Scoring table

Answer Score
Yes 1
No 0
Partially 0.5
N.A. 0
DSS02 - Managed Service Requests and Incidents

DSS02.01 Define classification schemes for incidents and service requests.

Define classification schemes and models for incidents and service requests.
Activities Description
1
2
3
4
5
% Fulfillment of Level 3

DSS02.02 Record, classify and prioritize requests and incidents.

Identify, record and classify service requests and incidents and assign a priority according to business criticality and
Activities Description
Log all service requests and incidents, recording all relevant information, so they can be
1
handled effectively and a full historical record can be maintained.
To enable trend analysis, classify service requests and incidents by identifying type and
2
category.
Prioritize service requests and incidents based on the SLA service definition of business
3
impact and urgency.
% Fulfillment of Level 2

DSS02.03 Verify, approve and fulfill service requests.

Select the appropriate request procedures and verify that the service requests fulfill defined request criteria. Obtain
Activities Description
Verify entitlement for service requests using, where possible, a predefined process flow
1
and standard changes.
Obtain financial and functional approval or sign-off, if required, or predefined approvals for
2
agreed standard changes.
% Fulfillment of Level 2
Fulfill the requests by performing the selected request procedure. Where possible, use
3
self-help automated menus and predefined request models for frequently requested items.

Fulfill the requests by performing the selected request procedure. Where possible, use
3
self-help automated menus and predefined request models for frequently requested items.
% Fulfillment of Level 3

DSS02.04 Investigate, diagnose and allocate incidents.

Identify and record incident symptoms, determine possible causes, and allocate for resolution.
Activities Description
Identify and describe relevant symptoms to establish the most probable causes of the
incidents. Reference available knowledge resources (including known errors and
1
problems) to identify possible incident resolutions (temporary workarounds and/or
permanent solutions).
If a related problem or known error does not already exist and if the incident satisfies
2
agreed criteria for problem registration, log a new problem.
Assign incidents to specialist functions if deeper expertise is needed. Engage the
3
appropriate level of management, where and if needed.
Assign incidents to specialist functions if deeper expertise is needed. Engage the
3
appropriate level of management, where and if needed.
% Fulfillment of Level 2
DSS02.05 Resolve and recover from incidents.
Document, apply and test the identified solutions or workarounds. Perform recovery actions to restore the I&T-relate
Activities Description
Select and apply the most appropriate incident resolutions (temporary workaround and/or
1
permanent solution).
2 Record whether workarounds were used for incident resolution.
3 Perform recovery actions, if required.
Document incident resolution and assess if the resolution can be used as a future
4
knowledge source.
% Fulfillment of Level 2

DSS02.06 Close service requests and incidents.

Verify satisfactory incident resolution and/or fulfilment of requests, and close.
Activities Description
Verify with the affected users that the service request has been fulfilled satisfactorily or the
1
incident has been resolved satisfactorily and within an agreed/acceptable period of time.
2 Close service requests and incidents.
% Fulfillment of Level 2

DSS02.07 Track status and produce reports.

Regularly track, analyze and report incidents and fulfilment of requests. Examine trends to provide information for co
Activities Description
Monitor and track incident escalations and resolutions and request handling procedures to
1
progress toward resolution or completion.
% Fulfillment of Level 2
Identify information stakeholders and their needs for data or reports. Identify reporting
2
frequency and medium.
% Fulfillment of Level 3
3 Produce and distribute timely reports or provide controlled access to online data.
Analyze incidents and service requests by category and type. Establish trends and identify
4
patterns of recurring issues, SLA breaches or inefficiencies.
% Fulfillment of Level 4
5 Use the information as input to continual improvement planning.
% Fulfillment of Level 5

DSS02.07 Track status and produce reports.

Regularly track, analyze and report incidents and fulfilment of requests. Examine trends to provide information for co
Activities Description
Monitor and track incident escalations and resolutions and request handling procedures to
1
progress
Monitor andtoward
trackresolution or completion.
incident escalations and resolutions and request handling procedures to
1
progress toward resolution or completion.
% Fulfillment of Level 2
Identify information stakeholders and their needs for data or reports. Identify reporting
2
frequency and medium.
% Fulfillment of Level 3
3 Produce and distribute timely reports or provide controlled access to online data.
Analyze incidents and service requests by category and type. Establish trends and identify
4
patterns of recurring issues, SLA breaches or inefficiencies.
% Fulfillment of Level 4

DSS02.07 Track status and produce reports.

