Slide 1

IT Service Continuity Management

Slide 2

Goal – Primary Objective

• To support the overall Business Continuity management process by ensuring that the required IT technical services and facilities can be recovered within required and agreed business time-scales

Slide 3

Why Continuity Management

• Ensuring business survival by reducing the impact of a disaster or major failure

• Reducing the vulnerability and risk to the business by effective risk analysis and risk management

• Preventing the loss of Customer and User confidence• Producing IT recovery plans that are integrated with and fully

support the organisation’s overall Business Continuity Plan

Slide 4

Considerations

• IT Service Continuity options need to be understood and the most appropriate solution chosen in support of BCM requirements

• Roles and responsibilities need to be identified and supported from a senior level

• IT recovery plans and Business Continuity plans need to be aligned regularly reviewed, revised and tested

Slide 5

The Business Continuity Life-cycle Overview

• Stage 1 – Initiation► Initiate Business Continuity Manager

• Stage 2 – Requirements and Strategy• Stage 3 - Implementation• Stage 4 - Operational Management

Slide 6

Stage 2 – Requirements and Strategy

Business Impact Analysis

Identification of Critical Business Processes and Speed of Recovery

Risk Assessment and Methodology

Threats to Assets

CRAMM – CCTA’s Risk Analysis Management Methodology

(Central Computer and Telecommunications Agency)

Business Continuity Strategy

Based on Top Risks

Slide 7

Risk Analysis (CRAMM)

ANALYSIS

Assets Threats Vulnerabilities

MANAGEMENT

Risks

Countermeasures

Slide 8

Risk Analysis

• Asset Categorise and RANK 1-10► Hardware► Software► People► Buildings etc.

• Threat List and RANK 1-3• Vulnerability against Assets Matrix RANK 1-3

Risk = Asset * Threats * Vulnerability

Slide 9

IT Recovery Options

• Do nothing• Manual back-up – revert to pen and paper• Reciprocal arrangements with another company• Gradual recovery - Cold Standby• Intermediate recovery - Warm Standby• Immediate recovery - Hot Standby

Slide 10

Gradual Recovery – COLD standby

• Time to recovery > 72hrs• Empty Computer space

► Remote► Portable

• Nothing in the rooms• Requires contracts / procedures in place to set up

Slide 11

Intermediate Recovery – WARM standby

• Time to recovery 24hrs to 72hrs• Filled Computer space

► Remote► Portable

• Networked Computers but with NO Data

Slide 12

Immediate Recovery – HOT standby

• Time to recovery “within the working day” 0hrs to 8hrs• Filled Computer Space

► Remote► Portable

• Networked Computers with Data (but not necessarily up to date)

Slide 13

Benefits of Continuity Management

• Management of risk and the consequent reduction of the impact of failure

• Fulfilment of regulatory requirements• Potentially lower insurance premiums• A more business focussed approach to IT continuity and

recovery• Reduced business disruption during an incident• Increased customer confidence and organisational credibility

Slide 14

Exam Tips

• Know the Disaster Recovery options

ISCM

Slide 15

Exam Questions

• In relation to IT Service Continuity Planning, the severity of a disaster depends upon:

A The time of day it occurs

B How many people are available to assist in recovery

C The type of disaster, whether flood, fire etc

D The impact (EFFECT) upon customers’ businesses

Slide 16

Exam Questions

• Consider the following statements about IT Service Continuity Planning:

1 The intermediate recovery external option offers a remote installation, fully equipped with all the required hardware, software, communications and environmental control equipment

2 The intermediate recovery external option is often shared between multiple customers and in the event of a disaster may not be available due to over-subscription

A BothB NeitherC Only 1D Only 2

Slide 17

Exam Questions

• Your organisation has just entered into a Gradual Recovery (Cold Standby) IT service Continuity Agreement. Within the ITIL definition, which of the following lists is INCORRECT for what you could find at the contingency site?

A A building, electricity, telecommunications equipment, office space for technical staff

B Stand-by generator, telecommunications equipment, system manuals, support staff, water

C A building, telecommunications equipment, a computer, support staff, documentation

D A building, electricity, water, support staff, system manuals

Slide 18

Exam Questions

• Which of the following would you NOT expect to see in an IT Service Continuity Plan?

A Contact lists

B The version number

C Reference to change control procedures

D Full Service Level Agreements (SLM)