FCA PPIM AR.1.1 Event Management 2020 Clean Execution

Release AR.1.
1 FCA Event Management Policies and Procedures Interfaces

Updated Date: 09/09/20 Process Interface Manual FCA ITEM, FCA US LLC
IBM Strategic Outsourcing Delivery
Chapter 15 of PPIM
Event Management
Process Interface
FCA ITEM, FCA US LLC and IBM
Document Owner: Paola Martinelli
Owner : Alberto Vaira
Document Name: FCA PPIM Event Management
Document Release: AR.1.1
Master version of document is stored in: Pag. 1 of 30

Amended and Restated Master Service Agreement Common Repository
ANY HARDCOPY VERSIONS OF THIS DOCUMENT ARE FOR REFERENCE ONLY IBM, Status: Clean Execution
FCA ITEM, FCA US LLC Confidential
Release AR.1.1 FCA Event Management Policies and Procedures Interfaces
Last Modified on: September 9, 2020

Table of Contents
15.1 Introduction................................................................................................................................... 3
15.2 Event Management....................................................................................................................... 4
15.2.1 Document Structure............................................................................................................... 4
15.2.2 Description............................................................................................................................. 5
15.2.3 Scope..................................................................................................................................... 5
15.2.4 Event Management Interface Procedures..............................................................................7
15.2.4.1 Monitoring, Filtering, Correlating and Handling Events Interface.......................................7
15.2.5 Policies and Guidelines........................................................................................................ 12
15.2.5.1 Event Monitoring Management........................................................................................12
15.2.5.2 Special Month-End / Year-End Support...........................................................................13
15.2.5.3 Health Monitoring............................................................................................................. 13
15.2.5.4 Event Record Logging into the Customer Service Management Tool..............................14
15.2.5.5 Event Record Priority Definition.......................................................................................14
15.2.5.6 Incident generated by Event Handling rules.....................................................................15
15.2.5.7 Dynamic Automation (D.A.)..............................................................................................16
15.2.6 Related Processes............................................................................................................... 17
15.2.7 Document Control................................................................................................................ 18
Glossary................................................................................................................................................... 19

1 Introduction
The Event Management chapter of PPIM describes the related procedures and policies for the Customers
and IBM interactions.

2 Event Management
2.1 Document Structure

Figure 1 depicts the document structure for the Policies and Procedures Interface Manual (PPIM), for the
FCA ITEM and FCA US LLC outsourcing contract.

Process 1 TOC
Provides lists of
Introduction process interface
and Overview documents, reports,
appendixes and
Process 4
customer-specific
Change
Process annexes
Management
Interface
documents
Process n
Appendixes
Each process interface
document includes:
A generic process Annexes
description, roles and
responsibilities
Customer interface
information and C1 C2
policies to support B1 B2
customer interactions A1 A2
that are common to the FCA
two Master Customers ITEM FCA US
Annex documents specify customer-specific requirements (for example: Focal

Points, Critical Applications, linkage to customer-specific Operating
Procedures).
Figure 1. PPIM document structure

PPIM consists of two key document types:
 Process-specific interface documents that define roles and policies for consistent interactions
between IBM and the participating Customers in the FCA ITEM and FCA US LLC
Outsourcing Contract. Process interface documents contain procedures and policies that
are common to all two Master Customers.

 Annex documents, defining Customer-specific information, such as focal points, for use by
each process.
The Event Management chapter of the PPIM describes the procedures and policies for the Customer and
IBM interactions. The word “Customer” refers to FCA ITEM and FCA US LLC, which are the two
participating Customers in the outsourcing contract.
2.2 Description
Event Management is the process of exposing significant infrastructure, service, business process and
security events, and responding to those events. Event Management continuously monitors the
availability and health of IT hardware, software and network resources, identifying events by scanning the
monitoring data for alerts generated and logging, evaluating, responding to and reporting these events.
An Event is any detectable occurrence that has significance for the management of the in scope IT
Infrastructure /Delivery of IT service and allows an evaluation of the event impact.
Some events do not require a response or may be automatically recovered by the monitoring tool; events
deemed significant involve either a predefined response or the creation of an Incident in the Incident
Management process. Event Management is equivalent to Monitoring Services from the Amended and
Restated MSA contract.
FCA ITEM, FCA US LLC and IBM use the Customer Service Management Tool as Event Tracking Tool
(for the agreed events) As-is the Event management module of the Customer Management Tool is not in
use, consequently the workarounds for its use have to be defined in this document.
English language is the only language allowed within the Customer Service Management Tool due to the
international nature of the support; exceptions are only allowed for some Local Customers’ Contract or
specific regional requirement (like LATAM).
2.3 Scope
The scope of Event Management includes all services and components described in the Exhibit-1 of the
Amended and Rested MSA contract (MSA) and all the Local Service Agreements signed under the MSA
unless otherwise specified.
This scope includes but is not limited to the following:

 Mainframe Infrastructure and Systems Management
 Midrange Systems Management Designated Services

 Midrange Infrastructure On Demand Designated Services
 Midrange Infrastructure Full Box Optional New Services
 Platform Management
 Storage and Backup Designated Services
 Messaging Designated Services
 Data Center and Facilities (eg EMEA DCSA)
 Cloud Operation Services

2.4 Event Management Interface Procedures
2.4.1 Monitoring, Filtering, Correlating and Handling

Events Interface
Figure 1 depicts the Monitoring, Filtering, Correlating and Handling Events Interface flow and the
related interactions between the Customer and IBM personnel.

Figure 1. Flow diagram for the Monitoring, Filtering, Correlating and Handling Events Interface

Table 1 provides the summary for Customer and IBM interactions, consisting of key required actions,
interfacing roles, interaction methods, and the organization involvement for the Monitoring, Filtering,
Correlating and Handling Events Interface. The Organization Involvement column is used to specify the
organization involvement for the key required actions, (R=Responsible, I=Informed, C=Consulted,
S=Supportive).
Table 1. Interface summary for Monitoring, Filtering, Correlating and Handling Events Interface
Interface Key Required Interfacing Roles Method Organization

flow # Action
Involvement
Customer IBM Customer IBM
EM101 Confirm / Provide Event Event Meeting / R I, S

Events and Management Manager / Email
Thresholds for Focal Point Event
Customer Analyst
Applications
EM102 Event Event Meeting / R I, S
Provide Input on
Management Manager / Email
Event Filters and
Focal Point Event
Actions
Analyst
EM103 Event Event Meeting / I, S R

Perform Event
Management Analyst Email
Resolution
Focal Point
EM104 Event Event Customer I, S R

Warning Event
Management Analyst Service
with required
Focal Point Managemen
customer action
t Tool /
Email
EM105 Event Event Customer R I, S

Provide Customer
Management Analyst Service
output to complete
Focal Point Managemen
Event
t Tool/ Email
Table 2 outlines the step-by-step narrative for the Monitoring, Filtering, Correlating and Handling
Events Interface flow diagram.
Table 2. Narrative for the Monitoring, Filtering, Correlating and Handling Events Interface flow

Role Step Description

Customer 1 Confirm / Provide Events and Thresholds for Customer Applications
Review recommendations from IBM regarding the best practices for event
monitoring and suggested events and thresholds for applications owned or
managed by Customer. Provide input and concurrence.
In the Appendix Event List and Treatment the List of Events and agreed
Thresholds is shown.
IBM 2 Configure Event Monitors
For in scope services, define and configure event monitors using the
Global Systems Management Architecture Best Practices
(https://www.ibm.com/support/knowledgecenter/en/SSTFXA_6.2.0/com.ib
m.itm.doc/dm2itmmst35.htm)
(See 2.5.1 Event Monitoring Management and 2.5.3 Health Monitoring.)
IBM 3 Detect and Log Events
Scan operational monitoring data to identify a significant event that should
be logged and examined. Not all events should be logged and examined.
Record information as an event record for later determination of whether
the event is informational, a warning, or an exception event.
Use Event Management tools to handle event processing, notification and

logging.
(See 2.5.1 Event Monitoring Management.)
Customer 4 Provide Input on Event Filters and Actions
Customer and IBM may partner on which events to filter and which to take
automated action.
The Automated Management of the Event is defined in the policy Dynamic
Automation (D.A.).
In the Appendix Event List and Treatment is defined the List of the Event
and thresholds agreed and in the Appendix Event Managed by DA is
defined list subject to Dynamic Automation.
(See 15.2.5.7 Dynamic Automation (D.A.))


