4.1 Given a scenario, implement best practices associated with documentation and support systems information management

4.1 Given a scenario, implement best practices associated with documentation and support systems information management

• Ticketing Systems
  • User Information
  • Device Information
  • Description of Problems
  • Categories
  • Severity
  • Escalation Levels
  • Clear, Concise Written Communication
    • Problem Description
    • Progress Notes
    • Problem Resolution
• Asset Management
  • Inventory Lists
  • Database System
  • Asset Tags and IDs
  • Procurement Life Cycle
  • Warranty and Licensing
  • Assigned Users
• Types of Documents
  • Acceptable Use Policy (AUP)
  • Network Topology Diagram
  • Regulatory Compliance Requirements
    • Splash Screens
  • Incident Reports
  • Standard Operating Procedures
    • Procedures of Software Package
  • New-User Setup Checklist
  • End-User Termination Checklist
• Knowledge Base / Articles

Ticketing System

If you run an IT help desk, then your most important tool is the ticketing system.  The ticketing system keeps track of the following

• Calls.  We must log each call to the help desk.  A call can be a telephone call, an e-mail, a text message, an instant message, or an in-person request.  The call can be used to automatically create a ticket and associate it with the user.
  
  
• Ticket.  The ticket is a description of the problem that we want to solve.  The ticket contains
  
  
  • The description of the problem that we want to solve.
    
    
  • The user or users who are affected.
    
    
  • The device or devices that are affected.
    
    
  • The category of the problem (hardware, computer network, software, password reset, etc.).  We can set up custom categories for our organization.  The ticket can be routed to the correct department based on its category.
    
    
  • The type of ticket (whether it is an incident or a routine request)
    
    
  • The severity of the request.  The more severe the request, the faster we should respond to it.  The organization may have a pre-defined service level standard.
    
    
  • A timer that shows us when the ticket was opened and how long we have until we find a resolution.
    
    
  • Escalation levels.  If the ticket is not resolved within the time allotted because the solution is not readily apparent, then it must be escalated to a more advanced support team or to a third-party vendor.  We must have a clear procedure for escalating each type of ticket.
    
    
  • Each time we work on the ticket, we should update it with what we did.  The notes should be detailed enough that any body else who reads the ticket can pick up where we left off.
    
    
  • Once we have solved the problem, we must write detailed resolution notes.  These notes tell us exactly what we did to solve the problem.  If the problem happens again, we can refer to the resolution notes.
    
    
• Users.  Each user in our organization should be in our ticketing system.  The user information also includes their contact information and role.  We may be able to sync our ticketing system’s user database with Active Directory.
  
  
• Devices.  Each device in our organization should be in our ticketing system.  The device information should include the make, model, serial number, hostname, location, and warranty status.  We may be able to automatically sync the devices with our asset tracking system.

Service Now is the gold standard for ticketing systems, but it is very expensive.  There are many other ticketing systems.  Besides keeping track of your information, the ticketing system also shows your boss that you are working.

The ticketing system may be linked to a knowledge base.  The knowledge base is a wiki that contains articles about how to complete common tasks.  It may also contain checklists and standard operating procedures.  When we receive a new ticket, we should check the knowledge base to see if there is an article about how to solve the problem.

The organization must have a way to keep track of its assets.  Assets could include devices like computers, laptops, routers, printers, cameras, wireless access points, vehicles, furniture, etc.

Why do we want to track assets?

• We know what we have.  If we have spare laptops in stock, and somebody needs a new one, we can deploy it from stock instead of purchasing a new one.
  
  
• We can keep track of equipment so that we know where it is and who it is assigned to.  When somebody leaves the organization, we can make sure that he returns the property that was assigned to him.
  
  
• We will have an accurate valuation of our equipment for insurance purposes.  When we buy insurance, we must tell the insurance company how much our stuff is worth, and what the replacement cost is.
  
  
• We will have an accurate valuation for financial reporting purposes.  Tax laws usually allow a company to write off a portion of the value of their assets each year.  This is called depreciation.  If we don’t know how much our stuff is worth, we can’t write it off.
  
  
• We can figure out if something is still under warranty or if it needs to be replaced.  We don’t want to fix something ourselves when we can make somebody else fix it for free.

We might put an asset tag on any device that we are tracking.  An asset tag uniquely identifies each asset when many assets look the same.  Each asset tag has a unique number.  It might also have a barcode and/or an RFID chip. 

Some types of documents that we may have

• Acceptable Use Policy/Rules of Behavior.  The Acceptable Use Policy describes what the employee may do and what they may not do while on a company’s system.  In general, the employee should
  
  
  • Only use the employer’s computing resources for purposes that benefit the employer
    
    
  • Not use the computing resources for illegal purposes
    
    
  • Not access games, social media, pornography, or racist content
    
    
  • An employer may allow an employee to use the devices for non-commercial purposes if the impact to the business is minimal (this is a work life balance choice that the employer may make)
    
    
  • The AUP must clearly state that the employer’s systems are subject to monitoring and recording, and that the employee has no reasonable expectation of privacy.  In the event the employee is terminated for violating the AUP, the employee will not be able to exclude evidence of wrongdoing in a wrongful termination lawsuit.
    
    The employer’s computer systems should clearly state that the system is subject to monitoring and recording.

• Network Topology Diagram.  The network topology diagram shows us
  
  
  • How each network device is connected
    
    
  • The role of each device
    
    
  • The IP addresses, subnets, and VLANs in each connection
    
    

We can use the topology diagram to troubleshoot connectivity issues by following the way that data flows.

• Regulatory Compliance Requirements.  Our organization may be subject to specific laws and regulations, specifically with respect to the way that we store data. 
  
  We should maintain a copy of each applicable regulation and a layman’s explanation of how they apply to our organization and its procedures.  These may need to be prepared by a lawyer.

• Splash Screen.  The splash screen warns users that

• They are attempting to log in to a protected computer system.
  
  
  • Their activities are monitored and recorded and subject to the Acceptable Use Policy
    
    
  • Any violation will be prosecuted

• Incident Reports.  When an incident takes place, we must investigate it and prepare an incident report.  The incident report will be maintained by the organization and distributed in accordance with the organization’s policies.  The incident report tells us
  
  
  • A detailed description of what happened
    
    
  • How and why it happened, as determined by the investigation
    
    
  • The consequences of what happened
    
    
  • What we will do in the future to make sure that it never happens again

• Standard Operating Procedures (SOP).  The organization will maintain standard operating procedures. 

• New User Setup Checklist.  When a new user is hired, we must follow a checklist to setup their equipment.  This may include
  
  
  • Issuing the user a computer and cell phone
    
    
  • Providing the user with a desk, tools, equipment, and/or a vehicle
    
    
  • Setting up a user account, e-mail address, and other credentials
    
    
  • Providing the user with a key card
    
    
  • Having the user read and understand the Acceptable Use Policy and other relevant policies
    
    
  • Having the user undergo safety and/or security training
    
    
  • Introducing the user to other employees
    
    

The completed checklist is usually retained by the Human Resources department.

• End User Termination Checklist.  When an end user leaves the organization, we must follow a checklist.  The checklist might include
  
  
  • Disabling the user’s accounts and logins
    
    
  • Notifying security that the user is no longer employed by the organization
    
    
  • Ensuring that the user returns all equipment issued to him (laptop, tools, cell phone, vehicle, etc.)
    
    
  • Ensuring that user data is retained or archived
    
    
  • Forwarding user e-mails to another employee
    
    
  • An exit interview to remind the employee of his obligations to keep the organization’s data confidential