Monday, January 24, 2011

Functions and Processes In Service Design P5

IT Service Continuity Management

Introduction


  • The goal of IT Service Continuity Management (ITSCM) is to support the overall business continuity process by ensuring that the required IT technical and service facilities (including computer systems, networks, applications, data repositories, telecommunications, environment, technical support and service desk etc.) can be resumed within required and agreed business timescales.



  • Objectives include:



    • Maintaining a set of continuity plans and recovery plans.



    • Performing regular Business Impact Analysis (BIA).



    • Conducting regular risk estimates and management exercises.



    • Provide advice and guidance to all other area of the business and IT on all continuity and recovery-related issues.



    • Ensuring that the appropriate continuity and recovery mechanisms are put in place to meet or exceed the agreed business continuity targets.



  • Objectives include:



    • Assessing the impact of all changes on the continuity and recovery plans.



    • Implementing proactive measures to improve the availability of services (where cost-justifiable to do so).



    • Negotiating agreements with IT service providers in relation to the required recovery capability to support continuity plans.



  • Scope



    • ITSCM focuses on those events that the business considers a disaster.



    • The incident management process handles less significant events.



    • ITSCM primarily considers the IT assets and configurations that support the business processes.



    • ITSCM cover:



      • Agreements on ITSCM’s scope.



      • A business impact analysis to quantify the impact of disasters.



  • Scope



    • ITSCM cover:



      • Risk Analysis (RA) –risk identification and risk assessment to identify potential threats to continuity and the likelihood of the threats becoming reality.



      • Creating an overall ITSCM strategy that must be integrated into the business continuity management strategy.



      • Creating continuity plans.



      • Testing the plans.



      • Ongoing operation and maintenance of the plans.



  • Value for the business



    • ITSCM has a valuable role in supporting the business continuity planning process.



    • Organizations often use it to create awareness of continuity and recovery requirements and justify their decision to implement the process of business continuity planning (including plans).

Activities, methods and techniques


  • ITSCM is a cyclic process. It keeps the developed service continuity plans and recovery plans in line with the business continuity plans as these are updated.





  • The process consists of four phases (Figure 10.8):



    • 1.Initiation



      • Defining the policy.



      • Specifying terms of reference and scope.



      • Allocating resources (people, resources and funds).



      • Defining the project organization and control structure.



      • Agree project and quality plans.



    • 2.Requirements and strategy



      • Determining the business requirements for ITSCM is vital when investigating how well an organization can survive a disaster.



  • The process consists of four phases (Figure 10.8):



    • 2.Requirements and strategy



      • This phase includes requirementsand strategy. The requirements involve undertaking a business impact analysis and risk analysis:



      • Requirement 1: Business Impact Analysis



      • Purpose is to quantify the impact caused by the loss of service.



      • If the impact can be determined in detail, it is called “hard impact”. E.g. Financial losses
      • “Soft impact” is less easily determined. It represents the impact on public relations, morale and health.



      • BIA identifies the most important services for the organization and as such provides important input for the strategy.



  • The process consists of four phases (Figure 10.8):



      2.Requirements and strategy




              • This phase includes requirementsand strategy. The requirements involve undertaking a business impact analysis and risk analysis:



              • Requirement 1: Business Impact Analysis



              • The analysis identifies:



              • Type of damage or loss (e.g. income, reputation).



              • How the damage could escalate.



              • The required competencies, facilities and services to continue important processes.



              • The timeframe within which partial (the most vital processes) and full recovery must occur.



              • Determination of recovery periods for every individual service.



          • The process consists of four phases (Figure 10.8):



            • 2.Requirements and strategy



              • This phase includes requirementsand strategy. The requirements involve undertaking a business impact analysis and risk analysis:



              • Requirement 2: Risk estimate



              • Risk analysis is an assessment of risks that may give rise to service disruption or security violation.



              • Risk management identifies the response and cost-justifiable counter-measures that can be taken.



              • A standard method like Management of Risk (M_o_R) can be used to investigate and manage the risks.



          • The process consists of four phases (Figure 10.8):



            • 2.Requirements and strategy



              • This phase includes requirementsand strategy. The requirements involve undertaking a business impact analysis and risk analysis:
              • Requirement 2: Risk estimate



              • This method consists of:



              • M_o_R principles.



              • M_o_R approach (organization approach).



              • M_o_R processes (identification, assessment, planning, implementation).



              • M_o_R embedding and review



              • Communication (up-to-date and adequate information provision).



