Sector: Service provider

The customer: The Langenfeld-based AGES Maut System GmbH & Co. KG is responsible for the collection of road tolls all over Europe together with the supporting customer administration and operation of sales outlets.

Summary:

AGES has been managing its IT documentation with i-doit for the past 6 years and is moving towards a complete IT service management solution. Through the well-structured use of i-doit, the company was able to attain the ISO/IEC 27001 certification easily.

The story: Perfect management of information security

Certificates such as ISO 27001 are important and necessary to have, but they also create a lot of work. With the IT being highly unstructured and poorly documented in many workplaces, many companies find the preparation very challenging prior to certification. However, AGES have had a different experience. „We had been using IT-documentation systems for a long time, so the certification was easy for us,“ says AGES IT manager Heinz Maier, reflecting back on their recent security check. „Our documentation and mapping procedures were already well-organised and efficient so we did not have to make any changes during the certification process.“The main application of IT documentation at AGES, is the open source tool, i-doit, provided by synetics, a supplier of adaptive network solutions based in Dusseldorf, Germany. The modular structure in particular and the integrated working method of the software, is rated positively by Thomas Mensch, IT-expert at AGES, „Our main objective for our ITSM was to build a central documentation system, including an emergency plan. We achieved that successfully with i-doit and we are able to expand the solution with further projects when required. All servers, PC, peripherals, networks and applications are connected logically in the software. Now I´m able to recognize immediately, which services are affected when a device failure occurs. This allows much quicker repair of the damage.“ Such a framework, therefore, proved to be a highly effective way to achieve a certified information security system. ISO 27001 is now an internationally recogised standard. The standard, BSI, also exists, however this has a major drawback in that it is not internationally recgnised. According to Maier, although many companies operating through the European Union hold the national BSI standard, they lack any international accreditation. AGES are pleased to hold both: the BSI Baseline Protection and the ISO 27001 was also awarded by the Frankfurt DQS (German Association for Certification of Management Systems). Maier: "Under our current certification until the end of 2012, we not only have the certification of our own IT operations, but also a global quality certification of all IT that AGES is responsible for. There are also outsourced services, such as SAP or network operation, essentially, the secure debit card payments on HP Integrity NonStop servers. "The most important requirement for BSI and DQS is documentation. I-doit supports AGES with this in several ways: it provides the appropriate documentation of the operating checklists. In addition, all information in the data centre are stored in i-doit. Therefore, if there is a problem with a server or a PC, it is clear with which firm the device is mantained and what the maintenance number is. Furthermore, all configuration information is stored, including the hotline number, the service cycle and the agreed response times.Another aspect of the certification and therefore of the quality assurance process at AGES, is the functional extension of i-doit as a ticketing tool. Through this, each call to the hotline is documented. In addition, the tool can be used for specialist orders, including escalation and internal SLAs (Service Level Agreements). For Maier, what interests him is, „I can also get information about KPIs (Key Performance Indicators) from our hotline and it can provide evidence concerning our troubleshooting-ability and how this can be improved.“In addition, there is also the integration between i-doit and the free network management, Nagios. With this tool, AGES monitors its entire Data Center (DC) Operation and Nagios already partially produces automatic error messages inside the ticketing tool. Currently, the Langenfeld-based toll collectors ticketing is only used for the User-Helpdesk. Besides, currently there is a requirement through the ISO 27001, to set up a separate ticket tool for the DC-Operation, so that an extra circuit for maintenance and trouble shooting has been realized in the DC-Operation. This too has been built by the AGES ITSM-specialists. Through the project, Heinz Maier has become a supporter of Open Source. „We decided on a totally open and not proprietary system because we count on creative people both internally and externally.“ According to Maier, open solutions naturally result in service costs. But these are considerably stronger application- and project-specific based, and not subjected to sales pressure of proprietary vendors. „For us, it is important to focus on high practice-, not the sales-expertise of a partner,“ says Maier. Additional criterion for open solutions is in the words of Mensch, that adjustments with free tools are clearly cheaper and, above all, quicker to get. Open Source usage creates project teams that can operate without similar authority structures and are able to implement new requirements immediately.Do you want to contact the user? No problem. Please let us know your questions. We will put you in contact with AGES shortly.

Published in July 2010

Author: Konrad Buck

Background: The ITIL®-compliant open source solution for IT documentation, i-doit, has been on the market since late 2004. In the meantime the product has established itself in many companies. Since 2009 synetics positions i doit as base product for "Smart ITSM". For this purpose there are interfaces solutions in the areas of network monitoring (Nagios ®), the helpdesk system Request Tracker (RT), various inventory tools (hInventory, OCS), or by syslog to the logging functions.

Contact: Joachim Winkler
Mobile: +49-172-2317344
Office: +49-211-699310
Mail: jwinkler@synetics.de