Designed specifically for managers, Certified Information Security Manager (CISM) is one of the most highly coveted – and highest paid – cyber security certifications out there. Our next-gen online CISM course provides the deep-dive into cyber security best practice you’ll need to become a cyber visionary in your organization and, of course, pass the CISM exam with flying colors.
from $3095
4 Day Course
Exam Voucher Included
Practice Exam Questions
32 PDUs
Award-Winning Instructors
Industry-Leading Courseware
NEXT-GEN ONLINE ISACA CISM TRAINING
ISACA CISM TRAINING
Four days, four domains: Information Security Governance, Information Risk Management, Information Security Program Development and Management, and Information Security Incident Management. CISM will help you hone your skills and leverage your experience to take the next step in your cybersecurity career. DoD 8140/8570 compliant.
Key Features of ISACA CISM Training Exam Voucher Included
Exam Voucher Included
4 Days of Virtual Training
Practice Exam Questions
Award-Winning Instructors
Accredited Training Provider
UPCOMING COURSES
Early Registration: 9+ Weeks Prior to Start Date
General Registration: 2 - 9 Weeks Prior to Start Date
Late Registration: Fewer than 2 Weeks Prior to Start Date
Live Instructor?
Live Online?
Guaranteed to Run?
ISACA CISM Training Course
Live Virtual Class
September 12 - September 15, 2022 . 4 days 10:00 am - 5:00 pm
$3095
Early Registration
Our ISACA CISM Instructors
Mark Hillyard
Mark Hillyard (CISSP, ITIL Expert, ITIL MP) has worked in the IT industry for more than 20 years, including as a Public Key Infrastructure (PKI) and Domain Name System (DNS) Architect for GoDaddy.com. His experience ranges from some of the largest system infrastructures supporting the internet to boutique, game-changing start-ups. He has led large-scale data center asset management initiatives and has developed and managed such systems for enterprise infrastructures. Now a full-time Senior Advisor and resident InfoSec guru, Mark is helping transform IT organizations through process management, security development, and training.
Marguerite Finnigan, PhD
Marguerite is a cyber security consulting and training specialist with a passion for increasing awareness and technical understanding of global security threats and solutions. She has worked in the IT field since the mid-1980s and has worked around the world for the last 10 years training executives and operatives in major corporate organizations, financial institutions, and military organizations. She has addressed audiences at national conferences on behalf of (ISC)², where she has been a lead cyber security instructor for 10 years. She currently holds a “Secret” level security clearance with the US government.
"I liked that the training was dynamic – that it went beyond lectures to include hands-on activities and group work to solidify the information our employees received. The best thing about this whole experience has been how the training has transformed us as a company, and we’re still going through that transformation. If I had to rate the experience of working with Beyond20, I’d give them an 11 out of 10. They were invested in our business and what we were trying to do right from the start – and we’ve had great success as a result."
Debbie L., Director of HR
“It was huge for Board of Pensions (BOP) to start speaking the same language, have a common understanding, be equipped to drive culture change, and change everyone’s thinking. Now, the team is creating something together."
Nick , Assistant Director, Service Desk
"One important factor that makes Beyond20 a great organization is that the instructors work as consultants to organizations both in the private and public sector. The instructors have an excellent command of the material and have real-world experience with designing and implementing these principles. With their background, they can adapt discussion to a particular client and help students understand concepts based on how they fit into their organizations.”
Lucinda F., Manager, IT Field Operations
"The instructor knew his stuff! The materials were well designed and the course was well paced and very appropriate for our group."
In this course, you’ll get an in-depth look at the four CISM domains that largely make up the exam. The four domains are Information Security Governance, Information Risk Management and Compliance, Information Security Program Development and Management, and Information Security Incident Management.
While there aren’t any prerequisites to take the CISM training course itself, you’ll need five years of relevant security experience to qualify for certification through ISACA (along with appropriate education and signing off on the CISM Code of Professional Ethics).
You’ll get a course book, practice exams, and a CISM exam voucher. Of course, your tuition also includes priceless group activities and and discussions and bagels.
