Lecture#5

IT Service Continuity
Management
Contents
 Introduction
 Objectives
 Process
 Relationship with the other Processes and Functions
 Activities
 Process Reports
 Critical
success factors
 Performance indicators
 Functions and Roles
 Costs
 Problems
Introduction
Disaster - an event that affects a service or system such that
significant effort is required to restore the original performance level.

Hence, a disaster is much more serious than an incident.

A disaster is a business interruption.
That means that all or part of the business is not "in business"
following a disaster.
Familiar disasters include fire, lightning, water damage, burglary,
vandalism and violence, large-scale power outages, and hardware failure.
Terrorist attacks, such as on the World Trade Center in New York,
are becoming more common.
The Internet can also lead disasters, such as Denial of Service (DoS)
attacks that disrupt the communications of an entire organization.
Introduction
Some companies could have prevented serious problems by thinking
about and developing Business Continuity Plans.
Furthermore, businesses are becoming increasingly dependent on
IT services, which means that the impact of the loss of services
also increases and becomes less acceptable.
In fact, for many companies, doing business is equivalent to using
IT, and without IT they cannot create any revenue. It is therefore
essential to consider how business continuity can be safeguarded.
Introduction
Business Continuity Management (BCM) - covers risk
analysis and management so that the organization can ensure
the minimum required production capacity or provision of
service at all times. The BCM aims to reduce risks to an
acceptable level and develops plans for restoring business
activities if they are interrupted by a disaster.
IT Service Continuity Management (ITSCM) - is the
process of dealing with disasters affecting IT services and
maintaining services to allow the business to continue to
operate.
Introduction
IT Service Continuity Management is part of the overall Business
Continuity Management and depends on the information provided by
the BCM process.
The availability of IT services is ensured by combining risk
reduction measures (e.g. installing reliable systems) and providing
recovery options (e.g. backup systems and redundant systems).
Its successful implementation requires support throughout the
organization, management commitment and the cooperation of all
personnel.
Objectives
To support the overall Business Continuity Management (BCM) by
ensuring that required IT infrastructure and IT services, including
support and the Service Desk, can be restored within specified time
limits after a disaster.
ITSCM can have a number of different aims. As ITSCM is an
integral part of BCM, the scope of ITSCM should be defined on the
basis of the business objectives.
When assessing the risks it can then be decided if they are within
or outside the scope of the ITSCM process.
Benefits
As businesses are becoming increasingly dependent on IT services, the
cost of failing to plan, and the benefits of planning can only be
identified through a risk analysis.
Once the risk to the business, rather than just the risk to the IT
services has been identified, investments can be made in prevention
measures and measures to deal with disasters, such as recovery plans.
The guidelines of this chapter can be used to limit and manage the
impact of disasters.
If a disaster does occur, businesses with an ITSCM process have the
following advantages:
 They can manage the recovery of their systems.
 They lose less time and offer better continuity to the users.
 They minimize the interruption to their business activities.
Process
IT Service Continuity Management is responsible for:
 Assessing the impact of the disruption of IT services following
a disaster
 Identifying services critical to the business that require
additional prevention measures
 Defining periods within which services have to be restored
 Taking measures to prevent, detect, prepare for and migitate
the effects of disasters or to reduce their impact
 Defining the approach to be used to restore the services
 Developing, testing and maintaining a recovery plan with
sufficient detail to survive a disaster and to restore normal
services after a defined period
Relationship with the other Processes and
Functions
IT Service Continuity Management interacts with all the other IT Service
Management processes and particularly with the following:
 Service Level Management provides information about the IT service
obligations.
 Availability Management supports ITSCM by developing and implementing
prevention measures.
 Configuration Management defines baseline configurations and the IT
infrastructure to provide ITSCM with information about the
infrastructure to be restored after a disaster.
 Capacity Management ensures that the business requirements are fully
supported by the appropriate IT resources.
 Change Management ensures that all ITSCM plans are correct and up-to-
date by involving ITSCM in all changes that may affect prevention
measures and recovery plans.
Activities
Activities
1. Defining the scope of ITSCM.
2. Business Impact Analysis.
3. Risk assessment.
4. IT Service Continuity Strategy.
5. Organization and implementation planning.
6. Prevention measures and recovery options.
7. Developing plans and procedures for recovery.
8. Initial testing.
9. Training and awareness.
10. Review and audit.
11. Testing.
12. Change Management.
13. Assurance.
1. Defining the scope of ITSCM
The organization as a whole should be considered when initiating
ITSCM, and the following activities must be undertaken:
 Defining the policy - the policy should be defined as soon as
possible and communicated throughout the organization so that all
those concerned are aware of the need for ITSCM. Management
has to demonstrate its commitment.
 Defining the scope and relevant areas - insurance requirements,
quality standards such as the ISO-9000 series, Security
Management standards such as BS7799, and general business policy
principles are used to select the approach and methods for risk
assessment and Business Impact Analysis. The appropriate
management structure and process structure for coping with
disasters are also identified.
1. Defining the scope of ITSCM
 Allocating resources - setting up an ITSCM environment will
require a significant investment in personnel and resources.
Training must also be provided to ensure that personnel are
prepared to implement Stage 2 of the ITSCM process
(Requirements and Strategy).
 Setting up the project organization - it is advisable to use formal
project management methods, for example PRINCE2, supported by
planning software.
2. Business Impact Analysis
Before analyzing the IT services, it is advisable to identify the reasons for
the company to include IT Service Continuity Management in Business
Continuity Management, and to identify the potential impact of a serious
disruption of services.
In some cases, the business can survive for some time and the emphasis will
be on restoring services, in other cases the business cannot operate without
IT services and the emphasis will be on prevention. Most businesses will have
to strike a balance between the two extremes.
Potential reasons include:
 Protecting business processes
 Rapid service recovery
 Surviving competition
 Maintaining market share
 Maintaining profitability
 Protecting the reputation perceived by customers
2. Business Impact Analysis
Sub-activities include:
 Service analysis
 Infrastructure analysis
2. Business Impact Analysis

