Services - About Phoenix Business and Systems Process Inc.

Phoenix Business and Systems Process (PB&SP) implements COBIT® and ITIL® compliant programs resulting in improved client controls and greater capacity for business growth. Through collaboration and training, PB&SP ensures documented authentic business controls, designed to satisfy ongoing regulatory compliance, business value alignment and cost effective administration.

PB&SP translates enterprise information overload to the executive vernacular, and turns key business objectives to project milestones supporting an achievable IT compliance framework. Aligning information system metrics to their specific key control requirements ensures continued visibility over both risk and compliance events.

Executives and IT leaders want optimum results from their IT investments and are seeking methods to improve management over technical operations. They recognize the need to demonstrate compliance but often do not know how to get there. PB&SP’s compliance projects consistently return rapid non qualified audit findings and increased operational efficiencies.

The PB&SP partner network spans four continents and the United States.

PB&SP’s experienced information systems and security analysts have audit and information technology certifications, networking credentials, compliance and regulatory training, and advanced degrees in such areas as IT, Assessment, Engineering and Enterprise Architecture. PB&SP people know standards and the real world problem of optimizing profit, efficiency and compliance. Common to all employees is ITIL® certification, years in IT operations, development or audit, and either CISSP, CISM or CISA certification.

IT Control Services and Risk Management

• Sarbanes-Oxley and SAS 70 Type and Type II end to end project lifecycle
• COBIT®, ITIL®, ISO17799 Client Training
• IT Compliance review and assessment
• Comprehensive Remediation Strategy
• Remediate Gaps
  • Define and Refine the Compliance Framework
  • ReDesign and Document Process
  • Build Automated Controls
  • Create Reports
  • Develop Control Programs
  • Train leaders in specific control monitoring responsibilities
• Implement continuous audit of IT RISK, or RiskWatch program
• Establishing guidelines and policies representing good governance.
• Prescriptive tools approach to remediate low control maturity, matching tools with areas of defined exposure to risk
• Security Assessment and risk mitigation plan

Change Management

• Enterprise Change Management Implementation and Tool Set
• Change Management Process Development
• Change Management System Prototype, UML documentation

Performance Management - Performance Monitoring Forum Process and Tools

Establish a Performance Forum to provide oversight and assurance in designed, gathered, validated, and reported business metrics. The implementation of a Performance Monitoring Forum, at the corporate level, assures overall governance of metrics reporting. The execution of automated metrics gathering might include advanced technology and programming solutions. Elements in the scope of the performance forum include:

• Performance indicators (benchmarks) for external and internal resources
• Data being collected for creation of management reports and exception reports
• Control aimed at validity, propriety, and integrity of organization and individual performance indicators

Security Program Management

• Security Management is a holistic discipline that spans the enterprise. Our approach to the challenge of providing Security Management services is to offer a range of consulting options that address key areas of the security management lifecycle.
• PB&SP provides skilled security management practitioners, experienced in technical, corporate and IT governance domains. Phoenix consultants understand security in the context of regulatory and business.

Standards Based

Our efforts leverage ISO/IEC 17799 Code of Practice for Information Security Management, COBIT®.DS5/PO9, ITIL®-Availability Management, and a wealth of knowledge based in experience implementing these standards across numerous heavily regulated industries. PB&SP is “security savvy” understanding the information security context beginning with cooperate governance and including key control practices such as risk management, project management, release management and change management.

Process Management (Facilitated Compliance Management™) and COBIT®.

• Rapid process development via productivity tools and proven methodology including the Process Development Tracking System (Facilitated Compliance Management™)
• Process Profiles, with automated documentation and enterprise database
• Design and Implementation of a Risk Based Process Management Program Office
• IT Engineering and Networking Process Design and Implementation
• Automated Process Documentation and Management

Process Asset Library (PAL) Documenting IT Controls Compliance:

  You can't buy process, but you can work from templates that facilitate getting the process done right. IT Control Process Documentation may sound easy, but it is really very complex. Strategies that reduce complexity include:

• Prioritize Process Controls - Not all controls are KEY
• Work From a Process Architecture; (ITIL® and COBIT®.frameworks are a good Start)
• Define REAL Functions and Component Processes
• Use The Lowest level of Documentation: (Begin With The End In Mind)
• Templates vary according to need and use, pick the one that’s right
• Process Profile
• Work Instruction Profile
• SOP/ Knowledge Management Entry
• Program Profile
• Program Evaluation and Test Profile
• RunBook Template
• Automate, Automate, Automate….InfoPath and Share Point are tools for the times
• Leverage Existing Systems Data
• Focus on Reporting

Technology Resource Management

• Represent IT Compliance within the Organizational Model
• Align Positions with Compliance Framework; Defining Accountability by Function
• Assess Training gaps and propose remediation plans
• Assess PO7 - Control over the IT process Manage Human Resources
• Redefine core organizational competencies as they pertain to Sarbanes-Oxley sections 302, 404 , 409
• Structure Shared Utilization of Critical IT Expertise
• Ensure Ongoing Company-wide Compliance With Sarbanes-Oxley Section 404
• Create & Facilitate Implementation of Enterprise-wide Policies and Critical Processes for Enterprise Risk Management, Security, Project and Change Management.
• Recommendations to Reduce Cost On IT Expenditures Through Centralized IT Purchasing
• Establish IT Leadership Forum; Leveraging Specific Leaders throughout in Forwarding Standards
  For Various Information Technology Domains
• Establish Critical Document Retention Policy
• Optimize Utilization of Current & Future IT Investments
• Advise IT Leaders On Patch Assurance Security Services
  

Controls Automation: Monitor Key Processes - Establish a Governance Compliance Model

Web Tools: Supporting Human Assisted Automation (HAA)

• Gather data warehouse and network reporting requirements
• Design process control metrics mapping
• Implement monitoring strategy
• Integrate process control with existing fault management architecture
• Create Web Portal of all tools: A portal is a private space that gives employees in a company or members in an organization the ability to organize information and then read and access that same information

Data Process and Job Monitoring

• Design and Implement job monitoring frameworks to achieve fault management, trend analysis, and compliance reporting.

Configuration Management Automation

• Build custom automations to programmatically retrieve and archive device configurations. Utilize concurrence to overcome the time cost obstacle of multiple backups.

Automated, Intelligent Problem Management

• Low cost root cause analysis, notification, and automated problem resolution.
• Live data from the network via telnet, SNMP, TL1, Web Services
• existing data from Element Management System and Business Management Systems

Process Automation across Disparate Applications

• By examining processes, and selectively automating those components that will deliver the greatest return, process automation increases accuracy, reliability, and productivity without additional personnel requirements.
• Steer interactive processes such as telnet, FTP, SSH, and know that these jobs are being executed correctly.
• Control processes involving multiple applications and systems concurrently.

Web Services

• Web Design and e-business development
• Customized Web Portal Enterprise Management
• Graphic representation in the form of an eloquent, attractive and effective user interface.

Phoenix Business & Systems Process partners with providers of Network and Carrier Services providing Enterprise Assurance Services

Data Center Operations - Infrastructure Skills

• Data Center Operations
• Server management
• Data center security
• Backup management
• Disaster Recovery

Customized Network Management tools & Advanced Network Engineering

• IT Project Management according to SEI & PMI
• Network Audits and Associated Inventories
• Enterprise and Carrier Services Process Management
• Network Management Systems Optimization
• Network Operations and Provisioning Automation
• Network Design, Strategies for building a hybrid network: Audit, Plan, Merge