          • The process consists of four phases (Figure 10.8):



            • 2.Requirements and strategy



              • This phase includes requirementsand strategy. The requirements involve undertaking a business impact analysis and risk analysis:



              • Strategy 1: Risk response measures



              • Measures to reduce risks must be implemented in combination with availability management since failure reduction has an impact on service availability.



              • Measures may include: fault tolerant systems, good IT security controls, and off site storage.



          • The process consists of four phases (Figure 10.8):



            • 2.Requirements and strategy



              • This phase includes requirementsand strategy. The requirements involve undertaking a business impact analysis and risk analysis:



              • Strategy 2: ITSCM recovery options



              • The continuity strategy is a balance between the cost of risks reduction measures and recovery options to support the recovery of critical business processes within agreed timescales.



              • A number of recovery options are possible:



              • Manual workarounds : temporary manual solution for a limited period of time.



              • Reciprocal arrangements: support agreements between parties with similar infrastructures .



            • The process consists of four phases (Figure 10.8):



              • 2.Requirements and strategy



                • This phase includes requirementsand strategy. The requirements involve undertaking a business impact analysis and risk analysis:



                • Strategy 2: ITSCM recovery options



                • A number of recovery options are possible:



                • Gradual recovery (or cold standby): method that makes basic facilities such as accommodation and computer space available at limited costs within several days.



                • Intermediate recovery (warm standby): recovery within two to three days, generally based on a prepared facility that is often shared with several other parties.



            • The process consists of four phases (Figure 10.8):



              • 2.Requirements and strategy



              • This phase includes requirementsand strategy. The requirements involve undertaking a business impact analysis and risk analysis:



                • Strategy 2: ITSCM recovery options



                • A number of recovery options are possible:



                • Fast recovery (hot standby): recovery within 24 hours that focuses on the main services, involving e.g. shadow sites that can be operational very quickly and with very low data loss.



                • Immediate recovery (also hot standby): option for the immediate recovery of mainly business-critical services with the aid of mirroringtechniques, dual sites, and other redundancy solutions; no data loss involved.



            • The process consists of four phases (Figure 10.8):



              • 3.Implementation



                • The ITSCM plans can be created once the strategy is approved.



                • Set this up around a senior manager generally in charge with a coordinator below them and the recovery teams below that.



                • Test the plans in full, e.g. using the following test types:



                • Walkthrough tests.



                • Full tests.



                • Partial test (e.g. a single service or server).



                • Scenario test (testing for specific responses/scenarios).



            • The process consists of four phases (Figure 10.8):



              • 4.Ongoing operation



                • Education, awareness and training of personnel.



                • Review.



                • Testing.



                • Change management (ensures that all changes have been assessed for their potential impact).



                • Ultimate test (invocation).



            • Information management



                Record all of the information that is required to maintain the ITSCM plans.
                Align the plan with the BCM (Business Continuity Management) information. Contain information about:




                        • The most recent version of the BCM strategy and business impact analysis.



                        • Risks within a risk register including, risk assessment and possible responses to these.



                        • Executed and planned tests.



                        • Details of the ITSCM and related plans.



                    • Information management



                      • Contain information about:



                        • Existing recovery facilities, suppliers, partners and agreements.



                        • Details on backup and restore processes.

                    Interfaces


                    • Metrics
                        • ITSCM’s success can be measured by the following KPIs
                        • The outcome of regular audits of the ITSCM plans.

                        • The extent to which service recovery targets are agreed and documented in the SLA.

                        • The test results of the ITSCM plans.

                        • The regular review of the ITSCM plans.

                      Implementation

                      • The following challengesapply for ITSCM:

                        • Providing continuity plans when there is no BCM process.

                        • If there is a BCM process, the challenge is to integrate the ITSCM plan with it and keep it that way.

                      • The successof ITSCM is influenced strongly by the question whether:

                        • Services can be delivered and restored in accordance with the customer’s objectives.

                        • The entire organization is aware of the BCM and ITSCM plans.

                      • Its risksinclude:

                        • Lack of commitment from the business and management.

                        • Lack of resources and budget.

                        • Excessive focus on technology and not on services and the customer’s needs.

                        • Risk investigation and management are executed in isolation, not in collaboration with availability management and security management.
                    Source by : OGC
                    Posted by at
                    Labels:

                    No comments:

                    Post a Comment

                    Subscribe to: Post Comments (Atom)