Service continuity management is a reactive and proactive process that involves contingency planning for recovery in case the information and communication technology service is damaged or put out of action by a sudden disaster. The main purpose of IT service continuity management is to support the overall business continuity management process by making sure that the IT service provider is always capable of providing minimum levels of business continuity-related service.
The Objective of IT Service Continuity Management
The objectives of IT service continuity management (ITSCM) are:
- To provide advice and assistance on issues which are related to continuity and recovery
- To maintain a set of plans on IT service continuity and IT recovery which are in support of the overall business continuity plans. They should also perform business impact analysis, risk analysis, and management activities on a regular basis.
- To minimize the costs which cannot be eliminated
- To make sure that suitable continuity mechanisms are installed which can meet or exceed the agreed-upon targets of business continuity
- Analyze the impact which the changes have had on the IT service continuity plans
- Make sure that proactive measures are implemented wherever it is economical, which will increase the availability of services
- Perform negotiations and agree on contracts with the suppliers to provide the required recovery capability
Scope of IT Service Continuity Management
IT service continuity management supports the activities of the business continuity management process and focuses only on those events which are considered by the business to be a ‘disaster.’
Minor technical issues are not covered under this as they are addressed through the incident management process. Availability management also addresses these minor issues in the design of services for availability and recovery.
IT service continuity management usually does not address long-term risks such as changes in business direction, diversification, restructuring, directly. Instead, when there is time to evaluate the risk, it addresses them using an IT change management program.
Value of IT Service Continuity Management
The following benefits are provided by implementing service continuity management:
- In case of an accident or a disaster, the information and communication technology (ICT) services can be restored in the appropriate order of importance to ensure that the most vital services are up and running soon.
- The ready nature of the contingency plan allows us to save time and react quickly or recover quickly from an accident or a disaster.
- The organization can be mentally prepared for a disaster as service continuity management allows us to project disaster scenarios beforehand.
- There is a clear understanding of the importance of information and communication technology (ICT) services and their rank.
Principles and Basic Concepts of IT Service Continuity Management
Business Continuity Plan (BCP)
- A business continuity plan outlines and defines the steps which are needed to restore the business processes after they have been disrupted.
- It also identifies the triggers for invocation, the people who need to be involved, communications, etc.
- A significant part of business continuity plans consists of IT service continuity plans.
Business Continuity Management (BCM)
The role of business continuity management is to manage risks that can have a serious impact on the business, bring them down to an acceptable level and plan for the recovery of business processes if a business disruption occurs.
Business Impact Analysis (BIA)
The main purpose of business impact analysis is to quantify the impact that loss of service would have on a business. It identifies the following:
- The form which will be taken by the damage or loss.
- The way in which the degree of loss or damage is likely to increase following a service disruption.
- The staff, skills, facilities, and services are needed to make sure that the viral business processes continue to operate at minimum acceptable levels.
- The time period within which the minimum levels of staff, facilities, and services should be recovered.
- The priority is assigned to each business during recovery.
Implementation Procedure of IT Service Continuity Management
Service continuity management is a process that can evolve over time and not necessarily an end-to-end task that has to be finished in order to possess some value. Service continuity management has to be developed over time. The steps taken to implement service continuity management in an organization are:
Step 1: Identify Services and Assets
- Firstly, all the services and assets in our possession need to be identified. Assets are the main component of services.
- Services and assets can be any of the following:
| Service | Assets |
|---|---|
| Printing | Printer |
| Word Processing | Computer, software |
| Internet | Computer, LAN, WAN, ISP |
| Data storage | Server, Hard disk |
| Technical Support | Procedures. Staff |
- This information is gathered in the Framework for ICT Technical Support (FITS) processes.
- FITS Service Level Management should be implemented in order to understand the criticality of the services in possession.
- FITS Configuration Management should be implemented in order to get an idea about the main assets.
Step 2: Identify Risks and Threats
- Once the services and assets have been identified, the risks and threats should be identified.
