Continuity management is the process by which plans are put in place and managed to ensure that IT Services can recover and continue should a serious incident occur. It is not just about reactive measures, but also about proactive measures - reducing the risk of a disaster in the first instance.

Continuity management is so important that many organisations will not do business with IT service providers if contingency planning is not practiced within the service provider’s organisation. It is also a fact that many organisations that have been involved in a disaster where their contingency plan failed, ceased trading within 18 months following the disaster.

Continuity management is regarded as the recovery of the IT infrastructure used to deliver IT Services, but many businesses these days practice the much further reaching process of Business Continuity Planning (BCP), to ensure that the whole end-to-end business process can continue should a serious incident occur.

Continuity management involves the following basic steps:

· Prioritising the businesses to be recovered by conducting a Business Impact Analysis (BIA)

· Performing a Risk Assessment (aka Risk Analysis) for each of the IT Services to identify the assets, threats, vulnerabilities and countermeasures for each service.

· Evaluating the options for recovery

· Producing the Contingency Plan

· Testing, reviewing, and revising the plan on a regular basis

Continuity Management and Contingency Planning Information & Resources

A number of portals exist which offer guidance upon the topic of continuity management and contingency planning. For example: www.disasterrecoveryworld.com

Continuity Management and IT

Security Continuity Management (and contingency planning, business continuity and disaster recovery) is an integral part of IT security and risk analysis. Inadequate contingency planning is regarded as a risk to the business, and is often overlooked until it is too late, when a security or other breach results in the loss of supporting IT systems. This is a complex area, but fortunately a methodology and tool has evolved to greatly simplify it. The COBRA system emerged to counter the problems encountered through the use of older, less dynamic systems and approaches. It greatly reduces reliance upon external expertise, being equipped with significant knowledge within its 'knowledge bases'.

Support business continuity management functions by ensuring that IT services can be recovered in the event of a major business disruption within required timescales.

Achieve the process mission by implementing:

• ITIL-aligned IT Service Continuity Management policies, processes and procedures

• Dedicated IT Service Continuity Management Process Owner

• Holistic recovery of IT services to ensure business services are recovered versus technologies

• Alignment of IT service recovery plans with Vital Business Functions

• Actions to ensure Operational Level Agreements and Underpinning Contracts with IT suppliers will support recovery services

• Periodic testing and audits of IT service continuity plans

• Communications for IT service recovery needs and requirements across the IT organization

• Staff awareness and education on IT service continuity actions to be taken in the event of a major business disruption

The Critical Success Factors (CSFs) are:

• Ensuring IT Service Recovery Within Agreed Timescales

The key activities for this process are:

• Define scope of IT Service Continuity Management

• Conduct Business Impact Analysis

• Conduct IT Risk Assessment.

• Define IT Service Continuity Strategy in line with Business Continuity strategy

• Perform IT Service Continuity organization and implementation planning activities

• Implement standby arrangements and risk reduction measures

• Develop IT recovery plans and procedures

• Perform Testing of IT recovery plans and procedures

• Review and audit IT recovery plans and procedures

• Perform IT Service Continuity educational training and awareness activities

• Assess impact of IT changes on IT Service Continuity plans and processes

• Validate ongoing ability of IT Service Continuity strategies to meet business requirements

• Provide management information about IT Service Continuity Management quality and operations

Examples of Key Process Performance Indicators (KPIs) are shown in the list below. Each one is mapped to a Critical Success Factor (CSF).

• Percentage of Vital Business Functions covered by IT Service Continuity Plans

• Percentage of Vital Business Functions covered by annual IT Continuity tests

• Number of annual IT Service Continuity Plan testing failures

• Number of 3rd party recovery support contracts not agreed

• Number of audits performed on IT Service Continuity Plan

• Number of business issues logged against IT Service Continuity.

---------------------

Page locked due to vandalism. Please contact us if you wish to edit.