Short answer: Yes. CISM certification will qualify you for IAM Level 2. If you’re looking or more detail on DoD 8570 and the various training options for compliance, check out our DoD 8570 overview.
CISM certification is geared toward Cybersecurity management and leadership, so you’re best suited for this course if you’ve had five years of security experience. That said, it’s a good course for anyone interested in learning more about the four domains, sitting for the CISM exam, and/or satisfying the DoD 8140/8570 training requirements.
The CISM exam consists of 150 multiple choice questions, to be completed within four hours. A passing score is 450/800 or higher. It will focus on the four domains:
Information Security Governance: 24%
Information Risk Management: 30%
Information Security Program Development & Management: 27%
Information Security Incident Management: 19%
You’ll receive an exam voucher from your instructor while you’re in class. You’ll use that voucher to sit for the exam at a PSI testing center. You’ll take the exam on a computer (not paper), and you’ll see immediately whether you passed or failed, though you won’t get your exact score until a week or so later. If you pass, you’ll get instructions on what to do next.
Welllll, not quite. But passing is a critical step! To get officially certified through ISACA (the CISM governing body), you’ll need to submit an application for their review. To be approved and certified, you’ll need to prove you’ve passed the exam within the last five years, have five years of full-time relevant work experience, and agree to a professional code of ethics.
To maintain CISM certification through ISACA, you’ll need to acquire and report a minimum of 20 CPEs each year. There’s also an annual maintenance fee, which varies according to whether or not you’re an ISACA member.
Establish and/or maintain an information security strategy in alignment with organizational goals and objectives to guide the establishment and/or ongoing management of the information security program.
Establish and/or maintain an information security governance framework to guide activities that support the information security strategy.
Integrate information security governance into corporate governance to ensure that organizational goals and objectives are supported by the information security program.
Establish and maintain information security policies to guide the development of standards, procedures and guidelines in alignment with enterprise goals and objectives.
Develop business cases to support investments in information security.
Identify internal and external influences to the organization (e.g., emerging technologies, social media, business environment, risk tolerance, regulatory requirements, third-party considerations, threat landscape) to ensure that these factors are continually addressed by the information security strategy.
Gain ongoing commitment from senior leadership and other stakeholders to support the successful implementation of the information security strategy.
Define, communicate, and monitor information security responsibilities throughout the organization (e.g., data owners, data custodians, end users, privileged or high-risk users) and lines of authority.
Establish, monitor, evaluate and report key information security metrics to provide management with accurate and meaningful information regarding the effectiveness of the information security strategy.
Establish and/or maintain a process for information asset classification to ensure that measures taken to protect assets are proportional to their business value.
Identify legal, regulatory, organizational and other applicable requirements to manage the risk of noncompliance to acceptable levels.
Ensure that risk assessments, vulnerability assessments and threat analyses are conducted consistently, at appropriate times, and to identify and assess risk to the organization’s information.
Identify, recommend or implement appropriate risk treatment/response options to manage risk to acceptable levels based on organizational risk appetite.
Determine whether information security controls are appropriate and effectively manage risk to an acceptable level.
Facilitate the integration of information risk management into business and IT processes (e.g., systems development, procurement, project management) to enable a consistent and comprehensive information risk management program across the organization.
Monitor for internal and external factors (e.g., key risk indicators [KRIs], threat landscape, geopolitical, regulatory change) that may require reassessment of risk to ensure that changes to existing, or new, risk scenarios are identified and managed appropriately.
Report noncompliance and other changes in information risk to facilitate the risk management decision-making process.
Ensure that information security risk is reported to senior management to support an understanding of potential impact on the organizational goals and objectives.
Establish and/or maintain the information security program in alignment with the information security strategy.
Align the information security program with the operational objectives of other business functions (e.g., human resources [HR], accounting, procurement and IT) to ensure that the information security program adds value to and protects the business.
Identify, acquire and manage requirements for internal and external resources to execute the information security program.
