IT Service Continuity Management

Slide 1

Goal Primary Objective

To support the overall Business Continuity management process by ensuring that the required IT technical services and facilities can be recovered within required and agreed business time-scales

Slide 2

Why Continuity Management

Ensuring business survival by reducing the impact of a disaster or major failure Reducing the vulnerability and risk to the business by effective risk analysis and risk management Preventing the loss of Customer and User confidence Producing IT recovery plans that are integrated with and fully support the organisations overall Business Continuity Plan

Slide 3

Considerations
IT Service Continuity options need to be understood and the most appropriate solution chosen in support of BCM requirements Roles and responsibilities need to be identified and supported from a senior level IT recovery plans and Business Continuity plans need to be aligned regularly reviewed, revised and tested

Slide 4

The Business Continuity Life-cycle Overview

Stage 1 Initiation Initiate Business Continuity Manager Stage 2 Requirements and Strategy Stage 3 - Implementation Stage 4 - Operational Management

Slide 5

Stage 2 Requirements and Strategy

Business Impact Analysis Identification of Critical Business Processes and Speed of Recovery Risk Assessment and Methodology Threats to Assets CRAMM CCTAs Risk Analysis Management Methodology (Central Computer and Telecommunications Agency)

Business Continuity Strategy Based on Top Risks

Slide 6

Risk Analysis (CRAMM)

ANALYSIS
Assets Threats Vulnerabilities

Risks

MANAGEMENT

Countermeasures

Slide 7

Risk Analysis
Asset Categorise and RANK 1-10 Hardware Software People Buildings etc. Threat List and RANK 1-3 Vulnerability against Assets Matrix RANK 1-3 Risk = Asset * Threats * Vulnerability

Slide 8

IT Recovery Options
Do nothing Manual back-up revert to pen and paper Reciprocal arrangements with another company Gradual recovery - Cold Standby Intermediate recovery - Warm Standby Immediate recovery - Hot Standby

Slide 9

Gradual Recovery COLD standby

Time to recovery > 72hrs Empty Computer space Remote Portable Nothing in the rooms Requires contracts / procedures in place to set up

Slide 10

Intermediate Recovery WARM standby

Time to recovery 24hrs to 72hrs Filled Computer space Remote Portable Networked Computers but with NO Data

Slide 11

Immediate Recovery HOT standby

Time to recovery within the working day 0hrs to 8hrs Filled Computer Space Remote Portable Networked Computers with Data (but not necessarily up to date)

Slide 12

Benefits of Continuity Management

Management of risk and the consequent reduction of the impact of failure Fulfilment of regulatory requirements Potentially lower insurance premiums A more business focussed approach to IT continuity and recovery Reduced business disruption during an incident Increased customer confidence and organisational credibility

Slide 13

ISCM

Exam Tips
Know the Disaster Recovery options

Slide 14

Exam Questions
In relation to IT Service Continuity Planning, the severity of a disaster depends upon: A B C D The time of day it occurs How many people are available to assist in recovery The type of disaster, whether flood, fire etc The impact (EFFECT) upon customers businesses

Slide 15

Exam Questions
Consider the following statements about IT Service Continuity Planning:

1 The intermediate recovery external option offers a remote installation, fully equipped with all the required hardware, software, communications and environmental control equipment 2 The intermediate recovery external option is often shared between multiple customers and in the event of a disaster may not be available due to over-subscription A B C D
Slide 16

Both Neither Only 1 Only 2

Exam Questions
Your organisation has just entered into a Gradual Recovery (Cold Standby) IT service Continuity Agreement. Within the ITIL definition, which of the following lists is INCORRECT for what you could find at the contingency site?

A A building, electricity, telecommunications equipment, office space for technical staff B Stand-by generator, telecommunications equipment, system manuals, support staff, water C A building, telecommunications equipment, a computer, support staff, documentation D A building, electricity, water, support staff, system manuals

Slide 17

Exam Questions
Which of the following would you NOT expect to see in an IT Service Continuity Plan? A B C D Contact lists The version number Reference to change control procedures Full Service Level Agreements (SLM)

Slide 18