IBM 5 Filter and Classify Events
Address the filtering of duplicated or repeated Events into the Event
Management Tools (to prevent duplicated Record creation requests to the
Customer Service Management Tool). Example of duplicated/repeated
tickets: one servers fails due to lack of network access and keeps sending
the same notification of failure.
Scan operational monitoring data to identify significant events that require
logging and examination.
Determine the level of significance by prioritizing the event in the following

categories:
• Informational: this type of significance is purely for recording purpose. It
refers to an event that does not require any action and does not represent
an Exception. These events are mostly logged locally (System Console)
• Warning: is an event that is generated when a service or device is

approaching a threshold. Warnings are intended to notify the appropriate
person, team, process or tool so that the situation can be checked and the
appropriate recovery action taken to prevent an Exception.
• Exception/Disruption: means that a service or device is currently
operating ab-normally. This means that the Customers business is being
impacted. Exceptions represents a total failure, impaired functionality or
degraded performance. Exception events will always handle as an Incident
according to Incident Management policy.
Record Warning and Exception Events into the Customer Service

Management Tool.
(See 2.5.1 Event Monitoring Management, 15.2.5.4 Event Record

Logging into the Customer Service Management Tool and 15.2.5.5 Event
Record Priority Definition).
IBM 6 Correlate Related Events
Use Event Management tools to handle event correlation, enabling a Root
Cause event to take precedence over a symptomatic event.


IBM 7 Determination of the Event Action
 Analyse the Event and determine what action undertake: If
Informational, proceed to Handle Informational Event
 If Warning, proceed to Handle Warning Event
 If Exception/Disruption, proceed to Perform Event Resolution
IBM 8 Handle Warning Event
Analyze the warning event to determine what action is required.
• If action is not required, proceed to Complete Event, close the Incident
record in Customer Service Management tool with Resolution ‘No
corrective action taken’ and use the Incident record as input source for
further trend analysis.
• If action is required open a Service Request or a Change Request from
the Incident Record in the Customer Service Management tool. Proceed to
Perform Event Resolution.
• If action is required and belongs to the Customer responsibility (e.g.
restore electrical system or WAN Connection in remote customer
location) to request to the Customer Focal Point to perform the
correct action and set the Incident Record in the Customer Service
Management Tool in the Pending status until the Customer remove
the cause. Close the Incident Record in the Customer Service
Management Tool with Resolution ‘Instruction provided’.
IBM 9 Handle Informational Event
Use the Event Management tools to handle informational events.
Information events are typically stored or suppressed rather than being
displayed, as they clutter an Event Management subsystem and have no
real value.
Proceed to Complete Event.
Customer 10 Support Event Resolution if Required
If required, the Customer may need to support event resolution by
coordinating with IBM.


IBM 11 Perform Event Resolution
Discern between a Warning and an Exception/Disruption Event.
For a Warning Event handle the Service Request or the Change Request
in the Customer Service Management tool, following the related process,
until the end. Then proceed to Complete the Event.
For an Exception/Disruption Event proceed with the Incident Management.
IBM 12 Invoke Incident Management

Incidents are handled in accordance with the Incident Management
Process. A responsibility of the Incident Analyst is to validate the correct
prioritization and classification of the Incident before providing initial
support following the Alert Incident Handling rules.
During an ‘exception’ event, the Incident Record, opened in the Customer
Service Management Tool, must be manage following the Incident
Management Process and applying the Alert Incident handling rule.
Maintain updated the Incident Record during the entire life cycle of the
Event. Proceed to Complete Event.
(See15.2.5.6 Incident generated by Event Handling rules).
Customer 13 Perform Actions as needed
The Customer Focal Point performs the correct actions as needed to
Complete the Event.
The Incident Record in the Customer Service Management Tool remains in
the Pending status or is assigned to the Customer Resolver Group until the
Customer removes the cause.


