cancel
Showing results for 
Search instead for 
Did you mean: 

Improving (ISC)² Service Levels

cancel
Showing results for 
Search instead for 
Did you mean: 

Improving (ISC)² Service Levels

Re: Improving (ISC)² Service Levels

(ISC)² Team

I would like to apologize to everyone experiencing service delays in recent weeks. I am committed – along with the entire senior leadership team and all our staff – to restoring service and response times back to acceptable levels. I know this has been frustrating for some members of the Community, and I appreciate your patience.

 

To help clarify our current situation, let me provide some insight into what has transpired over the last few weeks.

 

On June 30, 2019, we completed our AMF policy transition. While we are happy that more than 92% of our members and associates transitioned to our new AMF structure by deadline, we are working through a backlog of members and associates who wish to be reinstated. While we did not anticipate that the entire membership would transition by deadline, our staff levels and processes to support reinstatement requests were not adequate. We are adding staff as quickly as possible, with 15 new support representatives already on the team, and developers working hard to streamline the process and the time it takes us to reinstate members and associates.  

 

Additionally, finalizing the AMF transition enabled us to complete the last piece of a major, ongoing data migration to our new association management system. While these migrations have been progressing in stages and have been tested over the last several months, we transitioned fully to our new system on July 5, 2019. While most members, associates and candidates are able to interact with (ISC)² as expected, issues have been identified, and they are quickly being addressed by our team. However, this is also understandably causing a rise in call and email volume to our support teams.

 

This call volume – from both members and associates looking to reinstate, as well as members in good standing with issues resulting from the data migration – has negatively impacted our ability to support our membership on a day-to-day basis. I have my staff focused on eliminating the backlog while also looking at our entire association member touch capacity, capabilities, SLAs, etc. I also know that many of you continue to experience issues in other areas such as the CPE portal and delays in endorsement times. I have directed the team to resolve these issues as quickly as possible but in a responsible manner that ensures we deliver the right solution and a long-term fix to the issues you’re experiencing.

 

You have my personal commitment and reassurance that the entire senior leadership team at (ISC)² is aware of these issues and working diligently to solve them. We will regain your confidence. We will be more transparent about issues and resolutions. We will deliver value and service that makes you proud to be a member of (ISC)².

 

Thank you for your membership, all your support and for your continued patience.

 

David Shearer

CEO, (ISC)²

19 Comments
Community Champion

> david-shearer ((ISC)² Team) posted a new article in (ISC)² Updates on

>   On
> June 30, 2019, we completed our AMF policy transition.

No experiment is ever a total waste. It can always be used as a bad example.
(When you are responsible for a membership who are, themselves, responsible for
teaching people about business continuity, risk management, and disaster
recovery, you can be sure the example/story will be retold and retold for years to
come.)

> While we are happy that
> more than 92% of our members and associates transitioned to our new AMF
> structure by deadline, we are working through a backlog of members and
> associates who wish to be reinstated.

Whoa. No wonder support is *WAY* behind. As a rough estimate, you're telling
us that 12,000 people have problems with their accounts?

> We will regain your confidence.

Don't promise what you can't deliver.

> We will be
> more transparent about issues and resolutions.

Or what you have no intention of delivering ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
Where does a wise man hide a leaf? In the forest. But what does
he do if there is no forest? He grows a forest to hide it in.
- G. K. Chesterton
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

Advocate I

@david-shearer wrote:

 

You have my personal commitment and reassurance that the entire senior leadership team at (ISC)² is aware of these issues and working diligently to solve them. We will regain your confidence. We will be more transparent about issues and resolutions. We will deliver value and service that makes you proud to be a member of (ISC)².

 

David Shearer

CEO, (ISC)²


What would impress the membership would be a leadership commitment to benchmarking customer services levels and quantitatively measuring them annually. I'll suggest using the J.D. Power Benchmarking Customer Satisfaction Research Program. There are others, but this one is universally accepted and respected.

 

Do we have that commitment @david-shearer ?