Establish and maintain information security processes and resources (including people and technologies) to execute the information security program in alignment with the organization’s business goals.
Establish, communicate and maintain organizational information security standards, guidelines, procedures and other documentation to guide and enforce compliance with information security policies.
Establish, promote and maintain a program for information security awareness and training to foster an effective security culture.
Integrate information security requirements into organizational processes (e.g., change control, mergers and acquisitions, system development, business continuity, disaster recovery) to maintain the organization’s security strategy.
Integrate information security requirements into contracts and activities of third parties (e.g., joint ventures, outsourced providers, business partners, customers) and monitor adherence to established requirements in order to maintain the organization’s security strategy.
Establish, monitor and analyze program management and operational metrics to evaluate the effectiveness and efficiency of the information security program.
Compile and present reports to key stakeholders on the activities, trends and overall effectiveness of the IS program and the underlying business processes in order to communicate security performance.
Establish and maintain an organizational definition of, and severity hierarchy for, information security incidents to allow accurate classification and categorization of and response to incidents.
Establish and maintain an incident response plan to ensure an effective and timely response to information security incidents.
Develop and implement processes to ensure the timely identification of information security incidents that could impact the business.
Establish and maintain processes to investigate and document information security incidents in order to determine the appropriate response and cause while adhering to legal, regulatory and organizational requirements.
Establish and maintain incident notification and escalation processes to ensure that the appropriate stakeholders are involved in incident response management.
Organize, train and equip incident response teams to respond to information security incidents in an effective and timely manner.
Test, review and revise (as applicable) the incident response plan periodically to ensure an effective response to information security incidents and to improve response capabilities.
Establish and maintain communication plans and processes to manage communication with internal and external entities.
Conduct post-incident reviews to determine the root cause of information security incidents, develop corrective actions, reassess risk, evaluate response effectiveness and take appropriate remedial actions.
Establish and maintain integration among the incident response plan, business continuity plan and disaster recovery plan.
Why Beyond20
Subject Matter Expertise
We understand that your goal is to learn effectively and get certified in one shot. After all, certification training can be a substantial investment. As such, it’s critical to us that you learn from someone who will help you retain key concepts and get you across the finish line efficiently.
But at the same time, who wants to take a boring class? If we’re going to spend a lot of time looking at screens, the material should at least be engaging. That’s why we’re hyper-focused on bringing variety to your virtual training experience. People learn differently, so we use several methods to teach concepts throughout the day.
White Glove Service
We all know that bad customer service is one of the most frustrating things there is. That’s why we’ve endeavored to create the kind of training experience that we would want for ourselves.
We're a US-based organization with offices in DC, Phoenix, and San Diego. Come through! Otherwise, we'll be happy to meet you virtually.
Rest assured: At Beyond20, our instructors are some of the world’s best. Not only does our training staff have decades of experience leading real-world cyber security initiatives, but in many cases, we are the official authors of authoritative publications (e.g., ITIL). Working with Beyond20 means learning from the top subject matter experts out there. It means training and taking your exams with confidence.
Next-Gen Virtual Training
Depending on the course, this can include interactive whiteboards, breakout rooms, virtual sticky note walls, and more. We take this approach not only because it's more fun than simply memorizing terms, but because it works.
From the instant that you first reach out to us with a quick question, to that glorious moment when you learn you’ve earned the certification, our job is to make sure that every interaction you have with us is a positive one. If you look at our hundreds of Google-verified reviews, you’ll see that we take it seriously! Beyond20 is not a risky choice.
If you're PMP-certified, our courses will earn you PDUs!
People Also Bought
advanced
CISSP Training Boot Camp
This 5-day course for Cybersecurity leadership aligns to the CISSP domains on the certification exam - guaranteed (DoD 8140/8570 compliant).
Our 4-day (ISC)² CAP certification training course (Certified Authorization Professional) will help you demonstrate your expertise within various risk management frameworks.
