|
No.
|
Role
|
Responsibility
|
Name |
|
1.
|
IMS Approver
|
- Review IMS policies
- Approval of IMS policies
- Support the carrying out of overall IMS policies
- Monitor organization’s significant changes and exposure
- Approve major initiatives to enhance the overall security and service management of the company
|
Teerapong Rojthip |
|
2.
|
Management Representative
|
- Attend all the IMS meeting
- Define and agree upon on the IMS methodology
- Maintain and update the IMS framework
- Initiate annual review of the appropriateness of the IMS framework
- Promote Information Security and Service Management awareness
- Support IMS initiatives
- Make sure that IMS is inbuilt in all work processes
- Oversee all IMS activities
|
Norlina binti Ramli |
|
3.
|
IMS Manager
|
- Act as management representative for IMS related matters
- Help to oversee the whole IMS activities
- Define and agree upon on the IMS methodology
- Maintain and update the IMS policies
- Act as document administrator for Charoen Pokphand Malaysia processes
- Initiate annual review of the appropriateness of the policies with the Charoen Pokphand Malaysia Working Committee;
- Test the Disaster Recovery Plan;
- Promote IMS awareness;
- Support IMS initiatives;
- Ensure that security, service management and environmental aspects are inbuilt in work processes;
- Act as IMS management representative and to provide update and feedback during management review meetings
|
Norlina binti Ramli |
|
4.
|
Disaster Recovery Manager
|
- Initiate testing of Disaster Recovery Plan and Disaster Discovery Plan
- Review and Report the testing
|
Norlina binti Ramli |
|
5.
|
Change Manager
|
- Receives, logs and allocates a priority to all requests for changes that are totally impractical
- Authorizes acceptable changes, either alone or after approval from top management
- Issues change schedules
- Liaises with all necessary parties to coordinate change building, testing and implementation, in accordance with schedules
- Updates the change log with all progress that occurs, including any actions to correct problems and/or to take opportunities to improve service quality
- Reviews all implemented changes to ensure that they have met their objectives; refers back any that have been backed out of have failed
|
Muhd Firdaus bin Azmi |
|
6.
|
Document Controller
|
- Coordinate all activities related to the Document Control procedure, including technical documents, drawings, and commercial correspondence.
- Input document data into the standard registers ensuring that the information is accurate and up to date.
- Makes sure that controlled copies of latest approved documents and drawings are given to the appropriate staff, subcontractors and suppliers as applicable
- Maintain updated records of all approved documents and drawings and their distribution clearly
- Maintain the documents and drawings in the Document Control office under safe custody without any damage or deterioration with easy traceability.
- Maintain the files and control logs as required by the project
|
Nurul Faratihah Ab Rahim |
|
7.
|
Asset Manager
|
- Asset Protection : Develop and maintain internal policies, standards, processes, procedures, and practices that prevent and detect fraud, misuse, and abuse of state assets
- Data Classification : Develop categories and definitions that provide guidelines used to determine the appropriate level of protection for information
|
Amin Taufiq Zakaria |
|
8.
|
Access Manager
|
- Access Control : Review procedures for applying the appropriate rules and rights for each user or group
- User Access Management : Review privilege and passwords rules and processes and user registration and de-registration procedures for granting and revoking access to information systems and services
- User Responsibilities : Ensure users are made aware of their responsibilities in accessing, protecting, and using information assets
- Application and Information Access Control : Review procedures to prevent unauthorized access to restricted systems, applications, and information
- Sensitive System Isolation : Ensure the identification and separation of systems, applications, and information based on criticality and sensitivity
|
Nurul Faratihah binti Ab Rahim |
|
9.
|
Incident and Service Request Manager
|
- Drive the efficiency and effectiveness of the Incident and Service Request Management Process
- Manage the work of incident and service request support staff (service desk and second-line)
- Monitor the effectiveness of Incident Management and make recommendations for improvement
- Develop and maintain the Incident and Service Request Management
- Manage Major Incidents
|
Nurul Faratihah binti Ab Rahim |
|
10.
|
Problem Manager
|
- Liaison with all problem resolution groups to ensure swift resolution of problems within service level targets
- Responsible for the ownership and protection of the Problem List and Known Error Database (KEDB)
- Gatekeeper for the inclusion of all Known Errors
- Arrange, run, document and follow-up all activities related to Problem Management
|
Nurul Faratihah binti Ab Rahim |
|
11.
|
Back-up Manager
|
- Backup Functions: Activities required for the integrity and availability of information and systems
- Review the backup log and record
|
Muhd Firdaus bin Azmi |
|
12.
