throughoutthe
organisation?
9 (5) Have you definedandagreedaconsequencescale to
helpassessriskimpactsacrossthe organisation?
10 (6,7) Doesthe organisation'sconsequence scale describe both
financial andnon-financial impacts?
11 (8) Doesthe risk Managementframeworkconsiderthe
effectivenessof controlsorrisktreatments?
11. EnrollHostel Privileged and Confidential Page 11 of 65
12 (9) Is there anagreedtemplate orformatfor recordingrisks
and risktreatmentinformation(ariskregister)?
13 (10) Has a riskpolicybeendefined?
14 (11) Doesthe organisationhave adocumentedrisk
managementstrategy?
15 Do jobdescriptionsof keystakeholdersinclude
responsibilitiesforrisk management?
16 (12) Is a formal projectmanagementmethodologyusedto
manage projects?
17 Is a mechanisminplace toidentify,assess,recordand
monitorrisksonprojects?
18 Has the organisationagreedwhattypesandlevelsof risk
are unacceptable?
19 Is there anagreedformat/template forreportingon
risk?
20 (13) Is there a processand/ortemplate where new riskscan
be recordedby the executiveandstaff?
Implementation
of Risk
Framework
Communicate
andConsult
21 Is risk managementorawarenesstrainingprovidedtoall
staff?
22 Doesthe risk manager(orequivalent) have accesstothe
CEO, boardand Audit/RiskCommitteewhen
required?
23 (14) Do staff know that theyhave a rightand responsibilityto
assistinrisk identificationandescalation?
24 Do staff know whoto report/escalate risksto?
25 (15) Do managersor supervisorsknow thattheyare
responsible formanagingriskintheirarea/sof
responsibility?
26 (16) Have the executive andthe boardprovidedguidance on
whatinformationtheywouldlike tosee inrisk
reports?
27 Is there agreementonwhenandhow oftenriskreports
will be produced?
28 Have the recipientsof riskreportsbeenidentifiedand
agreed?
29 (17) Can differentriskreportsbe producedtomeetdifferent
needsof stakeholdergroups?
30 (18) Has responsibilityformanaging/treatingspecificrisks
beenassignedandcommunicatedtothose
responsible?
31 Are staff encouragedorincentivisedtoreportriskor
suggestriskreductionstrategies?
Risk
Assessment
32 Has a riskbrainstormingworkshop(orworkshops) been
conducted?
33 (19) Have you consideredthe historyof eventsandincidents
inyour organisationduringthe risk assessment
process?
34 Has researchbeenperformedtounderstandcommon
risksinthe industry?
35 (20) Has the executive andboardconsideredrisksrelatingto
the achievementof keyorganisationalgoalsand
objectives?
12. EnrollHostel Privileged and Confidential Page 12 of 65
36 Are risksidentified duringcompliance reviews/audits
alwaysaddedtothe riskregister?
37 (21) Have existingcontrolsbeenidentifiedforrisksduringthe
riskassessmentprocess?
38 (22) Has the perceivedeffectivenessof controlsbeen
assessedbya personwho understandsthe riskand
the controlsinplace?
39 Has the risk registerbeenupdatedinthe lastyear?
40 Is the riskregisterupdatedthroughoutthe yearto
reflectchangesinriskandemergingrisks?
Treat Risks 41 Doesthe risk registerrecordthe jobtitle of the person
responsible foroverseeingthe risktreatmentand
monitoringprocess(the 'riskowner'or'risk
champion')?
42 (23) Have you identifiedpossibleactions/treatmentplans
that couldhelptoreduce the risklevel?
43 (24) Have the benefitsof atreatmentapproachbeen
comparedto the potential costof the riskto
determine the appropriatenessof the treatment
strategy?
44 (25) Have risk treatmentoractionplansbeendocumented
and approved forimportantrisks?
45 Have due dates/completiondatesbeenagreedforrisk
treatmentactionsandplans?
46 (26) Is there a clearunderstandingof whowill overseethe
risktreatmentselectionandexecutionprocess?
47 (27,28) Have keyrisk indicators(KRIs) beendefinedandagreed
for keyrisks/riskareas?
48 Are the organisation'sphysical assetsappropriately
insured?
49 (29) Is a businesscontinuityplan(BCP) inplace forcritical
organisational functions/processes?
Monitoring &
Review
of Risk
Framework
Monitor and
Review
50 (30) Doesyour riskprocessfollow the stepsdescribedinthe
AS/NZS:4360 2004 Standard?
51 (31) Doesthe Internal Auditfunctionorequivalentreview
riskmanagementprocesses?
52 Is an Internal Audit function/processinplace?
53 (32) Do your internal auditorsfocustheirtime andefforton
the most critical risksrecordedinthe riskregister?
54 (33) Doesthe organisationtrackchangesin risklevelsover
time inorderto understandtrends/ changesinrisk
levels?
55 (34) Has the risk policybeenreviewedandapprovedinthe
lastyear?
56 (35) Has the board and/orrisk managementcommittee (or
equivalent) made anattestationinthe annual report
inaccordance withthe GovernmentRisk
ManagementFramework(if applicable)
57 (36) Is the riskprocessintegratedwithotherorganisational
planningprocesses - forexampleisriskconsidered
duringthe strategicplanning,budgetingandaudit
planningprocesses?
13. EnrollHostel Privileged and Confidential Page 13 of 65
Suggested3tiersof escalatedsupport:
SupportTier Description
Tier 1 All supportincidentsbegininTier1,where theinitialtrouble ticketiscreated.The issue
isidentified, andclearlydocumented,andbasichardware/software troubleshootingis
initiated. At this stage engineers are also using the existing knowledge base to
investigate and try best of his/her ability to resolve the issue.
Tier 2 All supportincidentsthatcannotbe resolvedwithTier1Supportare escalatedtoTier
2 where more complex supporton hardware/software issuescanbe providedby
more experiencedEngineers.
Tier 3 Support Incidents that cannot be resolved by Tier 2 Support are escalated to Tier 3,
where supportisprovidedbythe mostqualifiedandexperiencedengineerswhohave
the abilitytocollaboratewith3rdParty(Vendor)SupportEngineerstoresolvethe most
complex issues.
1.3 EXCEPTIONS TO RFP REQUIREMENTS
None.
14. EnrollHostel Privileged and Confidential Page 14 of 65
2 PART II – DESCRIPTION OF SERVICES
2.1 AUDITING/ASESSING IT SERVICES COMPLAINCE
2.1.1 COMPLAINCE AUDIT/ ASSESSMENT METHODOLOGY
15. EnrollHostel Privileged and Confidential Page 15 of 65
EnrollHostel’sGRAYBIEmanagedservices platformprovides asinglepaneof accessandvisibilityforallthenetwork
devicesandsecurityissuesbackedbyour 24/7/365 monitoringbyourcertified andhighlyexperienced еngіnееrѕ.
16. EnrollHostel Privileged and Confidential Page 16 of 65
GRAYBIE connectstoanyIT datasource or monitoringsystemtocollectandcollatedataonvariousITsystemsand
applications. GRAYBIE’s Core Rule Engine is leveraged to apply custom rules applicable to the business, gaining
insight into how the IT systems are performing within the business. Businesscritical application performance,
underlyingITinfrastructureperformanceandService deliverywithinthe organizationITsupportsystemcanall be
correlated to give a meaningful insight into the IT environment health.