The practice of protecting an organization by understanding and managing risks to the confidentiality, integrity, and availability of information. The required security is established by means of policies, processes, behaviors, risk management, and controls, which must maintain a balance between Prevention – Ensuring that security incidents don’t occur, Detection – Rapidly and reliably detecting incidents that can’t be prevented, and Correction – Recovering from incidents after they are detected. It is also important to achieve a balance between protecting the organization from harm and allowing it to innovate. Information security controls that are too restrictive may do more harm than good or may be circumvented by people trying to do work more easily. Information security controls should consider all aspects of the organization and align with its risk appetite.
Capacity and Performance Management
The practice of ensuring that services achieve agreed and expected performance levels, satisfying current and future demand in a cost-effective way.
Release Management
This practice is focused on making new and changed services and features available for use. A release may comprise many different infrastructure and application components that work together to deliver new or changed functionality. It may also include documentation, training (for users or IT staff), updated processes or tools, and any other components that are required. Each component of a release may be developed by the service provider or procured from a third party and integrated by the service provider. Releases can range in size from the very small, involving just one minor changed feature, to the very large, involving many components that deliver a completely new service. In either case, a release plan will specify the exact combination of new and changed components to be made available, and the timing for their release. A release schedule is used to document the timing for releases. This schedule should be negotiated and agreed with customers and other stakeholders. A release post-implementation review enables learning and improvement and helps to ensure that customers are satisfied. In some environments, almost all the release management work takes place before deployment, with plans in place as to exactly which components will be deployed in a release. The deployment then makes the new functionality available. The ITIL v3 process named Release and Deployment Management was separated into two ITIL 4 Practices – Release Management and Deployment Management, which will be detailed further below.
Service Design
The practice of designing products and services that are fit for purpose, fit for use, and that can be delivered by the organization and its ecosystem.
Project Management
The practice of ensuring that all an organization’s projects are successfully delivered.
Workforce and Talent Management
The practice of ensuring that an organization’s employees are in the correct roles to support its business objectives.
Supplier Management
The practice of ensuring that an organization’s suppliers and their performance levels are managed appropriately to support the provision of seamless quality products and services.
Strategy Management
The practice of formulating the goals of an organization and adopting the courses of action and allocation of resources necessary for achieving those goals.
Service Validation and Testing
The practice of ensuring that new or changed products and services meet defined requirements.
Service Request Management
The practice of supporting the agreed quality of a service by handling all pre-defined, user-initiated service requests in an effective and user-friendly manner.
Service Level Management
The practice of setting clear business-based targets for service performance so that the delivery of a service can be properly assessed, monitored, and managed against these targets.
Service Financial Management
The practice of supporting an organization’s strategies and plans for service management by ensuring that the organization’s financial resources and investments are being used effectively.
Service Desk
The practice of capturing demand for incident resolution and service requests.
Service Continuity Management
The practice of ensuring that service availability and performance are maintained at a sufficient level in case of a disaster.
Service Configuration Management
The practice of ensuring that accurate and reliable information about the configuration of services, and the configuration items that support them, is available when and where needed.
Service Catalog Management
The practice of providing a single source of consistent information on all services and service offerings and ensuring that it is available to the relevant audience.
Risk Management
The practice of ensuring that an organization understands and effectively handles risks.
Problem Management
The practice of reducing the likelihood and impact of incidents by identifying actual and potential causes of incidents and managing workarounds and known errors.
Portfolio Management
The practice of ensuring that an organization has the right mix of programs, projects, products, and services to execute its strategy within its funding and resource constraints.
Organizational Change Management
The practice of ensuring that changes in an organization are smoothly and successfully implemented and that lasting benefits are achieved by managing the human aspects of the changes.
Monitoring and Event Management
The practice of systematically observing services and service components and recording and reporting selected changes of state identified as events.
Measurement and Reporting
The practice of supporting good decision-making and continual improvement by decreasing levels of uncertainty.
Knowledge Management
The practice of maintaining and improving the effective, efficient, and convenient use of information and knowledge across an organization.
IT Asset Management
The practice of planning and managing the full lifecycle of all IT assets.
