Red River City Council Information Technology Services Department

Red River City Council Information Technology Services Department

Contents

Introduction

IT service level agreements

Support provided

Problem reporting and tracking

Escalation procedure

Responsibilities of users and departments

Liaison with departments

Measurement of compliance and usage reporting

Responsibility for specific services

Security and maintenance procedures

Disaster recovery planning

Backup

Virus checking

Maintenance

Maintenance register

ITDS Hardware register change form

Scheduled interruptions

Change control

Workstation performance and monitoring

Software

Register of software licences

Introduction

ITSD provides strategic technology, network computing and support for the council. It draws together in one functional area, staff and services who manage technology, computer systems, telecommunications and network infrastructure. We plan, develop and provide access to essential technological infrastructure services and advice to ensure that Red River City Council is able to effectively utilise technology and appropriately apply it to support core business functions.

The technology platform includes computer servers, the local area network (LAN), connectivity to the Internet, computer support and technology purchasing. A Help Desk is operated to assist in providing support for these technologies.

IT service level agreements

This document sets out the main services provided by the IT Department of Red River City Council.

The levels of service described here, are those which the IT Department commits to meeting, given an agreed level of resources. The service levels are negotiated annually through consultation with the user community.

Support provided

It will be up to Help Desk staff to identify critical systems and to prioritise the calls placed. Generally speaking any problem that stops core Council operations has the highest priority. In the event of a user demanding immediate action then they should be referred to the IT Manager.

Many calls are not real problems but simply users who do not know how to perform a particular function on their computer. These will still be logged and where possible the person taking the call will try to talk the user through the process or refer them to the appropriate page in the manual or help system.

Calls may relate to performance, especially a perceived view that the network is slow. In many cases it is not the network that is slow but the PC that is under performing. These are to be followed through since a performance problem may be caused by an intermittent hardware fault, which could eventually lead to a total loss of service. Unless poor performance is leading to a delay in the provision of services they will not be consider as a high priority but should be attended to within 24 hours of being notified. The user experiencing the problem should be contacted within two hours of logging the call.

Problem reporting and tracking

When problems are reported to the Help Desk (by phone, e-mail or in person), they are entered into the Fault-Tracking system. A problem which cannot be solved immediately is forwarded to a specialist member of staff and tracked to ensure that it is dealt with and also that the person who reported it is kept informed of the outcome. Each forwarded problem is allocated a reference number, which is given to the person reporting the problem.

Users are encouraged to report non-urgent faults by e-mail. If Help Desk classifies a problem as urgent, all reasonable endeavours are made to have it fixed immediately. Help Desk may also categorise a problem (such as one preventing a number of people working) as serious, in which case an escalation procedure is operated (see Escalation Procedure).

Weekly reports are provided for the IT Manager, the Services Director, and the relevant departmental Manager(s), listing all outstanding faults. Priorities between outstanding problems may be adjusted at this stage.

Escalation procedure

If a problem prevents a number of people working, or puts users' information at risk, it is regarded as serious, and its progress towards resolution is monitored by an escalation procedure operated by the IT Department. The purpose of the procedure is to ensure that work on the problem is properly resourced and prioritised, and that any third parties involved respond properly.

The main aspects of the procedure are:

• As soon as the problem is properly characterised by IT staff, following its observation, or a report by a user, Help Desk is informed. They publicise the situation as appropriate.
• Support staff for the service are called in, and contact with the relevant supplier or maintenance company is made as soon as possible, where such action is appropriate.
• If the problem remains one hour after identification, IT Staff member responsible for the service is informed.
• If the problem persists for half a working day, the IT Manager and the Services Director are informed.
• If the problem persists between half and one working day, an item for News Flash is produced detailing the problem and any possible 'workarounds'. Online contact may also be made to users.
• If the IT Manager is dissatisfied with a maintenance company's response to a particular problem, escalation is performed with them in accord with the terms of the appropriate agreement.

Non-serious problems have a lower priority, but both types of problems are entered in the Fault-Tracking system, which tracks them to ensure a satisfactory outcome.

Responsibilities of users and departments

Self sufficiency

Users are expected to familiarise themselves with IT documentation and online information relevant to their work, as well as any Departmental support arrangements.

Suitability of software

Users are responsible for satisfying themselves that any given software product is suitable for the uses to which it will be put, and that the results derived from it are meaningful.