(ISC)² Team

@AppDefects We will certainly look into this; truly appreciate your recommendation/suggestion.  In addition to knowing what standards or level of performance/metrics is being achieved by other organization, it will be helpful in identifying areas for improvements in our workflow and processes.  Thank you for your feedback!

Best regards,

Beth

Community Champion

Thank you for your posting.  It is much easier for members to have patience when we know what is happening and what is being done to solve it.  

 

I have three suggestions for "transparency":

 

  1. Allow members to view tickets online that were opened their behalf. The goal being to reduce the number of people calling just for a status update.  If members can open tickets online and add updates, even better. 
  2. Base time estimates on the current queue length.  For example, the automated reply for membersupport@isc2.org might say: "There are currently 372 people in line ahead of you.  The first person in line has been waiting 3 days, 4 hours".  Currently, the reply just states the SLA: "We will get back to you within 3-5 business days".  This same thing can be done for the phone queue, the endorsement queue, etc.
  3. Implement a status page that summarizes issues with many open tickets.  The goal being to reduce calls for known issues.  

And one bonus suggestion. When implementing changes that require all 140,000 members to do something, tying it to each member's anniversary date works better than having everyone stand in line at once.  

Moderator

Thank you for the suggestions. As part of our commitment to increasing transparency we are taking steps toward creating a page on which members can see known issues we are addressing. In an agile manner, we will develop this page over several upcoming sprints and improve it over time.  

 

Bruce W. Beam

Chief Information Officer

Newcomer II

Thanks for the transparency and the openness. Much appreciated. As some have already pointed out, it does help ease the frustrations many have been experiencing.

Contributor I

Thank you for keeping us informed and aware of what is happening in a transparent manner.

 

 

cdc
Newcomer III

Given that there have been many issues regarding portal functionality, should we be concerned about the privacy and security of our personal information?  What has been done to ensure that our data meets the security standards that our membership strives to uphold?

 

Request an update on the CPE reporting process:

 

  1. Does auto-submission of CPE's from live.blueskybroadcast.com for ISC2 magazine quizzes, webinars, and other video content work error-free for all members?
  2. Is the profile corruption problem fixed for all members?
  3. Is there other information regarding the CPE reporting process that needs to be shared with all members?

Besides the response time metrics discussed in the forum, what other problems remain outstanding?

 

I have stopped all CPE study and credit submission until assurances are provided that all systems are working properly.

 

 

Community Champion

 

 

It would have really been great if the recent change in the AMF had been accompanied by an SLA tied to memberships.

 

 

(Okay, I'm fantasizing)

 

 

 

Nowadays, should a provider apologize for inadequate services, I'm inclined to say "No worries, I'm a member of (ISC)2."

 

 

 

Community Champion
> cdc (Newcomer II) posted a new comment in (ISC)² Updates on 08-14-2019 12:09 AM

> Given that there have been many issues regarding portal functionality, should we
> be concerned about the privacy and security of our personal information?

That'd be the prudent bet ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
Better to do something imperfectly than to do nothing flawlessly.
- Dr. Robert Schuller
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB
Moderator

Thank you for the questions. Hopefully I can clarify a few things and ease any concerns you have.

 

The issues observed during the portal transition did not impact the confidentiality, integrity, or availability of any (ISC)² data or information systems. Backups, data quality checks along with verification of the data and structures were conducted. There should be no concern with privacy or security issues involving any (ISC)² membership data. The issues experienced during the transition were system/trigger related issues seen when transitioning the CRMs and do not impact the integrity or security of the data.

 

In response your other questions:

 

  1. CPE earned for webinars, the magazine quizzes and our PDI courses (video content) are submitted on members’ behalf, but the process is only partially automated. Most of these CPEs are submitted via a bulk upload. We were experiencing a delay in this processing, but we are back to our normally stated SLAs for when members can expect these CPEs to appear in their dashboard. This process is working as designed.

 

  1. We are addressing all issues related to any account-specific settings as they are reported, and applying fixes universally if necessary. The problems discovered are corrected, but they are not wide spread and did not encompass all members. Data integrity was maintained throughout the entire migration.