Continual Improvement
The practice of aligning an organization’s practices and services with changing business needs through the ongoing identification and improvement of all elements involved in the effective management of products and services.
Software Development and Management
The practice of ensuring that applications meet stakeholder needs in terms of functionality, reliability, maintainability, compliance, and auditability.
Change Enablement
The practice of ensuring that risks are properly assessed, authorizing changes to proceed and managing a change schedule in order to maximize the number of successful service and product changes.
Infrastructure and Platform Management
The practice of overseeing the infrastructure and platforms used by an organization. This enables the monitoring of technology solutions available, including solutions from third parties.
Business Analysis
The practice of analyzing a business or some element of a business, defining its needs and recommending solutions to address these needs and/or solve a business problem, and create value for stakeholders.
Availability Management
The practice of ensuring that services deliver agreed levels of availability to meet the needs of customers and users.
Architecture Management
The practice of providing an understanding of all the different elements that make up an organization and how those elements relate to one another.
Continual Improvement
This practice is concerned with aligning an organization’s practices and services with changing business needs through the ongoing identification and improvement of services, service components, practices, or any element involved in the efficient and effective management of products and services. Included in the scope of the continual improvement practice is the development of improvement-related methods and techniques along with a continual improvement culture and mindset across the organization, in alignment with the organization’s overall strategy. The commitment to and practice of continual improvement must be embedded into every fiber of the organization. If it is not, there is a real risk that daily operational concerns and major project work will eclipse continual improvement efforts. The continual improvement practice also includes an update of the CSI model covered as part of ITIL v3 (see diagram below).
Deployment Management
The purpose of this practice is to move new or changed hardware, software, documentation, processes, or any other component to live environments. Deployment management works closely with release management and change control, but it is a separate practice. In some organizations, the term ‘provisioning’ is used to describe the deployment of infrastructure, and deployment is only used to mean software deployment, but in this case the term deployment is used to mean both. In short, the Deployment Management practice is typically an IT decision to move components to live environments, whereas the Release Management practice is typically a business decision to make services and features available for use by customers. These practices can be performed separately as seen within Agile/DevOps environments and pictured in the diagram below.
Service Configuration Management
The purpose of this practice is to ensure that accurate and reliable information about the configuration of services, and the CIs that support them, is available when and where it is needed. Configuration management provides information on the CIs that contribute to each service and their relationships: how they interact, relate, and depend on each other to create value for customers and users. This includes information about dependencies between services. This high-level view is often called a service map or service model, and forms part of the service architecture. It is important that the effort needed to collect and maintain configuration information is balanced with the value that the information creates. Maintaining large amounts of detailed information about every component, and its relationships to other components, can be costly, and may deliver very little value. The requirements for configuration management must be based on an understanding of the organization’s goals, and how configuration management contributes to value creation. In short, the IT Asset Management practice is about understanding “content” (what we have), and the Service Configuration Management practice is about understanding “context” (the relationships between what we have).
IT Asset Management
This practice is concerned with planning and managing the full lifecycle of IT assets. The scope of IT asset management typically includes all software, hardware, networking, cloud services, and client devices. In some cases, it may also include non-IT assets such as buildings or information where these items have a financial value and are required to deliver an IT service. IT asset management can include operational technology (OT), including devices that are part of the Internet of Things. These are typically devices that were not traditionally thought of as IT assets, but that now include embedded computing capability and network connectivity. Understanding the cost and value of assets is essential to also comprehending the cost and value of products and services and is therefore an important underpinning factor in everything the service provider does. IT asset management contributes to the visibility of assets and their value, which is a key element to successful service management as well as being useful to other practices. The ITIL v3 process named Service Asset and Configuration Management was separated into two ITIL 4 Practices – IT Asset Management and Service Configuration Management, which will be detailed further below.
