Академический Документы
Профессиональный Документы
Культура Документы
Notice of Rights: Copyright The Art of Service. All rights reserved. No part of
this book may be reproduced or transmitted in any form by any means,
electronic, mechanical, photocopying, recording, or otherwise, without the prior
written permission of the publisher.
TABLE OF CONTENTS
INTRODUCTION ROADMAP.......................................................................... 5
CONTINUITY MANAGEMENT PRESENTATION........................................... 9
SUPPORTING DOCUMENTS ...................................................................... 55
POLICIES OBJECTIVES AND SCOPE ..................................................... 57
BUSINESS JUSTIFICATION DOCUMENT ............................................... 63
OBJECTIVES AND GOALS....................................................................... 69
EMERGENCY RESPONSE PLAN............................................................. 73
COMMUNICATION PLAN ......................................................................... 81
RISK ASSESSMENT ................................................................................. 87
ITSCM PROCESS MANAGER .................................................................. 95
BUSINESS IMPACT ASSESSMENT......................................................... 99
SALVAGE PLAN TEMPLATE.................................................................. 107
BUSINESS CONTINUITY STRATEGY.................................................... 115
RECIPROCAL ARRANGEMENTS .......................................................... 125
VITAL RECORDS TEMPLATE ................................................................ 149
BUSINESS AND IT FLYERS ................................................................... 155
EMAIL TEXT ............................................................................................ 159
REPORTS KPIs TARGETS AND ADDITIONAL METRICS ..................... 165
IMPLEMENTATION AND PROJECT PLAN................................................ 171
FURTHER INFORMATION ......................................................................... 181
Page 3
Disaster Recovery/Continuity Management
Page 4
Disaster Recovery/Continuity Management
INTRODUCTION ROADMAP
The guide is designed to answer a lot of the questions about Service Level
Management and provide you with useful guides, templates and essential, but
simple assessments.
The supporting documents and assessments will help you identify the areas
within your organization that require the most activity in terms of change and
improvement.
The guide serves to act as a starting point. It will give you a clear path to
travel. It is designed to be a valuable source of information and activities.
The Service Level Management Guide:
Flows logically,
Is scalable,
Provides presentations, templates and documents,
Saves you time.
Page 5
Disaster Recovery/Continuity Management
Step 1
These presentations will give you a good knowledge and understanding of all
the terms, activities and concepts required within Service Level Management.
They can also be used as the basis for management presentations or when
making a formal business case for Service Level Management
implementation. Make sure you pay close attention to the notes, as well as
the slides, as references to further documents and resources are highlighted
here.
Page 6
Disaster Recovery/Continuity Management
Step 2
If you did not look at the supporting documents and resources when prompted
during the PowerPoint presentations, do this now.
Below is an itemized list of the supporting documents and resources for easy
reference. You can use these documents and resources within your own
organization or as a template to help you in prepare your own bespoke
documentation.
Page 7
Disaster Recovery/Continuity Management
Step 3
The supporting documents and resources found within the book will help you
fill these gaps by giving you a focused, practical and user-friendly approach to
Service Level Management.
Page 8
Disaster Recovery/Continuity Management
Page 9
Disaster Recovery/Continuity Management
Page 10
Disaster Recovery/Continuity Management
These bullet points help to illustrate why it is that we need to introduce the
disciplines of effective and efficient Process management into our IT
environments.
For more information please refer to Objective and Goals on page within
this workbook.
Page 11
Disaster Recovery/Continuity Management
ITSM is not something on its own, but closely linked to the business.
Explain difference between effective (doing the right thing) and efficient
(doing the right thing the right way).
The objective tree is a useful way to help explain the importance of IT being a
supporting department to the business.
Page 12
Disaster Recovery/Continuity Management
Page 13
Disaster Recovery/Continuity Management
Page 14
Disaster Recovery/Continuity Management
More and more people see the importance of processes (which is why ITIL is
getting so popular).
Page 15
Disaster Recovery/Continuity Management
Page 16
Disaster Recovery/Continuity Management
Page 17
Disaster Recovery/Continuity Management
ITSCM must be apart of the overall Business Continuity Process (BCM) and is
dependent upon information derived through this process. ITSCM is focused
on the Continuity of IT Services to the business. BCM is concerned with the
management of Business Continuity that incorporates all services upon which
the business depends, one of which is IT.
Page 18
Disaster Recovery/Continuity Management
Page 19
Disaster Recovery/Continuity Management
Page 20
Disaster Recovery/Continuity Management
Page 21
Disaster Recovery/Continuity Management
Page 22
Disaster Recovery/Continuity Management
Page 23
Disaster Recovery/Continuity Management
Page 24
Disaster Recovery/Continuity Management
Page 25
Disaster Recovery/Continuity Management
Page 26
Disaster Recovery/Continuity Management
ITSCM does not usually directly cover longer-term risks such as those from
changes in business directions, diversification, restructuring, and so on. While
these risks can have material impact on IT Service elements and their
Continuity mechanisms, management usually has some time to identify and
evaluate the risk and include risk mitigation through changes or shifts in
business and IT strategies, thereby becoming part of the Change
Management program.
Page 27
Disaster Recovery/Continuity Management
Notes:
Page 28
Disaster Recovery/Continuity Management
For more information please refer to Salvage Plan Template on page 107
within this workbook.
Page 29
Disaster Recovery/Continuity Management
ITSCM does not usually cover minor technical faults (for example, non critical
disk failure), unless there is a possibility that the impact could have material
impact on the business. These risks would be expected to be covered mainly
through the Service Desk and the Incident Management process, or resolved
through the planning associated with the disciplines of Availability
Management, Problem Management; and to a lesser extent through Change
Management, Configuration Management and day to day operational
management.
Page 30
Disaster Recovery/Continuity Management
Page 31
Disaster Recovery/Continuity Management
Page 32
Disaster Recovery/Continuity Management
Notes:
Page 33
Disaster Recovery/Continuity Management
Page 34
Disaster Recovery/Continuity Management
Assess the Level of Risk - The overall risk can then be measured. This may
be done as a measurement if quantitative data has been collected, or
qualitative using a subjective assessment of, for example, low, medium or
high.
Page 35
Disaster Recovery/Continuity Management
Page 36
Disaster Recovery/Continuity Management
Page 37
Disaster Recovery/Continuity Management
Page 38
Disaster Recovery/Continuity Management
Page 39
Disaster Recovery/Continuity Management
Page 40
Disaster Recovery/Continuity Management
Page 41
Disaster Recovery/Continuity Management
Instances where immediate recovery may be required are where the impact of
loss of service has immediately impact on the organizations ability to make
money, such as a Banks dealing room.
Page 42
Disaster Recovery/Continuity Management
Some organization may identify a need for their own exclusive immediate
recovery facilities provided internally. This is a costly option by may be
justified for a certain business process where non-Availability for a short
period could result in a significant impact.
