Charoen Pokphand Malaysia

Integrated Management System Approver

Teerapong Rojthip 

Integrated Management System Steering Committee / Charoen Pokphand Malaysia

Wirat Phothiphan   Santipharp Seesuwanphip   Teerapong Rojthip
               
Praderm Chotsuparach   M.Fauzi Masoh   Norlina binti Ramli

Integrated Management System Manager / Charoen Pokphand Malaysia

Norlina binti Ramli            

Integrated Management System Steering Committee / Information Technology Service Office

Norlina binti Ramli   Muhd Firdaus bin Azmi      Wan Nur Haizun binti Wan Kamal
               
  Nurul Faratihah binti Ab Rahim     Muhd Firdaus bin Maarif      

Roles & Responsibilities

A. Integrated Management System

No.

Role

Responsibility

Name

1.

IMS Approver

  • Review IMS policies
  • Approval of IMS policies
  • Support the carrying out of overall IMS policies
  • Monitor organization’s significant changes and exposure
  • Approve major initiatives to enhance the overall security and service management of the company
Teerapong Rojthip 

2.

Management Representative

  • Attend all the IMS meeting
  • Define and agree upon on the IMS methodology
  • Maintain and update the IMS framework
  • Initiate annual review of the appropriateness of the IMS framework
  • Promote Information Security and Service Management awareness
  • Support IMS initiatives
  • Make sure that IMS is inbuilt in all work processes
  • Oversee all IMS activities
Norlina binti Ramli

3.

IMS Manager

  • Act as management representative for IMS related matters
  • Help to oversee the whole IMS activities
  • Define and agree upon on the IMS methodology
  • Maintain and update the IMS policies
  • Act as document administrator for Charoen Pokphand Malaysia processes
  • Initiate annual review of the appropriateness of the policies with the Charoen Pokphand Malaysia Working Committee;
  • Test the Disaster Recovery Plan;
  • Promote IMS awareness;
  • Support IMS initiatives;
  • Ensure that security, service management and environmental aspects are inbuilt in work processes;
  • Act as IMS management representative and to provide update and feedback during management review meetings
Norlina binti Ramli

4.

Disaster Recovery Manager

  • Initiate testing of Disaster Recovery Plan and Disaster Discovery Plan
  • Review and Report the testing
Norlina binti Ramli

5.

Change Manager

  • Receives, logs and allocates a priority to all requests for changes that are totally impractical
  • Authorizes acceptable changes, either alone or after approval from top management
  • Issues change schedules
  • Liaises with all necessary parties to coordinate change building, testing and implementation, in accordance with schedules
  • Updates the change log with all progress that occurs, including any actions to correct problems and/or to take opportunities to improve service quality
  • Reviews all implemented changes to ensure that they have met their objectives; refers back any that have been backed out of have failed
Wan Nur Haizun Wan Kamal

6.

Document Controller

  • Coordinate all activities related to the Document Control procedure, including technical documents, drawings, and commercial correspondence.
  • Input document data into the standard registers ensuring that the information is accurate and up to date.
  • Makes sure that controlled copies of latest approved documents and drawings are given to the appropriate staff, subcontractors and suppliers as applicable
  • Maintain updated records of all approved documents and drawings and their distribution clearly
  • Maintain the documents and drawings in the Document Control office under safe custody without any damage or deterioration with easy traceability.
  • Maintain the files and control logs as required by the project
Nurul Faratihah Ab Rahim

7.

Asset Manager

  • Asset Protection : Develop and maintain internal policies, standards, processes, procedures, and practices that prevent and detect fraud, misuse, and abuse of state assets
  • Data Classification : Develop categories and definitions that provide guidelines used to determine the appropriate level of protection for information
Muhd Firdaus bin Maarif

8.

Access Manager

  • Access Control : Review procedures for applying the appropriate rules and rights for each user or group
  • User Access Management : Review privilege and passwords rules and processes and user registration and de-registration procedures for granting and revoking access to information systems and services
  • User Responsibilities : Ensure users are made aware of their responsibilities in accessing, protecting, and using information assets
  • Application and Information Access Control : Review procedures to prevent unauthorized access to restricted systems, applications, and information
  • Sensitive System Isolation : Ensure the identification and separation of systems, applications, and information based on criticality and sensitivity
Nurul Faratihah binti Ab Rahim

9.

