[Music] welcome everyone um hope you're having a good morning or good afternoon wherever we find you in the world um thank you for joining us today um we have a great session lined up for you um yeah today we're going to look at preparing your service operations and governance for Dora um with you today James foot um I'm a trusted advisor at the cloud people and also irm lead and we also have Alexander with us that's right good morning everyone good to see so many people show an interest in this um and my name is Alexander youngstrom I come from an and partners of which I am the founder and managing director of um and a little bit about myself um very passionate when it comes to the topic of it operations and service operations I've worked now in the industry uh within the service now space for almost 12 years time goes fast um but I'm especially passionate about the cultural components of everything that is related to cmdb it operations csdm and of course the topic which um we're going to discuss here today James so um looking forward to doing this in a Duo session here here um actually what is it that we going to speak about today D yeah so day so today in our agenda we have industrial Trends on it operations for Dora mapping of Dora articles um to the cmdb how service operations and application portfolios become critical for Dora optimizing the cmdp governance and ownership to stay compliant and how can service now platform support you um in all aspects of Dora um so great top topics that we have and uh but before we get started um let me introduce to you um a bit about the cloud people for those of you that are new um and don't know us um the cloud people is a service now Elite partner with over 350 certified expert Consultants um that are mainly based in Europe but we also have offices in the Americas in the US and in Brazil here you have a few stats about our organization the one that I do want to highlight is the Smart resourcing um we have an internal platform which is also available um to our external customers where we go through the different experts that we have and we build teams for the different projects with the exact skills that we need um it's a full transparent platform uh and that's also available to our customers to to be able to see our Consultants our different resources and what their expertise are now over to an and partners yes so um first of all it's always super nice to be able to do uh these sort of sessions together with the cloud people because um yeah we have a long-standing relationship together and um yet again it is my honor to to be able to yeah just brainstorm here a little bit about interesting topics um but who are an and partners then well I've always said our sales pitch is pretty easy because we do one thing and one thing only and that is it operations um in service now so anything which essentially falls under the umbrella of itom cmdb service operations Etc that is our bread and butter um and uh yeah the reason as indicated by the name Ann Partners uh we also have a very strong partnership uh driven strategy so we're very happy to to work together with you guys over at the cloud people of course um but perhaps maybe more relevant to the session today is that we also specialize a lot on the financial sector services so we're currently working there with a number of banks um and um of course Dora is on top of everyone's Minds so um happy to be here today and and share some uh hopeful hopefully tangible knowledge let's say around this this particular top um um it's the first time I'm using Liv storm here so I think James with that being said should we cut to the Chase and get on to the uh juicy bits of today's session perhaps yes exactly and before we do that if I'm not mistaken we have a poll coming up so yes how far are you in your J in your Dora compliance Journey um yeah give you a few moments to answer the question yeah it's always interesting to see because everyone is speaking about Dora right now and um then yeah to sort of quantify how far are we really on those Journeys um it's going to also be relevant later on here for the webinar so hopefully people have been able to submit there yeah I personally find the door is also interesting where it is a regulation that is published and and with a date that it's going to go live but there is still work going on in the background so you still have these regulatory technical standards happening throughout this year um which still sort of change how Dora needs to be implemented so it's a bit of a you're working on it but you still don't really know in certain areas what the final result needs to be yeah and you said the next sort of uh rework or or update of these standards is in June I believe so it's still very much ongoing yeah yeah yeah very interesting well I see here now that most of the the people here have submitted uh some replies so that's very interesting uh seems like there's a fair number of people who are actively working on it and then also a fair number of people still in the planning stage um then there's also here it's it's a very even split um also quite a lot of people where it's not maybe directly re relevant to the organization but still an interesting topic to talk obiously upscale within um so now uh let's get into a little bit of the content and I believe the first part here is largely with me so um I want to start here with first of all changing the slides and then explain a little bit uh and setting the stage a little bit based on our experience working with financial institutions and by the way today there might be some of you sitting here thinking well we are not directly a financial institution B Dora is also something which goes broader so um we've seen also other companies um actually even like in manufacturing where where this becomes relevant for various reasons um but nonetheless um irrespective of how you categorize yourself if you fall in one extent or another under Dora compliance then we tend to see certain Trends essentially so um where most financial institutions find themselves sort of the starting point and naturally this can vary depending on how matur the organization