 

  1. Some members are experiencing issues with CPE submissions, but there are various causes for that. Some may be access-related, which requires a review of account-specific settings, others maybe be attributed to how the user enters the CPE. Additionally, CPEs are subject to random audit and until the CPE’s are approved, the CPE balance on a member’s dashboard will not be updated. This update also requires syncing across systems if the a member is actively on the website and will not get updated until their session ends. Our technical team advises members to wait a day before checking their CPE balance.

 

If you experience any issues when entering CPEs, please let us know. We will address it as soon as possible.

Community Champion

 

@brucebeam, thanks for your feedback; I would appreciate it if you could also enlighten me on few things about the support system.

 

 

For this, take the below-mentioned (fictitious) scenario...

 

600 members contact support in a period of 1 hour, with request categories as follows: -

 

  1. General / specific queries. (400 requests)
  2. Issues accessing content. (100 requests)
  3. Issues adding / updating CPEs. (95 requests)
  4. Issues with certification renewals. (5 requests)

The requests arrive in the same the order shown above, & overwhelm member support.

 

 

Please clarify the following, for support requests made via the usual channels (email, online, call) : -

 

1) Are there separate channels available depending on the type of request? 

(i.e, Does the system allow the categorization of requests for prioritization, or are they catered to on a 'first come, first-served' basis?)

2) How does support respond if members make use of incorrect channels?

(i.e. Could the system be exploited if, say, a member uses a number provided for issues just to get a quick response to a query?)

3) Are metrics used to track the number of requests that come in via each channel?

(If yes, what does this record, & does it cover requests that can't be responded to --- particularly via calls?)

 

 

Referring to the scenario, if the system doesn't facilitate prioritization, or does but can be exploited, there's the possibility of category 4 requests not getting serviced --- despite them being the most urgent.

 

 

 

P.S. Other than sending email queries to membersupport@isc2.org, I've not made use of the support system, so pardon my ignorance.

 

 

 

cdc
Newcomer III

@brucebeam

 

Thank you for the update on the CPE submission process.  This should receive widest dissemination via appropriate channels.

 

Was a 3rd party security evaluation performed to verify the confidentiality, integrity, and availability of member data or was that determined by formal self-assessment?  

 

Given that some problems are "access-related", I hope that this determination has not been made by an off-the-cuff evaluation.

(ISC)² Team

@Shannon 

 

Hi Shannon, 

 

Thanks for the feedback. I hope I can share some insight into how we are working to transform our member support processes. Before I start, I’d like to thank everyone in the Community for their membership, support and patience. As our CEO has stated, we are working very hard to restore service and responsiveness to our pre-AMF transition levels, and I am confident we are starting to make great progress.

 

Beginning in June, our case backlog grew as the AMF policy changes approached. While this was anticipated, many of the issues resulting after the data migration required more time to resolve than we were originally staffed. We have since added capacity, new escalation channels and have quickly worked through a case load that had grown to more than 2,000. We have brought this number down significantly, and we have been resolving issues in the backlog, as well as new cases for the last several weeks.

 

To provide some figures, we receive 150-200 cases per day via email, and 150 inbound calls a day. Our current case queue is at around 500. We are responding to phone calls and emails at a much higher rate, but still have improvements to make.

 

In general, our reported issues are falling into the following categories:

 

  • General Inquiries/Exams/Training/Certificates 40%
  • Access issues/portals 10%
  • CPE related issues 30%
  • AMF/Fees/Recertification/Receipts/Invoices 20%

 

This data is used internally to help prioritize investments of time and resources. I can assure you that CPE Portal improvements is a top priority inside the organization, and a team is working this project daily.

 

As for the member services team, not only have we expanded the team with additional capacity, we recently brought on a new manager with extensive experience in building and managing customer support teams and infrastructure. His contributions will be invaluable as we continue to make progress and transform our entire support operation. 

 

I can assure you that we are making progress. We are committed to doing better. I thank everyone for their patience. As members, you’re the #1 priority for myself, my team and this entire association.

 

I hope this insight helps.

