Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
:SOP-001169
Version: 01
IT Operations
Date: Signature:
Author:
Checked:
Released:
IT Operations
Contents
IT Operations ..........................................................................................................................1
IT Operations.......................................................................................................................... 2
2.Scope.................................................................................................................................... 3
3.Responsibilities.....................................................................................................................3
4.Definitions/Abbreviations.....................................................................................................3
4.1Service............................................................................................................................3
4.2System............................................................................................................................4
4.3Protection Objectives.........................................................................................................4
4.3.1Confidentiality................................................................................................................4
4.3.2Availability....................................................................................................................4
4.3.3Integrity.......................................................................................................................4
4.3.4NoTraceability................................................................................................................5
4.3.5GxP Criticality................................................................................................................5
4.3.61st Level Support...........................................................................................................5
4.3.72nd Level Support..........................................................................................................5
4.3.83rd Level Support...........................................................................................................5
4.4Service Times...................................................................................................................5
4.4.1Office Hours..................................................................................................................5
4.4.2Extended Office Hours.....................................................................................................5
4.4.3Service Hours................................................................................................................5
4.5Operational Level..............................................................................................................5
5.Description........................................................................................................................... 6
5.1Workflow – IT Operations...................................................................................................6
5.2Detailed Description of the Process Steps..............................................................................7
5.2.1Risk Assessment............................................................................................................7
5.2.2Definition of Operational Level..........................................................................................7
5.2.3Service Description.........................................................................................................7
5.2.4Numbering and Archiving Documents................................................................................8
5.3Definition of Operational Levels...........................................................................................9
5.3.1Operating Times...........................................................................................................11
IT Operations ..........................................................................................................................9
IT Operations ........................................................................................................................12
6.1Forms............................................................................................................................12
6.2Lists..............................................................................................................................12
6.3Check Lists.....................................................................................................................12
IT Operations
6.4Other.............................................................................................................................12
7.Record of Changes..............................................................................................................12
IT Operations
This SOP describes the basic requirements for operating IT services at Dishman. It aims to describe a
framework for mapping the life cycle of a Dishman IT service.
The following items are not part of this SOP and are described in special SOPs:
1. Planning and budgeting
2. Setup and installation of software (SOP-001166 Change Management in IT Chapter 5)
3. Change and configuration management in IT (SOP-001166 Change Management in IT)
Descriptions of systems and risk analyses of services and systems can contain security relevant data and
is thus kept in electronic and paper form accessible to personnel on a need-to-know basis only.
2. Scope
This SOP applies to all employees of Dishman and to external contracting parties entrusted with
developing, operating and maintaining IT services at Dishman.
3. Responsibilities
IT Operations
4. Definitions/Abbreviations
4.1 Service
A (productive) service is provided directly by Dishman’s IT department to internal customers (e.g. email
service, SAP, print service). A service is made up of several components that are referred to as a system.
4.2 System
4.3.1 Confidentiality
Confidentiality means that only specifically authorized persons or departments have access to objects,
information or data.
4.3.2 Availability
Availability refers to ensuring services are available when they are required. This covers general
availability and also the time till data or information is accessible.
4.3.3 Integrity
Integrity refers to information being stored as they were recorded by authorized users at the moment of
recording it. No Traceability
Traceability is the aim of enabling data or information to be regarded as “valid”. Liability (in terms of
concluding a contract) and non-deniability (protection against subsequent denial of authorship) are to be
ensured in this regard in particular.
GxP criticality is covered by the protective goals traceability, integrity and availability.
1st level support is the direct, first point of contact for the end user in the event of IT problems or other
necessary support.
IT Operations
4.3.6 2nd Level Support
Resolution of problems that cannot be remedied by 1st level support is delegated by 1st level support to
2nd level support.
Resolution of problems that cannot be remedied by 2nd level support is delegated by 2nd level support to
3rd level support. 3rd level support is n general an external expert who is involved as and where
necessary.
Service times are the times during which a service must be available in line with the service level and in
which IT provides support on a best effort basis. Outside Service time IT can be approached but no
guarantee for support exist.
In general office hours run on weekdays from 9:30 a.m. to 6:00 p.m. . Weekend has no office hours in
the India entities.
Extended office hours refers to the office hours of other sites , shift hours and public holidays that are
outside of office hours.
Service hours are hours on weekends and on India statutory holidays (including days between a statutory
holiday and the weekend). Planned maintenance work is generally performed during these times. Service
hours are from Saturday 7:00 PM. to Monday 9.00 AM
Operational level refers to the classification of a service into one of three different levels (gold, silver,
bronze See Section Detailed Description of the Process Steps).
IT Operations
5. Description
Description Respon-
Flowchart
Input Output sible
F-001953
F-001953
F-001954
IT Operations
Form F-001953 (Risk Assessment) is completed by IT to assess the criticality of a service or other IT-
related items and assign the appropriate operational level. Depending on the complexity of the service,
further risk assessments/risk analyses can be performed.
As well as identifying risks, any countermeasures are to be defined as part of the risk assessment.
A risk assessment is performed for software in classes 3 to 5 in line with the software classification.
Software is allocated to services in the software list (see L-002258 (Overview Critical Software)).
Form F-001953 is subsequently released by QA.
The process of working through the countermeasures defined in F-001953 is tracked by IT. Completion of
measures or a reference to related documents is to be documented in F-001953 by IT.
The operational level for the service is defined by IT and documented in form F-001953. The assigned
operational level must meet the requirements defined as part of the risk assessment.
F-001953 and F-001954 are numbered in line with the valid SOP for document numbering . If no
appropriate numbering can be assigned in line with this SOP, the following procedure is used: Each
completed F-001953/F-001954 is given a unique name in line with the SDXXX000 pattern (e.g. SD for
Description of Service, XXX stands – in general – for the department, I for IT, and a sequential number
for the area)
The originals of F-001953 and F-001954 are archived by IT in the relevant system logs.
On request, QA issues authorized copies – in consultation with IT – and manages the authorized copies in
line with specifications from
IT Operations
Availability during non-office hours: 98% Availability during non-office hours: 95% Availability during non-office hours: 90%
Maintenance Planned changes/maintenance are carried Planned changes/maintenance are carried Planned changes/maintenance are carried out
out during service hours with prior notice. out during service hours. during service hours and non-office hours.
IT Operations
IT Operations
The table below shows the office hours. The information is based on IST (Indian Standard Time)
Office hours
Extended office hours
Service hours
Day\time 12
1 2 3 5 6 7 8 9 11 12 1 2 3 4 5 6 7 8 9 10 11
midn 10 a.m.
a.m. a.m. a.m. a.m. a.m. a.m. a.m. a.m. a.m. noon p.m. p.m. p.m. p.m. p.m. p.m. p.m. p.m. p.m. p.m. p.m.
ight
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday
IT Operations
6.1 Forms
6.2 Lists
None
6.4 Other
7. Record of Changes