The Process responsible for managing Risks that could seriously impact IT Services. ITSCM ensures that the IT Service Provider can always provide minimum agreed Service Levels, by reducing the Risk to an acceptable level and Planning for the Recovery of IT Services. ITSCM should be designed to support Business Continuity Management.

Key Features

Critical Success Factor: IT Services Are Delivered and Can Be Recovered to Meet Business Objectives

Key Performance Indicators:

• regular audits of the IT Service Continuity (ITSC) Plan to ensure that, at all times, the agreed recovery requirements of the business can be achieved
• all service recovery targets are agreed and documented in SLAs and are achievable within the IT Service Continuity Plan
• regular and comprehensive ITSC Plan testing
• regular reviews are undertaken, at least annually, of the business and IT Continuity plans with the business areas
• negotiate and manage all necessary ITSC contracts with third party
• overall reduction in the risk and impact of possible failure of IT services.

Critical Success Factors:  Awareness Throughout the Organization of the Business and IT Service Continuity Plans.

Key Performance Indicators:

• ensure awareness of business impact, needs and requirements throughout IT
• ensure that all IT Service areas and staff are prepared and able to respond to an invocation of the IT Service Continuity Plans.
• regular communication of the IT Service Continuity objectives and responsibilities within the appropriate business and IT Service areas.

Getting Started

Goal:

The goal for ITSCM is to support the overall Business Continuity Management process by ensuring that the required IT technical and services facilities (including computer systems, networks, applications, telecommunications, technical support and Service Desk) can be recovered within required, and agreed, business timescales.

Activities:

Stage 1: Initiation

• Link with Business Continuity Plan
• Policy Setting
• Terms of reference and scope
• Allocate Resources

Stage 2: Requirements and Strategy

• Input from Availability Management and Security Management (Risk Assessment)
• Business Impact Analysis
• Discuss recovery options (link to SLM)

Stage 3: Implementation

• Write Continuity plans, including:
  • Emergency Response Plan
  • Damage Assessment Plan
  • Salvage Plan
  • Crisis Management and PR Plan
• Implement stand-by arrangements
• Implement Recovery options
• Test the Plans
• Develop and implement procedures and working instructions

Stage 4: Operational Management

• Link ITSCM to Change Management to keep plans and recovery options up to date
• IT Staff need to be aware and trained to use the plans
• Continuous improvement of the process through review and testing

Risk Analysis Technique

Risk Analysis and Management Method (CRAMM) method – a phased approach.

1. Identify components
2. Analyze the threats
3. Assess the vulnerabilities
4. Evaluate threats and vulnerabilities to provide an estimate of the risks.
5. The scope of the process should be considered when estimating the risks; in fact this is part of initiating the ITSCM process (Phase 1).