Departmental responsibilities

Departments are expected to appoint a User Representative and any extra contacts, if necessary. We send copies of documentation, our Newsletter and our News Flashes to User Representatives and expect them to act upon this information in a Departmental capacity. With the general rise in uptake of IT services, the User Representative has an increasingly important role, upon which we have to rely for the correct formulation and delivery of many services.

Liaison with departments

The IT Department is very keen to increase its customer-focus and to ensure its delivery capability keeps pace with our clients' needs. Increasingly we want to use our skills and wide experience to help departments and clients to use IT in a more strategic fashion. To do all of this, communication between the IT Department and our colleagues, clients and users is absolutely vital. There must be clear and efficient communication mechanisms based on common need.

During the period of this SLA, we will be exploring with you what mechanisms have worked well in the past and where improved mechanisms are needed. A key need is to have focal points to help develop our plans, assist on reconciling prioritisation issues and gain agreement on charging.

Measurement of compliance and usage reporting

All the hardware platforms operated by IT have maintenance contracts with relevant hardware and software suppliers. The IT Department produces summaries, showing the serviceability and availability of the platforms it operates, together with summaries of notified problems, which are attributed to services where possible.

Summaries of the types of faults reported to the Help Desk are used within IT to spot general problem areas.

IT compares annually all measurements of service-level achievements with those stated in the Agreements.

Responsibility for specific services

At time of publication, the responsibility for specific services is under review and therefore may change during the lifetime of this document.

Any questions or problems should always be directed in the first instance to the Help Desk. Feedback about the level and provision of specific services may be addressed to the IT Manager. Alternatively, if a user at any time wants to discuss the quality and level of service provision, or has any comment to make about IT and its services, please contact the Services Director.

Security and maintenance procedures

Disaster recovery planning

A risk analysis of the security needs of the network will be undertaken and reviewed regularly. Security and control shall be sufficient to prevent or recover from security breaches in accordance with this analysis. Risk assessment will review all the major systems and procedures on the LAN. The assessment will identify the threats and quantify the risks.

The result of the risk assessment will be a list of threats and quantified risks that are not acceptable to management. Cost effective measures will then be implemented to reduce or recover from those risks. This will be fully documented and agreed especially in those areas where management agrees to carry the risk.

Any significant changes to the system whether hardware or software will also need to undergo a risk analysis to gauge their impact on the business.

Backup

All data on the network should be backed up daily. The software selected for this task should be capable of backing up all of the volatile system files such as user password files and other system files. All backup media should be large enough to contain all data with out the need to change media during backup. Currently we use tapes as the backup media.

A system of tape rotation and control is to be implemented. The re-use of tapes is to be determined as part of the Risk Analysis.

The backup system must be able to retrieve a deleted or damaged file from the medium in a short time, say, ten minutes.

Tapes must be stored at an offsite backup location. The frequency of taken tapes off-site will again be determined by the risk analysis.

The master (original) copies of software are to be stored in a secure remote site.

Supervisors must have someone who can perform the common operations on the network while they are away. This person must be adequately trained and kept up to date by carrying out certain supervisory operations on a regular basis.

A system for archiving infrequently used, but required files will be instituted.

Users will need to be informed as to which files, if any, are not part of the daily back up routine and how to take responsibility for recovery of that data. For certain applications there may be a need to make copies or backups of files just prior to a period update. These copies may be made to another part of the hard disk and are there purely to recover from a software failure. However, users may wish to archive or backup files at the end of an accounting period and will need to inform the administrators of their requirements.

Procedures will need to be implemented to ensure that the backup log is checked each morning to confirm that the backups were successfully completed.

ITSD Backup Log

Date of backup / Tape number used / Type of backup / Files backup up / Errors or comments / Initials

At regular intervals the validity of the backups should be tested by attempting to reload a server using backup tapes only. A complete set of disaster recovery procedures should be developed and tested.

If a tape is used in a restore operation then this fact and the date of the restore should be identified in the Errors or comments column.

Virus checking

All software loaded on the network should have first been checked for virus contamination. This also applies to shrink-wrapped (brand new) software.

The virus-checking program selected should be regularly updated to cover new viruses.

No software should be downloaded from a bulletin board to the network. Computers used for file transfer from other sources shall be disconnected from the network during the transfer. All data thus transferred shall be screened for virus contamination before being released to the network.

Diagnostic, maintenance or utility programs should only be used by the supervisor under controlled conditions.

