• Information Security Management: ISO/IEC 27001 Information Security.
• IT Security: ISO/IEC 27032 Cyber Security and ISO/IEC 27035 Incident Management.
• Continuity and Resilience: ISO 22301 Business Continuity Management System.
• Service Management: ISO/IEC 20000 IT Service Management and ISO/IEC 55001 Asset Management.
• Quality Management Systems (example: ISO 9001 Quality Management Systems, ISO 13053 Six Sigma, ISO 21500 Project Management).
• Health, Safety and Environment (example: ISO 14001 Environmental Management, ISO 22000 Food Safety Management, ISO 45001 Occupational Health and Safety Management).

together we can build a strong and value-based society Eric Lachapelle, CEO of PECB

PECB issued an official press release announcing this partnership, where Mr. Eric Lachapelle, CEO of PECB, expressed PECB’s determination to make a renewed and positive contribution towards building a strong value-based society (Read full press release here).

At CIATEC, we truly believe that adopting and adapting internationally recognized standards and frameworks can transform organizations and lift them up to a whole new level. And this partnership with PECB will definitely contribute to CIATEC’s mission to provide our clients with the highest quality of management systems implementation, consulting and training services. We look forward to a successful long-term partnership with PECB.

About PECB 

PECB is a certification body for persons, management systems, and products on a wide range of international standards. As a global provider of training, examination, audit, and certification services, PECB offers its expertise on multiple fields, including but not limited to Information Security, IT, Business Continuity, Service Management, Quality Management Systems, Risk & Management, Health, Safety, and Environment. For more detailed information regarding PECB principal objectives and activities, visit www.pecb.com.

The post CIATEC signs partnership agreement with PECB appeared first on CIATEC.

“The initiative aims to measure customers happiness index through smart cameras that analyze the extent of their happiness,” Maher Shirah, director of Smart Services at RTA’s Corporate Technology Support Services Sector. The system was able to produce detailed reports of a customer’s happiness levels, with instant alerts triggered when a center’s “happiness rating” drops below a predefined level. When this happens, actions can be taken to “restore customers’ happiness level.”

As far as privacy is concerned, authorities indicated that the system analyses facial expressions and convert it into numeral value but doesn’t save the visual information.

This is one of the many uses AI can serve in service management measurement and metrics. And it will definitely contribute to raising the level of users satisfaction, the ultimate goal of successful service management system.

The post Dubai: Using AI to Measure People’s Happiness appeared first on CIATEC.

To have a comprehensive and implemented IT service management ITSM strategy comes from the efficient workings of an IT service desk  that is developed by the support team to provide intelligent, multi-layered proficiency. The ITSM strategy provides the support team with a tool that not only supports the organization, but also empowers it. The question here is how does an organization evolve from having a proficient service desk to having a culture of support that promotes originality, invention and the creation of value?

1- Adopt Proven ITSM Standards

It might be assumed that established in-house processes are good enough for purpose, however, although it is necessary to continuously review and update systems, it is recommended that a reputable, proven guideline is used to update procedures. To do this, the adoption of a standard, for example, the information technology infrastructure library (ITIL^®), is advised. These standards offer a base or a guideline for the company to build upon. So, to begin, chose a reputable, verified base and work from there.

2- Generate a Service Catalog as part of ITSM strategy

A service catalog is one of the core elements of a successful ITSM strategy and provides a guideline to the IT services so that they can design the technology and procedures needed to carry them out. This also allows the IT services to become aligned with the company’s business strategies that they support. It also enables the IT services to demonstrate its effectiveness and importance within the company and the value it contributes company-wide.

3- Create CMDB

One of the core components of an ITSM strategy is a Configuration Management Database (CMDB). Some guidelines for building this are as follows:

• Distinguish the main stakeholders and provide them with the relevant information for the process. Ensure that stakeholders ‘buy-in’ is guaranteed as complete backing is needed in case the establishment of governance is necessary.
• Creating a CMDB is not a single step immediate process. Instead it can only be done in phases. The first is to record Configuration Items (CIs) that are able to illustrate the value of CMDB. This give the stakeholders something tangible to scrutinize and provide them information, so they can decide to buy-in. The proper level of governance is vital.
• Criteria for identifying assets needs to be established and precise information needs to be kept in the database. Information needs to be continuously updated and needs to consist of accurate data. A clear compression of combining, integrating and transferring data in the database is also necessary.

