Service continuity management is a reactive and proactive process which involves contingency planning for recovery in case the Information and communication technology service is damaged or put out of action by a sudden disaster.
The main purpose of the IT service continuity management is to support the overall business continuity management process by making sure that the IT service provider is always capable of providing minimum levels of business continuity related service.
The objectives of IT service continuity management (ITSCM) are:
To provide advice and assistance on issues which are related to continuity and recovery
To maintain a set of plans on IT service continuity and IT recovery which are in support of the overall business continuity plans. They should also perform business impact analysis, risk analysis, and management activities on a regular basis.
To minimize the costs which cannot be eliminated
To make sure that suitable continuity mechanisms are installed which can meet or exceed the agreed upon targets of business continuity.
Analyze the impact which the changes have had on the IT service continuity plans.
Make sure that proactive measures are implemented wherever it is economical, which will increase the availability of services.
Perform negotiations and agree on contracts with the suppliers to provide the required recovery capability.
IT service continuity management supports the activities of the business continuity management process and focuses only on those events which are considered by the business to be a ‘disaster.’
Minor technical issues are not covered under this as they are addressed through the incident management process. Availability management also addresses these minor issues in the design of services for availability and recovery.
IT service continuity management usually does not address long-term risks such as changes in business direction, diversification, restructuring, directly. Instead, when there is time to evaluate the risk, it addresses them using an IT change management program.
The following benefits are provided by implementing Service Continuity Management:
In case of an accident or a disaster, the Information and communication technology (ICT) services can be restored in the appropriate order of importance to ensure that the most vital services are up and running soon.
The ready nature of the contingency plan allows us to save time and react quickly or recover quickly from an accident or a disaster.
The organization can be mentally prepared for a disaster as service continuity management allows us to project disaster scenarios beforehand.
There is a clear understanding of the importance of Information and communication technology (ICT) services and their rank
Business continuity plan (BCP)
A business continuity plan outlines and defines the steps which are needed to restore the business processes after they have been disrupted.
It also identifies the triggers for invocation, the people who need to be involved, communications, etc.
A significant part of Business Continuity Plans consists of IT service continuity plans.
Business continuity management (BCM)
The role of business continuity management is to manage risks which can have a serious impact on the business, bring them down to an acceptable level and plan for the recovery of business processes if a business disruption occurs.
Business impact analysis (BIA)
The main purpose of business impact analysis is to quantify the impact that loss of service would have on a business. It identifies the following:
The form which will be taken by the damage or loss
The way in which the degree of loss or damage is likely to increase following a service disruption.
The staff, skills, facilities, and services which are needed to make sure that the viral business processes continue to operate at minimum acceptable levels.
The time period within which the minimum levels of staff, facilities and services should be recovered.
The priority assigned to each business during recovery.
Service Continuity Management is a process which can evolve over time and not necessarily an end-to-end task which has to be finished in order to possess some value. Service continuity management has to be developed over time. The steps taken to implement service continuity management in an organization are:
Step 1: Identify services and assets
Firstly, all the services and assets in our possession need to be identified. Assets are the main component of services.
Services and assets can be any of the following:
|Word Processing||Computer, software|
|Internet||Computer, LAN, WAN, ISP|
|Data storage||Server, Hard disk|
|Technical Support||Procedures. Staff|
This information is gathered in the Framework for ICT Technical Support (FITS) processes.
FITS Service Level Management should be implemented in order to understand the criticality of the services in possession.
FITS Configuration Management should be implemented in order to get an idea about the main assets.
Step 2: Identify risks and threats
Once the services and assets have been identified, the risks and threats should be identified.
What can happen to the services and assets are categorized as risks and the causes which make it happen are categorized as threats.
|Loss of internal ICT services/assets||Fire, power failure, power surge, virus, accidental damage|
|Loss of external ICT services||Overload of external communication links, bankruptcy.|
|Loss of data||Technical failure, virus, human error, accidental damage|
|Unavailability of key technical and support staff||Sickness, transportation problems, resignation|
|Failure of service providers||Bankruptcy, loss of service provider’s own data|
Step 3: Make contingency plans
Contingency plans are similar to insurance policies.
They can be simple & cost effective and can cover minor risks, or they can be complicated & expensive and cover major risks.
The type of contingency plan which should be implemented depends on the level of risk which the company is taking.
These plans involve prioritizing the services to be restored first, creating backups and storing them on-site and off-site.
Step 4: Document the recovery plan
The recovery plan should be documented properly to ensure that all the essential information is present in it.
This plan should be circulated among the key staff, who should be kept up to date regarding any changes in the plan.
A copy of the plan should be given to the recovery team as well.
Another copy of the recovery plan should be stored off-site to make it accessible in an emergency situation.
To set up and operate IT service continuity management, a lifecycle approach should be adopted. The stages of the lifecycle approach from the foundation for the IT service continuity management are:
The key activities in the initiation stage are:
Initiate a project
Requirements & strategy
The key activities in the requirements & strategy stage are:
Business impact analysis
IT service continuity strategy
The key activities in the implementation stage are:
Develop IT service continuity plans
Develop IT plans, recovery plans, and procedures
Risk reduction and recovery
The key activities in the ongoing operation stage are:
Education, awareness, and training
Review & audit
Service continuity manager
Handles the responsibility of service continuity
Owns the service continuity management process
Leads the service continuity recovery plan’s development
Invokes the service continuity recovery plan personally
Is a senior member of the ICT or technical support staff
Has no need to be technical
Should have an understanding of the ICT priorities of the users.
Should appoint someone else to cover during absence
Should not delegate responsibility
Service continuity recovery team
Is led by the service continuity manager
Participates in the testing and invocation of the service continuity recovery plan.
Includes the technical staff for technical procedures
Includes users for testing and during the actual invocation
Includes representatives from the departments for communication and coordination.
The challenges involved in IT service continuity management are:
Creating appropriate IT service continuity management plans when there is no overall business continuity management processes or plans.
The IT department has to educate the business to adopt the appropriate best practices the area.
If IT plans are developed without taking business plans into account, they may be inappropriate. In the event of a disaster, the blame for failure will be placed on the IT department.
The risks faced by IT service continuity management are:
Lack of a business continuity management process
Lack of commitment from the business to the IT service continuity management process.
Lack of appropriate information on the future plans and strategies of the business.
The plans of IT service continuity management can become outdated and misaligned with the information and plans of the business and business continuity management.
IT Service Continuity Management thus performs its role of providing advice and assistance on various continuity and recovery issues along with maintaining a set of plans on IT service continuity and IT recovery which support the overall business continuity plans. It helps to minimize the costs which cannot be eliminated and while ensuring that proactive measures are implemented wherever it is economical.