Page 43
Disaster Recovery/Continuity Management
Notes:
Page 44
Disaster Recovery/Continuity Management
Page 45
Disaster Recovery/Continuity Management
Many procedures may already exists, such as the procedures for restoring
systems and data in the event of equipment failure, and these should be
refined and attached to the ITSC Plan.
Page 46
Disaster Recovery/Continuity Management
For more information please refer to Business and IT Flyers on page 155
and Email Text on page 159 within this workbook.
Page 47
Disaster Recovery/Continuity Management
Page 48
Disaster Recovery/Continuity Management
Page 49
Disaster Recovery/Continuity Management
Page 50
Disaster Recovery/Continuity Management
Page 51
Disaster Recovery/Continuity Management
For more information please refer Reports and KPIs Targets and
Additional Metrics on page 165 within this workbook.
Page 52
Disaster Recovery/Continuity Management
Page 53
Disaster Recovery/Continuity Management
Page 54
Disaster Recovery/Continuity Management
SUPPORTING DOCUMENTS
Through the documents, look for text surrounded by << and >> these
are indicators for you to create some specific text.
Watch also for highlighted text which provides further guidance and
instructions.
Page 55
Disaster Recovery/Continuity Management
Page 56
Disaster Recovery/Continuity Management
IT Services
Policies, Objectives and Scope
Process: IT Service Continuity
Management
Status: In draft
Under Review
Sent for Approval
Approved
Rejected
IT Service
Continuity Date:
Page 57
Disaster Recovery/Continuity Management
However, the reader will certainly be reminded of the key topics that have to
be considered.
Policy Statement
Use this text box to answer the SENSE OF URGENCY question regarding this
process.
You must be able to concisely document the reason behind starting or improving this
process.
The relationship between ITSCM and Security is another aspect to build into the Policy
statement.
Page 58
Disaster Recovery/Continuity Management
The basic premise of Security and IT Service Continuity Management is the continual
identification and management of RISK.
Prepared by:
On: <<date>>
Page 59
Disaster Recovery/Continuity Management
Objectives Statement
Use this text box to answer the WHERE ARE WE GOING question regarding this
process.
What will be the end result of this process and how will we know when we have
reached the end result?
Will we know because we will establish a few key metrics or measurements or will it be
a more subjective decision, based on instinct?
Note the keywords in the statement. For the statement on IT Service Continuity
Management they are controlling and coordinating and without affecting
levels of service. These are definite areas that we can set metrics for and
therefore measure progress.
An objective statement any bigger than this text box, may be too lengthy to read, lose
the intended audience with detail, not be clearly focused on answering the WHERE
question for this process.
Prepared by:
On: <<date>>
On: <<date>>
Page 60
Disaster Recovery/Continuity Management
Scope Statement
The area covered by a given activity or subject
Use this text box to answer the WHAT question regarding this process.
An scope statement any bigger than this text box, may be too lengthy to read, lose the
intended audience with detail, not be clearly focused on answering the WHAT question
for this process.
Prepared by:
On: <<date>>
Page 61
Disaster Recovery/Continuity Management
Page 62
Disaster Recovery/Continuity Management
IT Services
Business Justification
Process: IT Service Continuity Management
Status:
Version: 0.1
Release
Date:
Page 63
Disaster Recovery/Continuity Management
Prepared by:
On: <<date>>
On: <<date>>
Page 64
Disaster Recovery/Continuity Management
To help reinforce this point even further, consider the situation of buying a
new fridge. What if the technically savvy sales person wants to explain the
intricacies of the tubing structure used to super cool the high pressure gases,
which flow in an anti-clockwise direction in the Southern hemisphere.
Wouldnt you say too much information, who cares does it make things
cold?
Page 65
Disaster Recovery/Continuity Management
Well IT managers need to stop trying to tell business managers about the
tubing structure and just tell them what they are interested in.
Page 66
Disaster Recovery/Continuity Management
Page 67
Disaster Recovery/Continuity Management
Page 68
Disaster Recovery/Continuity Management
IT Services
Detailed Objectives/Goals
Process: IT Service Continuity Management
Status:
Version: 0.1
Release
Date:
Page 69
Disaster Recovery/Continuity Management
However, the reader will certainly be reminded of the key topics that have to
be considered.
Page 70
Disaster Recovery/Continuity Management
Use these objectives to generate discussion about others that may be more
appropriate to list than those provided.
Page 71
Disaster Recovery/Continuity Management
Page 72
Disaster Recovery/Continuity Management
IT Services
IT Service Continuity Management
Emergency Response Template
Status: Draft
Version: 0.1
Release Date:
Page 73
Disaster Recovery/Continuity Management
Document Control
Author
Prepared by <name and / or department>
Document Source
This document is located on the LAN under the path:
I:/IT Services/Service Delivery/Emergency Response Plan/
Document Approval
This document has been approved for use by the following:
<first name, last name>, IT Services Manager
<first name, last name>, IT Service Delivery Manager
<first name, last name>, IT Service Continuity Process Manager
<first name, last name>, Customer representative or Service Level
Manager
Amendment History
Issue Date Amendments Completed By
Distribution List
When this procedure is updated the following copyholders must be advised
through email that an updated copy is available on the intranet site:
<Company Name> Business Unit Stakeholders
IT
Page 74
Disaster Recovery/Continuity Management
Introduction
Purpose
The purpose of this document is to provide an emergency response template.
Scope
This document describes the following:
An emergency response template
Note: It is assumed for each service described in this document that the
supporting back-end technology is already in place and operational.
Audience
This document is relevant to all staff in <company name>
Ownership
IT Services has ownership of this document.
Related Documentation
Include in this section any related Service Level Agreement reference
numbers and other associated documentation:
Page 75
Disaster Recovery/Continuity Management
Executive Overview
Describe the purpose, scope and organization of the document.
Scope
Not all IT Services may initially be included within the Emergency Response
Plan. Use this section to outline what will be included and the timetable for
other services to be included.
The emergency response plan is fairly simple in concept and should be used
in conjunction with the ITSCM3200 Salvage Plan Template.
Page 76
Disaster Recovery/Continuity Management
In this section provide some detail about the ERP. Include things like
which aspects of the infrastructure are included, which services, why it is
necessary etc.
<<
This document provides the necessary details and procedures that are
required in the event of disaster
>>
Response Strategy
In this section detail the strategy being used to respond to the IT Disaster.
Page 77
Disaster Recovery/Continuity Management
Invocation
<< first name, last name << department << first name, last name << department >>
>> >> >>
<< first name, last name << department << first name, last name << department >>
>> >> >>
<< first name, last name << department << first name, last name << department >>
>> >> >>
Dependencies
Dependant
or
contributor
Page 78
Disaster Recovery/Continuity Management
Response Team
The following listed people are responsible for performing the actions listed in
the Response Plan. They are to ensure that the procedures are carried out in
the most efficient and effective manner possible.