4- ITSM Strategy: Be Methodical

In fact, a better IT service management strategy is to roll things out step by step by giving your organization time to adjust to new processes and standards at each stage. You don’t have to implement a comprehensive strategy all at once.

5- Implement Continual Improvement (CSI)

Matrices should be developed to measure both the successes and the failures of each process. The realizations and malfunctions of each stage needs to be logged in a template or spreadsheet. Once the boundaries are decided all of the information can be input into the template and used to monitor progress, identify errors or issues, and improve the system.

6- ITSM Strategy: Assemble a Winning Team

The success of a company depends on the quality and efforts of its workforce who have both direct and indirect input to the successful provision of a product or service.  Quality staff in the right roles is vital to the success of any organization.
The company needs to ensure that it has the best people for the job and that they are engaged, committed and comfortable with the company’s business culture. They need to have well-defined roles and responsibilities and they need to know what they should be doing. This is relevant for all levels of staff and participants from the support team right up to management level and any other shareholders.

Final Thoughts

IT success is not an accident. It is a continuous, purposeful delivery of IT services. This is not an instant success, but rather a process of continuous monitoring and improvement. A carefully planned and implemented framework, for example, ITIL as an ITSM can prepare a business for current and prospective development and profit increases.

Ciatec, is an ITSM consulting firm with expertise that can definitely add to your ITSM strategy, contact us today for a free consultation.

The post 6 Steps to Build an Effective ITSM Strategy appeared first on CIATEC.

A change, any change, can be very stressful, and changes in IT environment are no different. Statistics shows that more than half of the incidents in a given IT environment are caused by changes done by IT staff. A change, if not well planned and executed it can be catastrophic. Fortunately, there are many standards and frameworks out there that can be of great assistance in implementing a successful change management module in your environment.

In ITIL change control process, change management requires CAB (Change Advisory Board) to review change, plan and assist in assessment and prioritization of changes. CAB is typically formed of IT and business representatives working together to support change management team. However, in small environments, change implementer, change planner, change manager, and even CAB are often being carried by one or two people switching hats based on the role they are playing at a particular time. But this doesn’t mean that proper change management process can’t be implemented in SMB, it can and it should. Furthermore, it is almost as important as implementing it in a large and well established organization.

At CIATEC, we are always looking to help make things better within IT departments. In this article we will specify the most important steps to implement a successful change management process.

Change Management Key #1: Plan Change

This is the “blue print” of the change to be implemented. At this level you should ask yourself questions such as:

Answer the what, where and how questions and then answer the “When” question: Set the implementation schedule, choose a proper timing and make sure it doesn’t conflict with any other scheduled jobs that might be running at the same time.

Change Management Key #2: Classify & Record Change

Keeping record of changes is a very important factor in a successful change management approach. The first question that comes to mind after any incident is: “What was changed?”. If a change log exists, it would be easy to identify the change that might have caused the issue. Keeping record starts by filling in a Request for Change (RFC) with all the change details listed below:

Change Management Key #3: Communicate

At this level you should make sure that all stakeholders are notified. Especially if the change might cause a service down time.

First notify the change “approver” (usually change manager or IT manager) and get the change approved and authorized. It is worth noting that change manager usually approves minor and low-risk changes without the need of CAB. CAB is consulted for major and significant changes of high risk.

When all is set, it is important that all potentially affected users are notified, make sure they know the impact and don’t forget to mention a time frame.

Change Management Key #4: Implement Change

When all is set, and the change is approved, you can proceed with the implementation. This is the most critical part of the whole process, where the implementer puts the change management plan into action. It is crucial to keep documenting steps along the way especially if the change is being implemented in phases. Even if a rollback plan is in place, in some circumstances, change implementer might deviate from the original plan in a way that the rollback plan may not apply.

Change Management Key #5: Review Change

This is also another very important phase, it is to asses the change and check if it provided the value as planned. After all changes are done to provide better value to business!

Check, review and asses the change, make a complete health-check to make sure that there were no side effects.

Those were five key steps to execute a successful change management plan in SMB IT environment, but it actually applies for any change, not just within IT. If you have any thing to add, please do share in the comments below, or contact us here.

The post 5 Key Steps for a Successful Change Management in SMBs appeared first on CIATEC.

