SGS Policy
As part of the strategy defined for the development of the business, i3s management considers the correct management of its services a fundamental aspect to guarantee the achievement of the defined objectives. Therefore, it undertakes to ensure the proper management of the services provided by the organization, in order to offer all its stakeholders the best guarantees regarding the quality of these services.
The objectives of this Service Management Policy are:
- Ensure that the service is aligned with the needs of i3s customers and their users.
- Improve communication between the consultants involved in service delivery and the clients and users of these services.
- Improve the effectiveness and efficiency of internal service delivery processes.
- Offer i3s customers and users higher quality services.
To develop this policy, i3s Management is committed to establishing a Service Management System or SMS based on the UNE-ISO/IEC 20.000-1:2018 standard, which adequately covers all the requirements necessary to ensure that the services contemplated in the scope offer the levels of quality required by their recipients and are managed in accordance with the requirements contemplated in said standard.
This commitment translates into the following principles:
- Appoint an SMS Manager in charge of managing the system and ensuring its development, maintenance and improvement.
- Carry out an analysis of the existing needs related to the provision of the service and develop the necessary services to provide an adequate response to these needs.
- To develop a complete management structure that regulates the conditions in which the organization, within the established scope, must develop its activity in order to respect the established requirements.
- To allocate the necessary resources and means to develop the services with the quality levels required by its recipients, maintaining an adequate balance between cost and benefit.
- Establish a Service Management Training and Awareness Plan to help all personnel involved to know and comply with the defined management activities and to participate proactively in the management of services.
- To develop all the necessary measures to guarantee that the quality levels offered by the services are maintained over time, adequately managing the incidents that may occur in relation to the same.
- Periodically establish a set of service management objectives and indicators to enable management to adequately monitor both the levels of service offered and the management activities carried out in relation to them.
- Establish a methodology for review, audit and continuous improvement of the system, following a PDCA cycle that guarantees the continuous maintenance of the desired quality levels, establishing the commitment to the fulfillment of all the objectives for the improvement of the Service requirements.
In order to ensure that these principles are properly articulated, i3s establishes a series of guidelines for the service management activities carried out by the organization.
These guidelines are as follows:
- All personnel involved in the provision of the service defined in the scope must measure, review and continuously improve the characteristics of the services provided to users. Default service levels will be established for each of the services provided by the organization, and the appropriate mechanisms will be enabled so that specific service levels can be agreed with each customer if they so wish. These service level agreements shall be formally documented, and shall specify the levels to be met for each of the service characteristics. All personnel shall ensure that the services provided comply with such service level agreements.
- All services provided shall be adequately monitored, so that the organization is able to provide the customers of each service with all the information necessary to keep track of all relevant characteristics of the service.
- All personnel shall participate in the identification of the availability and continuity requirements of the services provided by the organization. These requirements will be properly implemented, and the availability of services and the infrastructure that supports them will be planned, measured and monitored on a regular basis to verify that the requirements are being met and progressively improved. In addition, periodic continuity tests will be carried out and action plans will be developed to correct any deviations from the desired results.
- All services provided by the organization shall be properly budgeted, considering both direct and indirect costs and including in such budgets both the initial costs and those derived from the periodic maintenance of the assets associated with each service. These budgets will be contrasted with the results of the associated accounting, in order to adequately monitor the real costs and have the necessary information to correct and improve the control of the costs of the services rendered.
- All personnel involved in the provision of services shall ensure that the services provided meet the service demands of their respective users. Analyses and measurements will be carried out to ensure that both current and future capacity needs are adequately met, ensuring that customers’ capacity demands are met in the most efficient way possible.
- The information security risks of all services provided by the organization included in the scope shall be analyzed and the associated controls necessary to mitigate the identified risks shall be established. These security controls will be developed in accordance with the guidelines set forth in the Information Security Regulations.
- Periodic meetings will be held with the clients of the services provided by the organization and included in the scope, in order to identify their needs, carry out a monitoring the level of satisfaction in relation to the services provided and identify any changes or requests for improvement of the services provided, establishing the commitment to the fulfillment of all agreed objectives. Likewise, the necessary measures will be put in place to manage any complaints that customers may have in relation to the services provided.
- Service Level Agreements will be established with the subcontractors and suppliers involved in the provision of services, in order to ensure that the levels of service received from them are sufficient to meet the service levels that the organization has subscribed to with its customers. A follow-up and monitoring of the service levels received will be carried out in order to identify and correct any type of deviation that may affect the services offered to customers.
- All persons of the organization involved in the provision of the services included in the scope of the SMS will participate in the management of incidents. related to the services provided, in order to reestablish as quickly as possible the normal operation levels of the services and minimize the adverse impacts of such incidents on the organization, ensuring that the quality and availability levels agreed in the service level agreements are maintained.
- All problems identified, both as a result of preventive identification activities and those escalated from an incident, will be properly analyzed to identify the underlying cause of the error and the necessary corrective actions will be established to remedy or mitigate its effects.
- All personnel involved in the management of the service will register, maintain and keep track of the configuration elements in their charge and their characteristics. To this end, the following principles are established:
1. – Provide all information necessary to record the significant characteristics of configuration items.
2. – Provide all the necessary information for the rest of the service management processes included in the scope (financial management, incident management, problem management, change management, version management, etc.).
3. – Periodically verify that configuration records are kept up to date, and correct any mismatches that may occur.
- All changes that occur in relation to any aspect of the services provided by the organization in the SMS shall have been initiated by a formal change proposal and authorized in accordance with a regulated procedure. All changes will be formally reviewed and validated.
- All personnel involved in the provision of the scoped service shall ensure that new versions of configuration items are moved to production following established procedures. These procedures should ensure that only after going through a formal planning, design, development, configuration and testing process are new versions put into production, thus ensuring that they are stable versions.
This policy is known and subscribed to by all i3s personnel covered by the scope, in accordance with management requirements. This policy shall be reviewed no more frequently than once a year, and any changes shall be approved by the organization’s management.