Response Plan
Page 79
Disaster Recovery/Continuity Management
Equipment Needed:
IT Components
(Configuration Items (CI))
Appendices
Terminology
Page 80
Disaster Recovery/Continuity Management
COMMUNICATION PLAN
IT Services
Communication Plan
Process: IT Service Continuity Management
Status: In draft
Under Review
Sent for
Approval
Approved
Rejected
Version: <<your
version>>
Release
Date:
Page 81
Disaster Recovery/Continuity Management
Prepared by:
On: <<date>>
On: <<date>>
Page 82
Disaster Recovery/Continuity Management
Initial Communication
First steps in communication require the need to answer the question that most people
(quite rightly) ask when the IT department suggests a new system, a new way of
working. WHY?
It is here that we need to promote and sell the benefits. However, be cautious of using
generic words. Cite specific examples from your own organization that the reader will
be able to relate to (to help develop specific examples contact
service@theartofservice.com for competitive quotation).
To:
On: <<date>>
By:
On: <<date>>
Page 83
Disaster Recovery/Continuity Management
(Special Tip: Beware of using only Managers to gain information from, as the
resistance factor will be high)
(Special Tip: Beware of reporting only to Managers. If you speak to a lot of people
regarding Service Support and Delivery then you need to establish ways to report to
these people the outcomes and progress of the discussions).
Always bear in mind the so what factor when discussing areas like goals and
objectives. If you cannot honestly and sensibly answer the question so what
then you are not selling the message in a way that is personal to the listener and
gets their buy-in.
To:
On: <<date>>
By:
On: <<date>>
Page 84
Disaster Recovery/Continuity Management
The list of actions in this module will have a direct impact on end users and IT Staff.
They will be curious as to why working with them in this manner, rather than the
historical method of just doing it. There could be an element of suspicion and
resistance, so consider different strategies to overcome this initial skepticism.
Initiation
Interview and record the needs from the Business
Promote and advertise ITSCM
Show Business Benefits
Business Impact Analysis
Show impact on business due to loss of service
High Impact over a short time
Low Impact over a long time
Risk Assessment
Look at the threats and vulnerabilities
List assets that may be a target and their importance to the business
Communicate Countermeasures
Business Continuity Strategy
Communicate the different recovery options
Gradual
Intermediate
Immediate
Implementation
Reciprocal Arrangements
Recovery Plans
Countermeasures
Operational Management
Initial Testing
Annual Testing
Change Management
To:
On: <<date>>
By:
On: <<date>>
Page 85
Disaster Recovery/Continuity Management
Costs
Information relating to costs may be a topic that would be held back from general
communication. Failure to convince people of the benefits will mean total rejection of
associate costs. If required, costs fall under several categories:
Personnel IT Service Continuity Management staff, technical management
team (Set-up and ongoing of the technical infrastructure)
Accommodation Physical location (Set-up and ongoing)
Software Tools (Set-up and ongoing)
Hardware Infrastructure (Set-up)
Education Training (Set-up and ongoing)
Procedures external consultants etc (Set-up)
The costs of implementing IT Service Continuity Management will be outweighed by the
benefits. For example, many organizations have a negative perception of the IT Service
Continuity Management process as it doesnt seem to offer any visible services. To
alleviate this, customers and end-users need to be constantly informed of the service
being provided. This provides good customer service and adds a level of comfort to the
users in the sense that they can see action taking place.
A well run IT Service Continuity Management process will make major inroads into
altering the perception of the IT Organization.
To:
On: <<date>>
By:
On: <<date>>
Page 86
Disaster Recovery/Continuity Management
RISK ASSESSMENT
IT Services
IT Service Continuity Management
Risk Assessment
Status: Draft
Version: 0.1
Release
Date:
Page 87
Disaster Recovery/Continuity Management
Document Control
Author
Prepared by <name and / or department>
Document Source
This document is located on the LAN under the path:
I:/IT Services/Service Delivery/Risk Assessment/
Document Approval
This document has been approved for use by the following:
<first name, last name>, IT Services Manager
<first name, last name>, IT Service Delivery Manager
<first name, last name>, IT Service Continuity Process Manager
<first name, last name>, Customer representative or Service Level
Manager
Amendment History
Issue Date Amendments Completed By
Distribution List
When this procedure is updated the following copyholders must be advised
through email that an updated copy is available on the intranet site:
<Company Name> Business Unit Stakeholders
IT
Page 88
Disaster Recovery/Continuity Management
Introduction
Purpose
The purpose of this document is to provide a risk assessment template.
Scope
This document describes the following:
Summary of services and their risks
A risk template
Note: It is assumed for each service described in this document that the
supporting back-end technology is already in place and operational.
Audience
This document is relevant to all staff in <company name>
Ownership
IT Services has ownership of this document.
Related Documentation
Include in this section any related Service Level Agreement reference
numbers and other associated documentation:
Page 89
Disaster Recovery/Continuity Management
Executive Overview
Describe the purpose, scope and organization of the document.
Scope
Not all IT Services may initially be included within the Risk Analysis. Use this
section to outline what will be included and the timetable for other services to
be included.
Page 90
Disaster Recovery/Continuity Management
IT Service Definition
This section is where you will document the Service Descriptions for the
services or applications used by the Business people. This information should
be x-referenced to your Service Catalog (SLM2200) and/or related Service
Level Agreements. You need to list all the Services here that the BIA is
required on.
Page 91
Disaster Recovery/Continuity Management
Service A
(this section needs to be duplicated for each service listed in the table above)
Service Description
Include a description of the service being assessed for risks that may cause a
disruption to the business services.
Threats
In the below table capture all the threats for the components that make up the
service.
Vulnerabilities
In the below table capture al the likely vulnerabilities for the components that
make up the service.
Page 92
Disaster Recovery/Continuity Management
Risk Summary
RISK SUMMARY
1
SERVICE
Completed 03 / 24 / 2002 RISK
Date: SCORE
Server 1 1 1 1 1
Router 1 1 4 1 2
Backup 4 4 4 4 4
Device
Priority: This lists the priority in which the components of the IT Infrastructure
are assessed in the event of a disaster.
Risk Value: The risk value is an arbitrary figure derived from the Threat and
Vulnerability Probabilities.
Page 93
Disaster Recovery/Continuity Management
Service Risk Score: Indicates the danger level of a risk actually taking place
with regards to this service. A number 1 indicates an extremely high level of
probability.
Appendices
e.g. Mission statement and/or business objectives, which drove this BIA.
Relevant details of people who provided input
Terminology
e.g.
