Deliver, Service and Support (DSS) Domain

COBIT 2019 Foundation: Deliver, Service and Support (DSS) Domain Overview - Complete Guide

Understanding the Deliver, Service and Support (DSS) Domain

Why Is the DSS Domain Important?

The Deliver, Service and Support (DSS) domain is one of the most critical components of COBIT 2019 because it directly addresses how organizations actually deliver IT services to their customers and stakeholders. While other domains focus on planning and strategy, the DSS domain is where the rubber meets the road – it's about ensuring that IT services are provided efficiently, reliably, and at the expected quality level.

Organizations today depend on IT services for almost every business function. The DSS domain ensures that these services are:

• Delivered on time and within budget
• Maintained at high quality throughout their lifecycle
• Supported effectively to minimize downtime and disruptions
• Aligned with business needs and customer expectations

Without proper governance of service delivery and support, organizations risk service interruptions, poor user experiences, security breaches, and ultimately, damage to their business reputation and bottom line.

What Is the DSS Domain?

The DSS Domain comprises six governance and management objectives that collectively ensure IT services are delivered, maintained, and supported in a way that meets business requirements and customer expectations. This domain is fundamentally about operational excellence and service quality.

The DSS domain includes the following six core objectives:

1. DSS01 – Manage Operations: Focuses on executing and monitoring IT operations to ensure continuous service delivery
2. DSS02 – Manage Service Requests and Incidents: Handles user requests, problem resolution, and incident management
3. DSS03 – Manage Problems: Identifies root causes of issues and implements permanent solutions
4. DSS04 – Manage Continuity: Ensures business continuity and disaster recovery planning and execution
5. DSS05 – Manage Security Services: Protects IT resources and information from unauthorized access and threats
6. DSS06 – Manage Business Process Controls: Monitors and controls business processes supported by IT systems

Together, these objectives create a comprehensive framework for managing the entire lifecycle of IT service delivery.

How Does the DSS Domain Work?

The DSS domain operates through a cyclical process that continuously monitors, improves, and adapts IT service delivery. Here's how it works:

1. Service Planning and Preparation

Before services are delivered, the organization must:

• Define what services will be delivered and at what level of quality
• Establish Service Level Agreements (SLAs) that specify performance expectations
• Allocate necessary resources (people, technology, budget)
• Create operational procedures and work instructions

2. Active Service Delivery

During daily operations, DSS objectives ensure:

• Continuous monitoring of service performance and user satisfaction
• Rapid incident response to minimize service disruptions
• Effective resource management to maintain service quality while controlling costs
• Security controls to protect data and systems from threats

3. Support and Maintenance

The organization provides ongoing support through:

• Help desk services for user requests and technical issues
• Problem management to identify and fix recurring issues
• Change management to implement improvements safely
• Preventive maintenance to avoid future problems

4. Monitoring and Optimization

Continuous improvement happens through:

• Performance measurement against SLAs and KPIs
• Root cause analysis of problems and failures
• Incident and problem trending to identify patterns
• Stakeholder feedback and satisfaction surveys
• Regular optimization of processes and procedures

5. Business Continuity Assurance

Critical to the DSS domain is ensuring:

• Backup and recovery procedures are in place and tested
• Disaster recovery plans minimize impact of major incidents
• Security measures prevent or quickly respond to breaches
• Business process controls maintain data integrity and compliance

Detailed Look at Each DSS Objective

DSS01 – Manage Operations

This objective focuses on day-to-day IT operations. Key activities include:

• Executing scheduled tasks and jobs
• Monitoring system performance and resource utilization
• Managing data backups and storage
• Maintaining IT infrastructure equipment
• Documenting operational procedures

DSS02 – Manage Service Requests and Incidents

This objective addresses user-facing service issues. Key activities include:

• Receiving and logging service requests from users
• Categorizing and prioritizing incidents
• Assigning incidents to appropriate support teams
• Tracking resolution and follow-up
• Measuring incident resolution time and customer satisfaction

DSS03 – Manage Problems

This objective goes beyond incident management to address root causes. Key activities include:

• Investigating recurring incidents
• Identifying underlying root causes
• Implementing permanent solutions (versus temporary fixes)
• Tracking problem status and resolution
• Preventing recurrence of known problems

DSS04 – Manage Continuity

This objective ensures the organization can survive and recover from major disruptions. Key activities include:

• Creating and maintaining business continuity plans
• Testing disaster recovery procedures
• Maintaining backup systems and data
• Defining recovery time and recovery point objectives
• Communicating recovery procedures to stakeholders

DSS05 – Manage Security Services

This objective protects IT resources and information. Key activities include:

• Implementing access controls and authentication
• Monitoring for security threats and incidents
• Responding to security breaches
• Managing encryption and data protection
• Maintaining security awareness and training

DSS06 – Manage Business Process Controls

This objective ensures business processes work correctly. Key activities include:

• Defining control procedures within business processes
• Monitoring control effectiveness
• Detecting and correcting process errors
• Ensuring data accuracy and completeness
• Supporting regulatory and compliance requirements

Key Relationships and Dependencies

The DSS domain does not work in isolation. It depends on:

• EDM (Evaluate, Direct, and Monitor): Provides governance oversight of service delivery
• APO (Align, Plan, and Organize): Provides the planning and strategy for service delivery
• BAI (Build, Acquire, and Implement): Provides the systems and infrastructure that DSS manages
• MEA (Monitor, Evaluate, and Assess): Measures and reports on DSS performance

This interconnectedness means that exam questions on DSS often require understanding how it connects to other domains.