Maintenance

Performance problems may be due to poor maintenance. For example, old temporary files may fill a disk, which reduces the space for memory caching which may slow down performance. If this is the case then either the user or the support person should carry out a full maintenance of the computer. This will consist of:

• deleting all temporary files

• scanning the disk for errors

• defragging the disk if necessary

• ensuring that the latest service pack is loaded

• removing unwanted software

• in some cases reloading the operating system on a newly formatted disk

If performance problems are due to capacity issues then recommended upgrades will be submitted to The IT Manager who will consider the hardware budget and plan.

Maintenance register

In order to provide a quality service to its customers, the IT department keeps a Register which provides all the information needed to support the ongoing maintenance of systems and IT developed solutions.

All new systems and developments must establish entries in the Maintenance Register once the solutions are in production. The information will be recorded and filed separately for each Project.

A sample form appears below.

ITDS Hardware register change form

Change ID

Date changed
Change approved by
Type of equipment
Equipment ID
Hardware changed
Department
Description of change
Resources used/required
Officer performing change
Time taken
Notes

Scheduled interruptions

If it is necessary to interrupt any service, prior notification is given via email News Flashes and the electronic Noticeboard facility wherever possible, and interruptions are scheduled to minimise their impact on users. Interruptions are scheduled out of business hours as far as possible. During business hours, interruptions will normally be scheduled for Wednesday afternoons as far as is practicable, usually starting at 13:00.

Change control

It is important that the services provided by ITSD are high quality, robust and do not change at unpredictable times. Accordingly, we aim to hold these services in an unchanged form during business hours. New services or new components of existing ones may be added during this period, but we strive to introduce them in a manner that does not affect existing ones. If serious unforeseeable problems affecting a user's ability to work do come to light, the IT Department will make all reasonable efforts to install fixes as quickly as possible.

Major changes are normally made to ensure minimal disruption to all users. These changes may include:

• new products to be added to the PC desktop

• new networking products

• changes to major systems

• any products which we propose to drop

• any products which we propose to upgrade.

Workstation performance and monitoring

Many users complain of lack of network performance when in fact the problem is at their own workstation. It is important that support staff know how to verify and check that workstations are operating at peak performance.

Generally workstations should have sufficient RAM. Small RAM leads to many problems such as slow performance and regular system crashes. If any of these symptoms are experienced then the RAM should be expanded up to at least 128MB.

Problems can be difficult to identify and it is recommended that support staff carry out the following tests.

Use the Resource Meter to identify the resources used - systems with more than 60% of resources utilised are likely to perform slower and hang more. Adding RAM should solve these problems.

Use System Information utility to gather and document information about the computer - even if the fault is suspected to be RAM it is worth running the System File Checker, Registry Checker and Version Conflict Manager. All findings should be fully documented.

Performance may be impacted by the amount of Virtual Memory used. It is recommended that computers be configured so that Windows manages the Virtual Memory.

Workstations should be configured so that they are optimised for their role as a desktop computer.

When checking a PC it is recommended that Microsoft's Dr Watson is configured to run at start up so it can manage and record any problems. Support staff should create a Dr Watson snapshot and file this information for future reference.

With the pace of change in technology there will a time when it is not worth upgrading the older computers. Either it is not cost effective or the improvement will be minimal. In this case it may be that a new computer is the solution or a greater type of upgrade is required. For example some motherboards may only be capable of using a Pentium I processor with out-dated, slow memory modules. There is no point increasing the memory or disk on these PCs since they will still not be fully effective. However, a new motherboard may be a suitable upgrade option.

Software

In the main we will make use of packaged software with modifications where necessary. Software development will be restricted to using macros and templates that may be provided with packages. Even when packaged software is being selected it is important to still develop a full user requirement report.

By law we can only run software for which the appropriate licence fees have been paid. All software loaded on company machines must be a legitimately purchased copy and the original copy of the software, plus the licence agreement, must be stored in the IT department.

Register of software licences

A register of all software on the network is maintained along with details of licences and approved number of users. The register contains the following information:

• Vendor

• Software name and version

• Date purchased

• Licence number

• Number of users
• Serial number of PCs where software is installed

No user is permitted to load on to the network any software that has not been approved by the IT department.

Users should only avail themselves of company approved and provided software. No personal or public domain software is to be loaded on the network without approval by the IT department.

The appropriate access rights will control users' access to software. Prior to being allocated access to a particular application the user:

• must have attended the appropriate training course, and
• must have permission from their immediate supervisor or department/group manager.

Red River City Council Information Technology Services Department1

2005