CMDB Configuration Management Data Base
(www.theartofservice.com CONMGT stream)
Page 94
Disaster Recovery/Continuity Management
IT Services
Roles, Responsibilities
Process: IT Service Continuity
Management
Status:
Version: 0.1
Release Date:
Page 95
Disaster Recovery/Continuity Management
Description Notes/Comments
Page 96
Disaster Recovery/Continuity Management
Description Notes/Comments
Page 97
Disaster Recovery/Continuity Management
Page 98
Disaster Recovery/Continuity Management
IT Services
IT Service Continuity Management
Business Impact Assessment
Status: Draft
Version: 0.1
Release Date:
Page 99
Disaster Recovery/Continuity Management
Document Control
Author
Prepared by <name and / or department>
Document Source
This document is located on the LAN under the path:
I:/IT Services/Service Delivery/Functional Specifications/
Document Approval
This document has been approved for use by the following:
<first name, last name>, IT Services Manager
<first name, last name>, IT Service Delivery Manager
<first name, last name>, IT Service Continuity Process Manager
<first name, last name>, Customer representative or Service Level
Manager
Amendment History
Issue Date Amendments Completed By
Distribution List
When this procedure is updated the following copyholders must be advised
through email that an updated copy is available on the intranet site:
<Company Name> Business Unit Stakeholders
IT
Page 100
Disaster Recovery/Continuity Management
Introduction
Purpose
The Business Impact Analysis allows an analysis and then an identification of
the basic critical IT requirements needed to support the business. The
purpose of this document is to provide an overview of findings in this analysis.
Scope
This document describes the following:
Summary of each service provided by IT Services including
Summary of the Continuity Strategy for each applicable service
Detailed list of Continuity Strategy for each applicable service
Note: It is assumed for each service described in this document that the
supporting back-end technology is already in place and operational.
Audience
This document is relevant to all staff in <company name>
Ownership
IT Services has ownership of this document.
Related Documentation
Include in this section any related Service Level Agreement reference
numbers and other associated documentation:
Page 101
Disaster Recovery/Continuity Management
Executive Overview
Describe the purpose, scope and organization of the Continuity Management
Strategy document.
Scope
As not all IT Services may initially be included within the Business Impact
Analysis. Use this section to outline what will be included and the timetable for
other services to be included.
Scope for the BIA may be determined by the business, therefore covering only
a select few of the IT Services provided by the IT department that are seen as
critical to the support of the business processes.
IT Service Definition
This section is where you will document the Service Descriptions for the
services or applications used by the Business people. This information should
be x-referenced to your Service Catalog (SLM2200) and/or related Service
Level Agreements. You need to list all the Services here that the BIA is
required on.
Page 102
Disaster Recovery/Continuity Management
Service A
(this section needs to be duplicated for each service listed in the table above)
Form of Loss
In this table for this service describe how a disruption to this service will be
seen within the business. For example, will the loss of service invoke a
contract that has set costs associated with it? If we lose this service can we
expect to lose customers/clients/market share. Define each form that the loss
of the service may take and give each a score for magnitude.
Page 103
Disaster Recovery/Continuity Management
(1 is negligible, 10 Severe)
Total Form of 56
Loss Score
Escalation
Use this section to specify for this Service/application the speed at which it is
likely that the situation regarding the loss of this service will degrade overall
performance.
That is, provide a score of 1 (low) to 10 (highest) that indicates how the
service loss will grow in severity.
Escalation Score
Page 104
Disaster Recovery/Continuity Management
Resources Factor
Use this section to specify for this Service/application the combination of the
complexity of facilities and the level of skills required in the people that will
permit this service to stay operating, in the event of a failure.
Resources Score
Time Considerations
There are two time considerations to factor in to your decision on a score in
this area. The first time issue relates to how quickly/slowly the business
requires just bare levels of service restored. The second time issue relates to
how quickly/slowly the entire service and all associated systems should be
fully operational.
Page 105
Disaster Recovery/Continuity Management
We must however remember that the impact of loss will change over time. A
BIA should be performed on a regular time basis (to coincide with reviews of
the Service Level Management Service Catalog or Service Level Agreement
reviews)
Appendices
e.g. Mission statement and/or business objectives, which drove this BIA.
Relevant details of people who provided input
Terminology
e.g.
CMDB Configuration Management Data Base (www,.theartofservice.com
CONMGT stream)
Page 106
Disaster Recovery/Continuity Management
IT Services
IT Service Continuity Management
Salvage Plan Template
Status: Draft
Version: 0.1
Release Date:
Page 107
Disaster Recovery/Continuity Management
Document Control
Author
Prepared by <name and / or department>
Document Source
This document is located on the LAN under the path:
I:/IT Services/Service Delivery/Salvage Plan/
Document Approval
This document has been approved for use by the following:
<first name, last name>, IT Services Manager
<first name, last name>, IT Service Delivery Manager
<first name, last name>, IT Service Continuity Process Manager
<first name, last name>, Customer representative or Service Level
Manager
Amendment History
Issue Date Amendments Completed By
Distribution List
When this procedure is updated the following copyholders must be advised
through email that an updated copy is available on the intranet site:
<Company Name> Business Unit Stakeholders
IT
Page 108
Disaster Recovery/Continuity Management
Introduction
Purpose
The purpose of this document is to provide a salvage plan template.
Scope
This document describes the following:
A salvage plan template
Note: It is assumed for each service described in this document that the
supporting back-end technology is already in place and operational.
Audience
This document is relevant to all staff in <company name>
Ownership
IT Services has ownership of this document.
Related Documentation
Include in this section any related Service Level Agreement reference
numbers and other associated documentation:
Page 109
Disaster Recovery/Continuity Management
Executive Overview
Describe the purpose, scope and organization of the document.
Scope
Not all IT Services may initially be included within the Salvage Plan. Use this
section to outline what will be included and the timetable for other services to
be included.
The salvage plan is fairly simple in concept and should be used in conjunction
with the ITSCM3100 Emergency Response Template.
Page 110
Disaster Recovery/Continuity Management
DISASTER PLANNING
Note: This is the title for this salvage plan for this service
Storage of Plan:
Hardcopy ( )
Microfilm ( )
Electronic ( )
Other (specify)
______________________________________________________________
Page 111
Disaster Recovery/Continuity Management
Yes ( )
No ( )
Commercial Provider ( )
Backup ( )
Rebuild ( )
System Restore ( )
Page 112
Disaster Recovery/Continuity Management
Equipment Needed:
IT Components
(Configuration Items (CI))
Page 113
Disaster Recovery/Continuity Management
Page 114
Disaster Recovery/Continuity Management
IT Services
IT Service Continuity Management
Business Continuity Strategy
Status: Draft
Version: 0.1
Release Date:
Page 115
Disaster Recovery/Continuity Management
Document Control
Author
Prepared by <name and / or department>
Document Source
This document is located on the LAN under the path:
I:/IT Services/Service Delivery/Functional Specifications/
Document Approval
This document has been approved for use by the following:
<first name, last name>, IT Services Manager
<first name, last name>, IT Service Delivery Manager
<first name, last name>, National IT Help Desk Manager
Amendment History
Issue Date Amendments Completed By
Distribution List
When this procedure is updated the following copyholders must be advised
through email that an updated copy is available on the intranet site:
<Company Name> Business Unit Stakeholders
IT
Page 116
Disaster Recovery/Continuity Management
Introduction
Purpose
The purpose of this document is to provide relevant Business Units with the
Business Continuity Strategies for the range of services provided by IT
Services to the <company name> community.
