cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Improving (ISC)² Service Levels

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Improving (ISC)² Service Levels

Re: Improving (ISC)² Service Levels

david-shearer
ISC2 Former Staff

I would like to apologize to everyone experiencing service delays in recent weeks. I am committed – along with the entire senior leadership team and all our staff – to restoring service and response times back to acceptable levels. I know this has been frustrating for some members of the Community, and I appreciate your patience.

 

To help clarify our current situation, let me provide some insight into what has transpired over the last few weeks.

 

On June 30, 2019, we completed our AMF policy transition. While we are happy that more than 92% of our members and associates transitioned to our new AMF structure by deadline, we are working through a backlog of members and associates who wish to be reinstated. While we did not anticipate that the entire membership would transition by deadline, our staff levels and processes to support reinstatement requests were not adequate. We are adding staff as quickly as possible, with 15 new support representatives already on the team, and developers working hard to streamline the process and the time it takes us to reinstate members and associates.  

 

Additionally, finalizing the AMF transition enabled us to complete the last piece of a major, ongoing data migration to our new association management system. While these migrations have been progressing in stages and have been tested over the last several months, we transitioned fully to our new system on July 5, 2019. While most members, associates and candidates are able to interact with (ISC)² as expected, issues have been identified, and they are quickly being addressed by our team. However, this is also understandably causing a rise in call and email volume to our support teams.

 

This call volume – from both members and associates looking to reinstate, as well as members in good standing with issues resulting from the data migration – has negatively impacted our ability to support our membership on a day-to-day basis. I have my staff focused on eliminating the backlog while also looking at our entire association member touch capacity, capabilities, SLAs, etc. I also know that many of you continue to experience issues in other areas such as the CPE portal and delays in endorsement times. I have directed the team to resolve these issues as quickly as possible but in a responsible manner that ensures we deliver the right solution and a long-term fix to the issues you’re experiencing.

 

You have my personal commitment and reassurance that the entire senior leadership team at (ISC)² is aware of these issues and working diligently to solve them. We will regain your confidence. We will be more transparent about issues and resolutions. We will deliver value and service that makes you proud to be a member of (ISC)².

 

Thank you for your membership, all your support and for your continued patience.

 

David Shearer

CEO, (ISC)²

19 Comments
rslade
Influencer II

> david-shearer ((ISC)² Team) posted a new article in (ISC)² Updates on

>   On
> June 30, 2019, we completed our AMF policy transition.

No experiment is ever a total waste. It can always be used as a bad example.
(When you are responsible for a membership who are, themselves, responsible for
teaching people about business continuity, risk management, and disaster
recovery, you can be sure the example/story will be retold and retold for years to
come.)

> While we are happy that
> more than 92% of our members and associates transitioned to our new AMF
> structure by deadline, we are working through a backlog of members and
> associates who wish to be reinstated.

Whoa. No wonder support is *WAY* behind. As a rough estimate, you're telling
us that 12,000 people have problems with their accounts?

> We will regain your confidence.

Don't promise what you can't deliver.

> We will be
> more transparent about issues and resolutions.

Or what you have no intention of delivering ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
Where does a wise man hide a leaf? In the forest. But what does
he do if there is no forest? He grows a forest to hide it in.
- G. K. Chesterton
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

AppDefects
Community Champion

@david-shearer wrote:

 

You have my personal commitment and reassurance that the entire senior leadership team at (ISC)² is aware of these issues and working diligently to solve them. We will regain your confidence. We will be more transparent about issues and resolutions. We will deliver value and service that makes you proud to be a member of (ISC)².

 

David Shearer

CEO, (ISC)²


What would impress the membership would be a leadership commitment to benchmarking customer services levels and quantitatively measuring them annually. I'll suggest using the J.D. Power Benchmarking Customer Satisfaction Research Program. There are others, but this one is universally accepted and respected.

 

Do we have that commitment @david-shearer ?

eparedes_214
ISC2 Team

@AppDefects We will certainly look into this; truly appreciate your recommendation/suggestion.  In addition to knowing what standards or level of performance/metrics is being achieved by other organization, it will be helpful in identifying areas for improvements in our workflow and processes.  Thank you for your feedback!

Best regards,

Beth

denbesten
Community Champion

Thank you for your posting.  It is much easier for members to have patience when we know what is happening and what is being done to solve it.  

