Upload
charles-ward
View
216
Download
2
Embed Size (px)
Citation preview
Slide 1
IT Service Continuity Management
Slide 2
Goal – Primary Objective
• To support the overall Business Continuity management process by ensuring that the required IT technical services and facilities can be recovered within required and agreed business time-scales
Slide 3
Why Continuity Management
• Ensuring business survival by reducing the impact of a disaster or major failure
• Reducing the vulnerability and risk to the business by effective risk analysis and risk management
• Preventing the loss of Customer and User confidence• Producing IT recovery plans that are integrated with and fully
support the organisation’s overall Business Continuity Plan
Slide 4
Considerations
• IT Service Continuity options need to be understood and the most appropriate solution chosen in support of BCM requirements
• Roles and responsibilities need to be identified and supported from a senior level
• IT recovery plans and Business Continuity plans need to be aligned regularly reviewed, revised and tested
Slide 5
The Business Continuity Life-cycle Overview
• Stage 1 – Initiation► Initiate Business Continuity Manager
• Stage 2 – Requirements and Strategy• Stage 3 - Implementation• Stage 4 - Operational Management
Slide 6
Stage 2 – Requirements and Strategy
Business Impact Analysis
Identification of Critical Business Processes and Speed of Recovery
Risk Assessment and Methodology
Threats to Assets
CRAMM – CCTA’s Risk Analysis Management Methodology
(Central Computer and Telecommunications Agency)
Business Continuity Strategy
Based on Top Risks
Slide 7
Risk Analysis (CRAMM)
ANALYSIS
Assets Threats Vulnerabilities
MANAGEMENT
Risks
Countermeasures
Slide 8
Risk Analysis
• Asset Categorise and RANK 1-10► Hardware► Software► People► Buildings etc.
• Threat List and RANK 1-3• Vulnerability against Assets Matrix RANK 1-3
Risk = Asset * Threats * Vulnerability
Slide 9
IT Recovery Options
• Do nothing• Manual back-up – revert to pen and paper• Reciprocal arrangements with another company• Gradual recovery - Cold Standby• Intermediate recovery - Warm Standby• Immediate recovery - Hot Standby
Slide 10
Gradual Recovery – COLD standby
• Time to recovery > 72hrs• Empty Computer space
► Remote► Portable
• Nothing in the rooms• Requires contracts / procedures in place to set up
Slide 11
Intermediate Recovery – WARM standby
• Time to recovery 24hrs to 72hrs• Filled Computer space
► Remote► Portable
• Networked Computers but with NO Data
Slide 12
Immediate Recovery – HOT standby
• Time to recovery “within the working day” 0hrs to 8hrs• Filled Computer Space
► Remote► Portable
• Networked Computers with Data (but not necessarily up to date)
Slide 13
Benefits of Continuity Management
• Management of risk and the consequent reduction of the impact of failure
• Fulfilment of regulatory requirements• Potentially lower insurance premiums• A more business focussed approach to IT continuity and
recovery• Reduced business disruption during an incident• Increased customer confidence and organisational credibility
Slide 14
Exam Tips
• Know the Disaster Recovery options
ISCM
Slide 15
Exam Questions
• In relation to IT Service Continuity Planning, the severity of a disaster depends upon:
A The time of day it occurs
B How many people are available to assist in recovery
C The type of disaster, whether flood, fire etc
D The impact (EFFECT) upon customers’ businesses
Slide 16
Exam Questions
• Consider the following statements about IT Service Continuity Planning:
1 The intermediate recovery external option offers a remote installation, fully equipped with all the required hardware, software, communications and environmental control equipment
2 The intermediate recovery external option is often shared between multiple customers and in the event of a disaster may not be available due to over-subscription
A BothB NeitherC Only 1D Only 2
Slide 17
Exam Questions
• Your organisation has just entered into a Gradual Recovery (Cold Standby) IT service Continuity Agreement. Within the ITIL definition, which of the following lists is INCORRECT for what you could find at the contingency site?
A A building, electricity, telecommunications equipment, office space for technical staff
B Stand-by generator, telecommunications equipment, system manuals, support staff, water
C A building, telecommunications equipment, a computer, support staff, documentation
D A building, electricity, water, support staff, system manuals
Slide 18
Exam Questions
• Which of the following would you NOT expect to see in an IT Service Continuity Plan?
A Contact lists
B The version number
C Reference to change control procedures
D Full Service Level Agreements (SLM)