If you want your company to become ISO certified, you probably already know the benefits. Other than operating under the governance of international standards, putting ISO Certification badge on your company website and paper publications is prestigious and will definitely contribute to a positive image towards your clients as well as your own staff. However, it is very important to know how to promote your ISO certification without breaking the rules. In this article we’ll highlight the do’s and dont’s of promoting your ISO certification, but first let’s tell you a little bit about ISO.

A little about ISO

ISO (International Organization of Standards) is an international standard-setting organization located in Geneva, Switzerland with presence in 161 countries through National, Correspondent or Subscriber members. For example: US ANSI, Canada SCC, Saudi Arabia SASO, Emirates ESMA, Lebanon LIBNOR are all national standard bodies in the mentioned countries and members in ISO General Assembly that meet once a year to decide on strategic objectives.

ISO formed partnership with other International organizations: International Electrotechnical Commission (IEC) specialized in setting standards for Electrical and electronic-related technologies, and the International Telecommunication Union (ITU) specialized in setting standards for information and communication technologies. In 2001, ISO, IEC and ITU formed the World Standards Cooperation (WSC).

One of the most popular standards is ISO 9001 Quality Management, but there are many others such as:

• ISO / IEC 27001 Information Security Management
• ISO / IEC 20000 IT Service Management
• ISO 14001 Environmental Management
• ISO 22000 Food Safety Management

and many others.

Why it is wrong to say ISO Certified or ISO Certification?

Your corporate can for example become ISO/IEC 27001:2013 certified not just ISO Certified, it can get ISO 20000-1:2011 certification not an ISO Certification. Meaning, that you’ll have to choose a domain that is relevant to your business, choose a scope within this domain, prepare the necessary documentation, implement the management system based on the standard, get audited and become certified in the chosen scope, and maintain your certification year after year.

ISO itself doesn’t provide certifications, certification bodies provide certifications. It is very important to choose your certification body, an ISO certification issued by a reputable and accredited certification body will reflect a better image to your business and inspire confidence. To name a few, here is a list of reputable certification bodies with global presence:

• PECB, Canada
• BSI, UK
• TUV, Germany
• Bureau Veritas, France
• SGS, Switzerland

Do’s and Dont’s in promoting your ISO Certification

How can CIATEC help you Become ISO Certified

CIATEC plays the role of remote consultant that can help prepare the necessary documentation to become ISO certified, currently focused on two main standards: ISO 27001 and ISO 20000 Certifications. ISO 27001 is a specification for an information security management system (ISMS), a framework of policies and procedures that includes all the needed controls involved in an organization’s information risk management processes. While ISO 20000 is a standard developed in 2005 and revised in 2011 it describes best practices to implement IT service management system. CIATEC catalyzes your process toward getting certified by helping you prepare the necessary documentation, implement the system and audit your work.

Finally, if you need help implementing a management system and become ISO certified, @AskCiatec or drop us a line here for assistance.

The post You can’t become ISO Certified appeared first on CIATEC.

In this post, we’ll try to help you choose between two major backup options Local backup and Cloud-based backup. But before jumping into the advantages and disadvantages of local backup and cloud backup, there are several variables to be considered before reaching a verdict:

1- Data Size: This is the first thing to look at, how many GBs or TBs of data are to be backup on daily, weekly and monthly basis.

2- Internet Speed: Before considering a cloud backup, internet capacity should be taken into consideration. Will it carry the load without affecting other services?

3- Data Sensitivity: How sensitive is the data, and would the information asset owner (usually higher management) agree on copying this data into a third-party server?

4- Budget: Cost is always a main player. How much is a company willing to pay to protect its data against accidental deletion, hacking, disasters…etc?

Local Backup

Local backup is the traditional backup method that has been used for decades. Your data is usually protected by being copied to local storage on regular basis. A local storage can be hard drive, tape drive, flash drive and so on. As best practice, backup device should be placed in a different location than that of live data, and a copy of the backup data should be stored off-site on regular basis.

Pros of Local Backup

+ Full Control over your data: You know exactly where your data is, and you tell who will have access to what.

+ Independent from the internet speed: being copied locally, internet speed is irrelevant.

+ Backup and restore time is much faster.

+ Offline copy of data is secure and protected against any malware attack on your network.

Cons of Local Backup

– Reachability: You have no access to the backup data unless you are on the network.

