Professional Documents
Culture Documents
FCA PPIM AR.1.1 Event Management 2020 Clean Execution
FCA PPIM AR.1.1 Event Management 2020 Clean Execution
Chapter 15 of PPIM
Event Management
Process Interface
FCA ITEM, FCA US LLC and IBM
Table of Contents
15.1 Introduction................................................................................................................................... 3
15.2.2 Description............................................................................................................................. 5
15.2.3 Scope..................................................................................................................................... 5
15.2.5.4 Event Record Logging into the Customer Service Management Tool..............................14
Glossary................................................................................................................................................... 19
1 Introduction
The Event Management chapter of PPIM describes the related procedures and policies for the Customers
and IBM interactions.
2 Event Management
Process 1 TOC
Provides lists of
Introduction process interface
and Overview documents, reports,
appendixes and
Process 4
customer-specific
Change
Process annexes
Management
Interface
documents
Process n
Appendixes
Each process interface
document includes:
A generic process Annexes
description, roles and
responsibilities
Customer interface
information and C1 C2
policies to support B1 B2
customer interactions A1 A2
that are common to the FCA
two Master Customers ITEM FCA US
Annex documents, defining Customer-specific information, such as focal points, for use by
each process.
The Event Management chapter of the PPIM describes the procedures and policies for the Customer and
IBM interactions. The word “Customer” refers to FCA ITEM and FCA US LLC, which are the two
participating Customers in the outsourcing contract.
2.2 Description
Event Management is the process of exposing significant infrastructure, service, business process and
security events, and responding to those events. Event Management continuously monitors the
availability and health of IT hardware, software and network resources, identifying events by scanning the
monitoring data for alerts generated and logging, evaluating, responding to and reporting these events.
An Event is any detectable occurrence that has significance for the management of the in scope IT
Infrastructure /Delivery of IT service and allows an evaluation of the event impact.
Some events do not require a response or may be automatically recovered by the monitoring tool; events
deemed significant involve either a predefined response or the creation of an Incident in the Incident
Management process. Event Management is equivalent to Monitoring Services from the Amended and
Restated MSA contract.
FCA ITEM, FCA US LLC and IBM use the Customer Service Management Tool as Event Tracking Tool
(for the agreed events) As-is the Event management module of the Customer Management Tool is not in
use, consequently the workarounds for its use have to be defined in this document.
English language is the only language allowed within the Customer Service Management Tool due to the
international nature of the support; exceptions are only allowed for some Local Customers’ Contract or
specific regional requirement (like LATAM).
2.3 Scope
The scope of Event Management includes all services and components described in the Exhibit-1 of the
Amended and Rested MSA contract (MSA) and all the Local Service Agreements signed under the MSA
unless otherwise specified.
Platform Management
Figure 1. Flow diagram for the Monitoring, Filtering, Correlating and Handling Events Interface
Table 1 provides the summary for Customer and IBM interactions, consisting of key required actions,
interfacing roles, interaction methods, and the organization involvement for the Monitoring, Filtering,
Correlating and Handling Events Interface. The Organization Involvement column is used to specify the
organization involvement for the key required actions, (R=Responsible, I=Informed, C=Consulted,
S=Supportive).
Table 1. Interface summary for Monitoring, Filtering, Correlating and Handling Events Interface
Table 2 outlines the step-by-step narrative for the Monitoring, Filtering, Correlating and Handling
Events Interface flow diagram.
Table 2. Narrative for the Monitoring, Filtering, Correlating and Handling Events Interface flow
Close and Use rules to close and review For Events needing action (Incidents):
Review Event the Event: Incident Management (for review and
Check if Event has been closure)
handled and may be closed
Problem Management (for analysis of
Analyze Events to identify trends needing action)
trends which suggest
corrective action is needed
Disk IO errors
CPU utilization
Network health
Application Availability (URL monitoring performed through activities such as HTTP check
and HTTP)
Application, component, and stack monitoring
Application transaction response time for existing implementations, or, as a New Service, for
applications that do not have an existing implementation
Instance status
Success of backups
For the development and test environment, the Incident Priority is one level lower than the production
environment.
Exception/Disruption FATAL 1
CRITICAL 2
MINOR 3
Warning WARNING 3
Incidents created by Monitoring system are handled in accordance with the Incident Management
Process.
The first responsibility of the Incident Analyst is to validate the correct prioritization and classification of
the Incident before providing initial support following the Alert Incident Handling rules.