 

I have three suggestions for "transparency":

 

  1. Allow members to view tickets online that were opened their behalf. The goal being to reduce the number of people calling just for a status update.  If members can open tickets online and add updates, even better. 
  2. Base time estimates on the current queue length.  For example, the automated reply for membersupport@isc2.org might say: "There are currently 372 people in line ahead of you.  The first person in line has been waiting 3 days, 4 hours".  Currently, the reply just states the SLA: "We will get back to you within 3-5 business days".  This same thing can be done for the phone queue, the endorsement queue, etc.
  3. Implement a status page that summarizes issues with many open tickets.  The goal being to reduce calls for known issues.  

And one bonus suggestion. When implementing changes that require all 140,000 members to do something, tying it to each member's anniversary date works better than having everyone stand in line at once.  

brucebeam
ISC2 Former Staff

Thank you for the suggestions. As part of our commitment to increasing transparency we are taking steps toward creating a page on which members can see known issues we are addressing. In an agile manner, we will develop this page over several upcoming sprints and improve it over time.  

 

Bruce W. Beam

Chief Information Officer

ramadji
Newcomer II

Thanks for the transparency and the openness. Much appreciated. As some have already pointed out, it does help ease the frustrations many have been experiencing.

Frank_Mayer
Contributor I

Thank you for keeping us informed and aware of what is happening in a transparent manner.

 

 

cdc
Newcomer III

Given that there have been many issues regarding portal functionality, should we be concerned about the privacy and security of our personal information?  What has been done to ensure that our data meets the security standards that our membership strives to uphold?

 

Request an update on the CPE reporting process:

 

  1. Does auto-submission of CPE's from live.blueskybroadcast.com for ISC2 magazine quizzes, webinars, and other video content work error-free for all members?
  2. Is the profile corruption problem fixed for all members?
  3. Is there other information regarding the CPE reporting process that needs to be shared with all members?

Besides the response time metrics discussed in the forum, what other problems remain outstanding?

 

I have stopped all CPE study and credit submission until assurances are provided that all systems are working properly.

 

 

Shannon
Community Champion

 

 

It would have really been great if the recent change in the AMF had been accompanied by an SLA tied to memberships.

 

 

(Okay, I'm fantasizing)

 

 

 

Nowadays, should a provider apologize for inadequate services, I'm inclined to say "No worries, I'm a member of (ISC)2."

 

 

 

rslade
Influencer II
> cdc (Newcomer II) posted a new comment in (ISC)² Updates on 08-14-2019 12:09 AM

> Given that there have been many issues regarding portal functionality, should we
> be concerned about the privacy and security of our personal information?

That'd be the prudent bet ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
Better to do something imperfectly than to do nothing flawlessly.
- Dr. Robert Schuller
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB
brucebeam
ISC2 Former Staff

Thank you for the questions. Hopefully I can clarify a few things and ease any concerns you have.

 

The issues observed during the portal transition did not impact the confidentiality, integrity, or availability of any (ISC)² data or information systems. Backups, data quality checks along with verification of the data and structures were conducted. There should be no concern with privacy or security issues involving any (ISC)² membership data. The issues experienced during the transition were system/trigger related issues seen when transitioning the CRMs and do not impact the integrity or security of the data.

 

In response your other questions:

 

  1. CPE earned for webinars, the magazine quizzes and our PDI courses (video content) are submitted on members’ behalf, but the process is only partially automated. Most of these CPEs are submitted via a bulk upload. We were experiencing a delay in this processing, but we are back to our normally stated SLAs for when members can expect these CPEs to appear in their dashboard. This process is working as designed.

 

  1. We are addressing all issues related to any account-specific settings as they are reported, and applying fixes universally if necessary. The problems discovered are corrected, but they are not wide spread and did not encompass all members. Data integrity was maintained throughout the entire migration.

 

  1. Some members are experiencing issues with CPE submissions, but there are various causes for that. Some may be access-related, which requires a review of account-specific settings, others maybe be attributed to how the user enters the CPE. Additionally, CPEs are subject to random audit and until the CPE’s are approved, the CPE balance on a member’s dashboard will not be updated. This update also requires syncing across systems if the a member is actively on the website and will not get updated until their session ends. Our technical team advises members to wait a day before checking their CPE balance.

 

If you experience any issues when entering CPEs, please let us know. We will address it as soon as possible.