Change Control
The goal of the change control practice is to maximize the number of successful IT changes by ensuring that risks have been properly assessed, authorizing changes to proceed, and managing the change schedule. The scope of change control is defined by each organization. It typically includes all IT infrastructure, applications, documentation, processes, supplier relationships, and anything else that might directly or indirectly impact a product or service. It is important to distinguish change control from organizational change management. Organizational change management manages the people aspects of changes to ensure that improvements and organizational transformation initiatives are implemented successfully. Change control is usually focused on changes in products and services.Change control must balance the need to make beneficial changes that will deliver additional value with the need to protect customers and users from the adverse effect of changes. All changes should be assessed by people who are able to understand the risks and the expected benefits; the changes must then be authorized before they are deployed. This assessment, however, should not introduce unnecessary delay. The person or group who authorizes a change is known as a change authority. It is essential that the correct change authority is assigned to each type of change to ensure that change control is both efficient and effective. In high-velocity organizations, it is a common practice to decentralize change approval, making the peer review a top predictor of high performance.As with ITIL v3, ITIL 4 defines three main categories of change – Normal, Emergency, and Standard changes (as shown below). However, the idea of the Change Advisory Board (CAB) is replaced by “change authority” to account for decentralization and other techniques that allow organizations to increase the speed of making changes (as seen in DevOps and Agile environments).
Problem Management
This practice is concerned with reducing the likelihood and impact of incidents by identifying actual and potential causes of incidents and managing workarounds and known errors. Every service has errors, flaws, or vulnerabilities that may cause incidents. They may include errors in any of the four dimensions of service management. Many errors are identified and resolved before a service goes live. However, some remain unidentified or unresolved, and may be a risk to live services. In ITIL, these errors are called problems and they are addressed by the problem management practice. Problems are related to incidents, but should be distinguished as they are managed in different ways:
Incidents have an impact on users or business processes and must be resolved so that normal business activity can take place.
Problems are the causes of incidents. They require investigation and analysis to identify the causes, develop workarounds, and recommend longer-term resolution. This reduces the number and impact of future incidents.
In the problem management practice, there are three phases that generally take place as shown below.
Monitoring and Event Management
The purpose of this practice is to systematically observe services and service components, and record and report selected changes of state identified as events. The monitoring and event management practice manages events throughout their lifecycle to prevent, minimize, or eliminate their negative impact on the business. Monitoring and event management helps to identify and prioritize infrastructure, services, business processes, and information security events, and establishes the appropriate response to those events, including responding to conditions that could lead to potential faults or incidents. The monitoring part of the practice focuses on the systematic observation of services and the CIs that underpin services to detect conditions of potential significance. Monitoring should be performed in a highly automated manner and can be done actively or passively. The event management part focuses on recording and managing those monitored changes of state that are defined by the organization as an event, determining their significance, and identifying and initiating the correct control action to manage them. Frequently the correct control action will be to initiate another practice, but sometimes it will be to take no action other than to continue monitoring the situation. Monitoring is necessary for event management to take place, but not all monitoring results in the detection of an event. Not all events have the same significance or require the same response. Events are often classified as informational, warning, and exceptions. Informational events do not require action at the time they are identified, but analyzing the data gathered from them later may uncover desirable, proactive steps that can be beneficial to the service. Warning events allow action to be taken before any negative impact is experienced by the business, whereas exception events indicate that a breach to an established norm has been identified (for example, to a service level agreement). Exception events require action, even though business impact may not yet have been experienced.
Service Request Management
This practice focuses on supporting the agreed quality of services by handling all pre-defined, user-initiated service requests in an effective and user- friendly manner. Service requests are a normal part of service delivery and are not a failure or degradation of service, which are handled as incidents. Since service requests are pre-defined and pre-agreed as a normal part of service delivery, they can usually be formalized, with a clear, standard procedure for initiation, approval, fulfillment, and management. Service request management is dependent upon well-designed processes and procedures, which are operationalized through tracking and automation tools to maximize the efficiency of the practice. Different types of service request will have different fulfillment workflows, but both efficiency and maintainability will be improved if a limited number of workflow models are identified. When new service requests need to be added to the service catalog, existing workflow models should be leveraged whenever possible.