IBM 14 Complete Event
Discern the Event categories:
 Information Event: the information is stored or suppressed so no
further actions are needed.
 Warning Event: check that all the information requested by the
Service Request Management Process or the Change
Management Process has been properly documented in the
Customer Service Management Tool and then set the Incident
Record in Resolved with the correct Solution status.
 Exception/Disruption Event: check that all the information
requested by Incident Management Process has been properly
documented in the Customer Service Management Tool and then
set the Incident Record in Resolved with the correct Solution
status.
IBM 15 Need Problem Management?

Is Problem Management needed for further analysis, such as trends
needing action?
 If Yes, proceed to Problem Management.
 If No, the Event Management flow ends.
IBM 16 Invoke Problem Management

Invoke Problem Management process.

2.5 Policies and Guidelines

Table 3 provides the list of policies that are used for IBM and Customer interactions throughout the Event
Management process.
Table 3. Policies for interactions throughout the Event Management Process
Policy # Section # Description

1 2.5.1 Event Monitoring Management
2 15.2.5.2 Special Month-End / Year-End Support
3 15.2.5.3 Health Monitoring
4 15.2.5.4 Event Record Logging into the Customer Service
Management Tool
5 15.2.5.5 Event Record Priority Definition
6 15.2.5.6 Incident generated by Event Handling rules
7 15.2.5.7 Dynamic Automation (D.A.)
2.5.1 Event Monitoring Management

Event monitoring is setup and maintained by use of the work instructions, supporting several processes.
Establishing ongoing modifications of fault tolerance and security thresholds for system and applications
is the responsibility of the service delivery analysts.
Table 4. Event Monitoring Management
Activity Description Process / Team

Provide Includes: For new application / hardware /
Event  Events to be ignored software:
Monitoring  Solution Services
Rules  Event category based on
significance (such as For existing application / hardware /
Informational, Warning, software, it includes but is not limited to:
Alert)  Capacity Management (thresholds)
 Event meaning  Database Administration Team
 Appropriate Response  Network Operations Team
 System Support Team

Activity Description Process / Team

Communicat Communicate rules to: For rules, as applicable:
e Event  Monitoring tool support team  Change Management / Service
Monitoring Request Management (Change
Rules  Tool integration team Record or Service Request Record)
Maintain Implement / maintain rules: For monitoring tool, as appropriate:

Event  In monitoring tools  Network Operations Team
Monitoring
Mechanisms  In integration tools  System Support Team
Use Event Use rules to filter, categorize, For rules:

Monitoring correlate and respond to  Event Management
Rules Events:
 By monitoring tools  Incident Management
(automated within tools)
 By support teams (for

Incidents created by tools)
Close and Use rules to close and review For Events needing action (Incidents):
Review Event the Event:  Incident Management (for review and
 Check if Event has been closure)
handled and may be closed
 Problem Management (for analysis of
 Analyze Events to identify trends needing action)
trends which suggest
corrective action is needed
2.5.2 Special Month-End / Year-End Support

The agreed IBM Event Management service is provided at all times. Section 7.2.2, Exhibit 1B states that
IBM supports maximum attention requirements for special month-end / year-end periods for iSeries
monitoring. Specifically, the customer can inform IBM in advance to adjust the iSeries monitoring support
during these special periods. The Customer should request and approve monitoring support changes
through Request Fulfillment. The Customer should submit the requests to IBM as soon as the Customer
has knowledge of the special event to allow for timely collaboration between IBM and the Customer.

2.5.3 Health Monitoring

Section 2.3, Exhibit 1A and Section 1.3, Exhibit 1B state that for the mainframe and midrange, IBM
provides CPU, memory, paging, HBA throughput, and NIC throughput alerting for performance issues in
addition to any other mutually agreed upon alerts.
Additionally, Section 2.5, Exhibit 1C states that IBM monitors the health of the environment (early
detection of Incidents) using automated methods. Monitoring includes, but is not limited to:
 Application collection status
 Disk IO errors
 Error log updates
 Disk / log space utilization
 File group space utilization
 CPU utilization
 Network health
 Application Availability (URL monitoring performed through activities such as HTTP check
and HTTP)
 Application, component, and stack monitoring
 Application transaction response time for existing implementations, or, as a New Service, for
applications that do not have an existing implementation
 Instance status
 Listener status (process status)
 Transactions running over a threshold
 Other performance monitors such as heap usage, thread lock wait
 Verification that instances are up
 Monitoring for new alert log entries
 File system monitoring
 Configuration synchronization in cluster environment
 Fail Over activities
 Success of backups