In general, Incident Priority can be reduced with the agreement of the Requester if it has been determined
that the original business Impact was overestimated. (Exhibit 1E, Section 3.4 of the Agreement states that
"Priority Level designation may be changed upon Customer approval.") In case where monitoring leads to
Incident Record Creation, there is no Customer Requester/Incident Submitter.
For the above reason, the Customers and IBM agreed that If the Monitoring tools has not assigned the
correct Priority to an Incident, the Incident Analyst of the Assignment Group that manages the Incident
can modify the Priority in accordance with following policies.
Note: The assigned Priority of an Incident Record can and should be downgraded only when the
Incident has an effect on business processes that is less than the Impact Level associated with
the existing Priority; or a Configuration Item requires remediation within the durations
corresponding to the Service Levels for Time to Restore P2 and P3 Incidents.
There are other conditions that drive the definition of the Priority that may not be correctly
managed during the Incident record creation for that reason the Customers and IBM established
the following guidelines:
4. Another likely scenario involves high availability systems with built-in redundancy
designed to eliminate single points of failure is affected. Such a system has redundant
components that can fail over without affecting the delivery of service. However, once a CI has
failed the inherent redundancy is gone and a repair/replacement is required to prevent another
failure from affecting availability of the service. In this case, it would be appropriate to downgrade
the Incident from P1 to P2 and work to fix the failure within the 24-hour SLA.
5. Event Records that represents a false positive should be resolved with the Close Code
of Cancelled since no corrective action is required.
Intent of this service is to implement automated remediation actions in response to Events received from
Monitoring Tools
Event Resolution actions are performed through automatic, scripts that run on servers.
D.A, applies only to Midrange Designated Services, for which Customers and IBM identified, the list of
events that should be managed through automatic operations.
The agreed list of events subjects to D.A. is defined in Appendix Event Managed by DA and will be
reviewed by the parties, at least on an annual basis.
Traceability of actions is ensured leveraging on Incident and Change Records created and managed into
the Customer Service Management tool.
If the Automata fails in performing the Event Resolution actions, the Event and the related Incident record
is assigned automatically to a human resolver group that take the responsibility of the Solution Plan.
The Dynamic Automation adheres to the policies and guidelines defined in this document.
Process Relationship
Availability and system health are monitored by Event
Availability Management
Management
Monitoring of system capacity and performance provides data
Capacity Management
about system health and performance
Provides the status of Configuration Items (CIs) to formulate
Configuration Management
responses to events
Incident Management Handles Incidents exposed by the Event Management toolset
Continual Service Establishes, maintains and improves the process as well as the
Improvement related measurements and reports
Change Management Used to coordinate implementation of Changes to Solve Incidents
Problem Management Analyzes trends needing action
Provides security guidelines to Event Management for proper
Security Management
monitoring and recovery
Service Level Management Manages service expectations for the process
Revision
Number Revision Date Author or Reviser Nature of Change
AR.1.0 April 19 Elena Sigot Master Service Agreement Amended and
Restated (between FCA US LLC, FCA ITEM
and IBM) signature
AR 1.1 September,20 Elena Sigot MSA AR Amendment 2 Signature
Document Approvers
Document Signature
The Document has to be signed via Formal Correspondence
Master Customers Personnel: Contact the IBM Project Office for FCA ITEM, FCA US LLC
Printed copies are for reference only and are not controlled.
Glossary
If the Glossary item is from ITIL model, an “ITIL® V4 Glossary” label is included for copyright purpose.
Term Definition
Alert A warning that a threshold has been reached or something has been changed
(therefore, an event has occurred).
Change The addition, modification or removal of anything that could have an effect on IT
services. The scope may include IT services, Configuration Items, processes,
documentation and so forth. (ITIL® V4 Glossary)1
Change A formal proposal for a change to be made. An RFC includes details of the
Request proposed change and may be recorded on paper or electronically. The term
RFC is often misused to mean a change record, or the change itself.
Note: "Change request" and "request for change" are synonymous.
(ITIL® V4 Glossary)
Configuration A Component that needs to be managed in order to deliver an IT Service.
Item (CI) Information about each CI is recorded in a Configuration Record within the
Configuration Management System and is maintained throughout its Lifecycle by
Configuration Management. CIs are under the control of Change Management.
