Jingga/Organization-Guide
1
0
Fork 0
mirror of https://github.com/Karaka-Management/Organization-Guide.git synced 2026-01-11 12:58:42 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
5a05e37605
Organization-Guide/Processes/04_Support & Service_Risk Control Matrix.md
Dennis Eichhorn 5a05e37605 update
2022-07-20 23:45:53 +02:00

6.3 KiB
Raw Blame History

Support & Service Risk Control Matrix

No. R Category Risk Event L C O Cause Mitigation Type Mitigation Strategy L* C* Changes Comments ES EY
1 CTO Operational Risk (Support & Service) No legal basis for accessing customer data during customer support & service. 1 1 Daily Preventing (Manual) Every customer must sign the Customer Data Protection Policy before they can receive support & service 1 1 yes yes
2 CTO Operational Risk (Support & Service) No legal protection regarding liabilities and responsibilities during customer support & service. 1 1 Daily Preventing (Manual) Every customer must sign the Customer Service Agreement before they can receive support & service 1 1 yes yes
3 CTO Operational Risk (Support & Service) Unauthorized people make support & service requests. 1 1 Many times a day Preventing (Manual) Only authorized are allowed to do support & service requests 1 1 yes yes
4a CTO Operational Risk (Support & Service) Not well defined goals and tasks resulting in miscommunication, high costs and unmet expectations. 1 1 Many times a day Preventing (Manual) Define goals, tasks, specifications and costs in writing in an offer. 1 1 yes yes
4b CTO Operational Risk (Support & Service) The goals, tasks, specifications and costs are estimated with significant deviations. 1 1 Many times a day Preventing (Manual) Only personnel with sufficient experience is allowed to make these estimations 1 1 yes yes
5 CTO Operational Risk (Support & Service) The customer disputes the provided service. 1 1 Many times a day Preventing (Manual) The customer must approve the offer in writing. 1 1 yes yes
6 CTO Operational Risk (Support & Service) Environment setup & configuration by inexperienced employees 1 1 Daily Preventing (Manual) Only employees with sufficient experience are allowed to perform the environment setup & configuration. 1 1 yes yes
7 CTO Operational Risk (Support & Service) The customer disputes the provided service. 1 1 Many times a day Preventing (Manual) Software setup & configuration is only allowed together with the customer. 1 1 yes yes
8 CTO Operational Risk (Support & Service) Installation of unapproved software on the customer server causing issues. 1 1 Many times a day Preventing (Manual) Only approved software is allowed to get installed on the customer servers 1 1 yes yes
9 CTO Operational Risk (Support & Service) Bad, risky or faulty software gets approved for the installation at customers. 1 1 Quarterly Preventing (Manual) Only the CTO is allowed to approve software to be installed on customer hardware after testing. 1 1 yes yes
10 CTO Operational Risk (Support & Service) Insufficient hardware resources for the application 1 1 Daily Preventing (Manual) Tested system requirements are provided for the customers. 1 1 yes yes
11 CTO Operational Risk (Support & Service) Leaking customer data incl. server login names and passwords. 1 1 Daily Preventing (Manual) No customer data incl. server login names or passwords are stored on the organization side. 1 1 yes yes
12 CTO Operational Risk (Support & Service) Not all necessary steps are executed during the application setup or faulty. 1 1 Daily Preventing (Manual) A Application Install Checklist is provided which has to be used during the install process. 1 1 yes yes
13 CTO Operational Risk (Support & Service) The trainings don't cover important aspects. 1 1 Daily Preventing (Manual) Trainings must be held according to the Training Manuals defined by the CTO. 1 1 yes yes
14 CTO Operational Risk (Support & Service) The maintenance doesn't cover important aspects. 1 1 Daily Preventing (Manual) Maintenance must be performed according to the Maintenance Checklist defined by the CTO. 1 1 yes yes
15 HOCS Operational Risk (Support & Service) Support requests from customers are handled by people who don't have the necessary skills or experiences. 1 1 Preventing (Manual) Support requests are assigned according to experiences and skillsets by team leaders, senior employees or the HOCS. 1 1 yes yes
16 CTO Operational Risk (Support & Service) The provided support is not satisfactory for the customers. 1 1 Revealing (Manual) Customers have the option to provide feedback after every closed support request. 1 1 yes yes

Abbreviations

  • R: Responsible

  • L: Likelihood (1-5)

  • C: Consequence (1-5)

  • L*/C*: Likelihood and Consequence after mitigation

  • O: Occurrence (many times a day, daily, weekly, monthly, annually)

  • ES: Effective

  • EY: Efficient

2022-01-01 - Version 1.0