GRAYBIE not only enables operational excellence through quick resolution but also helps in saving operational
costs through descriptive,prescriptive,andpredictiveinsightsforcalculatingthe magnitude,risk,andtime of the
issue athand, inreal-time, thereby enabling the teams to escalate it to the management at the right moment:
Fewreal-time capabilitiesof GRAYBIE:
Sесurіtу threat соrrеlаtіоn and іnсіdеnt аnаlуѕіѕ
Custom соrrеlаtіоn rule сrеаtіоn
Dеvісе fault management
High-touch service delivery
Thіrd-раrtу lоg analysis to mееt compliance rеԛuіrеmеntѕ
Cоnfіgurаtіоn and engineering ѕuрроrt
17. EnrollHostel Privileged and Confidential Page 17 of 65
2.1.2 Risk Management Stages
SNo Stages
1 To Identify Risks
2 To Evaluate Risks
3 To Treat (Manage/Action)
Risks
4 To Monitor (Review) Risks
5 To Report on Risks
6 To View/Update Validation
Rules
2.1.3 Risk Management Process
2.1.4 Risk Management Principles
Risk Management PRINCIPLES
Risk Management should:
1
create value – resources expended to mitigate risk should be less than the
consequence of inaction
2 be an integral part of organizational processes
3 be part of decision making
4 explicitly address uncertainty and assumptions
18. EnrollHostel Privileged and Confidential Page 18 of 65
5 be systematic, structured and timely
6 be based on the best available information
7 be tailorable
8 take human and cultural factors into account
9 be transparent and inclusive
10 be dynamic, iterative and responsive to change
11 facilitates continual improvement and enhancement of the organization
12 be continually or periodically re-assessed
2.1.5 Risk Management Audit Benefits
Risk Management BENEFITS
1 Increase the likelihood of achieving objectives;
2 Encourage proactive management;
3
Be aware of the need to identify and treat risk throughout the
organization;
4 Improve the identification of opportunities and threats;
5
Achieve compatible risk management practices between organisations
and nations;
6
Comply with relevant legal and regulatory requirements and international
norms;
7 Improve governance;
8 Improve stakeholder confidence and trust;
9 Establish a reliable basis for decision making and planning;
10 Improve controls;
11 Effectively allocate and use resources for risk treatment;
12 Improve operational effectiveness and efficiency;
13 Enhance health & safety performance and environmental protection;
14 Improve loss prevention and incident management;
15 Minimize losses;
16 Improve organizational learning; and
17 Improve organizational resilience.
2.1.6 RISK Governance Framework.
20. EnrollHostel Privileged and Confidential Page 20 of 65
EnrollHostel’s24x7x365 NetworkOperationsCentre (NOC)рrоvіdеѕrеаl-tіmе datafromover1,700 services,
аррlісаtіоnѕandрrосеѕѕеѕ inuse асrоѕѕ ourclients’infrastructurenetworks. Alarmingоursecurityandtесhnісаl
21. EnrollHostel Privileged and Confidential Page 21 of 65
analysts, fromwithin ourсlоudѕеrvісеѕ detectsandrеѕоlvеsроtеntіаl problems bеfоrе thеуbесоmе service аffесtіng
to уоurbuѕіnеѕѕореrаtіоnѕ.
Our state-of-the-artNOCenablesquickriskdеtесtіоn,securityраtсhdерlоуmеnt,backup andendроіntmanagement
for yourѕеrvеrѕ,dеѕktорѕ andportable dеvісеѕ.
22. EnrollHostel Privileged and Confidential Page 22 of 65
2.1.8 Risk Assessment Management Audit Plan
Stage Stage2 # Checklist Item
Development
of Risk
Framework
Communicate
and Consult
1 Has the board and executive expressed their
support for a risk management programme?
2 Has the risk committee (or equivalent) and the
board reviewed and approved the risk policy/
strategy?
Establish the
Context
3 Have you identified a person who will be
responsible for implementing risk
management?
4 Does the risk manager, or equivalent, have
reasonable access to staff and management
across the organisation?
5 Have you defined categories of risk relevant to
your organisation and industry?
6 Do your risk categories reflect all operational risk
areas of the business as well as more strategic
risk categories?
7 Is there a clear organisational strategy (or
objectives) articulated for the organisation?
8 Have you defined and agreed a likelihood scale to
assess the potential for the risk to occur
throughout the organisation?
9 Have you defined and agreed a consequence
scale to help assess risk impacts across the
organisation?
10 Does the organisation's consequence scale
describe both financial and non-financial
impacts?
11 Does the risk Management framework consider
the effectiveness of controls or risk
treatments?
12 Is there an agreed template or format for
recording risks and risk treatment information
(a risk register)?
13 Has a risk policy been defined?
14 Does the organisation have a documented risk
management strategy?
15 Do job descriptions of key stakeholders include
responsibilities for risk management?
16 Is a formal project management methodology
used to manage projects?
17 Is a mechanism in place to identify, assess, record
and monitor risks on projects?
18 Has the organisation agreed what types and
levels of risk are unacceptable?
19 Is there an agreed format/ template for reporting
on risk?
23. EnrollHostel Privileged and Confidential Page 23 of 65
20 Is there a process and/or template where new
risks can be recorded by the executive and
staff?
Implementation
of Risk
Framework
Communicate
and Consult
21 Is risk management or awareness training
provided to all staff?
22 Does the risk manager (or equivalent) have
access to the CEO, board and Audit/ Risk
Committee when required?
23 Do staff know that they have a right and
responsibility to assist in risk identification and
escalation?
24 Do staff know who to report/ escalate risks to?
25 Do managers or supervisors know that they are
responsible for managing risk in their area/s of
responsibility?
26 Have the executive and the board provided
guidance on what information they would like
to see in risk reports?
27 Is there agreement on when and how often risk
reports will be produced?
28 Have the recipients of risk reports been identified
and agreed?
29 Can different risk reports be produced to meet
different needs of stakeholder groups?
30 Has responsibility for managing/ treating specific
risks been assigned and communicated to
those responsible?
31 Are staff encouraged or incentivised to report risk
or suggest risk reduction strategies?
Risk
Assessment
32 Has a risk brainstorming workshop (or workshops)
been conducted?
33 Have you considered the history of events and
incidents in your organisation during the risk
assessment process?
34 Has research been performed to understand
common risks in the industry?
35 Has the executive and board considered risks
relating to the achievement of key
organisational goals and objectives?
36 Are risks identified during compliance reviews/
audits always added to the risk register?
37 Have existing controls been identified for risks
during the risk assessment process?
38 Has the perceived effectiveness of controls been
assessed by a person who understands the
risk and the controls in place?
39 Has the risk register been updated in the last
year?
40 Is the risk register updated throughout the year to
reflect changes in risk and emerging risks?
Treat Risks 41 Does the risk register record the job title of the
person responsible for overseeing the risk
24. EnrollHostel Privileged and Confidential Page 24 of 65
treatment and monitoring process (the 'risk
owner' or 'risk champion')?
42 Have you identified possible actions/ treatment
plans that could help to reduce the risk level?
43 Have the benefits of a treatment approach been
compared to the potential cost of the risk to
determine the appropriateness of the
treatment strategy?
44 Have risk treatment or action plans been
documented and approved for important
risks?
45 Have due dates/ completion dates been agreed
for risk treatment actions and plans?
46 Is there a clear understanding of who will oversee
the risk treatment selection and execution
process?
47 Have key risk indicators (KRIs) been defined and
agreed for key risks/ risk areas?
48 Are the organisation's physical assets
appropriately insured?
49 Is a business continuity plan (BCP) in place for
critical organisational functions/ processes?
Monitoring &
Review
of Risk
Framework
Monitor and
Review
50 Does your risk process follow the steps described
in the AS/NZS: 4360 2004 Standard?
