Central Exception and Service Provisioning (CESP) – Service desk

This exceptions process, intended for all Tech Mahindra/Subsidiary users

Objective

The following are the objectives of the centralized exception management program.

• To efficiently evaluate incoming exception or service requests and determine their validity based on predefined approval criteria.
• Align to the customer contractual agreements and security requirements.
• Assess potential risks associated with granting exceptions and make informed decisions that balance the urgency of the request with potential consequences.
• Institutionalize a centralized exception process governed by Information Security following risk principles.
• Align to the customer contractual agreements and security requirements & ensure that the requested exceptions align with the organization's policies, guidelines, and regulatory requirements.
• Comply to GDPR, Cybersecurity, Data protection and privacy regulatory requirements, ISO27K and ISO9K:2015 which are all Risk aligned standards
• Identify and Reduce risk exposure exceptions across the organization and business lines.
• Prevent from data loss, cyber incident impacts and reputation loss for TechM.
• Comprehensive Request Management: To provide a centralized platform for managing a wide range of service requests, including exceptions and standard service provisioning, to enhance efficiency and user experience.
• Streamline the approval process to minimize delays and ensure timely resolutions, while avoiding disruption to regular operations.
• Documentation: Maintain a comprehensive record of all exception requests, decisions, and justifications for future reference and audit purposes.
• Communication: Provide clear communication to requestors regarding the status of their exceptional requests, including approvals, rejections, or any additional steps required.

CESP- Service desk Request Types

• Services: Specific access that is given to specific user and not to all which is allowed by default as per band and role but not provisioned on system.
• Exception: Access requirement for individual associate and/or group of the associates which is not allowed as per customer contract, regulatory requirement, or company policy but requester/s want to avail/get provisioned this access on their system/s.
• Clearance house: Clearance House is an express approval process to ease out multiple levels of approval process for a user/project/Function.
  
  Clearance house process is divided into following.
  1. Creation of New Clearance House.
  2. Updation/Modification in Existing clearance house.
  3. Approvals via Existing clearance house -Express.
  
  
• Other Requests: If desired request category not found in service catalogue, requester can raise their request under “Other” category Which is the part of “Services” only.
• Cross-Domain Requests: new addition of Application/Platform/facility/service to the organization/Project/Business unit.

Services and Exceptions are further classified into:

A. Individual Approval: Requests of service/exception approval for single user. Note:- The approval process flow varies depending on the type of category. For a few categories, either ISG CESP approval or ISG Compliance Manager approval may be eliminated.
(Please refer ISG CESP service catalogue to see Category wise approval workflow.)

B. Clearance House (CH): Request raised for Clearance house creation & Modification.



C. For Express approval request raised under clearance house through “Approvals via clearance house (Express)” catalogue. Post the clearance house is created.


Note: - Approvals via clearance house (Express) - All the express approval requests will require approval from CESP agent only, all other approvals will be bypassed which means the ticket will directly route to the TIM team for provisioning. The approvals are done based on qualifier process at bottom of the page.