Regularly track, analyze and report incidents and fulfilment of requests. Examine trends to provide information for co
Activities Description
1
1
% Fulfillment of Level 2
2
% Fulfillment of Level 3
3 Produce and distribute timely reports or provide controlled access to online data.
Analyze incidents and service requests by category and type. Establish trends and identify
4
patterns of recurring issues, SLA breaches or inefficiencies.
% Fulfillment of Level 4
5 Use the information as input to continual improvement planning.
% Fulfillment of Level 5
 Answer Score Comment Evidence Capability Level
Partially 0.5 Copy paste evidence here
Yes 1 Copy paste evidence here
Yes 1 Your justification here 3
No 0 Leave blank if no justification Leave blank if no evidence
No 0 Leave blank if no justification Leave blank if no evidence
5 50% P (Partially) Stop Here!

o business criticality and service agreements.

Answer Score Comment Evidence Capability Level
Yes 1 Copy paste evidence here

Yes 1 Your justification here 2

Partially 0.5 Your justification here

3 83% L (Largely) Stop Here!

request criteria. Obtain approval, if required, and fulfill the requests.

Answer Score Comment Evidence Capability Level
Yes 1 Your justification here
2
Yes 1
2 100% F (Fully) Continue!

No 0 Leave blank if no justification Leave blank if no evidence 3

No 0 Leave blank if no justification Leave blank if no evidence 3

2 0% N (None) Stop Here!

on.
Answer Score Comment Evidence Capability Level

No 0 Leave blank if no justification Leave blank if no evidence

No 0 Leave blank if no justification Leave blank if no evidence 2

N.A. 0

N.A. 0
2 0% N (None) Stop Here!
 to restore the I&T-related service.
Answer Score Comment Evidence Capability Level
N.A. 0
Yes 1 Your justification here
2
Yes 1 Your justification here
Yes 1 Your justification here
3 100% F (Fully) Complete!

Answer Score Comment Evidence Capability Level

No 0 Leave blank if no justification Leave blank if no evidence

2
Yes 1 Copy paste evidence here
2 50% P (Partially) Stop Here!

provide information for continual improvement.

Answer Score Comment Evidence Capability Level
No 0 Copy paste evidence here 2
1 0% N (None) Stop Here!
Yes 1 Your justification here 3
1 100% F (Fully) Continue!
Yes 1 Copy paste evidence here
4
No 0 Leave blank if no justification Leave blank if no evidence
2 50% P (Partially) Stop Here!
Yes 1 Leave blank if no justification Leave blank if no evidence 5
1 100% F (Fully) Complete!

provide information for continual improvement.

Answer Score Comment Evidence Capability Level
Partially 0.5 Copy paste evidence here 2
Yes 1 Copy paste evidence here 2
2 75% L (Largely) Stop Here!
Yes 1 Your justification here 3
1 100% F (Fully) Continue!
Yes 1 Copy paste evidence here
4
No 0 Leave blank if no justification Leave blank if no evidence
2 50% P (Partially) Stop Here!

provide information for continual improvement.

Answer Score Comment Evidence Capability Level
No 0 Copy paste evidence here 2
Partially 0.5 Copy paste evidence here 2
2 25% P (Partially) Stop Here!
Yes 1 Your justification here 3
1 100% F (Fully) Continue!
Yes 1 Copy paste evidence here
4
No 0 Leave blank if no justification Leave blank if no evidence
2 50% P (Partially) Stop Here!
Yes 1 Leave blank if no justification Leave blank if no evidence 5
1 100% F (Fully) Complete!
2
1
APO12 — Managed Risk

APO12.01 Collect data.

Identify and collect relevant data to enable effective I&T-related risk identification, analysis and reporting
Activities Description
Establish and maintain a method for the collection, classification and analysis of I&T risk-
1
related data.
2 Define incident models for known errors to enable efficient and effective resolution.
Define service request models according to service request type to enable self-help and
3
efficient service for standard requests.
Define incident escalation rules and procedures, especially for major incidents and security
4
incidents.
5 Define knowledge sources on incidents and requests and describe how to use them.
% Fulfillment of Level 3

DSS02.02 Record, classify and prioritize requests and incidents.

Identify, record and classify service requests and incidents and assign a priority according to business criticality and
Activities Description
Log all service requests and incidents, recording all relevant information, so they can be
1
handled effectively and a full historical record can be maintained.
To enable trend analysis, classify service requests and incidents by identifying type and
2
category.
Prioritize service requests and incidents based on the SLA service definition of business
3
impact and urgency.
% Fulfillment of Level 2

DSS02.03 Verify, approve and fulfill service requests.

Select the appropriate request procedures and verify that the service requests fulfill defined request criteria. Obtain
Activities Description
Verify entitlement for service requests using, where possible, a predefined process flow
1
and standard changes.
Obtain financial and functional approval or sign-off, if required, or predefined approvals for
2
agreed standard changes.
% Fulfillment of Level 2
Fulfill the requests by performing the selected request procedure. Where possible, use
3
self-help automated menus and predefined request models for frequently requested items.