51 Does the Internal Audit function or equivalent
review risk management processes?
52 Is an Internal Audit function/ process in place?
53 Do your internal auditors focus their time and
effort on the most critical risks recorded in the
risk register?
54 Does the organisation track changes in risk levels
over time in order to understand trends/
changes in risk levels?
55 Has the risk policy been reviewed and approved
in the last year?
56 Has the board and/or risk management committee
(or equivalent) made an attestation in the
annual report in accordance with the Victorian
Government Risk Management Framework (if
applicable)
57 Is the risk process integrated with other
organisational planning processes - for
example is risk considered during the strategic
planning, budgeting and audit planning
processes?
25. 2.1.9 Compliance Dashboards
The compliance team рrоvіdеѕrеаl time datavisibilityformonitoring asperthe following dashboards:
28. 3
Fig: Device executive summary – 2
Fig: Device executive summary - 3
2.1.10 VULNERABILITY TESTING
A vulnerabilityassessment/evaluationisaprocedure usedtorecognizeanddole outseriousnesslevelsto
whatever number security surrenders as could reasonably be expected in a given time period. This
procedure may include robotized and manual systems with changing degrees of meticulousness and an
accentuation on thorough scope. Utilizing a hazard-based approach, weakness appraisals may target
29. 4
diverse layers of innovation, the most widely recognized being host-, network-, and application-layer
evaluations.
Directing vulnerability appraisals enable associations to distinguish vulnerabilities in their product and
supporting framework before a bargain can happen. A vulnerability can be characterized in two ways:
• A bug in code or an imperfectioninprogrammingplanthatcan be abusedto cause hurt. Misuse
may happen by means of a verified or unauthenticated aggressor.
• A hole in securitymethodsora shortcomingininteriorcontrolsthat whenmisusedoutcomesin
a security break.
Our dedicated team at EnrollHostel provides Vulnerability evaluations that are intended to yield a
positionedororganizedrundownof aframework'svulnerabilitiesfordifferentsortsof dangers.Usingthis,
we will utilize these evaluations know about security hazards and comprehend they require help
distinguishing and organizing potential issues. By understanding their vulnerabilities, we can plan
arrangements and patches for those vulnerabilities for consolidation with their hazard administration
framework.
The pointof viewof adefenselessnessmayvary,contingentuponthe frameworksurveyed.Forinstance,
a utilityframework,similartopowerand water,may organize vulnerabilitiestothingsthat coulddisturb
administrations or harm offices, similar to cataclysms, altering and psychological oppressor assaults.
Notwithstanding, a data framework (IS), like a site with databases, may require an appraisal of its
powerlessnesstoprogrammersanddifferenttypesof cyberattack.Thenagain,aserverfarmmayrequire
an appraisal of bothphysical andvirtual vulnerabilitiessinceitrequiressecurityforitsphysical office and
digital nearness. This is where we pitch in to provide the best of services and line up the possible cases
and assessments you need.
2.2 EXECUTION PLAN
2.2.1 SERVICE DELIVERY APPROACH
EnrollHostel isof the opinionthatgovernance ismultifacetedwithitsorganizational structure,customer
engagement, relationship models, processes and metrics. When the business and operational
environmentiscomplexthere isagreaterneedforrobustgovernance,aswithoutitthereisincreasedrisk
of shared service and vendor partnership value leakage.
1. Communicate and Consult
2. Establish the context
3. Plan Risk Assessment [Risk identification, Risk Analysis, Risk Evaluation]
4. Risk Treatment
5. Monitor and Review
6. Operate
7. Conform to Standard
BusinesssucceedswhenITrunsbetterandquickerwithreducedcost.OurOperations&SupportServices
is based on ITIL driven Service management framework, coupled with the state of the art tooling and
processes helps IT organizations cut cost, reduce risk and drive down IT Cost. Our mission is to reduce
30. 5
incident trend targeting zero count and to ensure availability and reliability of applications to meet the
service levelcommitmentforeachapplication.We proactivelymonitoruserexperience,businessmetrics,
critical components and processes to analyze and fix incidents before end-users are impacted or
experience any delay, and thus ensure business critical apps perform at peak efficiency and availability
without any downtime.
The diagram below illustrates our approach to building an effective and high-performing
support/operations service.
31. 6
2.2.2 INCEPTION
A teamcomprisingthe service deliverymanagersfrom EnrollHostel andSchool will be setupfordetailed
planning/resource assignmentandscope finalization.The teamwouldschedule,prioritize andmonitor
the tasks,as well asprovide statusreports.The tasksassociatedwiththisphase are highlightedbelow:
Activities Teams Involved
EnrollHostel
Team
School
Team(s)
Existing
Vendor
Team(s)
Identify Processes:
Standard
ProcessFlowCharts
Identify existing Documentation and Knowledgebase
Team Ramp-up
2.2.3 KNOWLEDGE TRANSFER
During this phase, the EnrollHostel support team will gain and share the knowledge about the
environmentandinfrastructure tobe supported.Existing School andvendorteamswill alsobe involved,
as required.
Activities Teams Involved
ENROLLHOSTEL
Team
School
Team(s)
Existing
Vendor
Team(s)
Study Processes:
Standard
ProcessFlowCharts
Reporting / Interfaces (If any changes) / Access
Environment / System Landscape / Architecture /
Database
/ Servers / Hosting
Study Documentation and Knowledge Base
Issue /Back Log forlast 3 monthsandlast quarterof
previousyear(foryear-endissues)
DetailedRolesandResponsibilities
The EnrollHostel Knowledge Transfer model promotes:
Preparing SOPs and other documents (e.g. architectural details of environment, workflow
diagrams etc.)
Maintaining strong known issues databases
32. 7
Capture of knowledge through collaboration both by explicit (interviewing and observation
process; ticket-by-ticket analysis) and implicit (discussion forums, blogs, error database and
reusable components repository) means.
Ensure acquired knowledge is easily retrievable.
Knowledgesharingacrossmultiple anddisparate ENROLLHOSTELresources
Reductionof informationoverload/capturethroughreplicationbestpractices.
33. 8
2.2.4 STEADY STATE OPERATIONS
EnrollHostel’s team will commence steady-state operations will full SLA compliance. SLA
measurement as per targets would be measured and reported to SCHOOL.
All the handover from current vendor team(s) will be considered complete, and they can be
disengaged from the project at the start of Steady-State Operations.
34. 9
2.2.5 AUDIT STRATEGY
Effective implementationof Auditstrategy,andleverage the bestpracticesof ITService Management
(ITSM) concepts.The main focusfor IT Auditandcompliance istoexecute the businessrequirements
definedatthe Service Deliverytothe business.The diagrambelow illustratesthe variouscomponentsof
an ITSM approach.
The important components of ITSMfor having a Network-First strategy are as per below:
Access Management
35. 10
Implementation of security polices defined by Information Security Management. The implementation
should include physical barriers to systems such as VLAN separation, firewalling, and access to storage
and applications.
Change Management
Establisha processfor controllingthe life cycle of all changeswhile minimizingdisruptiontooperations.
Test and review all changes that are candidates for automation vs, mechanized.
36. 11
Service Asset and Configuration Management
Establish a process for maintaining information on assets, component, and infrastructure needed to
provide services. Informationonassetsshouldcontainpast andcurrentstatesandfuture-statesforecast
for demand portfolio.
Release & Deployment Management
Establish a predictable and homogenized release and deployment process to protect the production
environment. Ensure during capacity planning hardware and VM specifications are pre-defined and
tested,priortodeploymentcycle. UtilizeVMcomponenttemplatesapprovedforproductionsuchasVM
images and Gold images.