– High Cost: Local backup will need a software license, backup hardware (such as tape library or network storage) and consumables (such as tapes of disks).

– Maintenance: Being responsible of the whole software and hardware infrastructure mean that you’ll have to take care of all hardware and software errors and updates.

– Scalability: Expanding storage capacity comes at a relatively expensive cost compared to cloud backup.

Cloud-based Backup

Cloud-based backup, sometimes referred to as “online backup” or backup-as-a-service, is relatively “new” concept of backing up your data. Backup is being done over the internet to an off-site server usually hosted by third-party cloud service provider or on the companies private cloud if exists.

Pros of Cloud Backup

+ Reachability: Backup data could be accessed from any connected device.

+ Cost: Pay as you go, purchase the size required for the time being and then expand as needed, this will save money, as the size of online storage is becoming cheaper year after year.

+ Maintenance: Zero maintenance required from your side.

Cons of Cloud Backup

– Privacy: With data being stored on foreign server, your privacy is only protected by service agreement terms. That’s the main reason why companies are opting to build their own cloud.

– Requires high internet bandwidth especially if the size of data being backup is too high. If bandwidth upgrade is required, the price of this should be compared with the overall cost of local backup.

– Speed: Backup and restore time is much longer with cloud backup.

– Being accessible from any connected device, cloud backup will always be at risk of hacking and malware attacks.

Long story short: Summary of Cloud Backup vs. Local Backup

Those were the major differences between Local Backup and Cloud Backup. If you have second thoughts regarding your backup strategy, CIATEC staff can help! Just drop us a line in the comments or contact us here and we’ll be happy to assist.

The post Cloud Backup vs. Local Backup – What to Choose? appeared first on CIATEC.

In fact, international frameworks such as ITIL or COBIT, as well as ISO (International Organization for Standardization), never relates the standard to organization size. Small and medium sized business can apply the standard or framework and get certified based on their own structure in the same manner as big and multinational enterprises. Organizations may also scope limited number of processes or sections of the standard that most applies to their business.

Are you looking for a good reason to implement ITSM at your small or medium-sized organization? Here are five:

1- With ITSM: Deliver more with Less

Implementing the right ITSM system comes with a guarantee to raise productivity at less cost. Small and medium sized business with limited resources will be able to deliver more while saving on their running cost. Thus, increasing overall revenues.

2- IT is the Heart and Soul of any Modern Company

The vast majority of today’s companies, if not all companies, won’t be able to operate without information technology. It is no secret that any business nowadays relies on IT to survive and compete. A server room, data center or even cloud-based solution are now the heart and soul of business, regardless of its size. Investing in a proper ITSM will insure that IT services are operating in the best possible way, being delivered properly, available when needed, changed smoothly and continuously improving.

3- Changes can be Catastrophic!

Change is an essential part in the service life cycle, and if not well planned, it will cause harm more than good. Statistics show that more than 50% of IT incidents are caused by poorly executed changes. Change management in ITSM will ensure that changes are prioritized, properly scheduled, concerned parties notified and rollback plan is already prepared and ready to be executed in case of failure.

4- IT Support Staff, not Fire Fighters

We have discussed in previous post the importance of service desk to end users. Without applying ITSM best practice, support staff in SMB (already on limited resources) will run all day long in a rat race trying to resolve issues reported through phone calls or email messages in chaos without any prioritization, record, or reporting.

Service desk management tool will organize things for both IT staff and management by balancing urgency and priority, keeping record, reporting time needed to resolve issues and measuring its compliance with the service level agreement. When implemented, it will definitely increase productivity and contribute positively to continuous service improvement.

5- Get Ready to Shine

Building a business on solid foundations will make growth potential easier. Many growth opportunities are lost simply because the organization’s IT structure is not ready to handle big clients. Well implemented ITSM will make things move in the right direction and the organization will be well-structured and ready to handle larger number of clients with minimal adjustments.

Those were five reasons for companies to start investing in ITSM today. If you have more reasons to urge executives to invest in ITSM, please share in the comments below.

The post 5 Reasons for SMBs to Invest in ITSM Today appeared first on CIATEC.

Service desk is the highest visible “face” of IT!