Service analysis:
Once the reasons for initiating ITSCM have been identified, an analysis is
made of the IT services that are essential to the business (e.g. information
systems, office applications, accounting applications, e-mail, etc.) and which
must be available in accordance with the Service Level Agreements.
For some nonessential services, it may be agreed to provide an emergency
service with limited capacity and availability.
The service levels during disaster recovery may only be modified in
agreement with the customer.
For critical services, a balance has to be struck between prevention and
recovery options.
2. Business Impact Analysis

Infrastructure
A service analysis is followed by an assessment of the dependencies between
services and IT resources. Availability Management information is used to
analyze the extent to which IT resources perform a critical function in
supporting the IT services discussed earlier. Capacity Management provides
information about the required capacity.
It is also determined to what extent these services may be disrupted, from
the loss of service to its restoration.
Later, this information will be used to identify the recovery options for each
service.
3. Risk Assessment
A risk analysis can help identify the risks a business is exposed to. Such an
analysis will provide management with valuable information by identifying the
threats and vulnerabilities and relevant prevention measures.
Because maintaining a disaster recovery plan is relatively expensive, the
prevention measures should be taken first.
Once such measures have been taken against most risks, it is determined if
there are any remaining risks that may necessitate a Contingency plan.
Figure below shows the links between Risk Analysis and Risk Management; it
is based on the CCTA Risk Analysis and Management Method (CRAMM).
3. Risk Assessment

Risk Analysis
First, the relevant IT components (assets) must be identified, such as
buildings, systems, data, etc. Effective asset identification means that the
owner and purpose of each component must be documented.
The next step is to analyze the threats and dependencies and to estimate
the likelihood (high, medium, low) that a disaster will occur, for example a
combination of an unreliable main power supply and an area with many storms
and thunderstorms.
Next, the vulnerabilities are identified and classified (high, medium, and low).
A lightning conductor will provide some protection against lightning strikes, but
they can still seriously affect the network and the computer systems.
Finally, the threats and vulnerabilities are evaluated in the context of the IT
components, to provide an estimate of the risks.
4. IT Service Continuity Strategy
Most businesses will aim to strike a balance between risk
reduction and recovery planning.
There is a distinction between risk reduction, business
activity recovery activities, and IT recovery options.
The relationship between risk reduction (prevention) and
recovery planning (recovery options) is discussed below.
Threats can never be fully eliminated. For example, a fire in a
building nearby may also damage your building.
Reducing one risk might also increase another risk. For
example, outsourcing might increase security risks.
4. IT Service Continuity Strategy

