3.3.4 IT Availability and Capacity Management
| No: 43028139 | Date(g): 4/11/2021 | Date(h): 29/3/1443 |
Effective from 2021-11-04 - Nov 03 2021
To view other versions open the versions tab on the right
Principle
Service availability should be maintained to support member organizations business functions and to avoid disruption and slowness of systems performance through monitoring current system thresholds and prediction of future performance and capacity requirements.
Control Requirements
| 1. | The IT availability and capacity management process should be defined, approved and implemented. | |
| 2. | The effectiveness of the IT availability and capacity management process should be monitored, measured and periodically evaluated. | |
| 3. | IT availability and capacity plan should be developed, approved and periodically evaluated. | |
| 4. | IT availability and capacity plan should be defined to address the following, but not limited to: | |
| a. | existing capacity of systems and resources; | |
| b. | alignment with the current and future business needs; | |
| c. | high availability requirements (including disruption and slowness for customer channels); | |
| d. | roles and responsibilities to maintain the plan; and | |
| e. | identification of dependencies over service providers as part of capacity planning to address BCM requirements. | |
| 5. | System performance thresholds should be defined and implemented. | |
| 6. | System performance should be monitored considering the following, but not limited to: | |
| a. | current and future business requirement; | |
| b. | the agreed upon SLA with the business; | |
| c. | critical IT infrastructures; | |
| d. | disruption and slowness in the underlying system(s) supporting customer channels; and | |
| e. | lessons learned from previous system performance issues. | |
| 7. | Deviations from established capacity and performance baselines/thresholds should be identified, documented, followed-up, and reported to the management and ITSC. | |