How to Answer Questions Regarding the DSS Domain in an Exam

Understanding the Question Structure

DSS exam questions typically follow these patterns:

• Scenario-based questions: Present a service delivery situation and ask what should be done
• Matching questions: Link activities to the correct DSS objective
• Multiple-choice questions: Test knowledge of specific concepts and processes
• Process flow questions: Ask about the correct sequence of steps in a process
• Role and responsibility questions: Ask who should perform specific activities

Step-by-Step Approach to Answering

Step 1: Identify the Context

First, determine what type of situation is described:

• Is this about routine operations? → Think DSS01
• Is this about a user problem or request? → Think DSS02
• Is this about fixing recurring issues? → Think DSS03
• Is this about recovery from major outages? → Think DSS04
• Is this about protecting data and systems? → Think DSS05
• Is this about business process controls and errors? → Think DSS06

Step 2: Consider the Activity Level

Determine whether the question is about:

• Strategic/governance decisions: Usually related to EDM or APO domains, but may provide context for DSS
• Tactical/management decisions: This is where most DSS decisions fall
• Operational/execution decisions: What people actually do day-to-day to implement DSS

Step 3: Think About Lifecycle Phase

Consider where in the service lifecycle the question is situated:

• Planning phase: Before service delivery begins
• Execution phase: During active service delivery
• Support phase: Ongoing user support and problem resolution
• Improvement phase: Analyzing what happened and improving for the future

Step 4: Identify Objectives vs. Processes

Remember that DSS is about objectives, not rigid processes. In COBIT 2019:

• Organizations can achieve objectives in different ways
• The specific processes and activities may vary
• What matters is that the objective is achieved effectively
• Questions test whether you understand the purpose of each objective, not just memorize steps

Exam Tips: Answering Questions on Deliver, Service and Support (DSS) Domain

Tip 1: Remember the DSS Domain is About Service Quality and Business Alignment

The core theme of DSS is: Are IT services being delivered to meet business needs, on time, within budget, at expected quality? If an exam question seems to be asking about service delivery, service quality, incident resolution, or business continuity, you're likely dealing with a DSS question.

Tip 2: Don't Confuse Service Request Management (DSS02) with Problem Management (DSS03)

This is a very common source of confusion in exams:

• DSS02 is about handling individual user requests and incidents – it's reactive, focused on getting users back to work quickly
• DSS03 is about finding why problems keep happening – it's proactive, focused on preventing recurrence

If the question mentions a single incident or urgent user issue → DSS02

If the question mentions same problem happened 5 times this month or need to find root cause → DSS03

Tip 3: Understand the Difference Between DSS04 (Continuity) and DSS05 (Security)

While these can overlap, the focus is different:

• DSS04 focuses on availability and recovery from all types of failures (hardware failure, natural disaster, human error, etc.)
• DSS05 focuses specifically on protection from intentional threats (hacking, malware, unauthorized access, etc.)

If the question is about recovering from hardware failure, disaster, or major outage → DSS04

If the question is about preventing or responding to security breaches or attacks → DSS05

Tip 4: Watch for Keywords That Point to Specific Objectives

Learn these key terms associated with each objective:

• DSS01: Execution, scheduling, operations, resource utilization, data backup, infrastructure maintenance
• DSS02: Service request, incident, help desk, ticket, resolution, urgency, priority, user satisfaction
• DSS03: Root cause, problem record, permanent solution, recurring incident, trend analysis
• DSS04: Business continuity plan, disaster recovery, backup, recovery time objective (RTO), recovery point objective (RPO), resilience
• DSS05: Access control, authentication, confidentiality, integrity, threat, breach, encryption, security incident
• DSS06: Control procedure, control testing, data accuracy, compliance, audit, control violation, error detection

Tip 5: Think About the Who, What, When, and Why

When analyzing a DSS question, ask yourself:

• Who is involved? (Help desk, operations team, security team, business process owner?)
• What is happening? (Delivery, support, problem-solving, recovery, protection?)
• When does this happen? (During normal operations, during an incident, after recurring problems?)
• Why is this important? (Business need, compliance requirement, risk mitigation?)

Tip 6: Recognize Scenario-Based Questions

Many exam questions present scenarios. When you encounter a scenario:

1. Read through the entire scenario first without trying to answer
2. Identify what business problem or objective is being described
3. Look for keywords that point to specific DSS objectives
4. Eliminate obvious wrong answers – they usually relate to a completely different domain
5. Among remaining options, choose the one that most directly addresses the business problem

Example: A company's accounting system experienced an unplanned outage for 3 hours, preventing invoice processing. The company wants to ensure this doesn't happen again. What should they do?