2.5.4 Event Record Logging into the Customer Service

Management Tool
This policy specifies the information to be recorded in an Event Record into the Customer Service
Management tool in order to document what has been done to restore a contracted service.
Event record life cycle starts with the initial logging of the event details through to when the Event Ticket
is closed.
All Event Tickets must be fully logged and date/time stamped, and frequently updated so that a full
historical record is maintained
As workaround, currently an Event is recorded into the Customer Service Management tool as an Incident
record.
The majority of the Event records are automatically generated into the Customer Service Management
tool by the Customers or Supplier Monitoring System (e.g. Netcool).
2.5.5 Event Record Priority Definition

When an Incident Record is generated into the Customer Service Management Tool from an Event, the
related priority is determined based on the Event category and the related severity.
The below table maps the Netcool Event Severity and the Incident Priority generated into the Customer
Service Management Tool for production environment.
For the development and test environment, the Incident Priority is one level lower than the production
environment.
Table 5. Event Record Priority
Event categories Netcool Event Incident

Severity Record
Priority
Exception/Disruption FATAL 1
CRITICAL 2

MINOR 3
Warning WARNING 3
2.5.6 Incident generated by Event Handling rules
Incidents created by Monitoring system are handled in accordance with the Incident Management
Process.
The first responsibility of the Incident Analyst is to validate the correct prioritization and classification of
the Incident before providing initial support following the Alert Incident Handling rules.
In general, Incident Priority can be reduced with the agreement of the Requester if it has been determined
that the original business Impact was overestimated. (Exhibit 1E, Section 3.4 of the Agreement states that
"Priority Level designation may be changed upon Customer approval.") In case where monitoring leads to
Incident Record Creation, there is no Customer Requester/Incident Submitter.
For the above reason, the Customers and IBM agreed that If the Monitoring tools has not assigned the
correct Priority to an Incident, the Incident Analyst of the Assignment Group that manages the Incident
can modify the Priority in accordance with following policies.
1. If initial investigation determines that a P1 Incident created by Monitoring system has no

effect on business processes, and there has been no failure of a Configuration Item that may
disrupt IT services, then the Incident record should be Resolved with Close Code = Cancelled.
Note: this scenario applies when a P1 Incident is received by IBM for a Host Down/Server Node
Unreachable condition that is determined upon initial investigation to be a false alert.
2. If initial investigation determines that a P1 Incident created by monitoring Tools has no

current effect on business processes, but either preventive action is required or a Configuration
Item requires remediation, the Incident Priority should be downgraded consistently with the
relative Urgency of the situation and the Incident should be worked to Resolution accordingly.
Note: The assigned Priority of an Incident Record can and should be downgraded only when the
Incident has an effect on business processes that is less than the Impact Level associated with
the existing Priority; or a Configuration Item requires remediation within the durations
corresponding to the Service Levels for Time to Restore P2 and P3 Incidents.

There are other conditions that drive the definition of the Priority that may not be correctly
managed during the Incident record creation for that reason the Customers and IBM established
the following guidelines:
3. If there is no current effect on business processes, but a Configuration Item requires

remediation, the Impact would generally be assessed as Low. However, all Incidents with Low
Impact are assigned Low Priority (P3). The Incident Analyst must consider Urgency (the extent to
which the Incident's resolution can bear delay). If the circumstances involved in the Event that
triggered the Incident requires remediation within 24 hours, the Impact and Urgency should be
marked as Medium and result in a Medium Priority (P2) classification. If the circumstances
involved in the Event that triggered the Incident require remediation within four business days but
not less than 24 hours, the Impact and Urgency should be marked as Low resulting in a Low
Priority (P3) classification.
4. Another likely scenario involves high availability systems with built-in redundancy
designed to eliminate single points of failure is affected. Such a system has redundant
components that can fail over without affecting the delivery of service. However, once a CI has
failed the inherent redundancy is gone and a repair/replacement is required to prevent another
failure from affecting availability of the service. In this case, it would be appropriate to downgrade
the Incident from P1 to P2 and work to fix the failure within the 24-hour SLA.
5. Event Records that represents a false positive should be resolved with the Close Code
of Cancelled since no corrective action is required.
2.5.7 Dynamic Automation (D.A.)