is how long you work with cmdbs Etc uh but in front of you you have a couple of Three core pillars let's say and what we see a lot starting from the left side is that well there tends to be a cmdb obviously like go to any financial institution or or anyone falling under Dora compliance and I think it will be difficult to find organizations which has a zero sort of cmdb but even so um the cmdbs tend to be rather CI driven and what we mean with that is they tend to be rather oriented to towards the infrastructure rather than the service layer um and this is a classic debate it has been going on for a long time now of sort of having having a service aware cmbb but still a lot of organizations are there today sure they might have some Services um maybe there are even some Services which are formalized but in the end of the day we see it's very common to have these massive massive cmdbs with a huge explosion of data but all of that data is actually lacking context so that's a very classic scenario heavily infrastructure oriented too much data with without proper context really um in the middle here uh you see an application in inventory and we often go out to organizations where sure there might be an an extent of an application inventory but when we really look from a more Dora related perspective and we're going to speak more about that soon then yeah the application inventory tends to also there be lacking things like business processes U again back to the services um if there is an application inventory it can sometimes be rather flat and again it lacks that connection to the infrastructure and another very common scenario that we see a lot is that um well we have applications but then to really determining sort of the business criticality of how important is a certain application or service that's also um a rather Big Challenge which a lot of organizations are facing so also there um it's it's it can be a bit of a challenging starting point and with all of that being said said we also then see on the governance side of things because filling a cmdb with data is the easy part you know plug in some integration start some Discovery jobs and you will see all sorts of things populating actually governing this through you know smart methodologist um that's where the Crux is a little bit so also governance tends to be a very manually labor intensive work where there is a lot of Reliance on manual processes and the Govern governance tends to be there not really from a cultural perspective but just to check some boxes for regulations and now when we're moving into Dora then this is not what is enough anymore um so I'm sure that some of you are are recognizing yourself in this um and by the way as you some of you noticed there is a chat feature here in in in this Liv storm so if you have any questions here feel free to also write to us in real time um but looking then at how will sort of the the cmdb and Dora tie into each other a little bit well let's zoom in on the Dora articles from a pure cmdb perspective to start with so especially article 8 is relevant here and one of those sections which you see on the left side here is identification classification and documentation of ICT supported business functions and ICT tasks and responsibilities so what does that mean well it's essential when we go on a Dura journey to really start getting serious about mapping out components so you know business functions um depending on the organization some of you might call it a business process or business application or or business capability Etc that can vary a little bit but nonetheless um irres of which objects we're using to really map out the hardware Software System and application components us used to support that super super important because with Dora an inventory needs to take place at least annually um so that's the first sort of section there then we have section three which is performing a risk assessment during significant changes and this can of course we can be making a case here isn't this a little bit more around traditional itm and sort of risk assessment but it goes a little bit beyond that because with the CM DB then any major changes such as in networks or applications it actually requires a rather thorough impact analysis of that change especially related to the security aspect of these business functions that I was um speaking about before so again it's not always just enough with let's say a traditional change request but we have to be a bit more thorough here so also actually documenting these results for management Auditors to to have it available um moving on here yeah Alexander related to the previous one um so sort of a lot of people here are used to the service now platform and you're mentioning here changes um as part as the normal change management and there there is some risk assessment so you're saying here that as part of Dora it needs to go beyond that basic risk assessment done in change but you need to go more into depth and also look into the security aspects that's right that's right so it it encapsulates the security aspects which is which is one thing and then what we tend to traditionally see is that yeah maybe in a in a normal change there is some mitigation plan some some basic risk assessment but here it's a deeper sense of impact analysis as well where the cmdb and all of those potential relationships comes into the picture for example to actually being able to export those um those outputs for example and provide to Auditors um and or do things like service impact analysis it becomes even more critical um so moving on then and I'm not going to bore you all to death with like in depth sort of analysis of the Articles and I bet like if you ask 10 different people you will get like 10 different answers on this but this is sort of a a benchmark which we have seen working a lot with also with with Auditors ourselves um section four here of of article 8 um that is really about identifying all information and ICT assets including the interconnection and dependencies AKA most of you already know it it's straight up config management so what is important here as well is that it's also