 

 

Beth

Newcomer I

@cdc 

Thanks for your comments - responses below:

 

>Thank you for the update on the CPE submission process.  This should receive the widest dissemination via appropriate channels.

  • Thank you. We are always working to make communications better.

>Was a 3rd party security evaluation performed to verify the confidentiality, integrity, and availability of member data or was that determined by formal self-assessment?  

  • The assessment was conducted by both. We had professional services along with internal resources to ensure the data was kept safe.

>Given that some problems are "access-related", I hope that this determination has not been made by an off-the-cuff evaluation.

  • We do not provide evaluations that are not thoroughly vetted. We address each incoming issue and utilize the ITIL framework determining impact, incident vs problem status and triage accordingly. Many of the issues we see reported by members are very isolated and are issues on their end or a specific issue relating to their member record. We analyze the data and ensure we are looking for any leading indicators or a larger issue.    

 

Viewer II

I have bee a CISSP since 2002 and in the time when the AMF changed, I was a little confused but not very. I called ISC2 asked the question “So when do I pay and how much?” The answer was however was  now. 

I cannot remember who I spoke with,  but she was pleasant to talk with took my information simple. The amount was X due now. And the same for next year. The email about the new AMF structure was a little confusing, it was filled with too much information and the message was lost in the fog.  

 

I have always had a great respect for ISC2 and what they do for us professionals. I am happy for the all the services that they provide to members.

 

I do have one request;… I would like to see a store (that is easy to find) preferably with more items for ISC2 CISSPs like challenge coins, hats, jackets, Pins yes CISSP pins and other pins. I have lost all the ones I had.

 

They make great promo gifts to other professionals. Anyway, that is my request.

 

 

 

 

Community Manager

Thanks for the suggestion about the store items @dstony! I have a CISSP lapel pin stashed away ... PM me your information and I'll send it to you! 

Advocate II

@david-shearer

@brucebeam

@eparedes_214 

@KaityEagle 

 

Hello David, Bruce, Beth and Kaity,

 

It's been some 2.5 months since this thread was posted so I, and I'm sure many others, would be keen to hear how things are progressing.

 

From my own perspective, things actually appear to be worse. I have a number of outstanding support issues which have been open for over 2 months and that I have seen zero progress on, and little to no communication about. How is this acceptable?

 

Two of these issues are particular to me, but one of them affects all ISSAP and ISSMP holders. You can read about that specific issue here if you're interested: https://community.isc2.org/t5/Certifications/ISSAP-and-ISSMP-domains-not-current-in-CPE-portal/m-p/2...

 

Today, I have had the misfortune to require to log another support ticket in relation to my ISSMP certificate package not having been delivered within the advised 12 week SLA. When I asked about the package's status, I'm told they don't even know if it's been printed, let alone been shipped. Again, how is this acceptable?

 

While logging the ticket about the missing certificate package I enquire about the status of my other tickets only to be asked to send in again all of the details I originally sent in to raise those tickets in the first place! For a third time I ask you, how is this acceptable? BTW - I don't blame the support agent, she did what she could. As ever it's the subpar status of ISC2's systems that are at fault.

 

Right now that first post in this thread just seems like a load of hot air and empty promises.

 

As a CISSP-ISSAP, ISSEP, ISSMP, CCSP who is currently studying for the CSSLP, I was always one of ISC2's biggest advocates. In fact I hold the status of Advocate here on the Community. However, today I told someone asking about CISSP concentrations not to bother with them as that would involve having more interactions with ISC2's faltering systems and processes which will only lead to frustration and dissatisfaction. I fully stand by what I said and would also say that it's completely aligned to the ISC2 Code of Ethics given the current shambolic state of things.

 

Speaking of the Code of Ethics, David and Bruce, as CISSP holders, can you honestly say you have provided diligent and competent service to principals in relation to the disastrous DETE programme? The principals being the long suffering ISC2 members in this instance. I'm genuinely curious.

 

Community Champion

 

I think the newly elected board members that @KaityEagle made a mention of should also provide their feedback / input here.

 

As they're now involved in this, they should --- and hopefully will! --- play a part.