Path_Part5Chapter9

This is a Deep Dive page. Select the chapter for the Fast Track

Management Areas

The ongoing management of common use encompasses the overall areas of governance alignment, implementation, support, and evaluate, as shown in Figure 9.2.1.

CommonUseManagement_Mgmt

Figure 9.2.1: Management Team and Areas

There are several pieces within each of these areas, which are described in the following sections. Consider this a sort of checklist as you build or improve your unique common use management approach. Further, as noted in Chapter 5, this section is the result of applying the research findings for this project against airport expertise and industry best practices in management as found in COBIT 5, an ISACA Framework. For more detailed guidance on the principles and practices of governance and management, see ISACA COBIT 5, © 2012 ISACA. All rights reserved. Used with permission.

Sections_Governance

Governance Alignment

Portfolio

The common use program must execute the strategic direction set for investments in line with the airport architecture vision. The program must also consider the different categories of investments and the resource and funding constraints. This requires evaluating, prioritizing, and balancing programs and services, and managing demand within resource and funding constraints, based on their alignment with strategic objectives and risk. It also includes monitoring the performance of the overall portfolio of services and programs and proposing adjustments as necessary in response to program and service performance or changing airport priorities.

Budget and Costs

The common use program must manage the related financial activities covering budget, cost and benefit management, and prioritization of spending using formal budgeting practices and appropriate allocation of costs. In doing so, it should consult stakeholders to identify and control the total costs and benefits within the context of the common use strategic and tactical plans and initiate corrective action where needed. It should also develop a partnership between common use and airport stakeholders to enable the effective and efficient use of common use-related resources and provide transparency and accountability of the cost and business value of solutions and services.

Human Resources

The common use program needs to provide a structured approach to allocating human resources, including the communication of defined roles and responsibilities, learning and growth plans, and performance expectations supported by competent and motivated people.

Relationships

The common use program should manage the relationship between itself and the rest of the business in a formalized and transparent way that ensures a focus on achieving a shared goal of successful airport outcomes that are in support of strategic goals and within the constraint of budgets and risk tolerance. The relationship needs to be based on mutual trust with a willingness to take ownership and accountability for key decisions. Doing so will create improved outcomes, increased confidence, trust in the common use program, and effective use of resources.

Service Agreements

The common use program must align common use-enabled services and service levels with airport needs and expectations, including identification, specification, design, agreement, and monitoring of common use services, service levels, and performance indicators. This will help to ensure that common use services and service levels meet current and future airport needs.

Suppliers

The common use program must manage common use-related services provided by all types of suppliers to meet airport requirements, including the selection of suppliers, management of relationships, management of contracts, and the reviewing and monitoring of supplier performance for effectiveness and compliance. This will minimize the risk associated with non-performing suppliers and ensure competitive pricing.

Quality

The common use program needs to define and communicate quality requirements in all processes, procedures, and related airport outcomes, including controls, ongoing monitoring, and the use of proven practices and standards in continuous improvement and efficiency efforts. It should also ensure consistent delivery of solutions and services to meet the quality requirements of the airport and satisfy stakeholder needs.

Risk

The common use program must continually identify, assess, and reduce common use-related risk within levels of tolerance set by airport executive management. In addition, it should integrate the management of common use-related airport risk with overall enterprise risk management and balance the costs and benefits of managing common use-related airport risk.

Security

The common use program must define, operate, and monitor a system for information security management in accordance with IT security, and keep the impact and occurrence of information security incidents within the airport's risk appetite levels.

Sections_Implementation

Implementation

Chapter 7 and Chapter 8 provided guidance applicable to launching and procuring common use solutions. As time moves forward, more implementations will be needed, and the common use program must provide leadership in ensuring these are managed well and transitioned into operation. The following provides the elements needed for the ongoing implementation of common use solutions.

Programs and Projects

The common use program must manage all programs and projects from the investment portfolio in alignment with airport strategy and in a coordinated way. In doing so, it needs to ensure all phases of programs and projects are performed, including initiation, planning, managing, controlling, and closing with a post-implementation review. This will help to generate business benefits and reduce the risk of unexpected delays, costs, and value loss by improving communications to and involvement of business and end-users, ensuring the value and quality of project deliverables and maximizing their contribution to the investment portfolio.

Requirements Definition

The common use program must identify solutions and analyze requirements before acquisition or creation to ensure that they are in line with airport strategic requirements covering business processes, applications, information/data, infrastructure, and services. It should coordinate the review of feasible options, including relative costs and benefits, risk analysis, and approval of requirements and proposed solutions with affected stakeholders. This will help establish feasible, optimal solutions that meet airport needs while minimizing risk.

Identify and Build Solutions

The common use program must establish and maintain identified solutions in line with airport and stakeholder requirements, covering design, development, procurement/sourcing, and partnering with suppliers/solution providers. It needs to manage configuration, test preparation, testing, requirements management, and maintenance of business processes, applications, information/data, infrastructure, and services. This will enable the establishment of timely and cost-effective solutions capable of supporting airport strategic and operational objectives.

Availability and Capacity

The common use program must balance current and future needs for availability, performance, and capacity with cost-effective service delivery. It should include the assessment of current capabilities, forecasting of future needs based on business requirements, analysis of business impacts, and assessment of risk to plan and implement actions to meet the identified requirements. This will help to maintain service availability, efficient management of resources, and optimization of system performance through the prediction of future performance and capacity requirements.