pinpointed a little bit more thoroughly on things like for example firewalls so um actually being able to see how are firewalls configured again from a security perspective um unlike article one which I previously spoke about that is quite relevant to the business functions processes applications Etc this goes a bit more granular and again quite heavily oriented towards the security aspects of things um and it should be noted that we're speaking about the entire estate here it's not just about some production systems or some the critical applications for example but this goes quite quite broad essentially um not only quite broad it's the entire estate including test and development environments and so forth um so that's of course a big thing um and then finally um looking at the last relevant section here of article 8 um and most of you have probably heard about this already then it's actually being able to tie the dependent processes from third party service providers it service providers um and the same here this is a little bit where service operations come into the picture of actually being able to tie in well you know if if we look at a particular service what are we dependent on in terms of functionalities in terms of critical functions Etc that comes from our third party providers and being able to actually model this um in in a in yeah in a satisfactory degree so there um the note that I always say is how well integrated is really the third party Reliance today because most of the time what we see is that yeah we know we have an Outsourcing partner yeah we know we rely on this system but to really have it documented and properly included and modeled in the cmdb that's often where organizations fall short and I guess this also James is something you recognize a little bit when we speak about General like third party providers to be a bit more intentional with um with bringing them into the picture um exactly all right so um we do we do have a question from Joseph um I think related to a few slides back it's regarding ICT support business functions um and you want to understand what what is your interpretation of it and because the term seems very Broad and do you have any examples in the banking sector of of what these ICT support supported business functions could be yeah uh they tend to be quite relevant to the actual uh like um let's say customer Journeys that that that various um you know banks are taking their customers on it could be anything from you know loan systems to um let's say um ledur or whatever it might be but they and again I've seen many examples here so these ICT supported business function because of course it is very broad you're right Joseph um and when everything is it then everything is dependent on it um but what we have especially seen as relevant there is especially this sort of client and customer impacting layer of things maybe not so much the technical back end necessarily of of business functions like technical backend systems but more the front-facing sort of relating to the actual customer Journeys that various clients go through um so um I hope that at least tries to box it in a little bit but again there there's many examples here this is just one of them um so moving on then looking at what does door are require then from the cmdb some of the main highlights at least um and then here um there is a number of key areas one is visibility um so when we say visibility what we're really referring to then is impact analysis for real um like previously mentioned things like business processes and interdependences there but also actually being able to quantify like actually quantify the impact of downtime cyber attacks incidents Etc so that is often the tricky part in this right that what would actually happen is true like if we get a Cyber attack um sort of simulating those scenarios and being able to quantify that um so also very important um number two ownerships and governance so um accountability and responsibility um this is for me maybe the huge part of of Dora that we need to be able to perform adequate risk assessments um and this cannot really be done without clearly understanding who owns what so if we look at a cmdb if we look at um Services business functions or whatever it is then truth is that they tend to be very complex if you look at the entire chain on something you for sure have 10 different owners various stakeholders third party providers different teams if you're in an outsourc landscape you might have you know different people involved so actually here being able to have solid ownership models and also being able to explain how do we offer certain services and functions and who is ultimately responsible for something that becomes super critical um and like I previously mentioned uh understanding services so third party service providers um Dora actually mandates this specifically that we need to understand the infrastructure that power our application estate so it's not enough to just have a high level understanding of yeah we rely on on vender X for something no but we need to be able to perform proper risk assessment and actually also being able to put certain type of requirements on those third party providers to for example integrate with our cmdb to be able to tie into the bigger picture of of dependencies um and then finally application inventory so actually being able to inventor the entire application estate um so Dora requires an understanding of the entire application estate so it's not just as I said before um about selected production systems or Mission critical systems or Revenue impacting systems but this goes broadly again often with the perspective of security in mind um and also there the topic of business criticality becomes extremely important to be able to accurately assess what is business critical applications for example not always an easy task um so these are some of the main highlights there are many many other things as well attached to sort of the Dora and the cmdb perspective a little bit um but um if we look then at how can oh by the way I I received a very interesting um feedback here uh what what Philip wrote so almost