Operations-Services
Operations-Services Domain
OS.1. Does the NCPeH have a documented Service (Level) Management Plan or similar including definition of functions, roles and responsibilities of the minimum required processes (i.e. Incident, Problem, Change, Configuration, and Service Level Management), and Support Organization?
Response
Yes. This functionality is documented in Annex OP 1 Service Operation Plan.
- Annex OP 1 Service Operation Plan, section 2 Service Operation and section 3 Service Operation Functions
- Annex OS 3 Third parties service agreements
- Annex OS 4 Contract signed with GNOMON
- Annex OS 5 Data Protection Agreement between UCY and MOH
- Annex OS 6 Data Protection Agreement between UCY and National Electronic Health Authority
- Annex OP 9 Service Desk Monitoring Tool
- Annex OP 12 NCPeH CY Change Management Plan, page 80
- Annex OP 7 Business Continuity Procedures NCPeH CY
Furthermore, during the maintenance procedure all SLAs will be updated providing business continuity of the cross boarder services.
Supporting Material
OS.2. Has the NCPeH acquired a tool for managing Incidents, Problems and Changes?
Response
Yes. The ΟpenSupports ticketing system open source software system is used for managing incidents, problems and changes as documented in:
- Annex OP 9 Service Desk Monitoring Tool
Moreover, Azure Devops is used for communication and collaboration of IT teams but also, for managing the technical issues.
- Annex OP 12 NCPeH CY Change Management Plan, page 80
Supporting Material
The NCPeH CY follows the guidelines provided by the eHDSI.
OS.3. If applicable and where a RegNCP exist, are the service management procedures (e.g. communication plan, incidents and problem management) between the NCPeH and RegNCP Service Desks arranged?
Response
There is no RegNCP. All incidents are managed centrally due to the size of the country.
OS.4. Has the NCPeH identified all necessary services and does it have in place Service Level Agreements with all its ICT Service Providers?
Response
There is an SLA agreement between MOH, UCY and NEHA. SHSO also agreed to provide the service. (Annex OP 6 NCPeH CY Supporting Documentation, page 130 of the pdf and Annex OS 2 Trilateral agreement between UCY NeHA and MOH) Also, there is an SLA agreement between UCY and GNOMON (subcontractor, see Annex OS 4). And there is an SLA between MOH and the 2 subcontractors that support the civil registry and the government gateway (see Annex OS 3 Third parties service agreements).
- Annex OS 2 Trilateral agreement between UCY, NEHA and MOH
- Annex OS 3 Third parties service agreements
- Annex OS 4 Contract signed with GNOMON
- Annex OS 5 Data Protection Agreement between UCY and MOH
- Annex OS 6 DPA NEHA and UCY
- Annex OP 6 NCPeH CY Supporting Documentation, page 130
Supporting Material
OS.5. How has the NCPeH organised the communication processes (e.g. incident, problem, performance, escalation) with the NCPeHs of the other Member States?
Response
We are going to follow the eHDSI guidelines and suggested best practices. This is organized via a single point of contact via email for the communication with other member states as documented in the eHDSI website: https://ec.europa.eu/cefdigital/wiki/display/EHOPERATIONS/eHealth+DSI+Operations+Home and https://ec.europa.eu/cefdigital/wiki/display/EHOPERATIONS/eHMSEG+Communities+Priorities%2C+New+Requirements+and+Future+Use+Cases (new space: https://webgate.ec.europa.eu/fpfis/wikis/pages/viewpage.action?pageId=888397414) Also, incurred incidents and problems are recorded via the service desk in the ΟpenSupports ticketing system.
- Annex OP 1 Service Operation Plan, section 2 Service Operation and section 3 Service Operation Functions
- Annex OP 9 Service Desk Monitoring Tool
- Annex OP 2 Operation and Organizational Structure
Moreover, Azure Devops is used for managing the technical issues.
- Annex OP 12 NCPeH CY Change Management Plan, page 80
T.21. Does the NCPeH manage under Operations and Service Management the Conformance Testing life-cycle activities?
Response
At the existing phase of the project, the Operations and Service Management cover the Conformance Testing activities carried out by UCY based on the CEF contract signed and the trilateral agreement. The conformance testing is carried out following the change management procedure. Moreover, it is noted that NEHA secured funding for the further deployment of generic cross border e-health services in Cyprus for the years 2022-2025 via the ‘Proposal for a Council Implementing Decision on the approval of the assessment of the recovery and resilience plan for Cyprus’ approved by the European Commission on 8/7/2021. UCY will continue offering its services after December 2021 based on an SLA to be signed with NEHA.
