Define the Procedures
Home Business Change Analysis & Design Agile Testing Templates About us

Introduction
Determine the Scope
Determine Stakeholders
Describe the Problem
Analyse the Problem
Present the Findings
Define the Procedures
Back

Define the procedures

Once the business process has been agreed, each responsibility requires a procedural control document outlining:

bullet

Steps required to fullfil responsibility

bullet

Controls

bullet

Information required to fullfil responsibility

bullet

Information returned

bullet

SLAs

bullet

Further participation required

Many different styles are available, the following example showing a typical case:  

Figure 6: Procedural Control Document example

Manage Credential Storage Procedural Control Document

Objective: To keep the spare credentials in a secure location and maintain an accurate record of the credentials movement.
Owner: Security Administration

Inputs: Token Control Spreadsheet
Outputs: Token Control Spreadsheet
SLA: 4 hours on receipt of credential
Resources: 2 part time staff
 

Collaboration/Responsibility

Procedures and Controls
1. On receipt of any credentials for any reason, the Security Administrator will enter the details in the Token Control Spreadsheet [Control Point].
2. The Security Administrator verifies if the credential is operational.
3. Non-functioning credentials must be returned to Vendor, and Return Receipt retained.
4. If the credentials are required immediately for use, then the Initialise Credential procedure is to be followed [Control Point]
5. All credentials not for immediate use are to be stored in the Security Administrator's Credential Safe.
6. For 2-factor credentials, any printouts of the initial PINs are to be stored in a separate PIN safe.
7. etc
8. etc
 

It is vital in defining a procedure, to make it enforceable, since responsibility should not be given without associated accountability. Therefore key steps can be verified to have occurred though a process of auditing, monitoring and escalation (usually by the process owner or internal audit function).

This is done by defining and maintaining transparency to both:

  1. Control Points: These are points in the process where it is not possible to proceed without the step being successfully completed. In the above example these are clearly shown.
  2. Key Deliverables: These are auditable deliveries that will be subsequently monitored. In the above example these are shown underlined. 

Back Next

© 2002-2007 Codel Services Ltd

This paper has been prepared by Codel Services Ltd to illustrate how structured business modelling can help your organisation. Codel Services Ltd is an IT Consultancy specialising in business modelling. If you would like further information, please contact us at: Deryck Brailsford, Codel Services Ltd, Dale Hill Cottage, Kirby-Le-Soken, Essex CO13 0EN,United Kingdom. Telephone: +44 (0)1255 862354/Mobile: + 44 (0)7710 435227/e-mail: info@codel-services.com