every business process will be supported by ICT uh this is absolutely true um so um yeah that's what I meant before that it's it's a very broad definition really because very few business processes exist which doesn't uh doesn't rely on it I guess um all right so moving forward then um this in front of you uh is an onboarding approach to Kickstart Dora journey um and um it's not set in stone it's just something that we have gone through U with with some other clients before but how can we actually sort of onboard um you know the cmdb from Andora perspective so the first step here is determining the maturity level where you currently are when it comes to the application estate um that goes it can start with identifying the critical applications for example and identifying as well the business owners and operational stakeholders and in the next slide I will break down how you can determine that maturity level a little bit more um the second part here then we speak more about action is starting to have your services and interdependences mapped so applications is different from Services I'm not going to go now into the details of the how we Define and distinguish those but some of you on the call you might recognize that yeah an application might be a very different thing from a service for example so actually being able to map the services and the interdependences there very important um and they're outlining the software and Hardware components as well so um bringing in not just the host layer of servers Etc but also the the critical software components um and then third uh that's when we see like people are quite far on the D Journey um it will always be a continuous thing to sort of adding and removing data sources into the cmdb but also being able to actually create um some leading kpis to measure are we you know on the right path towards door a compliance so being able to select those kpis and create dashboards based out of them super important for ex to give some examples it could be do we have infrastructure which doesn't have any relation to a service but is just floating in space in a vacuum for example that could potentially be a security risk um to mention one of those examples um I see we also receive a questions whatever the slides will be shared uh so yeah Sasha wrote that we normally send out recording where you can go back to the uh slides um so also here the pdf version will apparently be shared nice um okay so um how can we determine the maturity levels then of the application estate um well the first step starting from the bottom here is as I mentioned understanding the application inventory and business processes most likely if you're in some degree of financial sector here either a bank or maybe a service provider or something you probably already are here you're you already are at this step the process there is to have a well defined um you know and identify the business processes essentially and also they're starting to broadly identify the application what that actually creates is a degree of portfolio Readiness and what I mean with portfolio Readiness is an application portfolio really being able to um break down what is our our applications what is within that estate and also the organizational Readiness so the business processes there um the second step is what we call the manage state where we tend to have a little bit more on the governance side what I mentioned before ownerships for example so having well- defined roles and responsibilities the life cycle of applications of services but also really starting to identify those dependencies how are applications actually deployed and operated where are their potential security risks um how do we decommission things things like that um and here it's all about governance and we see most of the organizations be somewhere between the first and second step here if we have a good good habit of um how we manage ownerships and governance then we're also in a better position to reach the third level which is how we continuously op optimize the cmdb um so actually like I mentioned being able to track kpis are we on track can we react fast if we see that the data quality is lacking and it would become a problem with Auditors for example um so this is a some food for thought um in front of you here you see a breakdown of having the services and interdependences mapped um the csdm model becomes more critical now than ever I'm not going to go through it all in in super lowlevel detail um but in front of you you see sort of the Holy Grail a little bit to the right side which is to actually being able to see services to actually being able to see there how do we offer these Services um and then to be able to see what are the underlying systems that is required to support those service offerings and finally uh what is the underlying infrastructure and not just again the hardware layer but also so the software component layer um some of you might be thinking well Alex this sounds like a huge tremendous amount of work and you know this takes a long long time and that's true it does um so the thing with Dora and we have worked with with Regulators here is that you don't need to have all of this fully automated from day one and as long as you can prove that you have started this journey for example through manual mapping that you have actual plan outlined for this then that tends to at least Keep The Regulators happy meanwhile you are working towards the objective of becoming fully compliant that's at least what we have seen in the market so far um so let's uh have a look then at some road map advice um and then I'm going to start handing over slowly towards you James um but um yeah how can we reach Dora compliance then obviously there is no one golden formula here there is many different ways of of doing this but what we have seen in the market is for example one really start boosting the cmdb governance um so each organization if if you work with cmdbs you know that there are important attributes so these attributes especially related to ownerships um so each organization they will have different attributes related to ownerships which they deem