|
Internal Auditor
|
- Evaluates and provides reasonable assurance that risk management, control, and governance systems are functioning as intended and will enable the organisation's objectives and goals to be met
- Reports risk management issues and internal controls deficiencies identified directly to the audit committee and provides recommendations for improving the organisation's operations, in terms of both efficient and effective performance
- Evaluates information security and associated risk exposures
- Evaluates regulatory compliance program with consultation from legal counsel
- Evaluates the organisation's readiness in case of business interruption
- Maintains open communication with management and the audit committee
- Teams with other internal and external resources as appropriate
- Engages in continuous education and staff development
- Provides support to the company's anti-fraud programs
|
Norlina binti Ramli
Muhd Firdaus bin Azmi
Nurul Faratihah binti Ab Rahim
|
|
13.
|
Service Owner
(All processes)
|
- The ultimate authority on what the process should help the company accomplish, ensures the process supports company policies, represents and promotes the process to the business, IT leadership and other process owners
- Continuously verifies the process is still fit for purpose and use and finally, manages any and all exceptions that may occur
|
Norlina binti Ramli |
|
14.
|
Service Manager
|
- Document and publicize the process
- Ensure human, technical, information, and financial resources necessary to achieve the process objective.
- Define the Key Performance Indicators (KPIs) to evaluate the effectiveness and efficiency of the process
- Perform regular analysis of actual performance against the defined KPIs and taking required action following the analysis
- Assist with and be ultimately responsible for the process design
- Improve the effectiveness and efficiency of the process
- Review any proposed enhancements to the process
- Provide input to the ongoing Service & Operation Performance Reporting
- Address any issues with the running of the process
- Ensure all relevant staff have the required training in the process and are aware of their role in the process.
- Ensure that the process, roles, responsibilities and documentation are regularly reviewed and audited
|
Norlina binti Ramli
Nurul Faratihah binti Ab Rahim
Leong Soon Chiew
Muhammad Firdaus bin Azmi
Amin Taufiq Zakaria
|
|
15.
|
Release and Deployment Manager
|
- Ensure teams follow the organization’s established policies and procedures
- Provide management reports on release progress
- Deal with release package design, build and configuration
- Deal with release package acceptance including business sign-off
- Deal with service roll-out planning including method of deployment
- Deal with release package testing to predefined acceptance criteria
- Sign-off the release package for implementation
- Deal with communication, preparation and training
|
Nurlita binti Abdul Jalil |
|
16.
|
Configuration Manager
|
- Agree scope of the Configuration Management processes, function, the items that are to be controlled, and the information that is to be recorded; develops configuration management plan
- Ensure that changes to the Configuration Management methods and processes are properly approved and communicated to staff before being implemented
- Plan, publicize and oversee implementation of new configuration
- Agree CIs to be uniquely identified with naming conventions and ensure that staff comply with identification standards
- Provide reports, including management reports and configuration status reports
|
Muhd Firdaus bin Azmi |
|
17.
|
Capacity Manager
|
- Ensure that there is adequate IT capacity to meet required levels of service, and that senior IT management is correctly advised on how to match capacity and demand and to ensure that use of existing capacity is optimized
- Understand the current usage of the infrastructure and services, and the maximum capacity of each component
- Perform sizing on all proposed new services and systems, possibly using modeling techniques, to ascertain capacity requirements
- Forecast future capacity requirements based on business plans, usage trends, sizing of new services, etc.
- Produce and regularly review the Capacity Plan, in line with the organization’s business planning cycle
- Ensure that appropriate levels of monitoring of resources and system performance are set
- Ensure that all changes are assessed for their impact on capacity and performance and attending meetings when appropriate
- Produce regular management reports that include current usage of resources, trends and forecasts
- Report on service and component performance against targets contained in SLAs
- Act as a focal point for all capacity and performance issues.
|
Muhd Firdaus bin Azmi |
|
18.
|
Service Continuity and Availability Manager
|
- Ensure that all existing services deliver the levels of availability agreed with the business in SLAs
- Participate in the IT infrastructure design, including specifying the availability requirements for hardware and software
- Proactively improve service availability wherever possible, and optimize the availability of the IT infrastructure to deliver cost-effective improvements that deliver tangible benefits to the business
- Work with Budgeting and Accounting Manager in ensuring the levels of IT availability required are cost-justified
- Maintain and complete an availability testing schedule for all availability mechanisms
- Ensure that all availability tests and plans are tested after every major business change
- Perform Business Impact Analyses for all existing and new services
- Implement and maintain the Service Continuity Management process, in accordance with the overall requirements of the organization’s Disaster Recovery Management process
- Perform risk assessment and risk management to prevent disasters where cost-justifiable and where practical
- Manage the Service Continuity Plan while it is in operation, including fail-over to a secondary location and restoration to the primary location
- Develop and manage the Service Continuity plans to ensure that, at all times, the recovery objectives of the business can be achieved
- Maintain a comprehensive IT testing schedule, including testing all continuity plans in line with business requirements and after every major business change
- Attend Change Advisory Board (CAB) meetings when appropriate.