Fulfill the requests by performing the selected request procedure. Where possible, use
3
self-help automated menus and predefined request models for frequently requested items.
% Fulfillment of Level 3

DSS02.04 Investigate, diagnose and allocate incidents.

Identify and record incident symptoms, determine possible causes, and allocate for resolution.
Activities Description
Identify and describe relevant symptoms to establish the most probable causes of the
incidents. Reference available knowledge resources (including known errors and
1
problems) to identify possible incident resolutions (temporary workarounds and/or
permanent solutions).
If a related problem or known error does not already exist and if the incident satisfies
2
agreed criteria for problem registration, log a new problem.
Assign incidents to specialist functions if deeper expertise is needed. Engage the
3
appropriate level of management, where and if needed.
 Assign incidents to specialist functions if deeper expertise is needed. Engage the
3
appropriate level of management, where and if needed.
% Fulfillment of Level 2

DSS02.05 Resolve and recover from incidents.

Document, apply and test the identified solutions or workarounds. Perform recovery actions to restore the I&T-relate
Activities Description
Select and apply the most appropriate incident resolutions (temporary workaround and/or
1
permanent solution).
2 Record whether workarounds were used for incident resolution.
3 Perform recovery actions, if required.
Document incident resolution and assess if the resolution can be used as a future
4
knowledge source.
% Fulfillment of Level 2

DSS02.06 Close service requests and incidents.

Verify satisfactory incident resolution and/or fulfilment of requests, and close.
Activities Description
Verify with the affected users that the service request has been fulfilled satisfactorily or the
1
incident has been resolved satisfactorily and within an agreed/acceptable period of time.
2 Close service requests and incidents.
% Fulfillment of Level 2

DSS02.07 Track status and produce reports.

Regularly track, analyze and report incidents and fulfilment of requests. Examine trends to provide information for co
Activities Description
Monitor and track incident escalations and resolutions and request handling procedures to
1
progress toward resolution or completion.
% Fulfillment of Level 2
Identify information stakeholders and their needs for data or reports. Identify reporting
2
frequency and medium.
% Fulfillment of Level 3
3 Produce and distribute timely reports or provide controlled access to online data.
Analyze incidents and service requests by category and type. Establish trends and identify
4
patterns of recurring issues, SLA breaches or inefficiencies.
% Fulfillment of Level 4
5 Use the information as input to continual improvement planning.
% Fulfillment of Level 5

DSS02.07 Track status and produce reports.

Regularly track, analyze and report incidents and fulfilment of requests. Examine trends to provide information for co
Activities Description
Monitor and track incident escalations and resolutions and request handling procedures to
1
progressand
Monitor toward
trackresolution or completion.
incident escalations and resolutions and request handling procedures to
1
progress toward resolution or completion.
% Fulfillment of Level 2
Identify information stakeholders and their needs for data or reports. Identify reporting
2
frequency and medium.
% Fulfillment of Level 3
3 Produce and distribute timely reports or provide controlled access to online data.
Analyze incidents and service requests by category and type. Establish trends and identify
4
patterns of recurring issues, SLA breaches or inefficiencies.
% Fulfillment of Level 4
and reporting
Answer Score Comment Evidence Capability Level
Yes 1 Copy paste evidence here
No 0 Copy paste evidence here
Yes 1 Your justification here 3

No 0 Leave blank if no justification Leave blank if no evidence

No 0 Leave blank if no justification Leave blank if no evidence
5 40% P (Partially) Stop Here!

o business criticality and service agreements.

Answer Score Comment Evidence Capability Level
Yes 1 Copy paste evidence here

Yes 1 Your justification here 2

No 0 Your justification here

3 67% L (Largely) Stop Here!

request criteria. Obtain approval, if required, and fulfill the requests.

Answer Score Comment Evidence Capability Level
Yes 1 Your justification here
2
No 0
2 50% P (Partially) Stop Here!

No 0 Leave blank if no justification Leave blank if no evidence 3

No 0 Leave blank if no justification Leave blank if no evidence 3

2 0% N (None) Stop Here!

on.
Answer Score Comment Evidence Capability Level

No 0 Leave blank if no justification Leave blank if no evidence

No 0 Leave blank if no justification Leave blank if no evidence 2

N.A. 0
 2

N.A. 0
2 0% N (None) Stop Here!

to restore the I&T-related service.

Answer Score Comment Evidence Capability Level
N.A. 0
Yes 1 Your justification here
2
Yes 1 Your justification here
Yes 1 Your justification here
3 100% F (Fully) Complete!

Answer Score Comment Evidence Capability Level

No 0 Leave blank if no justification Leave blank if no evidence

2
Yes 1 Copy paste evidence here
2 50% P (Partially) Stop Here!

provide information for continual improvement.