critical um it could be contact persons it could be security responsible persons it could be supporting teams etc etc so really defining these critical attributes and really being a bit intentional with what we are going to use very very important there because often these attributes they need to have a life cycle and be maintained and we see a lot of organizations wanting to create 15 20 different ownership attributes but is more sometimes and um maybe sticking to a couple of ones four five for example and streamlining that a little bit that tends to be more valuable um now the second part here is inventor and map manually um for those of you in service now uh you might know that there is a product called service mapping and if you already have that that's great um but if you quickly want to get started on this then now is the time to at least start mapping things manually and to start inventor all of these applications you can start the manual mapping on the critical ones for example at least to keep The Regulators happy and this also tends to introduce sort of the service operations aspect of the Dora journey so service asset and configuration management and again to get started there super important um and later on that's the third pillar here you can automate and scale this more um so actually starting to automate the dependencies replace all of these manual mappings with automatic features such as service mapping involving application owners more closely to being accountable for these dependencies and also starting to scale um all of these inter connections and relationships to more non-critical and non- production systems um so again this is just some food for thought on on how you can reach Dora compliance and I'm going to give you here an example of a real life road map um and um this was a client that we worked with that the starting point was they did have an application and system inventory to maybe around 70 80% the ownerships was quite unclear like it was outdated uh it wasn't really uh given what what meant what so uh the first step was we prioritize governance so who actually owns what very simple question with a very difficult uh answer often um step two in their case was understanding um how cloud ready the applications are because it related to resilience and for them it was especially on they were moving a lot of things towards cloud and for them what determined a lot of the resilience was whether they were cloud ready or not so understanding how cloud ready their application were and then understanding also the underlying infrastructure step three was understanding the relation to Disaster Recovery plans that's what I SP spoke about before being able to show this to um uh to Regulators so do we really understand the impact and the cost if something an adverse events happen so actually getting a process in place for recovery and impact was was hugely important and then step four was manually mapping a number of applications based on criticality now this is still an ongoing work so it doesn't end today but um um some food for thought around a road map um so I've been talking now for 20 25 minutes and James I think um you're up here I'm thinking if we have any quick questions um there is a question from Joseph yeah let um regarding if you recommend any prioritization Matrix for starting this activity I'd assume it's related to um a couple of slides back um starting with critical function services and their assets and then expanding yeah I I would I would start with uh the so it's two it's twofold uh one one approach is starting where it's easier just to get into the habit of things but that's more like from the people side of things um so getting closer to governance getting closer to defining relationships Etc so that can be a quick win but if you look at from like a business value and or a compliance perspective you might want to start with critical functions for example that rely a lot on third party providers and then from their expand um so no i' I've been very zoomed in on the cmdb part here James but if we zoom out a little bit then and look more broadly um I how can the service now platforms exactly um but I think before that we have another poll if I'm not mistaken yes so what is the biggest challenge on your journey towards Dora compliance according to you yeah that's an interesting one I see I think it touches a lot of the points that you were talking about regarding governance and culture yeah yeah and owning the data this is insane I see here that it's you know almost a like 9 to 10 ratio on the the culture and government side of things so yeah shows to tell right so yeah let's move on to how can the service now platform support you um some of you may know uh or maybe not but service now does have an operational resiliency application um and this application basically goes through a lot of the the points that um Alexander made and here are sort of five steps of getting started with this operational resiliency um application within service now and you'll see definitely in the first two steps a lot of the content that um Alex spoke about Alexander spoke about um so you start with defining your pillars of resilience and also defining your performance uh metrics so a lot of what was mentioned earlier your kpis defining your operating model and then assess your service importance and what are the what are your critical assets or are your critical Business Services identify and map those services and and enabling processes um identify the impact tolerances for those different Services um and yeah then building relation uh relationships with other platforms so a lot of the data is found within service now but you also have a lot of other critical business applications that contain data and it could be your Erp and it can be also your qual your vulnerability scanners and so on um to leverage the integration Hub to get that information then also um continue on collecting that those metrics those performance analytics metrics for your kpis and fourth assess your services and business resilience um so monitor your different resilience metrics um automate issue creation and manage