Incident and Service Request Manager

  • Drive the efficiency and effectiveness of the Incident and Service Request Management Process
  • Manage the work of incident and service request support staff (service desk and second-line)
  • Monitor the effectiveness of Incident Management and make recommendations for improvement
  • Develop and maintain the Incident and Service Request Management
  • Manage Major Incidents
Nurul Faratihah binti Ab Rahim

10.

Problem Manager

  • Liaison with all problem resolution groups to ensure swift resolution of problems within service level targets
  • Responsible for the ownership and protection of the Problem List and Known Error Database (KEDB)
  • Gatekeeper for the inclusion of all Known Errors
  • Arrange, run, document and follow-up all activities related to Problem Management
Nurul Faratihah binti Ab Rahim

11.

Back-up Manager

  • Backup Functions: Activities required for the integrity and availability of information and systems
  • Review the backup log and record
Wan Nur Haizun binti Wan Kamal

12.

Internal Auditor

  • Evaluates and provides reasonable assurance that risk management, control, and governance systems are functioning as intended and will enable the organisation's objectives and goals to be met
  • Reports risk management issues and internal controls deficiencies identified directly to the audit committee and provides recommendations for improving the organisation's operations, in terms of both efficient and effective performance
  • Evaluates information security and associated risk exposures
  • Evaluates regulatory compliance program with consultation from legal counsel
  • Evaluates the organisation's readiness in case of business interruption
  • Maintains open communication with management and the audit committee
  • Teams with other internal and external resources as appropriate
  • Engages in continuous education and staff development
  • Provides support to the company's anti-fraud programs

Norlina binti Ramli

Wan Nur Haizun binti Wan Kamal

Muhd Firdaus bin Azmi

Nurul Faratihah binti Ab Rahim

 

13.

Service Owner
(All processes)

  • The ultimate authority on what the process should help the company accomplish, ensures the process supports company policies, represents and promotes the process to the business, IT leadership and other process owners
  • Continuously verifies the process is still fit for purpose and use and finally, manages any and all exceptions that may occur
 Norlina binti Ramli

14.

Service Manager

  • Document and publicize the process
  • Ensure human, technical, information, and financial resources necessary to achieve the process objective.
  • Define the Key Performance Indicators (KPIs) to evaluate the effectiveness and efficiency of the process
  • Perform regular analysis of actual performance against the defined KPIs and taking required action following the analysis
  • Assist with and be ultimately responsible for the process design
  • Improve the effectiveness and efficiency of the process
  • Review any proposed enhancements to the process
  • Provide input to the ongoing Service & Operation Performance Reporting
  • Address any issues with the running of the process
  • Ensure all relevant staff have the required training in the process and are aware of their role in the process.
  • Ensure that the process, roles, responsibilities and documentation are regularly reviewed and audited

Norlina binti Ramli

Nurul Faratihah binti Ab Rahim 

Wan Nur Haizun bin Wan Kamal

Leong Soon Chiew

Muhammad Firdaus bin Azmi

Muhammad Firdaus bin Maarif

15.

Release and Deployment Manager

  • Ensure teams follow the organization’s established policies and procedures
  • Provide management reports on release progress
  • Deal with release package design, build and configuration
  • Deal with release package acceptance including business sign-off
  • Deal with service roll-out planning including method of deployment
  • Deal with release package testing to predefined acceptance criteria
  • Sign-off the release package for implementation
  • Deal with communication, preparation and training
Wan Nur Haizun binti Wan Kamal

16.

Configuration Manager

  • Agree scope of the Configuration Management processes, function, the items that are to be controlled, and the information that is to be recorded; develops configuration management plan
  • Ensure that changes to the Configuration Management methods and processes are properly approved and communicated to staff before being implemented
  • Plan, publicize and oversee implementation of new configuration
  • Agree CIs to be uniquely identified with naming conventions and ensure that staff comply with identification standards
  • Provide reports, including management reports and configuration status reports
Wan Nur Haizun binti Wan Kamal

17.

Capacity Manager

  • Ensure that there is adequate IT capacity to meet required levels of service, and that senior IT management is correctly advised on how to match capacity and demand and to ensure that use of existing capacity is optimized
  • Understand the current usage of the infrastructure and services, and the maximum capacity of each component
  • Perform sizing on all proposed new services and systems, possibly using modeling techniques, to ascertain capacity requirements
  • Forecast future capacity requirements based on business plans, usage trends, sizing of new services, etc.
  • Produce and regularly review the Capacity Plan, in line with the organization’s business planning cycle
  • Ensure that appropriate levels of monitoring of resources and system performance are set
  • Ensure that all changes are assessed for their impact on capacity and performance and attending meetings when appropriate
  • Produce regular management reports that include current usage of resources, trends and forecasts
  • Report on service and component performance against targets contained in SLAs
  • Act as a focal point for all capacity and performance issues.
Muhd Firdaus bin Azmi

18.