CIs may include IT Services, hardware, software, buildings, people and formal
documentation such as process documentation and SLAs. (ITIL® V4 Glossary)
Event A change of state which has significance for the management of a configuration
item or IT service. The term event is also used to mean an alert or notification
created by IT services, configuration item or monitoring tool. Events typically
require IT operations personnel to take actions and often lead to Incidents being
logged. (ITIL® V4 Glossary)
Event If an event is significant, a decision has to be made about exactly what the
Correlation significance is and what actions need to be taken to deal with it. It is here that
the meaning of the event is determined. (ITUP Glossary)
Event Detection Once an event notification has been generated, it may be detected by an agent
running on the same system or transmitted directly to a management tool
specifically designed to read and interpret the meaning of the event.
Event Filtering Decide whether to communicate the event to a management tool or to ignore it.
If ignored, the event is usually recorded in a log file on the device but no further
action is taken.
1
ITIL® is a Registered Trade Mark and a Registered Community Trade Mark of the Office of Government
Commerce and is Registered in the U.S. Patent and Trademark Office
Master version of document is stored in: Pag. 27 of 30
Amended and Restated Master Service Agreement Common Repository
ANY HARDCOPY VERSIONS OF THIS DOCUMENT ARE FOR REFERENCE ONLY IBM, Status: Clean Execution
FCA ITEM, FCA US LLC Confidential
Release AR.1.1 FCA Event Management Policies and Procedures Interfaces
Updated Date: 09/09/20 Process Interface Manual FCA ITEM, FCA US LLC
Term Definition
Exception Event A service or device is currently operating abnormally. Typically this means that
an OLA or SLA has been breached and the business has been impacted.
Exceptions could represent a total failure, impaired functionality or degraded
performance.
Incident An unplanned interruption to an IT service or a reduction in the Quality of an IT
service. Failure of a Configuration Item that has not yet impacted service is also
an Incident, for example, failure of one disk from a mirror set. (ITIL® V4
Glossary)
Incident Record A record containing the details of an Incident. Each Incident record documents
the lifecycle of a single Incident. (ITIL® V4 Glossary)
Informational An event that does not require follow up action and does not represent an
Event exception; typically stored in the system or service log files and kept for a
predetermined period.
Major Incident The highest category of impact for an Incident. A Major Incident results in
significant disruption to the business. (ITIL® V4 Glossary)
Local policy determines the criteria for declaring an Incident a Major Incident.
Operational An agreement between an IT service provider and another part of the same
Level organization. An OLA supports the IT service provider's delivery of IT services to
Agreement customers. The OLA defines the goods or services to be provided and the
(OLA) responsibilities of both parties. For example, there could be an OLA
▪ Between the IT service provider and a procurement department to obtain
hardware in agreed times
▪ Between the Service Desk and a support group to provide Incident resolution
in agreed times
(ITIL® V4 Glossary)
Disruption A Disruption event is defined as an unexpected operation event that either has
Events already impacted or has the potential to impact committed Service Level
Agreements or Objectives. Disruption events are normally associated with either
a Priority 0 or Priority 1 Incident as defined in the Incident / Major Incident
Management process.
Performance A measure of what is achieved or delivered by a system, person, team, process,
or IT service. (ITIL® V4 Glossary)
Problem A cause of one or more Incidents. The cause is not usually known at the time a
Problem Record is created and the Problem Management process is responsible
for further investigation. (ITIL® V4 Glossary)
Term Definition
Process A structured set of activities designed to accomplish a specific objective. A
process takes one or more defined inputs and turns them into defined outputs. A
process may include the roles, responsibilities, tools and management controls
required to reliably deliver the outputs. A process may define policies, standards,
guidelines, activities and work instructions if they are needed. (ITIL® V4
Glossary)
Process The foundation for management and continual improvement of the process,
Framework including the policies, procedures, organizational roles and responsibilities and
other information under which the process operates to meet its mission and
goals.
Policy and The Policy and Procedure Interface Manual (PPIM) describes the interfaces
Procedure between Customer and service provider, along with roles, responsibilities and
Interface Manual policies.
Response Response options may include:
Selection Event logged
Auto response
Open an RFC
Other
Service Level An agreement between an IT service provider and a customer. The SLA
Agreement describes the IT service, documents service level targets and specifies the
(SLA) responsibilities of the IT service provider and the customer. A single SLA may
cover multiple IT services or multiple customers. (ITIL® V4 Glossary)
Significance of Informational, Warning, or Exception.
Events
Trigger An indication that some action or response to an Event may be needed.
Underpinning A contract between an IT service provider and a third party. The third party
Contract (UC) provides goods or services that support delivery of an IT service to a customer.
The Underpinning Contract defines targets and responsibilities that are required
to meet agreed service level targets in an SLA. (ITIL® V4 Glossary)