360 likes | 1.05k Views
IT Service Continuity Management. Goal – Primary Objective. To support the overall Business Continuity management process by ensuring that the required IT technical services and facilities can be recovered within required and agreed business time-scales. Why Continuity Management.
E N D
Goal – Primary Objective • To support the overall Business Continuity management process by ensuring that the required IT technical services and facilities can be recovered within required and agreed business time-scales
Why Continuity Management • Ensuring business survival by reducing the impact of a disaster or major failure • Reducing the vulnerability and risk to the business by effective risk analysis and risk management • Preventing the loss of Customer and User confidence • Producing IT recovery plans that are integrated with and fully support the organisation’s overall Business Continuity Plan
Considerations • IT Service Continuity options need to be understood and the most appropriate solution chosen in support of BCM requirements • Roles and responsibilities need to be identified and supported from a senior level • IT recovery plans and Business Continuity plans need to be aligned regularly reviewed, revised and tested
The Business Continuity Life-cycle Overview • Stage 1 – Initiation • Initiate Business Continuity Manager • Stage 2 – Requirements and Strategy • Stage 3 - Implementation • Stage 4 - Operational Management
Stage 2 – Requirements and Strategy Business Impact Analysis Identification of Critical Business Processes and Speed of Recovery Risk Assessment and Methodology Threats to Assets CRAMM – CCTA’s Risk Analysis Management Methodology (Central Computer and Telecommunications Agency) Business Continuity Strategy Based on Top Risks
Risk Analysis (CRAMM) ANALYSIS Assets Threats Vulnerabilities Risks MANAGEMENT Countermeasures
Risk Analysis • Asset Categorise and RANK 1-10 • Hardware • Software • People • Buildings etc. • Threat List and RANK 1-3 • Vulnerability against Assets Matrix RANK 1-3 Risk = Asset * Threats * Vulnerability
IT Recovery Options • Do nothing • Manual back-up – revert to pen and paper • Reciprocal arrangements with another company • Gradual recovery - Cold Standby • Intermediate recovery - Warm Standby • Immediate recovery - Hot Standby
Gradual Recovery – COLD standby • Time to recovery > 72hrs • Empty Computer space • Remote • Portable • Nothing in the rooms • Requires contracts / procedures in place to set up
Intermediate Recovery – WARM standby • Time to recovery 24hrs to 72hrs • Filled Computer space • Remote • Portable • Networked Computers but with NO Data
Immediate Recovery – HOT standby • Time to recovery “within the working day” 0hrs to 8hrs • Filled Computer Space • Remote • Portable • Networked Computers with Data (but not necessarily up to date)
Benefits of Continuity Management • Management of risk and the consequent reduction of the impact of failure • Fulfilment of regulatory requirements • Potentially lower insurance premiums • A more business focussed approach to IT continuity and recovery • Reduced business disruption during an incident • Increased customer confidence and organisational credibility
ISCM Exam Tips • Know the Disaster Recovery options
Exam Questions • In relation to IT Service Continuity Planning, the severity of a disaster depends upon: A The time of day it occurs B How many people are available to assist in recovery C The type of disaster, whether flood, fire etc D The impact (EFFECT) upon customers’ businesses
Exam Questions • Consider the following statements about IT Service Continuity Planning: • The intermediate recovery external option offers a remote installation, fully equipped with all the required hardware, software, communications and environmental control equipment • The intermediate recovery external option is often shared between multiple customers and in the event of a disaster may not be available due to over-subscription ABoth B Neither C Only 1 D Only 2
Exam Questions • Your organisation has just entered into a Gradual Recovery (Cold Standby) IT service Continuity Agreement. Within the ITIL definition, which of the following lists is INCORRECT for what you could find at the contingency site? A A building, electricity, telecommunications equipment, office space for technical staff B Stand-by generator, telecommunications equipment, system manuals, support staff, water C A building, telecommunications equipment, a computer, support staff, documentation D A building, electricity, water, support staff, system manuals
Exam Questions • Which of the following would you NOT expect to see in an IT Service Continuity Plan? A Contact lists B The version number C Reference to change control procedures D Full Service Level Agreements (SLM)