Service Continuity and Availability Manager

  • Ensure that all existing services deliver the levels of availability agreed with the business in SLAs
  • Participate in the IT infrastructure design, including specifying the availability requirements for hardware and software
  • Proactively improve service availability wherever possible, and optimize the availability of the IT infrastructure to deliver cost-effective improvements that deliver tangible benefits to the business
  • Work with Budgeting and Accounting Manager in ensuring the levels of IT availability required are cost-justified
  • Maintain and complete an availability testing schedule for all availability mechanisms
  • Ensure that all availability tests and plans are tested after every major business change
  • Perform Business Impact Analyses for all existing and new services
  • Implement and maintain the Service Continuity Management process, in accordance with the overall requirements of the organization’s Disaster Recovery Management process
  • Perform risk assessment and risk management to prevent disasters where cost-justifiable and where practical
  • Manage the Service Continuity Plan while it is in operation, including fail-over to a secondary location and restoration to the primary location
  • Develop and manage the Service Continuity plans to ensure that, at all times, the recovery objectives of the business can be achieved
  • Maintain a comprehensive IT testing schedule, including testing all continuity plans in line with business requirements and after every major business change
  • Attend Change Advisory Board (CAB) meetings when appropriate.
Norlina binti Ramli

19.

Service Level Manager

  • Negotiate and agree levels of service to be delivered with the customer (either internal or external); formally documenting these levels of service in SLAs
  • Negotiate and agree OLAs
  • Assist with the production and maintenance of an accurate Service Catalogue
  • Ensure that targets agreed within underpinning contracts are aligned with SLA
  • Review service scope, SLAs, OLAs and other agreements on a regular basis, ideally at least annually
  • Measure, record, analyze and improve customer satisfaction.
Norlina binti Ramli

20.

Budgeting and Accounting Manager

  • Develop and publicize the IT budget procedure to all appropriate parties
  • Prepare IT budget plan
  • Communicate the approved plan to all involved departments
  • Monitor and report budget and expenditure
  • Work with other IMS processes to ensure budget and expenditure properly managed.
Norlina binti Ramli

21.

Information Security Manager

  • Develop and maintain the Information Security Policy
  • Communicate and publicize the Information Security Policy to all appropriate parties
  • Perform security risk analysis and risk management in conjunction with Service Continuity and Availability Management
  • Design security controls and develop security plans
  • Monitor and manage all security breaches and handling security incidents, taking remedial action to prevent recurrence wherever possible
  • Promote education and awareness of security
  • Ensure that the confidentiality, integrity and availability of the services are maintained at the levels agreed in the SLAs and that they conform to all relevant statutory requirements
  • Ensure that all access to services by external partners and suppliers is subject to contractual agreements and responsibilities
  • Act as a focal point for all security issues.
Norlina binti Ramli

22.

Service Reporting Manager

  • Ensure reports are timely generated and distributed
  • Ensure process KPI and metrics align with business objectives
  • Ensure process KPI and metrics are measurable
  • Make recommendations on process KPI and metrics as appropriate
  • Ensure the Service Reporting process is fit for purpose and performed as designed.
Muhd Firdaus bin Azmi

23.

Supplier Manager

  • Provide assistance in the development and review of SLAs, contracts, agreements or any other documents for third-party suppliers
  • Ensure that value for money is obtained from all IT suppliers and contracts
  • Review and perform risk analysis of all suppliers and contracts on a regular basis
  • Ensure that any underpinning contracts or agreements developed are aligned with those of the business
  • Ensure that all roles and relationships between lead and any sub-contracted suppliers are documented, maintained and subject to contractual agreement
  • Perform contract review at least annually, and ensure that all contracts are consistent with organizational requirements and standard terms and conditions wherever possible
  • Monitor, report and regularly review supplier performance against targets, identify improvement actions as appropriate and ensure these actions are implemented
Nurul Faratihah binti Ab Rahim

24.