Dynamic Automation has the aim to reduce the Event Management Solution time, improve quality of
service and maximize benefits for Customers and IBM through the introduction of automation in service
operations.
Intent of this service is to implement automated remediation actions in response to Events received from
Monitoring Tools
Event Resolution actions are performed through automatic, scripts that run on servers.
D.A, applies only to Midrange Designated Services, for which Customers and IBM identified, the list of
events that should be managed through automatic operations.
The agreed list of events subjects to D.A. is defined in Appendix Event Managed by DA and will be
reviewed by the parties, at least on an annual basis.
Traceability of actions is ensured leveraging on Incident and Change Records created and managed into
the Customer Service Management tool.

If the Automata fails in performing the Event Resolution actions, the Event and the related Incident record
is assigned automatically to a human resolver group that take the responsibility of the Solution Plan.
The Dynamic Automation adheres to the policies and guidelines defined in this document.

2.6 Related Processes

Table 5 identifies the process interfaces of the Event Management process.
Table 5. Process Interfaces for the Event Management process
Process Relationship
Availability and system health are monitored by Event
Availability Management
Management
Monitoring of system capacity and performance provides data
Capacity Management
about system health and performance
Provides the status of Configuration Items (CIs) to formulate
Configuration Management
responses to events
Incident Management Handles Incidents exposed by the Event Management toolset
Continual Service Establishes, maintains and improves the process as well as the
Improvement related measurements and reports
Change Management Used to coordinate implementation of Changes to Solve Incidents
Problem Management Analyzes trends needing action
Provides security guidelines to Event Management for proper
Security Management
monitoring and recovery
Service Level Management Manages service expectations for the process

2.7 Document Control

Summary of Changes
Table 7. Summary of Changes
Revision
Number Revision Date Author or Reviser Nature of Change
AR.1.0 April 19 Elena Sigot Master Service Agreement Amended and
Restated (between FCA US LLC, FCA ITEM
and IBM) signature
AR 1.1 September,20 Elena Sigot MSA AR Amendment 2 Signature
Document Approvers
Table 8. Document Approvers
Rev # Review Approval

Review by Approved by
Date Date
AR.1.0 April,19 FCA ITEM PPIM May,19 Alberto Vaira (IBM Global DPE)
Focal Point: Giorgio Cagliera (Contract Manager FCA
Cristina Ulivi, FCA ITEM)
US PPIM Focal
Sandra Betanzos (Contract Manager FCA US
Point: Jeffrey
LLC)
Polcyn
AR 1.1 October,20 FCA ITEM PPIM October,20 Alberto Vaira (IBM Global DPE)
Focal Point: Silvia Giorgio Cagliera (Contract Manager FCA
Caffaratti, FCA US ITEM)
PPIM Focal Point:
Sandra Betanzos (Contract Manager FCA US
Holli Olejarczyk
LLC)
Document Signature
The Document has to be signed via Formal Correspondence
Document Review Plans

Necessary reviews and updates to this document are defined below:
 Following a regularly scheduled review for the PPIM
 As required to correct or enhance information content

How to Find the Latest Revision of this Document

The latest revision of this document may be obtained as follows:
 Amended and Restated Master Service Agreement Common Repository
 Master Customers Personnel: Contact the IBM Project Office for FCA ITEM, FCA US LLC
Document Distribution and Notification:

 The original signed controlled copy is maintained by the IBM regulatory services organization.
 Printed copies are for reference only and are not controlled.
 Obtain and use only the current, approved document.
End of Event Management