Scope
This document describes the following:
Summary of each service provided by IT Services including
Summary of the Continuity Strategy for each applicable service
Detailed list of Continuity Strategy for each applicable service
Note: It is assumed for each service described in this document that the
supporting back-end technology is already in place and operational.
Audience
This document is relevant to all staff in <company name>
Ownership
IT Services has ownership of this document.
Related Documentation
Include in this section any related Service Level Agreement reference
numbers and other associated documentation:
IT Service Continuity Management Policies, Guidelines and Scope
Document
Business Impact Analysis Template
Risk Assessment
Reciprocal Arrangements
Relevant SLA and procedural documents
IT Services Catalogue
Relevant Technical Specification documentation
Relevant User Guides and Procedures
Page 117
Disaster Recovery/Continuity Management
Executive Overview
Describe the purpose, scope and organization of the Continuity Management
Strategy document.
Scope
As not all IT Services may initially be included within the Continuity
Management Strategy document, it is important to set the scope for what will
be included.
Page 118
Disaster Recovery/Continuity Management
IT Owner Recovery Options Business Threat to Business Service Level Agreements Applicable
Service Work Grad-ual Intermediate Immediate Process Business Owners SLA Response Recovery Procedures
Around # Time Time
Service A J. Ned Yes Backup Reciprocal No Billing High T. Smith SLA 4 Hours 8 Hours IncMgt101
Tapes Arrangement 001
Email A. No Backup Reciprocal Replicated Comm- Low R. Jones SLA 2 Hours 4 Hours ComRec23
Boon CD Arrangement Server unication 234 1
SAP C. No Backup No Replicated Invoice and Very High P. Boon SLA 30 mins 2 Hours N/A
Jones Tapes Service Payroll 123
Service B L. Yes Rebuild No No Marketing Medium R. SLA 1 Hour 3 Hours N/A
Smith Reagan 009
Service C R. Yes Rebuild No No Manu- High R. Smith SLA 30 mins 2 Hours N/A
Smith facturing 007
Service A
Please Note. Some of the sub-headings here may not be applicable for the IT
Service. For example, in some instance where you have an Immediate
Recovery Option for a Service it may not be applicable to have spent money
on Gradual Recovery Options, and vice versa.
Description
Provide a description of the IT Services. Include all relevant SLA and
Ownership Details.
Page 119
Disaster Recovery/Continuity Management
Risk Summary
In this section provide a brief description of any know and major risks to the IT
Service. Risks are determined by understanding the assets that are involved
in the service, the threats to those assets and any identified threats.
Definitions:
A threat is 'how likely is it that a particular service will be disrupted.
Vulnerability assesses what the impact will be upon the organization if the
threat manifests.
The risk level is then the combination of the threat and the vulnerability. It
can be reached through a quantitative analysis or simply a subjective feel.
After completing the above table, summaries the overall risk to the service
and the impact on the business.
A manual work around can be seen as an effective interim measure until the
IT Service has been restored.
The manual workarounds will be for both IT departments and the Business.
List all Manual Work Around options in this section.
Page 120
Disaster Recovery/Continuity Management
Reciprocal Arrangements
In some situations, organizations will rely on likeminded businesses to provide
services in the event that they experience some sort of loss of service. This is
called a reciprocal Arrangement.
Reciprocal Arrangements may be made with several organizations for the one
service.
Page 121
Disaster Recovery/Continuity Management
Gradual Recovery
This recovery options is used for services where immediate restoration of
business processes is not needed and can function for up to a period of 24 to
72 hours as defined in a service agreement.
Agreements
Agreements will include those with the business for Gradual Recovery. They
will also include any additional accommodation and services plans.
Technology
This section will provide details about the computer systems and network
plans, as well as any telecommunications plans.
Security
In the event of a disaster, there may be some impact on the security of the IT
Department and the business as a whole. In this section include any security
issues, appropriate security plans, and security to be tested and revisited after
recovery.
Finance
Include in this section any required finance for the recovery options. This
information will be used in the budgeting process for subsequent years.
Personnel
List all responsible personnel for the recovery of this service.
Summary
Provide a summary for the Gradual Recovery of Service << Service Name >>
Intermediate Recovery
This recovery options is used for services that are important enough to the
business that a 4 to 24 hour restoration period is required.
Page 122
Disaster Recovery/Continuity Management
Agreements
Agreements will include those with the business for Gradual Recovery. They
will also include any additional accommodation and services plans.
Technology
This section will provide details about the computer systems and network
plans, as well as any telecommunications plans.
Security
In the event of a disaster, there may be some impact on the security of the IT
Department and the business as a whole. In this section include any security
issues, appropriate security plans, and security to be tested and revisited after
recovery.
Finance
Include in this section any required finance for the recovery options. This
information will be used in the budgeting process for subsequent years.
Personnel
List all responsible personnel for the recovery of this service.
Summary
Provide a summary for the Gradual Recovery of Service << Service Name >>
Immediate Recovery
This recovery options is used for services where immediate restoration of
business processes is needed and the business will suffer severe
consequences if restoration is not within 2 to 4 hours.
Agreements
Agreements will include those with the business for Gradual Recovery. They
will also include any additional accommodation and services plans.
Page 123
Disaster Recovery/Continuity Management
Technology
This section will provide details about the computer systems and network
plans, as well as any telecommunications plans.
Security
In the event of a disaster, there may be some impact on the security of the IT
Department and the business as a whole. In this section include any security
issues, appropriate security plans, and security to be tested and revisited after
recovery.
Finance
Include in this section any required finance for the recovery options. This
information will be used in the budgeting process for subsequent years.
Personnel
List all responsible personnel for the recovery of this service.
Summary
Provide a summary for the Gradual Recovery of Service << Service Name >>
Appendices
Include any applicable appendixes that are needed.
e.g. Logical Schematic of the IT environment.
Contact details
Terminology
Make sure that all terminology is captured and documented correctly.
e.g.