remediation of those issues test different scenarios and that's why you also a bit of your business continuity comes into into play here and complete self assessments um to assess these different business services and last of all it comes up to delivering reports and having a live view um um for different levels of of management um I think a key part and also part that I see in a lot of organizations is especially when you go up to the executives um sort of you start building reports outside of the platform um you go and fall back onto word and so on um the problem of that is and I've seen that in organizations where it goes through various steps of approval and review of these different idex and by the time it actually gets to someone that can make a decision um that data is two or three months old um which sort of yeah leaves you sort of reacting instead of being proactive in your decision making coming up next we look at the maturity model so of of course and again picking up on what whoops not sure what happened there um picking up on what Alexander uh mentioned earlier um you you have to start with the basics and for most service now customers you start with itsm and the cmdb so you go with basic itsm implementation and also start populating your cmdp but don't yet go into that csdm model um and then when you move to your next step you start then looking into your csdm looking at how you map your it then to your different Services business services and processes and so so on so you start building those dependency Maps um you also start bringing in more functionality and more tooling that can help you discover more of your network through Discovery um and then from there on you build into your service Foundation um so here you start populating your cmdb from multiple resources um you start inputting in other data that is relevant things like locations suppliers people um start assessing the dependencies between these different Services because again for a lot of things and you also see that uh within continuity plans um if things go down if um certain assets or stop working then a lot of times you are dependent on suppliers and on people to get them back up and running um so having that view all in one place is extremely important then we look then we start moving into your operational resilience so after you built your foundation you start maturing um your business services um you start bringing in your risk management your continuous control monitoring and making sure that you are compliant in this case to to Dora and you're able to monitor that um so that again you can react proactively and not reactively if something goes wrong um using the integration Hub to get sources from different tools um as mentioned earlier and then finally your last step of maturity um where you sort of start integrating the the different processes and the different assets even more closely start enabling automation um to help out and to remove that dependency on people um I don't know if we've got any questions at the moment yeah I saw there James from Joseph here that service now have a taora module or is this the general operas module that that client should tailor um no so service n does not have a d related U module at the moment they do have some work in the pipeline um as I know but there is no um certain date yet of when it will be released um but this is just a general operational resiliency module but with the next slide we're going to look at sort of how you can embed the different tools from service now to to get that full picture and that's also something that you see through this maturity model um you start with an itm but to make sure that your business is resilient and it is resilient and you can cover all your bases you will need to look at the different aspects whether it is risk management whether it is your security related incidents your vulnerabilities have a wider picture of all of what everything that's going on within your business um yes so here you have uh a more Global picture of Dora um as some of you may recognize um around it you have your main Five Pillars of Dora at the center it's the core and if we think of it as a layered cake we look at the bottom and you see your cmdb and your function and your foundation data get a lot of what Alexander um explained and again that is the base for everything if that is not set up it makes everything else a lot harder because if you don't understand what your different business services are your processes and also what your critical services are and how critical they are um it makes it a lot harder than to be able to prioritize um and to monitor those um and then on top you add your business continuity uh plan and here you can do your business impact analysis um analyze your different assets and the different dependencies of those and then at the top layer you have your let's say your two parts of it you have your operational resilience the the application we just spoke about um where you make sure that your it infrastructure is resilient and secure and then you have your policy and compliance module as part of irm and that's where you can demonstrate compliance to The Regulators to the authorities then looking at the different um at the five different pillars and we will go into depth in into each one of the pillars um in the following slides you've got your it risk management but there it's it's obvious your irm module then you have your it related Incident Management classification reporting and here you have your itsm but also your security incidents um so you need those two parts your digital operational resiliency testing so here is where your pen testing comes in um um and where you test your your infrastructure for vulnerabilities um so there are modules in vulnerability response application for that you can also use your BCM um disaster scenarios to to test out different scenarios and how you would react as a business um towards those um then you have you manage your it third party risks again your third party risk management module comes in here and then lastly your sharing um your information sharing and Arrangement which again comes in your