Glossary
If the Glossary item is from ITIL model, an “ITIL® V4 Glossary” label is included for copyright purpose.
Term Definition
Alert A warning that a threshold has been reached or something has been changed
(therefore, an event has occurred).
Change The addition, modification or removal of anything that could have an effect on IT
services. The scope may include IT services, Configuration Items, processes,
documentation and so forth. (ITIL® V4 Glossary)1
Change A formal proposal for a change to be made. An RFC includes details of the
Request proposed change and may be recorded on paper or electronically. The term
RFC is often misused to mean a change record, or the change itself.
Note: "Change request" and "request for change" are synonymous.
(ITIL® V4 Glossary)
Configuration A Component that needs to be managed in order to deliver an IT Service.
Item (CI) Information about each CI is recorded in a Configuration Record within the
Configuration Management System and is maintained throughout its Lifecycle by
Configuration Management. CIs are under the control of Change Management.
CIs may include IT Services, hardware, software, buildings, people and formal
documentation such as process documentation and SLAs. (ITIL® V4 Glossary)
Event A change of state which has significance for the management of a configuration
item or IT service. The term event is also used to mean an alert or notification
created by IT services, configuration item or monitoring tool. Events typically
require IT operations personnel to take actions and often lead to Incidents being
logged. (ITIL® V4 Glossary)
Event If an event is significant, a decision has to be made about exactly what the
Correlation significance is and what actions need to be taken to deal with it. It is here that
the meaning of the event is determined. (ITUP Glossary)
Event Detection Once an event notification has been generated, it may be detected by an agent
running on the same system or transmitted directly to a management tool
specifically designed to read and interpret the meaning of the event.
Event Filtering Decide whether to communicate the event to a management tool or to ignore it.
If ignored, the event is usually recorded in a log file on the device but no further
action is taken.
1
ITIL® is a Registered Trade Mark and a Registered Community Trade Mark of the Office of Government
Commerce and is Registered in the U.S. Patent and Trademark Office
Term Definition
Exception Event A service or device is currently operating abnormally. Typically this means that
an OLA or SLA has been breached and the business has been impacted.
Exceptions could represent a total failure, impaired functionality or degraded
performance.
Incident An unplanned interruption to an IT service or a reduction in the Quality of an IT
service. Failure of a Configuration Item that has not yet impacted service is also
an Incident, for example, failure of one disk from a mirror set. (ITIL® V4
Glossary)
Incident Record A record containing the details of an Incident. Each Incident record documents
the lifecycle of a single Incident. (ITIL® V4 Glossary)
Informational An event that does not require follow up action and does not represent an
Event exception; typically stored in the system or service log files and kept for a
predetermined period.
Major Incident The highest category of impact for an Incident. A Major Incident results in
significant disruption to the business. (ITIL® V4 Glossary)
Local policy determines the criteria for declaring an Incident a Major Incident.
Operational An agreement between an IT service provider and another part of the same
Level organization. An OLA supports the IT service provider's delivery of IT services to
Agreement customers. The OLA defines the goods or services to be provided and the
(OLA) responsibilities of both parties. For example, there could be an OLA
▪ Between the IT service provider and a procurement department to obtain
hardware in agreed times
▪ Between the Service Desk and a support group to provide Incident resolution
in agreed times
(ITIL® V4 Glossary)
Disruption A Disruption event is defined as an unexpected operation event that either has
Events already impacted or has the potential to impact committed Service Level
Agreements or Objectives. Disruption events are normally associated with either
a Priority 0 or Priority 1 Incident as defined in the Incident / Major Incident
Management process.
Performance A measure of what is achieved or delivered by a system, person, team, process,
or IT service. (ITIL® V4 Glossary)
Problem A cause of one or more Incidents. The cause is not usually known at the time a
Problem Record is created and the Problem Management process is responsible
for further investigation. (ITIL® V4 Glossary)