Knowledge Management
Establisha knowledgemanagementprocessforgathering,analyzing,andstoringandsharingknowledge
within the IT organization
Incident & Problem Management
Establishaprocessforresolvingeventsthatare impactingservicesinthe virtualizedenvironmentassoon
as possible with minimal disruption. Identify and resolve root causes of incidents that have occurred as
well as identity and prevent or minimize the impact of incidents that may re-occur.
Request Fulfillment
Management of all service requests while utilizing best practices for managing requests. All services
requests will be documented in the services catalog and will include SLA on when the request will be
completed.
Systems Administration
Regularly perform systems administration tasks and mature towards automation and scripting skills.
2.3 ACCOUNT MANAGEMENT & TECHNOLOGY TEAM STRUCTURE
2.3.1 AUDIT ACCOUNT MANAGEMENT
Despite havingmultiple Centersof Excellence,practicesandbeingdrivenbyIndustry’sStandardsandBest
Practices, EnrollHostel firmly believes and promotes a Client Centric model where each engagement is
tailored explicitly around the client’s needs and business drivers.
To thisextent,ithascreatedthe ClientSolutionsgroup,whichprovidesadedicatedAccountManagerand
Solution Specialists who actively interact with all the stakeholders within each client’s organization not
only to understand the business needs and requirements but also to align the proper services and
resources that will ensure maximum benefits to the client. Additional, these two entities indirectly
validate the qualityof the deliveryandprovide feedbackandinputstothe Global DeliveryOrganization.
38. 13
2.3.2 PROJECT TEAM STRUCTURE
2.3.2.1 TEAM STRUCTURE
Director Audit Committee
IT Audit Team IT Audit Team Legal IT complaince Team
IT Audit Manager
Chief Audit Executive
IT AuditManager
Lead Auditor
Internal Auditors
Department 1
Internal Auditors
Department 2
39. 14
2.3.2.2 TEAM ROLES & RESPONSIBILITES
Role Description
Data Subject A living natural person – they have rights and RISK refers to them
Data
Controller
Specifies how RISK is to be manipulated
Data Processor Manipulates the RISK on behalf of the Data Controller
DPO Data Protection Officer: A person charged with protecting RISK and helping
an organisation to meet the RISK compliance requirements
Supervisory
Authority (SA)
A national body who enforces the RISK in EU member states.
EDPB European Data Protection Board: The coordinating layer who provides
consistency between SAs
Third Country A country outside of the EU
Third Party An individual linked in some way to the Data Subject or any company or
organisation to who data is sent
Role Responsibilities
Delivery
Manager
(Audit)
Reviewingandunderstandingthe responsibilitiesof eachpartyunderthisSOW.
Workingwith School teamto accomplishthe tasksoutlinedinthisSOW.
Maintainingregularcommunicationswiththe School teamonengagementprogress.
Assistinginthe resolutionof deviationsfromthe scope/planthatmayimpact
deliverables,schedulesand/orcosts.
Provide managementupdate of the projectteamdeliverablesprogramgovernance
metricsandreport onengagementhealthto School stakeholders.
Ensure that the engagementremainshealthyandtasksoutlinedwithinthe SOWare
executedtothe client’ssatisfaction.
40. 15
SeniorAuditors Coordinate/manageendtoendsupportandoperationsrelatedactivitiesandprioritize
userrequestsand problemsaccordingtoseverityandexistingworkload.
Optimize effortwithembeddedbestpracticesthataccelerate time tovalue
Manage projectteamdeliverables/qualityissues/SLAs.
Ensure all outagesare communicatedandaddressedwithinthe stipulatedtimeframe.
Manage the shiftschedule andavailabilityof resources
Supportoperational tools
Manage properdelegationof supporttaskamongall supportteammembers.
Provide clarificationaboutnew andexistingprocesses
AssistSchool managersinall projectrelatedtasks,includingticketmanagement.
Maintainand update documentation.
Followdefinedguidelinesand processesand ensure the otherteammembersalso
followit.
Planand participate inService ImprovementandValue-additionactivities
Plancross-traininginitiativeswithinthe team
JuniorAuditors Work on supportandoperationsrelatedactivities/tasks/tickets–primarilyon Network
Operations/activities
Optimize effortwithembeddedbestpracticesthataccelerate time to market
Guide otherteammembersonbestpracticesandtechnologyenhancements
Planand participate inService ImprovementandValue-additionactivities
Define andenhance supportprocesses
Provide necessaryadvisoryservicesto SCHOOL
Provide on-call supportonweekends/USholidays
Lead Auditor
RISK
Work on support and operationsrelatedactivities/tasks/tickets – primarilyon IT
Operations/ activities
Maintain constant communicationwith customers and SCHOOL stakeholders,
especiallywiththe onsite leads.
Prioritizationof userrequestsand problems,withlead /manager, according to
severityand existingwork load
Coordinate with other SCHOOL teams for issue resolution
Support operational tools
PerformRCAs
Followguidelinesofdefinedsupportprocesses.
41. 16
3 PART III – REFERENCES & ENROLLHOSTEL CAPABILITIES
3.1 CASE STUDIES
Some of the salientprojectsthat EnrollHostel hasdone inthe pastinclude the following(additional
detailshave beenprovidedasCase Studiesinthe proposal documentinANNEXUREI)
Customer* Services Details
LeadingGovernment RISK Consulting RISK assessment, RISK Gap
Analysis, RISK internalaudit, RISK
external audit,DPIA Data
protectionimpactassessment,
Leadingglobal Insurance Regulator RiskControls
consulting
RiskLaw basedaudit/assessment,
AssigningDPORole/team,RiskGap
Analysis Riskinternalaudit, Risk
law external audit.
Leadingmulti-nationalBank RiskLaw consulting RISK assessment, RiskLaw based
audit/assessment,, RiskGap
Analysis Riskinternalaudit, Risk
law basedexternal audit
*Due to contractual obligations, we are not permitted to explicitly name the organization for which these
services were provided.
Some of the key tasks that EnrollHostel teams have been involved in projects with Managed
Operations/Support included:
a) Risk Audit/assessment , RISK processing lawfully.
b) GAP Analysis to Reach for RISK compliance
c) Risk by design
d) Data Protection Impact assessment
e) Appointing and building Data Protection Officer Team.
f) Remedies, liability, & penalties
g) Provisions relating to specific processing situations
h) Delegated acts and implementing acts
42. 17
3.1.1 CASE STUDY 1
Name and Address Leading Government in EMEA Region
Contracting Activity RISK Audit
Contract Type Fixed Price
Description of Services
*Due to contractual obligations, we are not permitted to explicitly name the organization for which these
services were provided.
The Challenges
Client wanted to Assess its Risk based on new Risk law.
Risk Audit/assessment , RISK processing lawfully.
GAP Analysis to Reach for RISK compliance
Risk by design
Data Protection Impact assessment
Appointing and building Data Protection Officer Team.
Remedies, liability, & penalties
Provisions relating to specific processing situations
Delegated acts and implementing acts
Solution
The enterprise leveragedServerOperationsandCrisisManagementteams.Teamalsoworkedclosely
withthe other dependent team for any changes and upgrades to the production web applications.
Risk Audit/assessment , RISK processing lawfully.
GAP Analysis to Reach for RISK compliance
Risk by design
Data Protection Impact assessment
Appointing and building Data Protection Officer Team.
Remedies, liability, & penalties
Provisions relating to specific processing situations
Delegated acts and implementing acts
Benefits Delivered
Risk Audit/assessment , RISK processing lawfully.
