In the new world of the smart grid, security isn’t a destination. It’s a sustained effort with ongoing investments across core areas of the utility enterprise.
Outsourcing, Reliability, and IT: When will the Three Meet?
Outsourcing, Reliability, and IT
When the grid collapses or a hurricane wipes out power to millions of customers, how does a customer information system (CIS) information technology (IT) manager ensure his or her outsourcing partner works as an extension of the IT organization by providing system reliability? When customer privacy of a competitor is questioned, how can the company be certain that the team members of the outsourcing partner have had sufficient background security checks, and that company data is safe?
Wishful thinking is to believe such untoward events never occur. Foolish thinking is to never plan for them. Meeting the customer's expectation in servicing problems can ensure customer satisfaction. To ensure that the expectation of services is met, it is important that the outsourcing partner and the CIS stakeholders agree to mutually acceptable definitions of service levels.
Service levels can be defined in multiple ways, starting by defining an incident as an event apart from business-as-usual, with the potential to disrupt service or compromise service quality. An incident could be as simple as maintenance that goes beyond schedule, or as complex as an act of God that disables power and communications.
The criticality of an incident is assessed by looking at the impact of the incident. Does a reported defect affect only one customer service representative (CSR) or a whole group of CSRs? Another dimension in assessing criticality is its urgency or the speed required to resolve the impact. Does the defect affect the viewing of a bill 13 months old, or the current bill that cannot be retrieved? Does it affect one customer or a group of customers on a certain tariff? Does the problem occur once in a while or every day, and is it getting worse? What will be the total loss in terms of revenue generation or collections on a daily basis? The criticality and urgency help in determining the priority of the incident. It is common for IT shops to classify priority levels as P1, P2, and P3, with P1 being the highest and P3 the lowest.
For each priority level, the service level agreement (SLA) defines an agreed-upon response time. For example, at an investor-owned electric utility in the United States, an SLA requires the outsourcing partner to respond to 90 percent of calls within 10 minutes. The response time may depend on when the incident is logged (after-office hours, during office hours, weekday or weekend, and holidays.) It is, therefore, common for the on-call team to carry pagers, cell phones, and secure IDs to receive the incident and respond to it. Remote access also is provided for the on-call team to connect to the CIS from home.
Another aspect in defining an SLA is service hours. How many hours of service in the day and number of days in the week will the service be provided? Defining service hours to take full advantage of any time differences can make the best use of an offshore partner, depending on where the onshore team and offshore team are located.
When the offshore services involve application