Prevention Measures
Prevention measures can be taken on the basis of the risk analysis, while carefully
considering the costs and risks. The measures may aim to reduce the likelihood or
impact of contingencies, and therefore narrow the scope of the recovery plan.
Measures can be taken against dust, excessively high or low temperatures, fire, leaks,
power outages, and burglary. The remaining risks are then covered by the recovery
plan.
The Stronghold/Fortress Approach is the most extensive form of prevention. It
eliminates most vulnerability, for example by building a bunker with its own power and
water supply. However, this may introduce other vulnerabilities such as the risk of
network failure, or roadblocks, as off-site recovery will now be even more difficult.
The stronghold/fortress approach is suitable for large computer centers that are too
complex for a recovery plan. It is vital nowadays to complement a stronghold/fortress
approach with a skirmish capability, i.e., an organizational capability to go where the
problem is and deal with it promptly before it spirals out of control.
4. IT Service Continuity Strategy

Selecting Recovery Options

If there are some remaining risks that have not been eliminated by
prevention measures, then they will have to be addressed by recovery
planning. Recovery options will have to be provided as follows to ensure
business continuity:
 Personnel and accommodation - how to deal with housing, furniture,
transport and travel distances, etc.
 IT systems and networks - recovery options are discussed below
 Support services - power, water, telephones, post, and courier services
 Archives - files, documents, paper-based systems, and reference
materials
 Third parties services - such as e-mail and Internet service providers
4. IT Service Continuity Strategy

Selecting Recovery Options

Recovery Options:
 Do nothing
 Return to a manual (paper-based) system
 Reciprocal agreements: agreement with another organization using
similar technology.
 Gradual recovery (cold stand-by)
 Intermediate recovery (warm stand-by)
 Immediate recovery (hot start, hot stand-by)
 Combinations of options
4. IT Service Continuity Strategy

:Do nothing
Few businesses can afford this approach. It is more likely to
indicate a head-in-the-sand attitude.
Departments which think that they can survive without IT
recovery facilities may give the impression they mean so little
to the business that they are dispensable after a contingency.
Nevertheless, it could be investigated for each service if this
option might be acceptable.
4. IT Service Continuity Strategy

:Return to a manual (paper-based) system

This option is normally unfeasible for services critical to the
business, as there will be insufficient personnel with experience of
using traditional systems.
Furthermore, paper-based systems used in the past may no
longer be available.
However, paper-based systems may be feasible for less
important, minor services.
Most recovery plans include some paper-based backup routines.
For example, the recovery option for a credit card terminal could
be the use of paper credit card slips.
4. IT Service Continuity Strategy

:Reciprocal Agreements
This option can be used if two organizations have similar
hardware and agree to provide each other with facilities in the
event of a disaster.
For this option, the two businesses have to conclude an
agreement and ensure that changes are coordinated so that both
environments remain interchangeable.
Capacity Management should ensure that the reserved capacity is
not used for other purposes, or can be released quickly.
This option is less attractive nowadays due to the increasing use
of online systems such as ATMs and on-line banking as these
systems have to be available 24 hours a day, 7 days a week.
4. IT Service Continuity Strategy

:Gradual recovery (cold stand-by)

This option can be used by businesses that can manage without IT
services for some time, for example 72 hours.
It provides an empty computer room at an agreed fixed facility, or a
mobile computer room delivered to the business's site, the portable
facility.
The computer room is provided with electrical power, air-conditioning,
network facilities, and telephone connections.
This recovery option can be provided for under contract with an external
supplier.
Separate agreements will have to be made with suppliers of IT
components to ensure that they can be delivered quickly.
The advantage of this approach is that the facility is always available.
4. IT Service Continuity Strategy

:Gradual recovery (cold stand-by)

The advantages and disadvantages are different for fixed and
portable facilities and relate to issues such as:
 Distance to the facility - few providers offer fixed facilities.
These may be remote, a disadvantage which is avoided by the use of
a portable facility.
 Time - fixed facility locations are only available for a limited
period.
 Delay - in either case, the delivery of the required computer
hardware may take some time.
 Network - it is often difficult to provide appropriate network
facilities. Connections for a portable facility could be provided in
the building used for normal operations.
4. IT Service Continuity Strategy

