Operational Controls & Standards
Unlock the complete study guide + 1,040 practice questions across 16 full exams.
Bundled into the existing Certified Cloud Security Professional premium course — no separate purchase.
Included in this chapter:
- ISO/IEC 20000-1 and ITIL: the standard and the practice
- Incident vs problem management: restore now, fix the cause later
- Change, release, and deployment: authorize, build, install
- Configuration management: the CMDB other processes depend on
- Service-level, availability, capacity, and continuity, plus CSI
ITIL/ISO 20000-1 processes: what each one owns
| Process | Trigger | Primary goal | Owns / produces |
|---|---|---|---|
| Incident management | Service is degraded or down | Restore normal service fast | Workaround, restored service |
| Problem management | Recurring or high-impact incidents | Find and remove root cause | Root-cause analysis, known-error record |
| Change management | A modification is requested | Authorize and schedule safely | CAB approval, change record |
| Release management | An approved change | Build and test a deployable package | Tested release package |
| Deployment management | A built release | Install into live environment | Live, running components |
| Configuration management | Any CI is added or altered | Keep an accurate record of CIs | CMDB, CI relationships |
| Service level management | A service is offered or reviewed | Agree and track service quality | SLA, service reviews |
| Capacity management | Demand forecast or SLA review | Match resource to demand cost-effectively | Capacity plan |
| Availability management | Uptime target is set | Meet the agreed availability | Availability plan |
| Continuity management | Disruption-risk planning | Recover the service after disruption | Continuity plan |
Decision tree
Cheat sheet
Unlock with Premium — includes all practice exams and the complete study guide.
Also tested in
References
- ISO/IEC 20000-1:2018 — Service management — Part 1: Service management system requirements Whitepaper
- ISO/IEC 27001:2022 — Information security management systems Whitepaper
- Cloud Security Alliance — Security Guidance for Critical Areas of Focus in Cloud Computing (shared responsibility, incident response, security monitoring) Whitepaper
- What is continuous delivery? — Azure DevOps (CI/CD pipeline, progressive rollout, blue-green/canary)