GAP Analysis to Reach for RISK compliance
Risk by design
Data Protection Impact assessment
Appointing and building Data Protection Officer Team.
Remedies, liability, & penalties
Provisions relating to specific processing situations
Delegated acts and implementing acts
3.1.2 CASE STUDY 2
Name and Address Leading media and entertainment company in US*
Contracting Activity 24 x 7 Infra-support
43. 18
Contract Type Fixed Price
Description of Services
*Due to contractual obligations, we are not permitted to explicitly name the organization for which
these services were provided.
The Challenges
The IT team of the Insurance company is responsible for provisioning and managing the entire
enterprise ITinfrastructure acrossmultiplelocations.The primaryobjectivewasto fix Riskaspectwith
respect to providing legally , regulatory complaint and competitive IT elements. This automation
would enable higher compliance to Risk and helpthe IT team and customer in managing day-to-day
operations more effectively. The IT team had a challenge in terms of managingIT across distributed
locations and the huge impact of smooth IT operations on business services.
Solution
The Risk assessment was done and solution was deployed centrallyat the IT operations center to
proactively monitor the network, systems, applications and database infrastructure and notify users
if there is any Risk issue.
The solutiondeployedisusedtomonitor Riskaspectforregulatoryandlegal complianceof the critical
network devices. Service level committed by the service provider is been verified by using the
availability service level report available from NOC solution service.
The solution was deployed for monitoring multiple key performance indicators of various elements
including;
Routers,switches ->Availability,responsetimes,CPUutilizationandmemoryutilization,
customSNMP expressions-basedperformance metrics
MPLS links -> availability,response timesandutilization
Servers->Resource utilizationbyCPU,Memory,Disk,Bandwidth,etc
Databases-> table space utilization,logfileutilization,deadlocksandqueryresponse times
Applications ->service availability
WebServices ->availability
Benefits Delivered
Risk by design service was deployed to centralize incoming service requests to various
departments.
A streamlined service request, routing, tracking, escalation, resolution and closure has
brought about accountability within each department.
The automatedroutingandSLA monitoringcapabilitieshave reducedissueclosure timesand
have improved end user satisfaction.
The NOC solution deployed has helpedthe IT staff to provide better service response, quick
resolution of end user reported issues with flexible workflow-based automation and has
enabled higher customer satisfaction across organization.
3.1.3 CASE STUDY 3
Name and Address Leading media and entertainment company in US*
Contracting Activity 24 x 7 Infra-support
Contract Type Fixed Price
44. 19
Description of Services
*Due to contractual obligations, we are not permitted to explicitly name the organization for which
these services were provided.
The Challenges
The IT infrastructure companyisdistributedacross10 locations.There are about100 critical network
elementsincludingrouters,switches,linksetc.The IToperationsrunon20+critical windows2000and
2003 servers. There are about 15+ mission critical applications that run on variety of Microsoft SQL
and proprietary databases. These applications also include web based middleware and other web
services based application.
The few objectives for IT Infrastructure monitoring include the following:
Proactive auditing/assessment of networks, systems, applications, databases, IT services
infrastructure for availability and performance
Determine root cause, fix problems quickly and ensure mission critical applications are
healthy and available for end users conflicting with RISK.
Enhance enduserperceptionof ITservicesbyensuring Riskprotection resolutiontoenduser
issues.Ensure thatthe ITteamisaccountableinclosingenduserreportedissuesontimewith
higher user satisfaction.
Audit Risk of hosts, applications, locations, departments including hourly, weekly, monthly
usage trends
Plan future Risk needs like Risk by design need are met in advance and maintain the
competitive edge
Solution
The Riskby design solutionwasdeployedtomonitorcore IT serviceslike messagingservices,
ERP servicesandEIP services. The teamusesNOCtool to ensure availabilityof these services
to the branches is proactively monitored and accounted
Real time dashboards and historical reports were made available as part of a build in web
based portal and are used by the IT team to examine and optimize resource compliance.
The non-invasive,agentlessmonitoringcapabilityof complaince wasdeployedtohelpthe IT
team for easy and faster deployment for monitoring across local and remote servers,
databases, applications
Flexible notification and escalation capabilities of Complaince were used for proactive
monitoring of faults and performance breaches. This helped the IT engineers to fix issues
before they are reported by end users.
Benefits Delivered
The Complaince Assessment and analysis helped to audit better manage applications
compliance across locations, departments
Better manage compliance for RISK assessment, Risk Law based audit/assessment, Risk Gap
Analysis Risk internal audit, Risk law based external audit
Better Risk Compliance for application, link availability and performance
Quick response time & resolution resulting in customer delight
3.2 ENROLLHOSTEL | CAPABILITY
45. 20
EnrollHostel is founded on a strong foundation of architecture, process, and a Risk-based approach to
technologysolutions.Ourprofessionalsconsistentlyuse these fundamental principlescoupledwithout-
of-the-box thinking to deliver creative and robust solutions that meet our clients stated as well as
unanticipated needs. This approach allows us to deliver solutions that combine our expertise around
development,supportandtestingusingacontinuousintegrationapproachwithindustryleadingproducts
in various functional domains. Our core competency is the ability to quickly understand the client’s
business needs and deliver an elegant and robust, yet cost-effective solution.
Over the past 10 years, customers have engaged EnrollHostel for solutions and services across a wide
variety of technologies. EnrollHostel has constantly innovated and kept abreast of new and emerging
technologies in IT infrastructure, Security & Internet Of Things, amongst others.
3.2.1 PROGRAM GOVERNANCE
EnrollHostel has a well-defined program governance process, which closely monitors customer
satisfaction, service levels and quality. Periodic reviews are conducted to ensure that services are being
delivered to exceed customer expectation and seek feedback.
Monthly business review is conducted to review service levels, process compliance, issues to be
escalated, targets and improvements for next month.
Quarterlyexecutive briefings,presentopportunitytodiscusspastperformance,recommendations
and focus areas for future.
3.2.2 CONTINUAL SERVICE IMPROVEMENT (CSI)
EnrollHostel continuallyinstitute processandmethodologythatmeetsrequirementsandalso allowsfor
needsthatadjustbasedonclientchangingbusinessdynamics.Toachieve ourobjective of providingbest
in class services, our project teams adhere to continual improvement framework based on ITIL best
practices. The team will continually identify areas of improvement and provide recommendation on:
Deployingandenhancingcontinuousintegrationframeworksforcode deploymentandautomated
deployment
Build IT automation for important processes, such as automatic deployment and operations,
automatic ticket creation based on monitoring alert, integration of monitoring tools
Proactivelymonitor,identifytrendandaddresssituationsandproposesolutionsinordertorestore
and resolve critical issues in a timely fashion
Use ITIL techniques to improve the processes used.
Proactively work closelywith client teamsand third-party development for operational readiness
and hand off of new development and applications
3.2.3 KNOWLEDGE MANAGEMENT
The EnrollHostel Knowledge Management approach promotes:
46. 21
Capture of knowledgethroughcollaborationbothbyexplicit(interviewingandobservationprocess;
case-by-case analysis) and implicit (discussion forums, blogs, error database and reusable
components repository) means.
Organize the acquired knowledge so that it is easily retrievable.
Share and distribute knowledge through wiki documentation, run-books, standard operating
procedures etc.
Use and reuse knowledge for operational efficiency, improvement, automation
3.2.4 TEAM COMPETENCY AND SKILLS ENHANCEMENTS
To be on the forefrontof the ever-changingITtrends in business,itisimperative foranyorganizationto
constantly update and reinvent itself. EnrollHostel aims to achieve this through a strategic skill
enhancement program that involves every employee. Industry trend, analysts identify key areas of skill
enhancement keeping in view, our core competencies and goals.