:Intermediate recovery (warm stand-by)

This option provides access to a similar operational environment
where the services can continue normally after a short changeover
period (24-72 hours).
There are three versions of this option:
Internal: (mutual fallback) if the business has several sites or
dedicated test environments that can be used for production. This
option provides full recovery with a minimum changeover time.
Organizations with several distributed systems often use a variation
on this approach, where part of the required capacity is reserved on
each system. This spare capacity is monitored by Capacity
Management (similar to the reciprocal agreement recovery option).
4. IT Service Continuity Strategy

:Intermediate recovery (warm stand-by)

External: some service providers provide this option as a
commercial service. The costs are divided between the customers.
The costs of these arrangements depend on the required
hardware and software and the agreed period during which the
facility is provided (e.g. 16 weeks). These arrangements are often
made to bridge the period needed to set up a cold stand-by
facility. This approach is relatively expensive and the facility is
likely to be some distance away.
4. IT Service Continuity Strategy

:Intermediate recovery (warm stand-by)

Mobile: the infrastructure for this option is provided ready-for-use in a
trailer. The trailer serves as a computer room and provides environmental
control facilities such as air-conditioning. The IT organization must provide a
place to park the trailer. Power supply, data and telecommunications
connections must be available at dedicated points some distance from the
building. The advantages of this option include the short response time and
proximity to the business site. This option is only available for a limited number
of hardware platforms. Some of the larger hardware suppliers offer this
service by providing a number of trailers with standard hardware
configurations. At agreed times, for example once every year, the trailer visits
the business to test the recovery arrangements. The advantage of this is that
it may also be possible to test the impact of an upgrade to a new version of the
operating system.
4. IT Service Continuity Strategy

:Immediate recovery (hot start, hot stand-by)

This option provides an immediate or very rapid recovery of
services in less than 24 hours by providing an identical
production environment and mirroring of the data, and possibly
even mirroring of the production processes. The latter option
is normally developed in close cooperation with Availability
Management.
4. IT Service Continuity Strategy