Incident Management
This practice is concerned with minimizing the negative impact of incidents by restoring normal service operation as quickly as possible. Incident management can have an enormous impact on customer and user satisfaction, and on how customers and users perceive the service provider. Every incident should be logged and managed to ensure that it is resolved in a time that meets the expectations of the customer and user. Target resolution times are agreed, documented, and communicated to ensure that expectations are realistic. Incidents are prioritized based on an agreed classification to ensure that incidents with the highest business impact are resolved first. Organizations should design their incident management practice to provide appropriate management and resource allocation to different types of incidents. Incidents with a low impact must be managed efficiently to ensure that they do not consume too many resources. Incidents with a larger impact may require more resources and more complex management.There are usually separate processes for managing major incidents, and for managing information security incidents. As with ITIL v3, the concept of a “Major Incident” is included in the ITIL 4 material and this term is defined as: Major Incident:The highest category of impact for an incident. A major incident results in significant disruption to the business.Major incidents have their own procedure with shorter timeframes, when compared to day-to-day incidents, and will often invoke an organization’s disaster recovery/service continuity management activities.
Service Desk
The purpose of this practice is to capture demand for incident resolution and service requests. Service desks provide a clear path for users to report issues, queries, and requests, and have them acknowledged, classified, owned, and actioned. How this practice is managed and delivered may vary from a physical team of people on shift work to a distributed mix of people connected virtually, or automated technology and bots. The function and value of the service desk remain the same, regardless of the model.With increased automation and the gradual removal of technical debt, the focus of the service desk is to provide support for ‘people and business’ rather than simply technical issues. Service desks are increasingly being used to get various matters arranged, explained, and coordinated, rather than just to get broken technology fixed, and the service desk has become a vital part of any service operation. A key point to be understood is that, no matter how efficient the service desk and its people are, there will always be issues that need escalation and underpinning support from other teams. Support and development teams need to work in close collaboration with the service desk to present and deliver a ‘joined up’ approach to users and customers. The service desk may not need to be highly technical, although some are. However, even if responsibility of the service desk is simple, it still plays a vital role in the delivery of services and must be actively supported by its peer groups. It is also essential to understand that the service desk has a major influence on user experience and how the service provider is perceived by users. Another key aspect of a good service desk is its practical understanding of the wider organization, the business processes, and the users. Service desks add value not simply through the transactional acts of, for example, incident logging, but also by understanding and acting on the business context of this action. The service desk should be the empathetic and informed link between the service provider and its users.
Service Level Management
This practice is focused on setting clear business-based targets for service performance, so that the delivery of a service can be properly assessed, monitored, and managed against these targets. Service level management provides the end-to-end visibility of the organization’s services and helps negotiate and manage performance against Service Level Agreements (SLAs).
Supplier Management
This practice is concerned with ensuring the organization’s suppliers and their performance are managed appropriately to support the seamless provision of quality products and services. Activities that are central to the supplier management practice include:
Creating a single point of visibility and control to ensure consistency
Maintaining a supplier strategy, policy, and contract management information
Negotiating and agreeing contracts and arrangements
Managing relationships and contracts with internal and external suppliers
Managing supplier performance
Relationship Management
This practice is focused on establishing and nurturing links between the organization and its stakeholders at strategic and tactical levels. The relationship management practice ensures that:
Stakeholders’ needs and drivers are understood, and products and services are prioritized appropriately
Stakeholders’ satisfaction is high and a constructive relationship between the organization and stakeholders is established and maintained
Customers’ priorities for new or changed products and services, in alignment with desired business outcomes, are effectively established and articulated
Any stakeholders’ complaints and escalations are handled well through a sympathetic (yet formal) process
Products and services facilitate value creation for the service consumers as well as for the organization
The organization facilitates value creation for all stakeholders, in line with the organization’s strategy and priorities
Conflicting stakeholder requirements are mediated appropriately
We use cookies to make Beyond20’s website a better place. If you continue browsing, you accept our Terms of Use and Cookie Policy (baked goods not included).Accept