Term Definition
Process A structured set of activities designed to accomplish a specific objective. A
process takes one or more defined inputs and turns them into defined outputs. A
process may include the roles, responsibilities, tools and management controls
required to reliably deliver the outputs. A process may define policies, standards,
guidelines, activities and work instructions if they are needed. (ITIL® V4
Glossary)
Process The foundation for management and continual improvement of the process,
Framework including the policies, procedures, organizational roles and responsibilities and
other information under which the process operates to meet its mission and
goals.
Policy and The Policy and Procedure Interface Manual (PPIM) describes the interfaces
Procedure between Customer and service provider, along with roles, responsibilities and
Interface Manual policies.
Response Response options may include:
Selection  Event logged
 Auto response
 Alert and human intervention
 Incident, Problem or Change?
 Open an RFC
 Open an Incident Record
 Open or link to a Problem Record
 Other
Service Level An agreement between an IT service provider and a customer. The SLA
Agreement describes the IT service, documents service level targets and specifies the
(SLA) responsibilities of the IT service provider and the customer. A single SLA may
cover multiple IT services or multiple customers. (ITIL® V4 Glossary)
Significance of Informational, Warning, or Exception.
Events
Trigger An indication that some action or response to an Event may be needed.
Underpinning A contract between an IT service provider and a third party. The third party
Contract (UC) provides goods or services that support delivery of an IT service to a customer.
The Underpinning Contract defines targets and responsibilities that are required
to meet agreed service level targets in an SLA. (ITIL® V4 Glossary)



FCA PPIM AR.1.1 Event Management 2020 Clean Execution

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

FCA PPIM AR.1.1 Event Management 2020 Clean Execution

Uploaded by

Copyright:

Available Formats

Release AR.1.

1 FCA Event Management Policies and Procedures Interfaces

IBM Strategic Outsourcing Delivery

Document Owner: Paola Martinelli

Owner : Alberto Vaira

Document Name: FCA PPIM Event Management

Document Release: AR.1.1

Master version of document is stored in: Pag. 1 of 30

Last Modified on: September 9, 2020

Master version of document is stored in: Pag. 2 of 30

15.2 Event Management....................................................................................................................... 4

15.2.1 Document Structure............................................................................................................... 4

15.2.4 Event Management Interface Procedures..............................................................................7

15.2.4.1 Monitoring, Filtering, Correlating and Handling Events Interface.......................................7

15.2.5 Policies and Guidelines........................................................................................................ 12

15.2.5.1 Event Monitoring Management........................................................................................12

15.2.5.2 Special Month-End / Year-End Support...........................................................................13

15.2.5.3 Health Monitoring............................................................................................................. 13

15.2.5.5 Event Record Priority Definition.......................................................................................14

15.2.5.6 Incident generated by Event Handling rules.....................................................................15

15.2.5.7 Dynamic Automation (D.A.)..............................................................................................16

15.2.6 Related Processes............................................................................................................... 17

15.2.7 Document Control................................................................................................................ 18

Master version of document is stored in: Pag. 3 of 30

Master version of document is stored in: Pag. 4 of 30

2.1 Document Structure

Master version of document is stored in: Pag. 5 of 30

Annex documents specify customer-specific requirements (for example: Focal

Figure 1. PPIM document structure

Master version of document is stored in: Pag. 6 of 30

This scope includes but is not limited to the following:

 Midrange Systems Management Designated Services

Master version of document is stored in: Pag. 7 of 30

 Midrange Infrastructure On Demand Designated Services

 Midrange Infrastructure Full Box Optional New Services

 Storage and Backup Designated Services

 Messaging Designated Services

 Data Center and Facilities (eg EMEA DCSA)

 Cloud Operation Services

Master version of document is stored in: Pag. 8 of 30

2.4 Event Management Interface Procedures

2.4.1 Monitoring, Filtering, Correlating and Handling

Master version of document is stored in: Pag. 9 of 30

Master version of document is stored in: Pag. 10 of 30

Interface Key Required Interfacing Roles Method Organization

Customer IBM Customer IBM

EM101 Confirm / Provide Event Event Meeting / R I, S

EM103 Event Event Meeting / I, S R

EM104 Event Event Customer I, S R

EM105 Event Event Customer R I, S

Master version of document is stored in: Pag. 11 of 30

Role Step Description

Use Event Management tools to handle event processing, notification and

Master version of document is stored in: Pag. 12 of 30

Role Step Description

Determine the level of significance by prioritizing the event in the following

• Warning: is an event that is generated when a service or device is

Record Warning and Exception Events into the Customer Service

(See 2.5.1 Event Monitoring Management, 15.2.5.4 Event Record

Master version of document is stored in: Pag. 13 of 30

Role Step Description

Master version of document is stored in: Pag. 14 of 30

Role Step Description

IBM 12 Invoke Incident Management