IT Service Continuity Management

Slide 1

Goal – Primary Objective • To support the overall Business Continuity management process by ensuring that the required IT technical services and facilities can be recovered within required and agreed business time-scales Slide 2 .

Why Continuity Management • Ensuring business survival by reducing the impact of a disaster or major failure • Reducing the vulnerability and risk to the business by effective risk analysis and risk management • Preventing the loss of Customer and User confidence • Producing IT recovery plans that are integrated with and fully support the organisation’s overall Business Continuity Plan Slide 3 .

revised and tested Slide 4 .Considerations • IT Service Continuity options need to be understood and the most appropriate solution chosen in support of BCM requirements • Roles and responsibilities need to be identified and supported from a senior level • IT recovery plans and Business Continuity plans need to be aligned regularly reviewed.

The Business Continuity Life-cycle Overview • Stage 1 – Initiation ► Initiate Business Continuity Manager Stage 2 – Requirements and Strategy Stage 3 .Implementation Stage 4 .Operational Management • • • Slide 5 .

Stage 2 – Requirements and Strategy Business Impact Analysis Identification of Critical Business Processes and Speed of Recovery Risk Assessment and Methodology Threats to Assets CRAMM – CCTA’s Risk Analysis Management Methodology (Central Computer and Telecommunications Agency) Business Continuity Strategy Based on Top Risks Slide 6 .

Risk Analysis (CRAMM) ANALYSIS Assets Threats Vulnerabilities Risks MANAGEMENT Countermeasures Slide 7 .

• Threat List and RANK 1-3 • Vulnerability against Assets Matrix RANK 1-3 Risk = Asset * Threats * Vulnerability Slide 8 .Risk Analysis • Asset Categorise and RANK 1-10 ► Hardware ► Software ► People ► Buildings etc.

Hot Standby Slide 9 .Warm Standby Immediate recovery .Cold Standby Intermediate recovery .IT Recovery Options • • • • • • Do nothing Manual back-up – revert to pen and paper Reciprocal arrangements with another company Gradual recovery .

Gradual Recovery – COLD standby • Time to recovery > 72hrs • Empty Computer space ► Remote ► Portable • Nothing in the rooms • Requires contracts / procedures in place to set up Slide 10 .

Intermediate Recovery – WARM standby • Time to recovery 24hrs to 72hrs • Filled Computer space ► Remote ► Portable • Networked Computers but with NO Data Slide 11 .

Immediate Recovery – HOT standby • Time to recovery “within the working day” 0hrs to 8hrs • Filled Computer Space ► Remote ► Portable • Networked Computers with Data (but not necessarily up to date) Slide 12 .

Benefits of Continuity Management • Management of risk and the consequent reduction of the impact of failure • Fulfilment of regulatory requirements • Potentially lower insurance premiums • A more business focussed approach to IT continuity and recovery • Reduced business disruption during an incident • Increased customer confidence and organisational credibility Slide 13 .

ISCM Exam Tips • Know the Disaster Recovery options Slide 14 .

whether flood.Exam Questions • In relation to IT Service Continuity Planning. fire etc The impact (EFFECT) upon customers’ businesses Slide 15 . the severity of a disaster depends upon: A B C D The time of day it occurs How many people are available to assist in recovery The type of disaster.

communications and environmental control equipment 2 The intermediate recovery external option is often shared between multiple customers and in the event of a disaster may not be available due to over-subscription A B C D Slide 16 Both Neither Only 1 Only 2 .Exam Questions • Consider the following statements about IT Service Continuity Planning: 1 The intermediate recovery external option offers a remote installation. software. fully equipped with all the required hardware.

telecommunications equipment. electricity. electricity. support staff.Exam Questions • Your organisation has just entered into a Gradual Recovery (Cold Standby) IT service Continuity Agreement. Within the ITIL definition. which of the following lists is INCORRECT for what you could find at the contingency site? A A building. water C A building. office space for technical staff B Stand-by generator. support staff. telecommunications equipment. system manuals Slide 17 . system manuals. support staff. water. documentation D A building. telecommunications equipment. a computer.

Exam Questions • Which of the following would you NOT expect to see in an IT Service Continuity Plan? A B C D Contact lists The version number Reference to change control procedures Full Service Level Agreements (SLM) Slide 18 .