:Combinations of options
In many cases, a Contingency plan can provide for a more
expensive option to bridge the introduction of a cheaper
option. For example, a trailer with operating computer center
(mobile hot start) can provide a temporarily solution until
portable facilities have been set up and the new host
computers have been delivered (mobile cold start). Normal
operations are restored after refurbishment of the building
and moving the new host computers into the building.
4. Organization and implementation
planning
Once the business strategy has been determined and choices have
been made, the ITSCM has to be implemented and the plans for the
IT facilities have to be developed in detail. An organization will have
to be set up to implement the ITSCM process.
This could include management (Crisis Manager), coordination, and
recovery teams for each service.
At the highest level there should be an overall plan addressing the
following issues:
 Emergency response plan.
 Damage assessment plan.
 Recovery plan.
 Vital records plan (what to do with data, including paper records).
 Crisis Management and PR plans.
5. Organization and implementation
planning
All these plans are used to assess emergencies and to respond to
them. It can then be decided if the business recovery process should
be initiated, in which case the next level of plans has to be activated,
including the:
 Accommodation and services plan.
 Computer system and network plan.
 Telecommunications plan (accessibility and links).
 Security plan (integrity of the data and networks).
 Personnel plan.
 Financial and administrative plans.
6. Prevention measures and recovery
options
This is when the prevention measures and recovery options
identified earlier are put into practice.
Prevention measures to reduce the impact of an incident are
taken together with Availability Management, and may include:
Use of UPS and backup power supplies
Fault-tolerant systems
Off-site storage and RAID systems, etc.
6. Prevention measures and recovery
options
A start should also be made to introduce stand-by
agreements. These should cover personnel, buildings and
telecommunications. Even during the contingency period a start
can be made with restoring the normal situation and ordering
new IT components. Dormant contracts can be made in advance
with suppliers. This means that signed orders are available for
the components to be supplied at an agreed price.
When the disaster occurs, the supplier can process the order
without having to issue quotations. Such dormant contracts
should be updated every year as prices and models will change.
The Configuration Management baselines should be considered
when updating these contracts.
6. Prevention measures and recovery
options
The following activities can be carried out to set up stand-by
agreements:
 Negotiating off-site recovery facilities with third parties
 Maintaining and equipping the recovery facility
 Purchasing and installing stand-by hardware (dormant
contracts)
 Managing dormant contracts
7. Developing plans and procedures for
recovery
The plans should be detailed and formal, as a recovery plan
requires maintenance and changes must be approved by those
concerned. These issues also need to be communicated. The
major problems relate to changes in the infrastructure and the
agreed service levels. For example, migration to a new
midrange platform could mean that there is no equivalent unit
at the backup facility for a warm, external start. For this
reason, Configuration Management plays an important role in
monitoring the baseline configurations referred to in the
recovery plan. The plan should also identify the procedures
needed to support it.
7. Developing plans and procedures for
recovery
Recovery Plan
The recovery plan should include all elements relevant to
restoring the business activities and IT services, including:
 Introduction - describes the structure of the plan and envisaged recovery
facilities.
 Updating - discusses the procedures and agreements for maintaining the plan, and
tracks changes to the infrastructure.
 Routing list - the plan is divided into sections, each specifying the actions to be
undertaken by a specific group. The routing list shows what sections should be
sent to which personnel.
 Recovery initiation - describes when and under what conditions the plan is
invoked.
 Contingency classification - if the plan describes procedures for different
contingencies, they should be described here in terms of seriousness (minor,
medium, major), duration (day, week, weeks), and damage (minor, limited, serious).
7. Developing plans and procedures for
recovery
Recovery Plan
 Specialist sections - the plan should be divided into sections based on the six areas and
groups covered by the plan:
o Administration - how and when is the plan invoked, which managers and personnel are
involved, and where is the control center based?
o IT infrastructure - hardware, software, and telecommunications to be provided by the
recovery system, recovery procedures, and dormant contracts for the purchase of new
IT components.
o Personnel - personnel required at the recovery facility, possibly transport to the
facility, and accommodation if the facility is located far from the business.
o Security - instructions for protection against burglary, fires and explosions at both the
home site and the remote site, and information about external storage facilities such as
warehouses and vaults.
o Recovery sites - information about contracts, personnel with specified functions,
security, and transport.
o Restoration - procedures to restore the normal situation (e.g. the building), conditions
under which these procedures are invoked, and dormant contracts.
7. Developing plans and procedures for
recovery
Procedures
The recovery plan provides a framework for drafting the
procedures. It is essential to develop effective procedures,
such that anyone can undertake the recovery by following the
procedures. These should address:
 Installing and testing hardware and network components
 Restoring applications, databases, and data
 These and other relevant procedures are attached to the
recovery plan.
8. Initial Testing

Initial testing is a critical aspect of ITSCM. Tests

should be performed initially, then following major
changes, and then at least annually.
The IT department is responsible for testing the
effectiveness of the plans and procedures for the
IT elements of the plan. Tests may be announced or
unannounced.
9. Training and Awareness
Effective training of IT and other personnel and awareness
by all personnel and the organization are essential to the
success of any IT Services Continuity process.
IT personnel will have to train non-IT personnel in business
recovery teams to ensure that they are familiar with the
issues so that they can provide support during the recovery
operations.
The actual contingency facilities, on-site or off-site, should
also be covered by the training and tests.
10. Review and Audit
It should be verified regularly if the plans are still up-to-date.
This concerns all aspects of ITSCM.
In the IT area, such an audit will have to be undertaken every
time there is a significant change to the IT infrastructure, such
as the introduction of new systems, networks and service
providers.
Audits must also be carried out if there is any change to the
strategy of the IT department or the business.
Organizations where rapid and frequent change is common could
implement a regular program for verifying the ITSCM concepts.
Any resulting changes to the plans and strategy must be
implemented under the direction of Change Management.
11. Testing
The Recovery plan must be tested regularly, rather like an
emergency drill on a ship.
If everyone has to study the plan when a disaster happens
then there are likely to be many problems. The test can also
identify weaknesses in the plan or changes that were
overlooked.
In some cases, changes can be tested beforehand using the
recovery facilities before introducing them into the live IT
infrastructure.
12. Change Management

Change Management plays an important role in

keeping all the plans current.
The impact of any change to the Recovery plan has
to be analyzed.
13. Assurance