EnrollHostel continuallystrivestoaugmentitsteamcompetencyandskillsconsideringthe changeinclient
processes, technology,tools, and domain knowledge and encourages and facilitates across the board
technical certification programs. Along with acquiring formal technical certification, it also empowers
employeeswithenhancedskillsandknowledge.We sponsorthese certificationsandproactivelyarrange
formal sessionsbetween industry expertsand our professionals. Some of the where our projects teams
get trainings from internal and external trainers are, Soft Skills, Technical Trainings on disruptive and
emerging technologies, team management, leadership etc.
3.3 ENROLLHOSTEL | PROJECT MANAGEMENT PROCESS
EnrollHostel ensuresthatall projectsundertakenby itsteamare beinggovernedandmanagedeffectively
meeting the customer expectations.
Below are the key project monitoring & control processesthat will be followed to track the progress of
the project delivery. Some of these may be tailored based on specific plans during project execution.
Track project planned activities against the actual and update critical dependenciesin schedule
accordingly with the revised planned dates
Status Reporting of ongoing project activities & implement corrective actions based on the
comments received from different stakeholder
Internal team meetings
Project customer meeting
Monthly business reviews
Track the estimates for reviewing the planned vs. actual effort throughout the project lifecycle
Monitor Risks associated with cost, resource and schedule aspects and perform ongoing risk
identification and management in conjunction with client stakeholders.
Review any changes to the allocated requirements according to change management process
47. 22
Collect measurement data for the project regularly throughout the project life cycle in data
collection plan on a monthly basis. This is done for the purpose of analysis & plan the preventive
and corrective actions
SLA Monitoring & Tracking
3.3.1 REPORTING METRICS
Below is a list of typical metrics that EnrollHostel team would produce during the course of thisproject.
These metrics can be tailored in discussion with School at the time of project initiation.
Service Desk Support Reports
Daily – ticket report, Pending & Closed ticket reports.
Weekly – ticket trend report, ticket analysis report.
Monthly – ticketAnalysis report, ticketTrendReport,Uptime reports,Backup and restore Report,
RCA, Escalated ticket report
Incident Management
Number of repeated Incidents, with known resolution methods
Number of Incidents resolved remotely by the support teams
Number of escalations for Incidents not resolved in the agreed resolution time
Average time for resolving an incident
Percentage of Incidents resolved by L2 without L3 involvement
Rate of incidents resolved during solution times agreed in SLA
Problem Management
Number of problems logged
Average time for resolving problems
Number of problems where the underlying root cause is not known at a particular time
Number of reported incidents linked to the same problem after problem identification
Average time betweenfirstoccurrenceof anincidentandidentificationofthe underlyingrootcause
Average work effort for resolving problems
Service Level Management
Number of services covered by SLAs
Number of Services where SLAs are backed up by corresponding OLAs/ UCs
Number of monitored Services/ SLAs, where weak-spots and counter-measures are reported
Number of Services/ SLAs which are regularly reviewed
Number of Services/ SLAs where the agreed service levels are fulfilled
Number of issues in the service provision, which are identified and addressed in an improvement
plan
Availability Management
Availability of applications relative to the availability agreed in SLAs and OLAs
Number of service interruptions
Average duration of service interruptions
Percentage of applications components under availability monitoring
Number of implemented measures with the objective of increasing availability
48. 23
Security Management
Number of preventive security measures which were implemented in response to identified
security threats
Duration from the identification of a security threat to the implementation of a suitable counter
measure
Number of identified security incidents, classified by severity category
Number of security incidents causing service interruption or reduced availability
Number of security tests and trainings carried out
Number of identified shortcomings in security mechanisms which were identified during tests
3.3.2 ESCALATION HANDLING
EnrollHostel expects that all queries & issues related to successful execution of the project would be
discussed and resolved via various meetings as per the CommunicationPlan. However, there may be
instanceswhere eitherSchool orEnrollHostel managementencounters orforeseesanyissuesthatneed
direct and prompt attention of other side’s management.
3.3.3 COMMUNICATION PLAN
Meeting
Type/Purpose
Frequency Participants (EnrollHostel) Participants (School)
Project
Discussion/Issue
Resolution
Needbasis • Technical Lead
• Otherteammembers
(optional)
• ProjectManager
• IT SPOC
Project Status Review Weekly • Service DeliveryManager
• Technical Lead
• ProjectManager
SteeringCommittee
Review
Monthly • EngagementManager
• Technical Lead
• Service DeliveryManager
• ProjectManager
• ProjectChampion
49. 24
3.3.4 RISK MANAGEMENT PLAN
EnrollHostel proposes to use industry-standard FMEA tool (Failure Mode Effect Analysis) for managing
risks.FMEA aidsinanalysisof potential failures,problemsordefectswithinasystemusingaclassification
by the severity and likelihood of the failures. Using the FMEA analysis, the project team can plan for
appropriate mitigation & contingency strategies.
3.3.5 CHANGE MANAGEMENT PROCEDURE
EnrollHostel understands that a project often requires changes during execution, and hence proposesa
robust change management procedure. EnrollHostel proposes that a Change Management Board is
established that has authority to approve, partially approve or reject any change request. The Board
would comprise of:
ENROLLHOSTEL
Service Delivery Manager
Engagement Manager
School
Project Manager
Project Champion
Sourcing (optional)
Risk
Identification
via FMEA
Develop
Mitigation &
Contingency
Plan
PeriodicRisk
Review
Address
major risks
Update
FMEA
Trigger for Change
Scope
Requirements
Tools & Technology
Schedule Adjustments
50. 25
Impact Analysis
• Schedule
• Effort
• Cost
• Artifacts and Deliverables
Submission of formal Change
Request (CR)
Discussion & Approval of CR by
Change Management Board
Updated CR
Implementation of CR
• Contract
• Project plan
• Artifacts & Deliverables
51. 26
3.4 ENROLLHOSTEL | COMPLIMENTARY VALUE ADDED SERVICES
EnrollHostel’s decade old expertise in managing networks infrastructure brings a lot of advantages as
compared to other IT Managed service providers.
Since we always strive for bringing the best possible robustness to our clients’ networks, we will be
bringing the following as complimentary services:
- Complimentary Anti-virus software license for all end-point devices along with maintenance
- Complimentary Penetration Testing to test the robustness of the installed network
3.5 ENROLLHOSTEL | DIFFERENTIATORS | Services
EnrollHostel is one of those rare organisations, that not only possesses leading IT Infrastructure
management professionals but also a global group of cybersecurity professionals.
With security clearances of the highest order (US Fed clearance), our professionals have led many
“Incident Response teams” carrying out “Forensics” for networks that have been breached.
53. 28
3.5.1 CYBERSECURITY SERVICES
In tоdау’ѕinformationесоnоmу,dаtасаnbe уоur оrgаnіzаtіоn’ѕmostvaluableаѕѕеt,butwіththе rіѕе of
mоbіlе tесhnоlоgу, сlоud соmрutіng, аnd еxроnеntіаllу grоwіng vоlumе of digital іnfоrmаtіоn, kееріng
that dаtа ѕесurе аlѕо bесоmеѕ оnе оf уоur grеаtеѕt сhаllеngеѕ.