CMDB Configuration Management Data Base (www.theartofservice.com
CONMGT stream)
Page 124
Disaster Recovery/Continuity Management
RECIPROCAL ARRANGEMENTS
IT Services
IT Service Continuity Management
Reciprocal Arrangement between
Client (X)
And
Client (Y)
Status: Draft
Version: 0.1
Release Date:
Page 125
Disaster Recovery/Continuity Management
Document Control
Author
Prepared by <name and / or department>
Document Source
This document is located on the LAN under the path:
I:/IT Services/Service Delivery/ITSCM/
Document Approval
This document has been approved for use by the following:
<first name, last name>, IT Services Manager
<first name, last name>, IT Service Delivery Manager
<first name, last name>, National IT Help Desk Manager
<first name, last name>, ITSCM Manager
Amendment History
Issue Date Amendments Completed By
Distribution List
When this procedure is updated the following copyholders must be advised
through email that an updated copy is available on the intranet site:
<Company Name> Business Unit Stakeholders
IT
Page 126
Disaster Recovery/Continuity Management
Introduction
Purpose
The purpose of this document is to provide relevant Business Units with the
existing Reciprocal Arrangements for their IT Services.
Scope
This document describes the following:
Details of Reciprocal Arrangements between << company name >>
and << external company >>
Note: It is assumed for each service described in this document that the
supporting back-end technology is already in place and operational.
Audience
This document is relevant to all staff in <company name>
Ownership
IT Services has ownership of this document.
Related Documentation
Include in this section any related Service Level Agreement reference
numbers and other associated documentation:
Page 127
Disaster Recovery/Continuity Management
Executive Overview
Scope
Overview
General principles
<<
Page 128
Disaster Recovery/Continuity Management
It is understood that:
Neither firm should make a profit or a loss from this arrangement.
Both parties will agree to confidentiality of data, clients, and
business practices.
Neither party will seek compensation from the other should any
problems or difficulties arise from the service provided.
This plan will be shown to (Client 1's) supplier and, although their
approval of such will not be sought, their comments, the subject of
the agreement of (Client 1) and (Client 2), will be incorporated into
the plan. Refer to Appendix F for (Specify supplier) agreement to
the Plan.
All items to be used in these plans will be maintained and kept in
good working order.
Termination can only occur within (Specify length of time) written
notice unless otherwise mutually agreed.
The agreement will run for (Specify duration of agreement) at a
time, to be renewable if both parties agree.
The insurers of each company will be made aware of these plans.
Page 129
Disaster Recovery/Continuity Management
>>
Definition of a disaster
Period of service
Capture the service period for the arrangement in the event of a disaster. This
will include maximum duration from the time of the disaster and will usually be
provided free of charge by the host for a specified time. This time will be
determined here.
Include also the renewing of the contract, probably every year, but should
never exceed the date of the contract expiration date.
Page 130
Disaster Recovery/Continuity Management
Prerequisites
<<
>>
This is very important.
Page 131
Disaster Recovery/Continuity Management
Alignment
<<
Bearing in mind that the << Logistics system >> has many options
available within it and that the << Logistics system >> programs will be
used from a common source.
Provision of the << Logistics system >> will be a minimum of, but not
limited to:
If required and agreed at the time of need, provision may be made for <<
Logistics System >> facilities.
>>
Page 132
Disaster Recovery/Continuity Management
<<
It is agreed that: Releases of the << Logistics System >> will be aligned
so that no more than seven days elapse between installation of like
releases at each site.
>>
Page 133
Disaster Recovery/Continuity Management
However, it is agreed that each site will use the following products
(version/service pack is not vital:
Microsoft Word
Microsoft Excel
Microsoft Access
>>
Also include how access to the facilities will be made available. This will be
both physical and logical access.
Backup facilities
In this section, list the backup facilities that need to be kept in line with the
other sites or systems.
Provisions
<<
The plan provides for provision of a service by the host to the client within two
hours of notification that such is required by the client. Obviously not all
facilities may be in place within this timeframe.
The service will only be provided if the office of the client is not capable of
being used to provide an equivalent service. << include reasons why this
Page 134
Disaster Recovery/Continuity Management
could be the case, i.e. flood, fired etc >>. In addition, the service will be
provided if the client's office or surrounding area is closed by the authorities.
>>
The following sections list out those necessary provisions required in the
event of a disaster.
Office space
Include in this section how access to office space will be arranged. Include a
table of names for staff that will require access. Make sure you inform
security.
Establish if any passes are required for access or elevators. Directions to the
location of the hosting client's office should also be listed here.
Work space
How will the work space be set up to cater for the client? Below are some
example words that can be used.
<<
Page 135
Disaster Recovery/Continuity Management
>>
Meeting space
Storage space
Provide details about facilities for storing cash, cheque books, or other
valuable items will be made available to the client as available.
Page 136
Disaster Recovery/Continuity Management
Office equipment
<<
It is essential that the host provide facilities to enable the client to perform its
normal business as much as is possible. Therefore it is agreed to provide:
>>
Telephone
Fax
Page 137
Disaster Recovery/Continuity Management
Computer equipment
<<
>>
PC
Printer
Include printer information. This will be the type of printer, the number of
printers, and any stationary.
Page 138
Disaster Recovery/Continuity Management
<<
When the client is able to return to its own office, the host will provide the
client with:
A backup of its system data
A backup of any data stored on the LAN
A backup of any data stored on PCs
>>
Specialist requirements
Non-standard items
Record any exceptions regarding client and host requirements in this section.
This could include things like nil access to specific equipment or services.
List any requirements covering documentation. Include how they are stored
and retrieved in the event of a disaster.
Page 139
Disaster Recovery/Continuity Management
Restrictions
List any restrictions that may be applicable when the arrangement is in place
and being used.
<<
>>
Termination Procedure
Of hosting service
This will normally occur when the client has restored adequate facilities in
their own environment.
List the reasons for termination and also the roles and responsibilities. Include
any necessary clean up.
Of the agreement
<<
This agreement can only be cancelled by one of the following:
Written notice being given by one company to the other.
At annual renewal, in which case one month notice should still be
provided.
If agreed between the two companies at any stage.
>>
Page 140
Disaster Recovery/Continuity Management
Responsibilities
Responsibilities for the plan rest with the following:
Client 1:
Client 2:
Client 1:
Client 2:
<<
The plan will be tested, at most, twice a year and at least once a year. Dates
will be agreed to no less than two weeks before the test date.
>>
Page 141
Disaster Recovery/Continuity Management
APPENDIX A
AGREEMENT TO
BETWEEN
CLIENT 1
Client 1
Name: _____________________________
Signed: _____________________________
Title: _____________________________
Dated: _____________________________
Client 2
Name: ______________________________
Signed: ______________________________
Title: ______________________________
Dated: ______________________________
Page 142
Disaster Recovery/Continuity Management
APPENDIX B
SERVICE CONTACTS
Client 1
Client 2
Page 143
Disaster Recovery/Continuity Management
APPENDIX C
STAFF TO BE RESIDENT
Client 1
Client 2
APPENDIX D
Page 144
Disaster Recovery/Continuity Management
Client 1
Client 2
APPENDIX E
Page 145
Disaster Recovery/Continuity Management
Desks
Phones
Fax
Laptops
PCs
Servers
Printers
LAN
WAN
Applications
Licenses
Logons
Page 146
Disaster Recovery/Continuity Management
APPENDIX G
The list below is provided for example. Specify items to be stored and quantity of
items per your individual circumstances.