Service Desk in ITIL V3

According to ITIL V3 model, service-desk is a function under service operations responsible for coordinating and conducting the processes and activities needed to manage services for business end users and customers based on the previously agreed service level agreement (SLA) terms. Service-desk serves as a single point of contact (SPOC) between organization users and IT management. Service-desk is the first to be contacted for any IT-related inquiry end users have, and that is what makes it a crucial factor in improving the whole corporate strategy.

Service Desk Types

Service-desk can be implemented in various types and forms based on business need. Below are the different types of service desk that could be implemented in your organization. Most organizations mix and match between different types of service desk to come up with a hybrid solution.

• Local Service-Desk: This is the type of service-desk to be implemented in organizations that operates from a single site.
• Centralized Service-Desk: Operates from a single location to provide support to staff in multiple geographical locations. This is a cost effective way of implementing service-desk solution for organizations with multiple sites or branches.
• Virtual Service-Desk: Members of virtual service desk team may be located in more than one location, they utilize various online technologies to provide remote support to users in multiple sites. This is the favorite type that outsourcing service providers use, it allows them to use the same team for more than one customer.
• Follow-the-Sun Service-Desk: This is famous among multinational companies with global presence and requires 24/7 support. Implementing this type of service desk requires at least two service desk teams to be located in different time zones with at least 4 hours of time difference between them.

Benefits of Implementing Service Desk

Now that we went through the importance of service desk in any organization, here are 4 benefits of implementing a service desk solution at your organization:

1. Single Point of Contact: Back-end engineers working on infrastructure level, or writing code for a certain application must operate in an environment that is isolated from end-users, they are not to be contacted directly. After implementing a service desk solution customers will have one-stop solution for all their inquires, requests, and complaints.
2. Customer Satisfaction: Whether service-desk is providing support to customers or to business end-users in same organization, customer satisfaction is a key element for increasing productivity and business growth. A satisfied customer will generate more business.
3. Monitoring, Tracking and Escalation: A well-implemented service-desk solution allows complete monitoring on problem resolution cycle from the moment of opening the case till closure. It allows tracking incidents to measure team efficiency and provides material to improve the service based on incidents history. It also implements issue escalation procedures to higher tier for better resolution timing especially for incidents with high severity.
4. Improving Productivity: Minimizing down time and resolving issues in organized and timely manner will increase efficiency and higher productivity. Thus, providing more value to business.

Read more about IT service management here.

The post The function that matters the most in ITIL Service Operation appeared first on CIATEC.

Why CIATEC?

CIA TEC name was inspired by two main fields of interest, information security field represented by CIA triad (Confidentially, Integrity and Availability) and information technology being the wide umbrella covering several topics underneath it, with emphasis on IT Service Management (ITSM), IT Security and Digital Strategy.

Work in Progress

CIATEC is still a new born that is being nourished by an ambitious small team of beautiful minds with solid background in digital and information technology, systems management, network management, information security, IT security and IT operations management.

We believe that there is always a room for improvement. We invite you to share with us any suggestions or comments about CIATEC here or through our social media channels:

Locations

While the vast majority of our posts, tips and advice applies on any country or environment, we are focused on the Middle East region particularly in Saudi Arabia, United Arab Emirates, and Lebanon.

Browse Topics

AI apple Awareness Backup Banking Banking Security Blockchain Careem Change Management Customer Experience CX Cyber Security Awareness Defence in Depth Defense in Depth Digital Marketing Disaster Recovery Plan DR Dubai Ecommerce Employees security assessment Facebook Finance Fraud Warning GDPR Google Hard Disk Information Security Awareness Information Security in Banking Information Security Management System Inofmration security training for employees Internet Internet History Internet of Things Internet Usage IoT ISMS ISO ISO 27001 ISO Audit ISO Training ITIL IT Operations ITSM layered security Lebanon LiFi Middle East Mobile Device Security Mobile Device Security Tips Mobile Security online business Partners PECB Phishing Phishing Awareness Phishing Simulation Phishing training Phishing training for employees Phishmark Privacy Quiz Saudi Arabia Scam Search Engines Security Awareness security awareness assessment Security Awareness Training Security Breach SEM SEO Service Desk SMB Social Media SSL SSL Certificate Statistics Strategy Successful Online Business Tech History Tech News Trends UAE Uber UX VDI Virtual Desktop Infrastructure WD Hard Disks Colors Website Security WiFi

The post Meet CIATEC appeared first on CIATEC.