Changes

The common use program must manage all changes in a controlled manner, including routine changes and unplanned maintenance relating to business processes, applications, and infrastructure. This should include the use of change standards and procedures, impact assessment, prioritization and authorization, emergency changes, tracking, reporting, closure, and documentation. This will help to enable fast and reliable delivery of change to the business and mitigate the risk of negatively impacting the stability or integrity of the changed environment.

Change Acceptance and Transitioning

The common use program should use a formal acceptance process for new solutions that includes implementation planning, system and data conversion, acceptance testing, promotion to the production of new or changed business processes and common use services, early production support, and a post-implementation review. This will enable the implementation of solutions safely and in line with the agreed-on expectations and outcomes.

Knowledge

The common use program needs to maintain the availability of relevant, current, validated, and reliable knowledge to support all common use-related activities and to facilitate decision-making. It should plan for the identification, collection, organization, maintenance, use, and removal of information once it has become obsolete. This will facilitate the knowledge required to support all staff in their work activities, inform decision-making, and enhance productivity.

Assets

The common use program should manage common use assets through their life cycle to make sure that their use delivers value at optimal cost, they remain operational, they are accounted for and physically protected, and those assets that are critical to support service capability are reliable and available. It needs to manage software licenses to ensure that the optimal number is acquired, retained, and deployed in relation to required business usage and that the software installed follows license agreements. More than just for loss control, the need to know where this hardware (e.g., a boarding pass or bag tag printer) is located is important from a code firmware update standpoint, which aligns well with maintaining a sturdy cyber security posture.

Configuration

The common use program needs to define and maintain descriptions and relationships between key resources and capabilities required to deliver common use-enabled services, including collecting configuration information, establishing baselines, verifying and auditing configuration information, and updating the configuration repository.

Sections_Support

Support

Operations

The common use program needs to coordinate and execute the activities and operational procedures required to deliver internal and outsourced common use services, including the execution of pre-defined standard operating procedures and the required monitoring activities. This will enable the delivery of common use operational service outcomes as planned.

Service Requests and Incidents

The common use program needs to provide timely and effective responses to user requests and resolution of all types of incidents. It should restore normal service; record and fulfill user requests; and record, investigate, diagnose, escalate, and resolve incidents. This will help achieve increased productivity and minimize disruptions through the quick resolution of user queries and incidents. It should also maintain a very extensive record of calls.

Problems

The common use program needs to identify and classify problems and their root causes and provide timely resolution to prevent recurring incidents. It should also provide recommendations for improvements that will increase availability, improve service levels, and reduce costs by reducing the number of operational problems.

However it is established the service desk group must learn to work productively with airlines and their systems providers to resolve issues. For example, all too often, overnight upgrades of these systems result in service outages. Over time, the service provider will grow to know every airline's reservation and departure control systems.

Staffing should be heavily weighted toward the early morning start-up hours when there are seemingly many hardware failures. However, these issues are not typically new; they are simply items that were not reported by the agents finalizing their last flights at night.

Continuity

The common use program needs to establish and maintain a plan to enable the business and common use program to respond to incidents and disruptions to continue the operation of critical business processes and required common use services, as well as maintain the availability of information at a level acceptable to the airport.

Relevant to this, a local departure control system (LDCS) can very effectively serve as a “safety net” for finicky reservation or departure control systems. One airport noted that an airline that had a large presence had a very challenging system. The LDCS allowed them to quickly shift over and continue processing their passengers, with full bag tags and boarding passes, all with minimal delay.

Security Services

The common use program must protect airport information to maintain the level of information security risk acceptable to the airport in accordance with the security policy. It should establish and maintain information security roles and access privileges and perform security monitoring. This will help minimize the business impact of operational information security vulnerabilities and incidents.

There is also a physical aspect to this area, as airline, ground handling, and other personnel associated with a particular operation need access through doors in the building, passenger boarding bridge, or other important areas. Shifting an airline operation may entail allowing that access to be broadened.

Business Process Controls

The common use program must define and maintain appropriate business process controls to ensure that information related to and processed by in-house or outsourced business processes satisfies all relevant information control requirements. It needs to identify the relevant information control requirements and manage and operate adequate controls to ensure that information and information processing satisfy these requirements. This will help maintain information integrity and the security of information assets handled within business processes in the airport or outsourced. Increasingly, data is being shared across traditional siloed stakeholder boundaries (such as with the TSA, CBP, and airlines) and needs to be done in an appropriate, secure manner.

Sections_Evaluate (2)

Evaluate

Performance and Conformance

The common use program needs to collect, validate, and evaluate the business, common use, and process goals and metrics. It should monitor processes to ensure they are performing against agreed-on performance and conformance goals and metrics and provide systematic and timely reporting. It should also provide transparency of performance and conformance to drive the achievement of goals.

System of Internal Control

The common use program must continuously monitor and evaluate the control environment, including self-assessments and independent assurance reviews, to identify control deficiencies and inefficiencies and initiate improvement actions. It needs to plan, organize, and maintain standards for internal control assessment and assurance activities. It must provide transparency for key stakeholders on the adequacy of the system of internal controls and thus provide trust in operations, confidence in the achievement of airport objectives, and an adequate understanding of residual risk.

Compliance with External Requirements

The common use program must evaluate common use processes and common use-supported business processes to ensure compliance with laws, regulations, and contractual requirements. It must obtain assurance that the requirements have been identified and complied with and integrate common use compliance with overall airport compliance.