Stationary
PCs
Laptops
Backup Devices
Desks
Chairs
etc
Page 147
Disaster Recovery/Continuity Management
Page 148
Disaster Recovery/Continuity Management
IT Services
IT Service Continuity Management
Vital Records Template
Status: Draft
Version: 0.1
Release Date:
Page 149
Disaster Recovery/Continuity Management
Document Control
Author
Prepared by <name and / or department>
Document Source
This document is located on the LAN under the path:
I:/IT Services/Service Delivery/Vital Records/
Document Approval
This document has been approved for use by the following:
<first name, last name>, IT Services Manager
<first name, last name>, IT Service Delivery Manager
<first name, last name>, IT Service Continuity Process Manager
<first name, last name>, Customer representative or Service Level
Manager
Amendment History
Issue Date Amendments Completed By
Distribution List
When this procedure is updated the following copyholders must be advised
through email that an updated copy is available on the intranet site:
<Company Name> Business Unit Stakeholders
IT
Page 150
Disaster Recovery/Continuity Management
Introduction
Purpose
The purpose of this document is to provide a vital records template.
Scope
This document describes the following:
A Vital Records template
Note: It is assumed for each service described in this document that the
supporting back-end technology is already in place and operational.
Audience
This document is relevant to all staff in <company name>
Ownership
IT Services has ownership of this document.
Related Documentation
Include in this section any related Service Level Agreement reference
numbers and other associated documentation:
Executive Overview
Describe the purpose, scope and organization of the document.
Scope
Each organization and department should develop a vital records plan. The
first part of the plan is a description of records that are vital to continued
operation or for the protection of legal and financial rights of the organization.
The plan should also include specific measures for storing and periodically
cycling (updating) copies of those records.
The description of vital records is based on identification and inventorying.
Organizations may take the following steps to identify and inventory vital
records:
Consult with the official responsible for disaster coordination,
Review organization statutory and regulatory responsibilities and
existing emergency plans for insights into the functions and records
that may be included in the vital records inventory,
Review documentation created for the contingency planning and risk
assessment phase of emergency preparedness. The offices performing
those functions are obvious focuses of an inventory,
Review current file plans of offices that are responsible for performing
critical functions or may be responsible for preserving rights, and
Review the organization records manual or records schedule to
determine which records series potentially qualify as vital.
Organizations must exercise caution in designating records as vital and in
conducting the vital records inventory. There are suggestions that from 1 to 7
percent of an organization records may be vital records. Only those records
series or electronic information systems (or portions of them) most critical to
emergency operations or the preservation of legal or financial rights should be
so designated. Agencies must make difficult and judicious decisions in this
regard.
The inventory of vital records should include:
The name of the office responsible for the records series or electronic
information system containing vital information
Page 152
Disaster Recovery/Continuity Management
Department:
Division:
Date of Signature:
Sub-Division: _________________________
IT Service: ____________________________
Page 153
Disaster Recovery/Continuity Management
Appendices
Terminology
Page 154
Disaster Recovery/Continuity Management
IT Services
Process: Problem Management
Stat In draft
us: Under Review
Sent for Approval
Approved
Rejected
Page 155
Disaster Recovery/Continuity Management
Introduction
The following pages provide 2 examples of flyers that can printed and
distributed throughout your organization.
Note, they are examples, and your input is required to complete the flyers.
Remember, the important thing is to ensure that the message delivered in the
flyer is appropriate to the audience that will be reading it.
So think about how and where you will be distributing the flyers.
Page 156
Disaster Recovery/Continuity Management
ProblemManagement
ITServicesDepartment
Key Wanted: Long Term Stability
Points: they occur. As of
The IT Department contains, for
example, IT <<mm-dd-yyyy>>
is embarking on a that will change.
Problem employees or
Proactive Management business staff. New processes will
Approach be in place to head
implementation The most exciting
Program. element of the off potentially
damaging, costly
program is the
Removal Problem and time consuming
Management is a set Proactive
ofKnown
activities, errors in advance.
Errors. of activities designed
to remove errors designed to Provide contact lists
from the IT prevent errors for the IT
infrastructure. even before they Department as well
Fewer as the business
incidents occur.
<<First, determine managers that they
the audience of this Traditionally our
can contact.>>
flyer. This could be focus has been
Increased anyone who might on fixing errors as
confidence
benefit from the
information it
<<other
points>> THE BENEFITS THE CONTACTS
PROCESS
List the benefits to
the intended Problem Control List the contacts
audience. To understand the
issue.
Input any graphics in
Keep it Simple here
Error Control
Use Bullet Points To identify the
cause
Proactive
activities
To prevent potential
issues
Page 157
Disaster Recovery/Continuity Management
Problem Management
<<Corporate Logo
or image of
IT SERVICE choice>>
IMPROVEMENT
PROGRAM
Sponsored by IT SERVICES
Page 158
Disaster Recovery/Continuity Management
EMAIL TEXT
IT Services
Process: IT Service Continuity
Management
Email Text
Status: In draft
Under Review
Sent for Approval
Approved
Rejected
Release
Date:
Page 159
Disaster Recovery/Continuity Management
Introduction
In the next section of this document is an example email text that can be
distributed across your organization.
Note, that this is just one piece of text for one email.
This is very important, as each time you send an email regarding your IT
Service Continuity Management process it should be different and targeted to
the correct audience.
Page 160
Disaster Recovery/Continuity Management
Dear << insert audience here, for example, Customer, IT Staff, Marketing
Dept etc >>
In order to improve the IT Services and ensure that they are aligned with the
needs of the organization, we have decided to embark on a service
improvement programme. This programme will result in the implementation of
a process called IT Service Continuity Management.
Organizations are required to operate and provide a service at all times. Its
that simple. Increasing competition and a growth in the requirement by
consumers for instant or near real time response has fuelled the necessity for
an agreed level of IT services to be provided following an interruption to the
business. Such interruptions can be a loss of a single application or a
complex system failure all the way through to the loss of a building (e.g.
through fire, flood, etc.)
Page 161
Disaster Recovery/Continuity Management
The IT Department will be creating a list of IT Services that it delivers. This will
be captured in a Service Catalogue (SC). The list of services will then be
presented to the different departments within <<organization name>>. From
this list, each department will be able to pick the service that they use, and
through our requirements gathering, make comments about the requirements
for that service during times of major outage or loss.