- What can happen to the services and assets are categorized as risks and the causes which make it happen are categorized as threats.
| Risks | Threats |
|---|---|
| Loss of internal ICT services/assets | Fire, power failure, power surge, virus, accidental damage |
| Loss of external ICT services | Overload of external communication links, bankruptcy. |
| Loss of data | Technical failure, virus, human error, accidental damage |
| Unavailability of key technical and support staff | Sickness, transportation problems, resignation |
| Failure of service providers | Bankruptcy, loss of service provider’s own data |
Step 3: Make Contingency Plans
- Contingency plans are similar to insurance policies.
- They can be simple & cost-effective and can cover minor risks, or they can be complicated & expensive and cover major risks.
- The type of contingency plan which should be implemented depends on the level of risk which the company is taking.
- These plans involve prioritizing the services to be restored first, creating backups, and storing them on-site and off-site.
Step 4: Document the Recovery Plan
- The recovery plan should be documented properly to ensure that all the essential information is present in it.
- This plan should be circulated among the key staff, who should be kept up to date regarding any changes in the plan.
- A copy of the plan should be given to the recovery team as well.
- Another copy of the recovery plan should be stored off-site to make it accessible in an emergency situation.
Process Activities of IT Service Continuity Management
To set up and operate IT service continuity management, a lifecycle approach should be adopted. The stages of the lifecycle approach from the foundation for the IT service continuity management are:
Initiation
The key activities in the initiation stage are:
- Policy setting
- Scope definition
- Initiate a project
Requirements & Strategy
The key activities in the requirements & strategy stage are:
- Business impact analysis
- Risk assessment
- IT service continuity strategy
Implementation
The key activities in the implementation stage are:
- Develop IT service continuity plans
- Develop IT plans, recovery plans, and procedures
- Organizational planning
- Risk reduction, and recovery
- Implementation
- Initial testing
Ongoing Operation
The key activities in the ongoing operation stage are:
- Education, awareness, and training
- Review & audit
- Testing
- Change management
Roles and Functions of IT Service Continuity Management
There are mainly two roles associated with IT service continuity management i.e service continuity manager and service continuity recovery team. Let’s understand the functions of both roles.
Service Continuity Manager
The service continuity manager will be responsible for the following:
- Handles the responsibility of service continuity
- Owns the service continuity management process
- Leads the service continuity recovery plan’s development
- Invokes the service continuity recovery plan personally
- Is a senior member of the ICT or technical support staff
- Has no need to be technical
- Should have an understanding of the ICT priorities of the users.
- They should appoint someone else to cover during the absence
- Should not delegate responsibility
Service Continuity Recovery Team
The service continuity recovery team will possess the following characteristics:
- Is led by the service continuity manager
- Participates in the testing and invocation of the service continuity recovery plan.
- Includes the technical staff for technical procedures
- The team includes users for testing and during the actual invocation
- Also includes representatives from the departments for communication and coordination
Challenges of IT Service Continuity Management
The challenges involved in IT service continuity management are:
- Creating appropriate IT service continuity management plans when there is no overall business continuity management processes or plans
- The IT department has to educate the business to adopt the appropriate best practices in the area
- If IT plans are developed without taking business plans into account, they may be inappropriate. In the event of a disaster, the blame for failure will be placed on the IT department
Risk of IT Service Continuity Management
The risks faced by IT service continuity management are:
- Lack of a business continuity management process
- A lack of commitment from the business to the IT service continuity management process
- Lack of appropriate information on the future plans and strategies of the business
- The plans of IT service continuity management can become outdated and misaligned with the information and plans of the business and business continuity management
Conclusion
IT Service Continuity Management thus performs its role of providing advice and assistance on various continuity and recovery issues along with maintaining a set of plans on IT service continuity and IT recovery which supports the overall business continuity plans. It helps to minimize the costs which cannot be eliminated while ensuring that proactive measures are implemented wherever it is economical. Learn about more such cost optimization and other best practices in IT service management with certifications like ITIL 4 Foundation certification, and take your service management career to newer and much more advanced professional expertise.
Know more about Service Management best practices through Invensis Learning’s IT Service Management certification training on ITIL 4 Course Online, SIAM Foundation, SIAM professional, VeriSM, etc.