|
Norlina binti Ramli |
|
19.
|
Service Level Manager
|
- Negotiate and agree levels of service to be delivered with the customer (either internal or external); formally documenting these levels of service in SLAs
- Negotiate and agree OLAs
- Assist with the production and maintenance of an accurate Service Catalogue
- Ensure that targets agreed within underpinning contracts are aligned with SLA
- Review service scope, SLAs, OLAs and other agreements on a regular basis, ideally at least annually
- Measure, record, analyze and improve customer satisfaction.
|
Norlina binti Ramli |
|
20.
|
Budgeting and Accounting Manager
|
- Develop and publicize the IT budget procedure to all appropriate parties
- Prepare IT budget plan
- Communicate the approved plan to all involved departments
- Monitor and report budget and expenditure
- Work with other IMS processes to ensure budget and expenditure properly managed.
|
Norlina binti Ramli |
|
21.
|
Information Security Manager
|
- Develop and maintain the Information Security Policy
- Communicate and publicize the Information Security Policy to all appropriate parties
- Perform security risk analysis and risk management in conjunction with Service Continuity and Availability Management
- Design security controls and develop security plans
- Monitor and manage all security breaches and handling security incidents, taking remedial action to prevent recurrence wherever possible
- Promote education and awareness of security
- Ensure that the confidentiality, integrity and availability of the services are maintained at the levels agreed in the SLAs and that they conform to all relevant statutory requirements
- Ensure that all access to services by external partners and suppliers is subject to contractual agreements and responsibilities
- Act as a focal point for all security issues.
|
Norlina binti Ramli |
|
22.
|
Service Reporting Manager
|
- Ensure reports are timely generated and distributed
- Ensure process KPI and metrics align with business objectives
- Ensure process KPI and metrics are measurable
- Make recommendations on process KPI and metrics as appropriate
- Ensure the Service Reporting process is fit for purpose and performed as designed.
|
Muhd Firdaus bin Azmi |
|
23.
|
Supplier Manager
|
- Provide assistance in the development and review of SLAs, contracts, agreements or any other documents for third-party suppliers
- Ensure that value for money is obtained from all IT suppliers and contracts
- Review and perform risk analysis of all suppliers and contracts on a regular basis
- Ensure that any underpinning contracts or agreements developed are aligned with those of the business
- Ensure that all roles and relationships between lead and any sub-contracted suppliers are documented, maintained and subject to contractual agreement
- Perform contract review at least annually, and ensure that all contracts are consistent with organizational requirements and standard terms and conditions wherever possible
- Monitor, report and regularly review supplier performance against targets, identify improvement actions as appropriate and ensure these actions are implemented
|
Nurul Faratihah binti Ab Rahim |
|
24.
|
Business Relationship Manager
|
- Establish and maintain good relationship with the business
- Conduct service performance review with the customer at least annually
- Monitor and report service achievement against targets, identifying improvement actions as appropriate
- Measure customer satisfaction at least annually
- Manage service complaints from the customer
|
Norlina binti Ramli |
|
25.
|
Service Catalogue Manager
|
- The Service Catalogue Manager is responsible for maintaining the service catalogue, ensuring that all information within the service catalogue is accurate and up-to-date.
|
Norlina binti Ramli |
|
26.
|
Risk Manager
|
- Risk Manager is responsible for identifying, assessing, and controlling risks. This includes analyzing the value of assets to the business, identifying threats to those assets, and evaluating how vulnerable each asset is to those threats.
|
Norlina binti Ramli |
|
27.
|
Demand Manager
|
- The Demand Manager is responsible for understanding, anticipating and influencing customer demand for services. The Demand Manager works with capacity management to ensure that the service provider has sufficient capacity to meet the required demand.
|
Muhd Firdaus bin Azmi |
|
28.
|
Service Design Manager
|
- The Service Design Manager’s ITIL role includes responsibility for producing high-quality, secure, and resilient designs for new or improved services. This includes producing and maintaining all design documentation.
|
Norlina binti Ramli |
|
29.
|
Compliance Manager
|
- The Compliance Manager’s responsibility is to ensure that standards and guidelines are followed, and that proper, consistent accounting or other practices are being employed. This role includes making sure that external legal requirements are fulfilled.
|
Norlina binti Ramli |
|
30.
|
Project Manager
|
- The Project Manager is responsible for planning and coordinating the resources to deploy a major release within the predicted cost, time, and quality estimates.
|
Norlina binti Ramli |