No оnе is immune to data lоѕѕ іnсіdеntѕ, and nо оnе is bеttеr еԛuірреd than EnrollHostel tо help уоu
іdеntіfуаnd сlоѕе gарѕ thаt рut уоur оrgаnіzаtіоn’ѕ cyber ѕесurіtу аt rіѕk. Information ѕесurіtу іѕѕuеѕ —
such as data brеасhеѕor employee mіѕсоnduсt — are a соnѕtаnt worry fоr C-ѕuіtе lеаdеrѕаѕwеll as fоr
frоnt-lіnеmаnаgеrѕіnуоurorganization.Cуbеrѕесurіtусhаllеngеѕput ѕеnѕіtіvеdataаt rіѕkandсаn соѕt
your соmраnу time, revenue and rеѕоurсеѕ.
EnrollHostel offersextensivecybersecuritystrategyandѕеrvісеѕthatсаnbе аррlіеdtomееtyourunіԛuе
rеԛuіrеmеntѕ,whеthеr thеуbе rеlаtеd tо a ѕуѕtеm, аn аrсhіtесturе, a network, роlісу establishmentоr
рrосеѕѕ implementationand improvement. Wе wоrk with оrgаnіzаtіоnѕ аt vаrіоuѕ stages оf thеіr суbеr
ѕесurіtу ѕtrаtеgу dеvеlорmеnt and суbеr ѕесurіtу program іmрlеmеntаtіоn.
3.5.1.1 RISK Services
A Penetration test(Pen-test) is a procedure to assess the security of an IT foundation by securely
attempting to misuse its vulnerabilities. These vulnerabilities may exist in working frameworks,
administrations,operatingsystemsandapplicationblemishes,inappropriate arrangements ordangerous
end-client conduct. Such evaluations are likewise helpful in approving the viability of protective
components, and, end-client adherence to security arrangements.
EnrollHostel’steamof leadingPen-testersthattestthe effectivenessof the security of the organization.
This is accomplished by emulating the behaviors and techniques of likely attackers in the most realistic
way possible.
3.5.1.2 Corporate Trainings Risk/Security Awareness
54. 29
Risk/Security awarenessisthe learninganddemeanorindividualsfroman associationhave withrespect
to the assurance of the physical, and particularlyenlightening,resourcesof that association. Numerous
associations require formal security mindfulness preparing for all specialists when they join the
association and intermittently from there on, normally every year.
EnrollHostel commitson providing this training and practice to all its employees and clients and letting
them know about the possible outcomes thereafter.
Being“securely aware”means;onecomprehendsthatthere isthe potentialforafew peopletopurposely
or coincidentally take, harm, or abuse the information that is set aside inside an organization's PC
frameworks and through its association. Along these lines, it is judicious to help the advantages of the
foundation (data, physical, and individual) by attempting to prevent that from happening.
The focal point of Security Awareness here at EnrollHostel is to accomplish a long haul move in the
disposition of workers towards security, while advancing a social and behavioral change inside an
organization.Securitystrategiesoughttobe seenaskeyempoweringagentsforthe association,notasa
progression of principles confining the proficient working of your business. We provide Security
Awareness training to our new employees and keep them up to date with these principles.
55. 30
3.5.1.3 Email Risk & Security with Office 365 Integration
Email isthe mostimportantbusinesscommunicationtool—andsimultaneously,the leadingthreatvector
for cyber-attacks.Infact,accordingto the CiscoMidyearCybersecurityReport,attackersturntoemail as
the primary vector for spreading ransomware and other malware.
Mass spamcampaignsare no longeryouronlyemail securityconcern.Attackersscoursocial mediasites
to find information on their intended victims and then create sophisticated and highly targeted
ransomware, business email compromise (BEC), and phishing campaigns.
EnrollHostel’sEmailSecurityenablessecure emailuseandprotectstheleadingattackvectorwithmultiple
layers of protection using Cisco’s Email Security.
Gain a robust layerof defense againstransomware,businessemail compromise,phishing,andmore for
Office 365 solution.
It helpsprotectyour networkfrom threatsin incomingemail while helpingpreventthe lossof business-
sensitive data in outgoing mail.
Benefits
Block more threats with comprehensive threat intelligence from Cisco Talos- one of the largest
commercial threatintelligence teamsinthe world,comprisedof world-classresearchers,analysts
and engineers.
Combat ransomware hidden in attachments that evade initial detection with Cisco Advanced
Malware Protection (AMP).
Stop BEC and phishing attacks with superior URL intelligence and forged-email detection
56. 31
Protectsensitive contentinoutgoingemailswithdatalossprevention(DLP) andeasy-to-use email
encryption, all in one solution.
Gain maximum deployment flexibilitywith a cloud, virtual, on-premises,or hybrid deployment or
move to the cloud in phases.
3.5.1.4 Cyber-Forensics
Our Forensics and Investigation solutions provide an attack’s context, infrastructure-wide visibility,
codified expertise, rich intelligence, and insights gained from front-line experience responding to the
world’s most impactful threats. Empowering your infrastructure with everything you require to rapidly
detect, triage, investigate, and minimize the impact of attacks.
One of the veryfeworganizationswith cybersecurityprofessionalswithTop-levelsecurityclearances(US
Fedsecurityclearance),enablesourclientswiththe highestlevel of confidenceinperformingthesecurity
incident analysis and forensics.
57. 32
3.5.1.5 Social Risk Test Engineering
Social engineeringismandatorytocounterthe social engineers,hackerswhoexploitthe one weakness
that isfoundineach and everyorganization:humanpsychology.Usingavarietyof media,including
phone callsandsocial media,these attackerstrickpeople intoofferingthemaccesstosensitive
information.
These are the common types of social engineering attacks:
Phishing: These assaults can incorporate situations like the previously mentioned, however may
likewise bemorefocusedon.Lancephishingassaultsare morerefinedandcanincorporate tweaked
email sends or focused on advertisements that require more research on the aggressor's part.
Wateringgap: In a wateringopeningassault,clientbunchesare particularlybeingfocusedon.For
instance,aggressorswouldinquire aboutparticularworkersthatvisitspecialtysitesandafterward
have malware particularly focusing on these representatives.
Bedeviling:Justlike the termproposes,teasingassaultsinclude offeringcasualtiessomethingthey
need. The hazard is that you might download malware rather than, or notwithstanding, the
documents you really need. Teasing can likewise incorporate pipe dream online arrangements or
phony messages with answers to questions you never asked on any gatherings.
EnrollHostel’sdecadeof experienceenablesustoprovide assistance andservicesonhow anorganization
can adhere itself and its employees against such attacks and prepare to tackle them anytime.
58. 33
3.5.2 SECURITY ASSESSMENT AND COMPLIANCE
Securitythreats,risks,andvulnerabilitiesare presentthroughoutorganizationsof all sizes.Anyintrusions
orbreachesof critical systems,data,andapplicationswilllikelyresultinbusiness-impactingconsequences
that have varyingdegreesof severity.Witha solidsecurityplanandevaluation,however,theseriskscan
be identified and mitigated without impacting compliance and regulatory requirements.
EnrollHostel offersacomprehensivesecurityassessmentservice thatevaluatesanorganization’scurrent
information security program and infrastructure. The assessment identifies vulnerabilities and
weaknesses, and measures any risks associated with the organization’s current IT environment and
security practices.
FEATURES & COVERAGE
Identify internal and external security gaps and vulnerabilities
Discoveranyareasof concern,includingunpatchedsystems,openports,andcompliance violations
Find security bugs and loopholes that could potentially be used to harm your network
Verify network connections are secure, encrypted, and working as expected
Outline and develop an actionable plan to mitigate the identified risks and vulnerabilities
Approachand methodologiesare basedon industrystandardsand practices,such as the National
Institute of Science and Technology (NIST), Health Insurance Portability and Accountability
Act(HIPAA)
Our Network Vulnerability Assessment services are grouped into three categories of services:
PeriodicnetworkVulnerabilityAssessmentasaservice: Ourclientsoftenrequestthatwe perform
a one time or periodicnetworkVA toverifythe strengthof theirnetworksecurityprofile.Industry
best practices suggest that you periodically rotate vendors for a more comprehensive VA.