Shannon
Community Champion

 

@brucebeam, thanks for your feedback; I would appreciate it if you could also enlighten me on few things about the support system.

 

 

For this, take the below-mentioned (fictitious) scenario...

 

600 members contact support in a period of 1 hour, with request categories as follows: -

 

  1. General / specific queries. (400 requests)
  2. Issues accessing content. (100 requests)
  3. Issues adding / updating CPEs. (95 requests)
  4. Issues with certification renewals. (5 requests)

The requests arrive in the same the order shown above, & overwhelm member support.

 

 

Please clarify the following, for support requests made via the usual channels (email, online, call) : -

 

1) Are there separate channels available depending on the type of request? 

(i.e, Does the system allow the categorization of requests for prioritization, or are they catered to on a 'first come, first-served' basis?)

2) How does support respond if members make use of incorrect channels?

(i.e. Could the system be exploited if, say, a member uses a number provided for issues just to get a quick response to a query?)

3) Are metrics used to track the number of requests that come in via each channel?

(If yes, what does this record, & does it cover requests that can't be responded to --- particularly via calls?)

 

 

Referring to the scenario, if the system doesn't facilitate prioritization, or does but can be exploited, there's the possibility of category 4 requests not getting serviced --- despite them being the most urgent.

 

 

 

P.S. Other than sending email queries to membersupport@isc2.org, I've not made use of the support system, so pardon my ignorance.

 

 

 

cdc
Newcomer III

@brucebeam

 

Thank you for the update on the CPE submission process.  This should receive widest dissemination via appropriate channels.

 

Was a 3rd party security evaluation performed to verify the confidentiality, integrity, and availability of member data or was that determined by formal self-assessment?  

 

Given that some problems are "access-related", I hope that this determination has not been made by an off-the-cuff evaluation.

eparedes_214
ISC2 Team

@Shannon 

 

Hi Shannon, 

 

Thanks for the feedback. I hope I can share some insight into how we are working to transform our member support processes. Before I start, I’d like to thank everyone in the Community for their membership, support and patience. As our CEO has stated, we are working very hard to restore service and responsiveness to our pre-AMF transition levels, and I am confident we are starting to make great progress.

 

Beginning in June, our case backlog grew as the AMF policy changes approached. While this was anticipated, many of the issues resulting after the data migration required more time to resolve than we were originally staffed. We have since added capacity, new escalation channels and have quickly worked through a case load that had grown to more than 2,000. We have brought this number down significantly, and we have been resolving issues in the backlog, as well as new cases for the last several weeks.

 

To provide some figures, we receive 150-200 cases per day via email, and 150 inbound calls a day. Our current case queue is at around 500. We are responding to phone calls and emails at a much higher rate, but still have improvements to make.

 

In general, our reported issues are falling into the following categories:

 

  • General Inquiries/Exams/Training/Certificates 40%
  • Access issues/portals 10%
  • CPE related issues 30%
  • AMF/Fees/Recertification/Receipts/Invoices 20%

 

This data is used internally to help prioritize investments of time and resources. I can assure you that CPE Portal improvements is a top priority inside the organization, and a team is working this project daily.

 

As for the member services team, not only have we expanded the team with additional capacity, we recently brought on a new manager with extensive experience in building and managing customer support teams and infrastructure. His contributions will be invaluable as we continue to make progress and transform our entire support operation. 

 

I can assure you that we are making progress. We are committed to doing better. I thank everyone for their patience. As members, you’re the #1 priority for myself, my team and this entire association.

 

I hope this insight helps.

 

 

Beth

Bruce
Newcomer I

@cdc 

Thanks for your comments - responses below:

 

>Thank you for the update on the CPE submission process.  This should receive the widest dissemination via appropriate channels.

  • Thank you. We are always working to make communications better.

>Was a 3rd party security evaluation performed to verify the confidentiality, integrity, and availability of member data or was that determined by formal self-assessment?  

  • The assessment was conducted by both. We had professional services along with internal resources to ensure the data was kept safe.

>Given that some problems are "access-related", I hope that this determination has not been made by an off-the-cuff evaluation.

  • We do not provide evaluations that are not thoroughly vetted. We address each incoming issue and utilize the ITIL framework determining impact, incident vs problem status and triage accordingly. Many of the issues we see reported by members are very isolated and are issues on their end or a specific issue relating to their member record. We analyze the data and ensure we are looking for any leading indicators or a larger issue.