security incident response module and here is where you've got in service now a functionality called your trusted security circles where you can share security information between different organizations moving on to the individual pillars again your IC your ICT risk management here you have as mentioned before your irm risk management framework um your big dependency on the cmdb and your item service mapping your application portfolio and also um what's fairly new um is your software bill of materials as part of the vulnerability management uh module of service now um moving on to the second pillar your ICT incident classification and Reporting again to hear how you classify the incidents and I think this is specially but it's a very interesting topic and I've been more involved in in the second pillar um in some work with other customers and and where this regulation tries to unify sort of how incidents are classified throughout the financial sector um which brings a bit of standardization um but here of course it requires modifications to your itm incidents and your major incidents again especially how you classify those MA major incidents um also as part of it it's not only your internal and it related incidents but also your security incidents um your threat intelligent and you have here your irm issue management and risk events or your operational incidents here then the third pillar your digital operational resiliency testing so here again making sure that you test your own infrastructure make sure that it is resilient or you get third part to do that and that could be through penetration testing which can be managed and run through well it can be managed through the vulnerability management module um again your software Bild of materials comes in here as you understand your different dependencies for your different applications um and as I mentioned something very new um I think recently released in service now um your business continuity again your scenario testing your Disaster Recovery plans and exercises and putting those into practice and then your major incident plans as part of the um security incident response module the fourth pillar your third party risk again this is a topic that has seen a lot more relevant in the last few years especially as we've seen more and more cases of um people penetrating or either individuals or organizations penetrating or being able to enter um organizations it infrastructure through third parties um so it is extremely important now to be able to understand the risk that those third parties um bring to the organization and to be able to have a place to assess that and that's where your third party risk management module comes in but again all the way back to what um Alexander mentioned and a lot earlier having that dependency map um built in so that you know exactly part of what business service as part of what process um those third parties come in and also again if things go wrong or when they go wrong um so that you know um yeah who can provide support in those areas and the last pillar sharing of information and intelligence um here you have your security incident response trusted circles um again a really interesting product within service now where customers that use the secops um incident response module have the ability to share um if I'm not mistaken anonymously um information between each other again to help each other if you've detected certain patterns um if you have had certain incidents um that you can that you are able to share that information within other uh organizations again boosting your resiliency and boosting your capacity to be able to respond to those incidents that's super interesting that one especially on the The Trusted circle thing yeah and that's what we have for you at the moment uh or at this time um I don't know if there are any other questions um but while we wait for those to come in I will quickly share with you what we have next um and for some of you um if you're still and continue on being interested in this topic we have a customer case um of ours I have uh Insurance um we have a session next week the 12th of March where we go through how we've implemented um a solution uh in if if Insurance on how they can handle one of the uh sections in chapter four of Dora um so this is a really interesting um case we also have a poll um would you like to be invited to this next uh to this next webinar um yeah if you are still interested or want to continue on in this journey with us discovering more about Dora then uh please follow on and are there any more upcoming events as well James yes we also have a few other events um coming up um on the 9th of April how AI um can help customer service um that's not directly related to Dora then we have uh knowledge in Las Vegas um yeah where you will be able to attend a lot of s a lot of sessions and I know the topics like Dora ESG will be a very hot topic um at knowledge um and you'll also be able to find us um roaming around Las Vegas so uh it would be uh great to catch up if you're there um and then on the 12th of June we have a walk through of the ESG uh man the ESG application Within now do we have any questions um no I don't think any specific it was very good engagement here during the uh the session here so thank you all for those of you who submitted uh the questions so um um I think um this is like an ongoing ongoing thing with with Dora and I think we're all sort of learning it together the community so obviously um you know feel free to to reach out to both me and and James when it comes to these areas right James and um I'm sure that you know as we learn more as we go along here in various customer projects and discussions and workshops Etc we'll make sure to also share the um knowledge with the with a with a broader group so um but yeah super cool then um hope to see exctly and also and also for those that um joined in late um we will release a recording of this session so you will be able to to follow it or be able to to rewatch it later on I think from from both of us and thank you for for joining and hope you have a great day excellent thank you everyone thanks for joining