Deployment of network Vulnerability Assessment solutions: We help our clients select and
configure the mostsuitable networkVA solutionandmanage it on theirbehalf ortransferday-to-
day operation to their staff.
Compliance Reporting for network Vulnerability Assessment: We provide a network VA that
supports your compliance obligations.Accordingly,we leverage our eGRC compliance reporting
solutions that supports more than 500 regulatory compliance reports. Specifically, we provide
reports that support:
o Payment Card Industry (PCI) Data Security Standards
o ISO 27001
o General data protection regulation (RISK)
o Health Insurance Portability and Accountability Act(HIPAA)
Scope of Network Vulnerability Assessment Services: As part of our network Vulnerability
Assessment we typically cover the following areas:
o Network Topology Risk Assessment: Discover and assess the risk of network topology and
zones including: Public, Operational, Restricted, and Highly Restricted zones.
59. 34
o DiscoverNetworkAssets:Aspart of the networkVA,ourpersonnelhelpyoudiscovernetwork
assets,includingnetworknodes,firewalls,IPSs,IDSs,routersandswitches,servers,databases,
applications.
o Discover Network Asset Vulnerabilities: Utilizing an array of commercial and open source
tools,we probe eachnetworkassetforpotentialvulnerabilities.Tocomplete ournetworkVA,
we deploy host configuration review.
o Verify Vulnerabilities (or Penetration Testing): With management approval, we verify
identified network vulnerabilities by actively trying to leverage it for further network
penetration and subversion of existing controls.
o NetworkSecurityConfigurationAssessment: We review thedeviceconfigurationforpotential
networkvulnerabilities.Ourpersonnelutilizeasetof automatedtoolsandmanual techniques
to review such vulnerabilities.
o Reporting: Our reportingprocessis designedtoinformexecutives,managementgroups,and
technical teams, compliance and audit departments. We carefully explain each vulnerability,
its respective exposure, and discoverability. Our personnel also provide pragmatic
prioritizationandrecommendations.Whendeemedappropriate,ourteamwill provideatrend
report to demonstrate the status of network VA over a designated period of time.
BENEFITS
Validates current security programs and practices
Identifies known security risks and vulnerabilities before they are exploited
Provides organizations with an outline and action plan to remediate issues and improve IT
environment resiliency and performance
Prepares organizations for audits and other reviews, and ensures compliance and regulatory
requirements are continuously met
Can be performed at your convenience, either onsite or remotely
60. 35
3.5.3 SECURITY OPERATIONS CENTER – Risk Or Confidentiality
Asadvancedcyberthreatsbecome more sophisticatedandorganized,vulnerabilitiesmore complex,with
the intentof notonlystealingyourdatabut alsoinstallingcryptocurrency-miningmalware,orusingyour
systemas a pivotpointto other attack vectors,businessestodayrecognize theycan't manage or handle
thischallenge alone.They're turningtomanagedsecurityservice providerslike EnrollHostel tokeeptheir
business protected.
Managed and monitored by highly skilled and highly sought after cyber security experts 24x7x365,
EnrollHostel’s SOC is one of its most advancedthreat intelligence monitoring, provided at an affordable
monthly price
Benefits:
Security made easy – EnrollHostel’s NOC handles 24/7/365 monitoring of your network and
data. We identify and correlate any suspicious behavior, and we immediately alert you of any
suspicious or active threat alongwith detailed remediation instructions your IT staff can follow
for any malicious activity.
Cost-effective security – EnrollHostel’sNOC is a comprehensive security services offering
that leverages security products you already own. And best of all, you won’t have to recruit,
hire and pay hard-to-find cyber security talent.
Simplified compliance reporting – EnrollHostel’s NOC consolidates data from hundreds of
security products to ease the pain of manually compiling regulatory and compliance reports.
Plus, there are many built-in reports for regulations such as PCI- DSS, HIPAA, and many others.
Comprehensive Forensics – Gain the capability to conduct detailed forensic investigations to
help remediate a breach
Fig: SOC Monitoring Dashboard
63. 38
4 PART IV – PROJECT COST
4.1 FIXED PRICE
Audit consultant cost: $15,000
Auditors/assessors documentation, travel, miscellenous : $5,000
charges= $20,000 least cost bid for 42 man days project
4.2 RATE CARD FOR ADDITIONAL WORK
** For each project we might have few different type of resources and project management
office involve.
PRICE IN USD
Support Engineer – 120/hr
Sr. Engineer – 150/hr
Project Manager – 140/hr
Database Engineer – 150/hr
Hardware move and installation – 80/hr
4.2.1 ADDITIONAL INITIATIVES
In additiontothe ongoingmanagedservicesprovidedunderafixedfeecontract,there are otherservices
related to the onboarding that would be billed separately, including but not limited to the following:
Network Equipment Upgrades
• UPS: Replacement of multiple aging APC UPS 1500 units with a proper NOC room UPS with Power
DistributionUnits(PDU) ineachrack capable of remote managementandenvironmental monitoring
• Switches:Replacementof agingCiscoCatalyst3750floor switchesandCiscoCatalyst6506Core Switch
• Bandwidth:Deploymentof alargermulti-source DirectInternetCircuittosupportanticipatedgrowth
fromadditional trafficgeneratedbySkype videoconferencingandamultitudeof hostedcloud-based
applications
Server Maintenance
• Upgrade of existing Microsoft Server 2008 to Microsoft Server 2016
• Upgrade of existing Microsoft 2008 Active Directory (AD) Domain Server to MS AD 2016
• Virtualizing the remaining on-premise servers to provide for better support/security
• Archiving of existing on-premise data storage to a virtualized environment
Advisory Services
64. 39
The MSP shall provide advisory services including, but not limited to:
• Technology planning & cost forecasting
• Business continuity planning
• Disaster recovery planning
• Enterprise architecture
• Technology consulting
• Process development
• Incident Response Process
4.3 ASSUMPTIONS
EnrollHostel has made general assumptions that the information which was provided during the
preparationof thisproposal isaccurate andup-to-date. Duringthe course of thisproject,itmaybe found
that, assumptions that were made are invalid due to lack of information at the time of proposal
development. In such a case, EnrollHostel will work with School to make suitable amendments to this
proposal that is mutually agreed upon by both parties and when applicable, the corresponding change
request process would be initiated.
It is understoodand agreedupon that the followingitemsmustbe in place and/or providedat the start
of the engagement:
65. 40
4.3.1 USER COUNT AND DEMOGRAPHIC
Approximate 250 users are located at School’s
The followingisahigh-leveloverviewof the on-premiseSchool computingassets:
4.3.1.1 Desktops/Laptops
We are concerned How replaced laptop
4.3.1.2 On-Premise Network/Software hosted
School Network andsoftware hosteddetailsare notknown.
4.3.1.3 Hosted Cloud Environment
It is anticipated that the majority of School’s services will be cloud-based by the end of FY2018. Cloud
details are not known. All software , platform and infrastructure information storing processing or
transmittingRISK informationisnotknown[ Dependingonhow manyapplicationswe needtocheckthe
amount of work may vary]
4.3.1.4 Legacy Business Applications
Details not known.
4.3.1.5 3rd Party Vendors
We wouldneed to understandthe SLAs whichthird party vendorsare on with respect to
handlingof RISK informationbeingprocessed,stored or transmitted.