Assurance means verifying if the quality of the

process (procedures and documents) is adequate to
meet the business needs of the company.
Process Report
In the event of a disaster there will be reports about its
cause and effect, and how successfully it was dealt with.
Any observed weaknesses will be addressed in
improvement plans.
The management reports from this process also include
evaluation reports of recovery plan tests. These are used
for assurance.
The process also reports about the number of changes
to recovery plans as a result of significant changes
elsewhere.
Reports may also be issued about new threats.
Critical Success Factors
The success of IT Service Continuity Management
depends on:
 An effective Configuration Management process.
 Support and commitment throughout the
organization.
 Up-to-date, effective tools.
 Dedicated training for anyone involved in the
process.
 Regular, unannounced tests of the recovery plan.
Performance Indicators
Performance indicators include:
 Number of identified shortcomings of the
recovery plans.
 Revenue lost further to a disaster.
 Cost of the process.
Functions and Roles
Responsibilities during normal
Role Responsibilities during crisis conditions
conditions

•Initiating BCM
•Allocating personnel and resources •Crisis management
Board •Defining policies •Taking corporate/business decisions
•Defining process authority

•Managing the ITSCM process

Senior •Accepting plans, test reports, etc. Coordinating and arbitrating
management •Communicating and maintaining awareness Providing personnel, resources and funding
•Integrating ITSCM within BCM

•Undertaking risk analysis

•Invoking recovery and continuity mechanisms
•Defining deliverables
Management •Drafting contracts
•Leading teams
•Reporting
•Managing tests, evaluations and reports

Team leaders •Implementing the recovery plan Negotiating

services
and team Developing deliverables
•Implementing tests, evaluations and reports
members •Developing and implementing procedures
Costs
The major costs associated with the introduction of IT Service Continuity
Management are:
 Time and costs for initiating, developing and implementing ITSCM.
 Investment associated with the introduction of risk management and resulting
additional hardware, these costs can be reduced if the measures are considered
within the scope of Availability Management at the time of designing new
configurations.
 Continuing costs of the recovery arrangements that depend on the selected
option, such as fees for external hot start contracts, cost of test arrangements,
and the period during which the recovery facilities are available.
 Returning operational costs of ITSCM, such as testing, auditing, and updating the
plan.
These costs may only be incurred after making a considered choice, and comparing the
potential costs associated with not having a recovery plan.
Although the costs of maintaining a recovery plan may appear to be high, they are
often reasonable compared with the overall expenditure on fire and theft insurance.
Furthermore, effective ITSCM may reduce the cost of insurance.
Problems
When implementing the process, the following potential problems
should be considered:
 Resources - the organization will have to provide additional
capacity for a project team to develop and test the plan.
 Commitment - the annual costs must be included in the
organization‘s budgets, which requires commitment.
 Access to recovery facilities - all options discussed above
requires regular testing of the recovery facilities. Thus, the
contracts will have to provide the IT organization with regular
access to the recovery facilities.
 Estimating the damage - certain damage, such as lost reputation,
can-not be financially quantified.
 Budgeting - the need for expensive contingency facilities is not
always understood, or the plans are cut back.
Problems
 No business manager commitment - this results in a failure to de-
velop ITSCM, although the customer assumes that arrangements have
been made.
 Perpetual Prospectively - this is where all or most parts of IT service
continuity management are not yet in place and progress is postponed
consequently. In such cases, when inquiring about ITSCM, the response
will be "yes, we're meeting on that next week…", "we're about to
appoint a committee to do just that", etc.
 Black Boxing - this is where the IT service provider has abdicated
responsibility, as well as given up control for ITSCM readiness:
"someone else is handling it". Because the organization has spent a lot
of money or has outsourced a portion of their operations to a supplier,
the management expects that the money they've spent will ensure
their ability to recover, or that the supplier too has plans in place that
will help them re-cover after a business interruption.
Problems
 IT department - must be guided by the actual wishes and
requirements of the business, and not by the IT department's
assumptions about them.
 Familiarity with the business - it is essential that the business
sup-ports the development of ITSCM by identifying essential
issues.
 Lack of awareness - it is essential that the organization as a
whole is aware of the value of ITSCM. Without the awareness and
support of all personnel, the process is doomed to failure.
Q&A