Business Relationship Manager

  • Establish and maintain good relationship with the business
  • Conduct service performance review with the customer at least annually
  • Monitor and report service achievement against targets, identifying improvement actions as appropriate
  • Measure customer satisfaction at least annually
  • Manage service complaints from the customer
Norlina binti Ramli

25.

Service Catalogue Manager

  • The Service Catalogue Manager is responsible for maintaining the service catalogue, ensuring that all information within the service catalogue is accurate and up-to-date.
Norlina binti Ramli

26.

Risk Manager

  • Risk Manager is responsible for identifying, assessing, and controlling risks. This includes analyzing the value of assets to the business, identifying threats to those assets, and evaluating how vulnerable each asset is to those threats.
Norlina binti Ramli

27.

Demand Manager

  • The Demand Manager is responsible for understanding, anticipating and influencing customer demand for services. The Demand Manager works with capacity management to ensure that the service provider has sufficient capacity to meet the required demand.
Muhd Firdaus bin Azmi

28.

Service Design Manager

  • The Service Design Manager’s ITIL role includes responsibility for producing high-quality, secure, and resilient designs for new or improved services. This includes producing and maintaining all design documentation.
Norlina binti Ramli

29.

Compliance Manager

  • The Compliance Manager’s responsibility is to ensure that standards and guidelines are followed, and that proper, consistent accounting or other practices are being employed. This role includes making sure that external legal requirements are fulfilled.
Norlina binti Ramli

30.

Project Manager

  • The Project Manager is responsible for planning and coordinating the resources to deploy a major release within the predicted cost, time, and quality estimates.
Norlina binti Ramli

 B. Disaster Recovery

No.

Functional Team

Responsibility

Name/Team

Pre-disaster

Disaster

1.

Management Team officially declares that a disaster has occurred, authorizes the execution of the DRP, and oversees the execution of the plan during the emergency.

  • Approve IT DRP and all major or material modifications to the plan.
  • Establish primary and alternate disaster command posts, ensuring that the posts are adequately prepared for a disaster.
  • Review the report of the Damage Assessment Team.
  • Declare a disaster by establish the command post and communications

 

Norlina binti Ramli

2.

Damage Assessment assesses the extent of the damage to the Data Center, reports to the Management Team, and makes a recommendation on declaring a disaster.

  • Determine appropriate considerations/criteria for identifying the extent of the damage and the estimated duration of the outage
  • Receive the first alert regarding the disaster.
  • Ensure that the Protection Services departments (traffic, security and fire) have been notified.
  • Coordinate with the security personnel and/or fire department to provide for safety, security, and access to the damaged facility.
  • Assess the damage area.

Infra & System Management

Access, Service Management & Procurement

3.

Restoration Team brings the disaster recovery site to the operational mode by managing the recovery procedures and responding to operational. The Restoration Team also manages the relocation of services back to the Data Center.

  • Establish and maintain the recovery procedures.
  • Manage and maintain the backup procedures.
  • Establish and maintain the disaster recovery data communications link to the disaster recovery site
  • Plan and conduct regular disaster recovery tests.
  • Coordinate recovery procedures
  • Restore the operating systems environments
  • Establish the data communications link to the disaster recovery.
  • Verify the operating systems and all other system and communication software are working properly.
  • Restore the application files.
  • Support the operations at the disaster recovery by resolving problems and monitoring and maintaining the data communications link to the disaster recovery.
  • Manage the backup tapes that were sent to the disaster recovery.
  • Ensure all required backups of the entire system are completed in preparation for leaving the disaster recovery.
  • Coordinate the return of the backup/storage media to the Data Center.
  • Install all applications at the Data Center.

Infra & System Management

Computer & Network Support

 

Application Implementation & Support 

4.

Operations Team assists in the recovery operations and manages the operations of the computer systems at the disaster recovery.

  • Ensure that appropriate backups are made on the prescribed, rotating basis and are ready to be taken off-site.
  • Maintain current, up-to-date systems operations documentation, ensuring that this documentation is suitably stored off-site.

 

  • Provide assistance to the Restoration Team in the restoration of the system software and customer files, as required.
  • Run system and operation jobs, as required.
  • Implement and maintain a problem log.
  • Provide information to the Customer Support Team regarding the status of the system, operations, and the customer jobs.
  • Effect the transfer of media and print output from the disaster recovery to suitable customer pickup location(s).
  • Coordinate the shutdown of the disaster recovery operations and the transfer back to the Data Center.

Infra & System Management

 

Computer & Network Support

 

Application Implementation & Support 


Print