Goal: The primary goal of IT Service Continuity Management (ITSCM) is to support the overall Business Continuity Management practices of the organization by ensuring that the required IT Infrastructure, and the IT service provision, can be recovered within the required and agreed business time scales.
Other objectives include to:
* Maintain a set of IT Service Continuity Plans and IT recovery plans**
* Complete regular Business Impact Analysis (BIA) exercises
* Conduct regular Risk Analysis and Management
* Provide advice and guidance
* Ensure appropriate continuity and recovery mechanisms are in place
* Assess the impact of all changes on ITSCM plans and procedures
* Ensure that proactive measures to improve the recovery mechanisms for services are implemented
* Negotiate and agree on necessary contracts with suppliers (with Supplier Management).
** Often referred to as Disaster Recovery planning. **
The scope of ITSCM can be said to be focused on planning for, managing and recovering from “IT disasters”. These disasters are severe enough to have a critical impact on business operations and as a result will typically require a separate set of infrastructure and facilities to recover. Less significant events are dealt with as part of the Incident Management process in association with Availability Management.
The disaster does not necessarily need to be a fire, flood, pestilence or plague, but any disruption that causes a severe impact to one or more business processes. Accordingly, the scope of ITSCM should be carefully defined according to the organization’s needs, which may result in continuity planning and recovery mechanisms for some or all of the IT services being provided to the business.
There are longer-term business risks that are out of the scope of ITSCM, including those arising from changes in business direction, organizational restructures or emergence of new competitors in the market place. These are more the focus of processes such as Service Portfolio Management and Change Management.
So for general guidance, the recommended activities for any ITSCM implementation include:
* The agreement of the scope of the process and the policies adopted
* Business Impact Analysis (BIA) to quantify the impact a loss of IT service would have on the business
* Risk Analysis
* Production of an overall ITSCM strategy that must be integrated into the BCM strategy
* Production of ITSCM plans
* Testing of plans
* Ongoing education and awareness, operation and maintenance of plans.
NOT part of daily operational activities and requires a separate system. (Not necessarily a flood, fire etc. but may be due to a blackout or power problem and the SLAs are in danger of being breached).
Business Continuity Management:
Strategies and actions to take place to continue Business Processes in the case of a disaster. It is essential that the ITSCM strategy is integrated into and a subset of the BCM strategy.
Business Impact Analysis:
Quantifies the impact loss of IT service would have on the business.
Evaluate Assets, threats and vulnerabilities that exist to business processes, IT services, IT infrastructure and other assets.