Answer Score Comment Evidence Capability Level
Partially 0.5 Copy paste evidence here 2
1 50% P (Partially) Stop Here!
Yes 1 Your justification here 3
1 100% F (Fully) Continue!
Yes 1 Copy paste evidence here
4
No 0 Leave blank if no justification Leave blank if no evidence
2 50% P (Partially) Stop Here!
Yes 1 Leave blank if no justification Leave blank if no evidence 5
1 100% F (Fully) Complete!

provide information for continual improvement.

Answer Score Comment Evidence Capability Level
Partially 0.5 Copy paste evidence here 2
Yes 1 Copy paste evidence here 2
2 75% L (Largely) Stop Here!
Yes 1 Your justification here 3
1 100% F (Fully) Continue!
Yes 1 Copy paste evidence here
4
No 0 Leave blank if no justification Leave blank if no evidence
2 50% P (Partially) Stop Here!
DSS02 - Managed Service Requests and Incidents

No Management Practice Existing Target

DSS02.01 Define classification schemes for incidents and service
1 2 3
requests.
2 DSS02.02 Record, classify and prioritize requests and incidents. 1 3
3 DSS02.03 Verify, approve and fulfill service requests. 2 3
4 DSS02.04 Investigate, diagnose and allocate incidents. 1 2

5 DSS02.05 Resolve and recover from incidents. 2 2

6 DSS02.06 Close service requests and incidents. 1 2
7 DSS02.07 Track status and produce reports. 3 5

BAI - 03

No DSS02.01 Define classification

Management
schemesPractice
for incidents and service Existing Target
1 requests. 1 3
2 DSS02.02 Record, classify and prioritize requests and incidents. 1 2
3 DSS02.03 Verify, approve and fulfill service requests. 2 3
4 DSS02.04 Investigate, diagnose and allocate incidents. 1 2

5 DSS02.05 Resolve and recover from incidents. 2 2

6 DSS02.06 Close service requests and incidents. 1 2
7 DSS02.07 Track status and produce reports. 3 5
Achieved? Gap
No -
No belum adanya permintaan layanan yang sesuai dengan SLA dll dll….
No Belum ada request model untuk layanan yang sering diminta
No Tidak dilakukan identifikasi gejala dan kemungkinan penyebab insiden
Belum dilakukan pencatatan problem berdasarkan insiden dengan kriteria tertentu
Yes -
No From activity 1
No From activity 4
From activity 5

Achieved? Gap
No -
No -
No Belum ada request model untuk layanan yang sering diminta
No Tidak dilakukan identifikasi gejala dan kemungkinan penyebab insiden
Belum dilakukan pencatatan problem berdasarkan insiden dengan kriteria tertentu
Yes -
No From activity 1
No From activity 4
From activity 5
DSS02 - Managed Service Requests and Incidents

People A
No Practice-Activity Gap
Type
Belum ada request model untuk layanan yang sering
1 DSS02.03-3 Skill & awareness
diminta
Tidak dilakukan identifikasi gejala dan kemungkinan
2 DSS02.04-1
penyebab insiden
Belum dilakukan pencatatan problem berdasarkan
3 DSS02.04-2
insiden dengan kriteria tertentu
4 DSS02.06-1 From activity 1

5 DSS02.07-4 From activity 4

6 DSS02.07-5 From activity 5

MEA02 - Managed System of Internal Control (Contoh)

People A
No Practice-Activity Gap
Type

Roles

MEA02.01-2 Belum terdapat penilaian mengenai pelaksanaan kontrol Responsibility

1
internal vendor

Skill & awareness

Communication
 People Aspect Process Aspect
Potential Improvement Type Potential Improvement
Policy

People Aspect Process Aspect

Potential Improvement Type Potential Improvement
Menambahkan roles terkait pengelolaan
Menambahkan kebijakan terkait pengelolaan
kontrol internal vendor, yakni di posisi Policy
vendor
Kepala Pengadaan

Menambahkan rincian tugas dan tanggung

Menyusun (atau memperbarui) prosedur
jawab terkait kontrol internal vendor pada Procedure
terkait pengelolaan vendor
kepala pengadaan

Melakukan pelatihan terkait pengelolaan Merinci instruksi kerja terkait pelaksanaan

Work instruction
kontrol internal vendor kontrol internal vendor
Melakukan meeting terkait pengelolaan Mencatat pelaksanaan kontrol internal
Record
kontrol internal vendor secara berkala vendor
 Technology Aspect
Type Potential Improvement
Tools

Technology Aspect
Type Potential Improvement
Memilih tools yang akan diimplementasikan
Tools
terkait pengelolaan vendor

Menambah (atau merubah) fitur yang ada

pada tools pengelolaan vendor yang saat ini
Features
digunakan, dengan menambah fitur kontrol
internal)