- Annex OP 1 Service Operation Plan, section 2.1 Change Management Procedures and section 3 Service Operation Functions
- Annex OS 2 Trilateral agreement between UCY NeHA and MOH
- Annex OP 6 NCPeH CY Supporting Documentation, see meeting minutes dated 25/10/2016, page 9, paragraph 4.
Moreover, Azure Devops is used for managing the technical issues.
- Annex OP 12 NCPeH CY Change Management Plan, page 67
T.22. Does the NCPeH place Conformance Testing results under change and configuration management?
Response
Conformance Testing results are followed up and addressed in change management. The ΟpenSupports ticketing system open source software system is used for managing changes.
- Annex OP 1 Service Operation Plan, section 2.1 Change Management Procedures and section 3 Service Operation Functions
- Annex OP 9 Service Desk Monitoring Tool
Moreover, Azure Devops is used for managing the technical issues.
- Annex OP 12 NCPeH CY Change Management Plan, page 67
Service Level Monitoring and Reporting provides meaningful data and a view of the service performance and anticipated increasing service demands
OS.6. Are the service levels monitored and reported against the service levels targets agreed in the SLAs, and do you have a mechanism to follow-up on non-compliance with the targets?
Response
NEHA follows a standard project management methodology followed in all governmental projects, see link: GUIDE TO BEST PRACTICES FOR THE CONTRACT AND EXECUTION OF PUBLIC CONTRACTS Public Procurement Directorate – Report on PROJECT MANAGEMENT - http://www.publicprocurementguides.treasury.gov.cy/OHS-GR/HTML/index.html – section 6 Implementation and Management, 6.6 Trader Monitoring & Collection Management and section 7 Project Management, 7.4.4 Development of Quality Plan.
- Annex OP 12 NCPeH CY Change Management Plan, page 80
O.11. Has the NCPeH implemented the measurements required by the eHDSI Monitoring Framework?
Response
Yes. The NCPeH system provides reporting functionality regarding the usage of the NCPeH services based on the eHDSI KPIs. More specifically:
- Annex TE 3 Monitoring and Reporting Tool, section 2.1 – supporting KPI-1
- Annex TE 3 Monitoring and Reporting Tool, section 2.2 – supporting KPI-3
- Annex OP 3 Zabbix Open-source monitoring tool, section 6.1.5 – supporting KPI-3.4
Note: KPI-3.1, KPI-3.2 and KPI-3.3 are supported by eHDSI. Cyprus is responsible to provide information only for KPI-3.4
KPI-1: Uptake Digital Services can support the realisation of the Digital Single Market only if deployment is accompanied by widespread use and coverage. These three implementation aspects – deployment, coverage and use – constitute the uptake of a particular DSI
KPI-3: Uptime Uptime measures the uptime of services hosted by the European Commission, in its datacentre or in the cloud. This includes services hosted by contractors for the European Commission.
KPI-1: Uptake
- KPI-1.1: Number of Countries with Operational NCPeH
- KPI-1.2: Number of transactions between Countries
- KPI-1.3: Number of ePrescriptions exchanged
- KPI-1.4: Number of eDispensations exchanged
- KPI-1.5: Number of Patient Summaries exchanged
KPI-3: Uptime
- KPI-3.1: Configuration Services uptime
- KPI-3.2: Terminology Services uptime
- KPI-3.3: Collaboration Services uptime
- KPI-3.4: NCPeH uptime per country
Incident Management
OS.8. Does the NCPeH have a documented incident management procedure in place keeping records of all reported incidents with at least the following details:
1) types of incidents 2) classification (urgency i.e timeframe and priority, impact level)? 3) updating 4) escalation 5) resolution 6) closure 7) transfer eventually to problem management 8) historical timeline
Response
Yes. The above incident related management and operations are documented in:
- Annex OP 1 Service Operation Plan, section 3.4 Incident and Problem Management
- Annex OP 9 Service Desk Monitoring Tool
- Annex OP 12 NCPeH CY Change Management Plan, page 67
Moreover, Azure Devops is used for managing the technical issues.
The definition of problems and incidents should be documented
OS.10. Does the NCPeH have a documented problem management procedure including:
1) recording? 2) classification (urgency i.e timeframe and priority, impact level)? 3) updating? 4) escalation? 5) resolution? 6) closure?
Response
Yes. The above problem related management and operations are handled in a similar way to incidents and are documented in:
- Annex OP 1 Service Operation Plan, section 3.4 Incident and Problem Management
- Annex OP 9 Service Desk Monitoring Tool
Moreover, Azure Devops is used for managing the technical issues.