From this, we will be able to then formulate agreements on the services being
provided. These agreements are called Service Level Agreements and they
include the requirements for continuity.
This will help ensure that the IT Department is aligning its Services with the
business needs, provide a way to measure the services, set expectations of
the services being delivered, and more importantly provide an avenue for
discovery in service improvement.
The IT Service Continuity Manager will work closely with the business in
defining the necessary services and agreeing their level of availability.
Page 162
Disaster Recovery/Continuity Management
<<
>>
The commencement date of the new process is scheduled for: << insert date
>>
OR
If you have any questions regarding this, please do not hesitate to contact me
on << phone number >>
Page 163
Disaster Recovery/Continuity Management
Page 164
Disaster Recovery/Continuity Management
IT Services
Reports and KPI Targets
Process: IT Service Continuity Management
Status: In draft
Under Review
Sent for Approval
Approved
Rejected
Release
Date:
Page 165
Disaster Recovery/Continuity Management
Prepared by:
On: <<date>>
On: <<date>>
Page 166
Disaster Recovery/Continuity Management
Simple
Measurable
Achievable
Realistic
Time Driven
Page 167
Disaster Recovery/Continuity Management
Special Tip: Beware of using percentages in too many cases. It may even be
better to use absolute values when the potential number of maximum failures
is less than 100
Page 168
Disaster Recovery/Continuity Management
Management reports help identify future trends and allow review of the
health of the process. Setting a security level on certain reports may be
appropriate as may be categorizing the report as Strategic, Operational or
Tactical.
The acid test for a relevant report is to have a sound answer to the question;
What decisions is this report helping management to make?
Management reports for IT Service Continuity Management could include:
Page 169
Disaster Recovery/Continuity Management
Page 170
Disaster Recovery/Continuity Management
IT Services
Implementation Plan/Project Plan
Skeleton Outline
Status:
Version: 0.1
Release
Date:
Page 171
Disaster Recovery/Continuity Management
However, the reader will certainly be reminded of the key topics that have to
be considered for planning and implementation of this process.
Initial planning
When beginning the process planning the following items must be completed:
CHECK DESCRIPTION
or 2
or date
Page 172
Disaster Recovery/Continuity Management
Review the finances required for the process as a whole and any
associated systems (expenditure including people, software,
hardware, accommodation). Dont forget that the initial
expenditure may be higher than the ongoing costs. Dont forget
annual allowances for systems maintenance or customizations to
systems by development staff.
Policy Statement
The policy establishes the SENSE OF URGENCY for the process.
It helps us to think clearly about and agree on the reasons WHY effort is put
into this process.
The most common mistake made is that reasons regarding IT are given as
the WHY we should do this. Reasons like to make our IT department more
efficient are far too generic and dont focus on the real issue behind why this
process is needed.
The statement must leave the reader in no doubt that the benefits of this
process will be far reaching and contribute to the business in a clearly
recognizable way.
Objective Statement
When you are describing the end or ultimate goal for a unit of activity that is
about to be undertaken you are outlining the OBJECTIVE for that unit of
activity.
Page 173
Disaster Recovery/Continuity Management
Of course the activity may be some actions for just yourself or a team of
people. In either case, writing down the answer to WHERE will this activity to
me/us/the organization is a powerful exercise.
There are many studies that indicate the simple act of putting a statement
about the end result expected onto a piece of paper, then continually referring
to it, makes achieving that end result realistic.
Scope Statement
In defining the scope of this process we are answering what activities and
what information interfaces does this process have.
Dont get caught up in trying to be too detailed about the information flow into
and out of this process. What is important is that others realize that
information does in fact flow.
Page 174
Disaster Recovery/Continuity Management
Page 175
Disaster Recovery/Continuity Management
Immediate Recovery
This is one of the most interesting aspects. It can be very
difficult to get everyone to agree to a definition, and it can
be very difficult to establish the correct understanding of
the definition.
However, get this right, and the rest of the process is
made easier.
Seek initial approval
Establish and Define Roles and Responsibilities for the
process. Appoint an ITSCM Manager.
Establish and Define the Scope for IT Service Continuity
Management and the relationships with IT Services
Establish IT Service Continuity Management Process
Establish and Define Relationship with all other
processes.
This is another key aspect of the IT Service Continuity
Management process. IT Service Continuity Management
is where we are helping set assurance of IT Service
capability in the event of a disaster. IT Service Continuity
Management works closely with Service Level
Management to achieve this.
Establish monitoring levels.
Continuity of service as seen by the business is related to
the service and not the components that make up the
service.
Define reporting standards
Publicize and market
The priority selection has to be made with other factors in mind, such as competitive
analysis, any legal requirements, and desires of politically powerful influencers.
Costs
The cost of process implementation is something that must be considered before,
during and after the implementation initiative. The following points and table helps to
frame these considerations:
(a variety of symbols have been provided to help you indicate required expenditure,
rising or falling expenditure, level of satisfaction regarding costs in a particular area,
etc.
Page 176
Disaster Recovery/Continuity Management
In most cases, costs for Process implementation have to be budgeted for (or
allocated) well in advance of expenditure. Part of this step involves deciding on a
charging mechanism (if any) for the new services to be offered. Build the team
Each process requires a process owner and in most situations a team of people to
assist.
Page 177
Disaster Recovery/Continuity Management
It is critical to identify these systems and consider their future role as part of the new
process definition.
Examples of areas to review are:
Area Notes
Power teams
Current formal procedures
Current informal procedures
Current role descriptions
Existing organizational structure
Spreadsheets, databases and other repositories
Other
Implementation Planning
After base decisions regarding the scope of the process and the overall planning
activities are complete we need to address the actual implementation of the process.
It is unlikely that there will not be some current activity or work being performed that
would fit under the banner of this process. However, we can provide a
comprehensive checklist of points that must be reviewed and done.
Implementation activities for IT Service Continuity Management
Activity Notes/Comme
nts/Time
Frame/Who
Review current and existing IT Service Continuity Management
practices in greater detail. Make sure you also review current
process connections from these practices to other areas of IT
Service Delivery and Support.
Page 178
Disaster Recovery/Continuity Management
Decide how best to select any vendor that will provide assistance in
this process area (including tools, external consultancy or
assistance to help with initial high workload during process
implementation).
Ultimately we do want the new process to become the way things are done around
here, so it may even be best not to set specific launch dates, as this will set the
expectation that from the given date all issues relating to the process will disappear
(not a realistic expectation).
Page 179
Disaster Recovery/Continuity Management
Page 180
Disaster Recovery/Continuity Management
FURTHER INFORMATION
For more information on other products available from The Art of Service, you can
visit our website: http://www.theartofservice.com
If you found this guide helpful, you can find more publications from The Art of
Service at: http://www.amazon.com
Page 181