Service Desk Ops
Overview
Service Desk Ops is Sensedia's specialized service for end-to-end management of regulatory tickets submitted to the Service Desks of the Central Bank of Brazil (Bacen) and Susep. When an institution participating in the Open Finance or Open Insurance ecosystem receives an incident from another institution or from the regulator itself, it has a strict deadline to respond — and the quality of that response directly impacts its reputation and regulatory compliance.
Service Desk Ops takes over this operation with technical structure, regulated SLA (as per the current Normative Instruction), and a consolidated view of all critical Open operation indicators.
Problem it solves: without a dedicated operation, regulatory tickets are scattered across the institution's technology, compliance, and business teams — with no clear owner, no SLA control, and no executive visibility. This increases the risk of regulatory non-compliance and penalties for late or inadequate responses.
Operating Model
Service Desk Ops operates proactively and reactively across five sequential phases, forming the Playbook for regulatory ticket management:
- Receipt and Classification — Ticket intake and triage in the regulatory Service Desk.
- Technical Analysis and Routing — Response structuring and correct team assignment.
- Resolution and Mitigation — Technical resolution within regulatory deadlines.
- Monitoring and Governance — Continuous control of the regulatory operation via dashboards.
- Insights and Operational Evolution — Turning incidents into learning and continuous improvement.
Scope Items and Deliverables
1. Ticket Management and Triage
Every ticket submitted against the institution in Bacen or Susep's Service Desk goes through Sensedia's specialized triage:
- Technical ticket classification: initial analysis of the incident, identification of the regulatory context, and assessment of its impact on the institution's Open operation.
- SLA assessment: mapping of the applicable regulatory deadline (e.g., 16 business hours for initial triage) and priority assignment.
- Scope validation: identification of which layer is responsible for the failure — API Gateway (Sensedia), client backend, or journey/consent issue.
- Priority assignment: criticality classification based on regulatory impact and available response time.
- Attendance flow formalization: structured ticket registration, evidence organization, and definition of involved parties.
How Sensedia helps: specialized triage, SLA assessment, and structured prioritization from the first contact with the ticket.
2. N2 / N3 Escalation
After triage, the ticket follows a structured escalation flow based on the nature of the problem:
- N2 Escalation: when the problem involves the client's backend or applications (front-end, business rules, legacy system integration). Sensedia identifies the issue, documents the technical context, and escalates clearly to the client's team.
- N3 Escalation: when the problem lies at the Sensedia platform layer (API Gateway, Authorization Server, Consent Engine). Sensedia takes direct ownership of the resolution.
- Structured technical bridge: Sensedia acts as the intermediary between the client and the regulator, organizing evidence, structuring communication, and ensuring full traceability of the flow.
- Responsibility control: clear definition of who is responsible for each action at each step, preventing gaps that result in response delays.
How Sensedia helps: structured technical bridge, evidence organization, and responsibility control throughout the flow.
3. SLA and Regulatory Governance
SLA control is critical in the regulatory context. A delayed response can generate regulatory findings and penalties:
- Response and resolution SLA monitoring: continuous tracking of deadlines for each open ticket, with preventive alerts when deadlines are approaching.
- Criticality control: dynamic classification of tickets based on regulatory urgency and operational impact.
- Active monitoring: unified view of all open, in-progress, and closed tickets, with updated status.
- Structured communication: standardized communication templates and flows between Sensedia, the client, and the regulator — ensuring professionalism and traceability.
How Sensedia helps: active monitoring, SLA control, and structured communication across all tickets.
4. Monitoring and Indicators
The regulatory operation needs continuous visibility to identify patterns and act proactively:
- Operation dashboards (e.g., Amazon QuickSight): real-time monitoring of open tickets, SLA compliance vs. violations, average response time, and incident type distribution.
- Recurrence analysis: identification of tickets that repeat with the same root cause, signaling structural issues in the operation.
- Criticality control: executive-level view of the current state of the regulatory operation, classified by severity.
- Executive reports: consolidated reports for institution leadership, covering the health of the Open operation and the main open risks.
How Sensedia helps: executive reports, recurring checkpoints, and consolidated operational view.
5. Checkpoints and Reports
Operation governance is sustained by monitoring rituals:
- Recurring checkpoint meetings: periodic meetings between Sensedia and the client's team to review open tickets, SLA, priorities, and risks.
- Consolidated reports with executive view: periodic reports with regulatory operation KPIs, trends, and recommended actions.
- Evidence organization: curation and structuring of logs, screenshots, and payloads for use in audits and regulator responses.
6. Insights and Continuous Improvement
Every resolved ticket is a source of learning to strengthen the operation:
- Root Cause Analysis (RCA): detailed diagnosis of recurring incidents, identifying where in the technical or regulatory chain the root of the problem lies.
- Structural pattern identification: cross-ticket analysis to discover systemic failures that need to be addressed in the product, integration, or internal processes.
- Improvement plan: prioritized recommendations to eliminate root causes of recurring tickets and elevate operational maturity.
- Recurrence reduction: implementation of improvements that reduce new ticket volume on the same topics, improving the institution's regulatory indicators.
How Sensedia helps: strategic recommendations and data-driven operational evolution.
Expected Outcomes
- Reduced regulatory and reputational risk through structured ticket management
- Faster, more complete, and well-documented responses to the regulator
- Greater operational predictability with clear SLA and criticality control
- Consolidated executive view of the Open operation health
- Growing operational maturity through root cause analysis and continuous improvement
RACI — Service Desk Ops
Legend: R = Responsible | A = Accountable | C = Consulted | I = Informed
Ticket Management
| Activity / Deliverable | Sensedia | Client | Premise / Exclusion |
|---|---|---|---|
| Ticket Triage and Classification (Bacen/Susep) | R/A | I | Technical analysis performed on the support platform. |
| Client Front-end or Backend Application Fixes | I | R/A | Issues identified by Sensedia are escalated to the client's N2/N3 team. |
| Access to Tools and Dashboards | C | R/A | Premise: client must grant access to tools, reports, and environments needed for technical analysis. |
SLA and Performance
| Activity / Deliverable | Sensedia | Client | Premise / Exclusion |
|---|---|---|---|
| Response and Resolution SLA Monitoring | R/A | C | 16 business-hour SLA for triage as per current Normative Instruction. |
| Backend Log and Evidence Provision | C | R/A | Premise: client must provide logs and evidence for technical analysis of the backend layer. |
| Technical RCA (Root Cause Analysis) | C | R/A | Focused on the API/Open layer (Sensedia); backend root cause analysis is the client's responsibility. |
Interoperability
| Activity / Deliverable | Sensedia | Client | Premise / Exclusion |
|---|---|---|---|
| Ticket Submission in Regulator's Service Desk | R/A | I | Sensedia acts on behalf of the client within the regulatory ecosystem. |
| Certificate and Access Key Provision | I | R/A | Exclusion: administrative access and credential management is the client's responsibility. |
Did this page help you?