- Annex OP 12 NCPeH CY Change Management Plan, page 67
OS.11. Are all changes to correct the underlying cause of incidents/problems managed via the change management process?
Response
Yes. The change processes to correct underlying cause of incidents/problems are handled via the change management process. An event flowchart documented in Annex OP 1 section 2 Service Operation was adopted for the operations of the NCPeH. For more details see:
- Annex OP 1 Service Operation Plan, see sections: 2 Service Operation, 3 Change Management Procedures and 3.4 Incident and Problem Management
- Annex OP 9 Service Desk Monitoring Tool
Moreover, Azure Devops is used for managing the technical issues.
- Annex OP 12 NCPeH CY Change Management Plan, page 67
Change Management aims to ensure that standardised methods and procedures are used for efficient handling of all changes in the technical setup, in the organizational setup or in practical matters in a Member State. Each Member State must have a documented process for implementing changes of technical, organizational and practical kinds. The change process must include proper planning and ensure that sufficient information has been disseminated to other Member States.
OS.12. Does the NCPeH have a documented Change Management Procedure in place covering at least the following aspects:
Response
Yes. The above Change Management Procedure and operations are documented in:
- Annex OP 1 Service Operation Plan, sections: 3 Change Management Procedure and 3.2 Emergency Changes Procedure
- Annex OP 9 Service Desk Monitoring Tool
- Annex OP 12 NCPeH CY Change Management Plan, page 22
Configuration Management holds controls and issues information on all configuration items (CI) and their constituent components necessary for installing and operating an IT system. It covers identification and recording of systems components with their versions, constituent components and relationships. Configuration items under the control of Configuration Management include hardware, software and all associated documentation (artefacts) and services.
OS.19. How does the NCPeH document how to identify and how to put under change management the configuration items that are necessary for the operations of the systems and services?
Response
Configuration Management is handled under the Event Management and Change Management as documented in:
- Annex OP 1 Service Operation Plan, sections: 3 Change Management Procedure and 3.3 Event Management
- Annex OP 12 NCPeH CY Change Management Plan, page 27 section 6 and page 30, section 7
Moreover, Azure Devops is used for managing the technical issues.
OS.21. Does the NCPeH have methods, procedures and/or techniques to:
Response
It is noted that the volume of operations regarding the NCPeH services is based on: (i) the number of local people requesting services, and (ii) the number of foreign visitors visiting a major hospital at the Famagusta district. It is noted that the numbers for the following years will not be changing substantially.
We have predicted in the service operation and management for the highest levels of demand and we do not expect this demand to increase more than that. Furthermore, we have included eHDSI services in the new tender for the Integrated Healthcare Information System IHCIS). After the implementation of the IHCIS project that is expected to be operational in 2023, the service will be fully integrated.
- Annex OP 2 Operation and Organizational Structure, section 8 Field and Scope of Service and section 13 Annex III: Training and implementation program, page 72
- Annex OP 12 NCPeH CY Change Management Plan, page 27 section 6 and page 30, section 7
Moreover, a service capacity monitoring and planning software is implemented. This is based on the open-source monitoring Zabbix tool, see:
- Annex OP 3 Zabbix Open-source monitoring Tool
Moreover, information security plan is used, see Annex IS 2 NCPeH CY Μελέτη Εκτίμησης Κινδύνων Ασφάλειας Πληροφοριών, sections D3-D5.
OS.23. Do you have a specific procedure to monitor (and notify when not available, or when availability is reduced) NCPeH technical gateway services availability?
Response
The NCPeH CY services have monitoring tools for monitoring and notifying for technical gateway availability. The tool monitors service availability as documented in:
- Annex OP 3 Zabbix Open-source monitoring Tool
Furthermore, the NCPeH hardware is covered by the MOH operations plan which supports 24/7. For information the agreement numbered Tender number 322/2015 is available upon request that is documented in:
- Annex OS 3 Third parties service agreements
Moreover, Grafana software is used for monitoring the procedures.
OS.24. Do you have a specific procedure to monitor (and notify when not available, or when availability is reduced) NCPeH technical gateway services availability?
Response
The NCPeH platform will be covered by the UCY/MOH Business Continuity team. See Annex OP 7 Business Continuity Procedures NCPeH CY:
- Annex OP 7 Business Continuity Procedures NCPeH CY
- Annex OP 12 NCPeH CY Change Management Plan
In case of disruptions there are procedures to recover back to normal operations. These procedures are descripted in:
- Annex TE 1 NCPeH CY Technical deliverable – Part B, Section B13
Also, Azure Devops is used for managing technical issues and Grafana software for monitoring the activities.