Maintain the necessary ongoing recovery capability within the IT services and their supporting components components. Focus on those events that the business considers significant enough to be considered a disaster. Service Design – Section 4.5 Service Continuity Management
Invocation Policy setting - at a minimum, the policy should set out management intention and objectives Specify terms of reference and scope - defining the scope and responsibilities of all staff in the organization. It covers such tasks as undertaking a Risk Analysis and Business Impact Analysis and determination of the command and control structure required to support a business interruption. Allocate resources - the establishment of an effective Business Continuity environment requires considerable resource in terms of both money and manpower. Define the project organization and control structure - ITSCM and BCM projects are potentially complex and need to be well organized and controlled. Agree to project and quality plans - enable the project to be controlled and variances addressed. Quality plans ensure that the deliverables are achieved and to an acceptable level of quality.
Service Design – Section 4.5 Service Continuity Management Invocation Ascertaining the business requirements for IT service continuity is a critical component in order to determine how well an organization will survive a business interruption or disaster and the costs that will be incurred.
Invocation A balanced approach between Impact and the Time to Recover should be considered optimal. Business Impact Analysis Business Impact Analysis Quantify the impact to the business that loss of service would have.
Service Design – Section 4.5 Service Continuity Management Invocation Risk Analysis The likelihood that a disaster or other serious service disruption will actually occur. The level of threat and the extent to which an organization is vulnerable to that threat.
Service Design – Section 4.5 Service Continuity Management Invocation IT Service Continuity Strategy Typical Risk Reduction Measures Installation of UPS and backup power Fault-tolerant systems for critical applications RAID arrays and disk mirroring for LAN servers Spare equipment/components to be used in the event of equipment or component failure The elimination of Single Points of Failure Resilient IT systems and networks Outsourcing services to more than one provider Greater physical and IT-based security controls Better controls to detect service disruptions
Invocation Service Design – Section 4.5 Service Continuity Management Testing Types Walk-Through Tests - conducted when the plan has been produced Full Tests - conducted as soon as possible after the plan production and at regular intervals of at least annually thereafter Partial Tests - undertaken where recovery of certain elements of the overall plan is tested Scenario Tests - used to test reactions and plans to specific conditions, events and scenarios.
Service Design – Section 4.5 Service Continuity Management Invocation Keep the Continuity Plan Up-to-Date Information services function management should provide for change control procedures in order to ensure that the continuity plan is up-to-date and reflects actual business requirements. This requires continuity plan maintenance procedures aligned with change and management and human resources procedures.
Service Design – Section 4.5 Service Continuity Management Invocation Invocation The design of the invocation process must provide guidance on how all of these areas and circumstances should be assessed to assist the person invoking the continuity plan.
Service Design – Section 4.5 Service Continuity Management