Keywords: "unplanned outage," "prevent recurrence"

This points to DSS04 (continuity planning) or possibly DSS03 (problem management). The emphasis on preventing future incidents makes DSS04 the better answer – they need backup systems and disaster recovery.

Tip 7: Understand Governance vs. Management

In COBIT 2019 terminology:

• Governance objectives ask: "Are we doing the right things?"
• Management objectives ask: "Are we doing things right?"

All DSS objectives are management objectives. They're about executing and managing service delivery. When an exam question talks about DSS, it's usually asking about how to properly execute service delivery, not whether to provide services at all.

Tip 8: Distinguish Between Objectives and Processes

COBIT 2019 emphasizes objectives rather than rigid processes:

• Don't look for the way to do something – look for the objective that needs to be achieved
• Different organizations may achieve DSS objectives differently based on size, industry, and context
• Exam questions test whether you understand the goal of each objective, not just one way to achieve it

Tip 9: Look for Questions About Monitoring and Measurement

Each DSS objective includes monitoring and measurement activities. Questions often ask:

• How should we know if services are being delivered properly? → Establish metrics/KPIs
• How should we measure incident resolution time? → Define and track SLA metrics
• How should we know if security controls are working? → Monitor control effectiveness

The answer often involves defining metrics, measuring against baselines, and reporting results.

Tip 10: Consider the Relationship to Other Domains

Many DSS questions include elements from other domains:

• Connection to APO (planning): Did we plan service delivery properly before executing it?
• Connection to BAI (acquisition): Are we using the systems that were built/acquired to deliver services?
• Connection to MEA (monitoring): Are we measuring service performance and reporting it?
• Connection to EDM (governance): Are we aligned with business strategy in how we deliver services?

If a question mentions planning or strategy related to service delivery, you might need to think about both the planning domain (APO) and the delivery domain (DSS).

Tip 11: Be Careful With Answer Options That Sound Right But Aren't

Exam answers often include "distractors" – options that sound plausible but miss the mark:

• Option might describe a task that's part of another objective
• Option might describe something that's related to the objective but isn't the core activity
• Option might describe a different domain entirely

Always ask: Is this answer directly addressing the objective in question, or is it describing something else?

Tip 12: Study the DSS Domain in Context of Service Lifecycle

To truly master DSS for the exam, understand how it fits into the complete service lifecycle:

• EDM: Decide we need IT services → set strategy
• APO: Plan what services we'll deliver → design service delivery
• BAI: Build/buy the systems that will deliver services
• DSS: Actually deliver those services day-to-day → support users → solve problems → ensure continuity
• MEA: Measure how well we're delivering → report results

Understanding this context helps you recognize why each DSS objective matters and what situations would trigger its activities.

Tip 13: Practice With Realistic Scenarios

The best way to prepare for DSS questions is to practice with realistic scenarios:

• A user can't access an application (DSS02)
• The same printer keeps jamming (DSS03)
• A data center catches fire (DSS04)
• Unauthorized access to customer data is detected (DSS05)
• Monthly reconciliation shows unexpected discrepancies (DSS06)

For each scenario, practice identifying which DSS objective is relevant and what appropriate actions would be.

Tip 14: Remember that DSS is About Continuous Improvement

DSS is not a static checklist. Questions often test whether you understand that good service delivery requires:

• Continuous monitoring of performance
• Regular review of incidents and problems
• Trend analysis to spot patterns
• Proactive improvements to prevent future issues
• Stakeholder feedback to understand satisfaction

If an answer option includes elements of measurement, analysis, and improvement, it's likely a strong answer for a DSS question.

Tip 15: Don't Overthink – Focus on the Core Purpose

Finally, remember that each DSS objective has a core purpose:

• DSS01: Execute operations
• DSS02: Handle user issues and requests
• DSS03: Fix root causes of recurring problems
• DSS04: Ensure business can recover from major disruptions
• DSS05: Protect information and systems from threats
• DSS06: Ensure business processes work correctly

When in doubt, choose the answer that most directly achieves one of these core purposes.

Summary and Key Takeaways

The Deliver, Service and Support (DSS) domain is fundamental to COBIT 2019 because it addresses how organizations actually deliver IT services that the business depends on. Mastering DSS requires understanding:

• The purpose of each of the six objectives
• The difference between operational activities (DSS01), user support (DSS02), problem-solving (DSS03), continuity planning (DSS04), security (DSS05), and control (DSS06)
• How DSS connects to planning, building, governance, and measurement
• That DSS emphasizes objectives and outcomes, not rigid procedures
• That good service delivery requires continuous monitoring and improvement

By understanding these concepts deeply and practicing with realistic scenarios, you'll be well-prepared to answer DSS questions correctly on your COBIT 2019 Foundation exam.