1921523921

IT Service Continuity Management and
Disaster Recovery Best Practice Handbook:
Building, Running and Managing Effective IT

Service Continuity Management and Disaster
Recovery - Ready to use supporting documents
Notice of Rights: Copyright The Art of Service. All rights reserved. No part of
this book may be reproduced or transmitted in any form by any means,
electronic, mechanical, photocopying, recording, or otherwise, without the prior
written permission of the publisher.
Notice of Liability: The information in this book is distributed on an As Is basis

without warranty. While every precaution has been taken in the preparation of the
book, neither the author nor the publisher shall have any liability to any person or
entity with respect to any loss or damage caused or alleged to be caused directly
or indirectly by the instructions contained in this book or by the products
described in it.
Trademarks: Many of the designations used by manufacturers and sellers to

distinguish their products are claimed as trademarks. Where those designations
appear in this book, and the publisher was aware of a trademark claim, the
designations appear as requested by the owner of the trademark. All other
product names and services identified throughout this book are used in editorial
fashion only and for the benefit of such companies with no intention of
infringement of the trademark. No such use, or the use of any trade name, is
intended to convey endorsement or other affiliation with this book. ITIL is a
Registered Community Trade Mark of OGC (Office of Government Commerce,
London, UK), and is Registered in the U.S. Patent and Trademark Office.
Write a Review and Receive a Bonus Emereo
eBook of Your Choice
Up to $99 RRP Absolutely Free

If you recently bought this book we would love to hear from you submit
a review of this title and youll receive an additional free ebook of your
choice from our catalog at http://www.emereo.org.
How Does it Work?

Submit your review of this title via the online store where you purchased
it. For example, to post a review on Amazon, just log in to your account
and click on the Create Your Own Review button (under Customer
Reviews) on the relevant product page (youll find plenty of example
product reviews on Amazon). If you purchased from a different online
store, simply follow their procedures.
What Happens When I Submit my Review?

Once you have submitted your review, send us an email via
review@emereo.org, and include a link to your review and a link to the
free eBook youd like as our thank-you (from http://www.emereo.org
choose any book you like from the catalog, up to $99 RRP). You will then
receive a reply email back from us, complete with your bonus ebook
download link. It's that simple!
Disaster Recovery/Continuity Management
TABLE OF CONTENTS
INTRODUCTION ROADMAP.......................................................................... 5
CONTINUITY MANAGEMENT PRESENTATION........................................... 9
SUPPORTING DOCUMENTS ...................................................................... 55
POLICIES OBJECTIVES AND SCOPE ..................................................... 57
BUSINESS JUSTIFICATION DOCUMENT ............................................... 63
OBJECTIVES AND GOALS....................................................................... 69
EMERGENCY RESPONSE PLAN............................................................. 73
COMMUNICATION PLAN ......................................................................... 81
RISK ASSESSMENT ................................................................................. 87
ITSCM PROCESS MANAGER .................................................................. 95
BUSINESS IMPACT ASSESSMENT......................................................... 99
SALVAGE PLAN TEMPLATE.................................................................. 107
BUSINESS CONTINUITY STRATEGY.................................................... 115
RECIPROCAL ARRANGEMENTS .......................................................... 125
VITAL RECORDS TEMPLATE ................................................................ 149
BUSINESS AND IT FLYERS ................................................................... 155
EMAIL TEXT ............................................................................................ 159
REPORTS KPIs TARGETS AND ADDITIONAL METRICS ..................... 165
IMPLEMENTATION AND PROJECT PLAN................................................ 171
FURTHER INFORMATION ......................................................................... 181
Page 3
Page 4
INTRODUCTION ROADMAP
Many organizations are looking to implement Service Level Management as a

way to improve the structure and quality of the business.
This document describes the contents of the Service Level Management

Guide. The information found within the book is based on the ITIL Version 2
framework, specifically the Service Level Management process within the
Service Delivery phase.
The guide is designed to answer a lot of the questions about Service Level
Management and provide you with useful guides, templates and essential, but
simple assessments.
The supporting documents and assessments will help you identify the areas
within your organization that require the most activity in terms of change and
improvement.
Presentations can be used to educate or be used as the basis for

management presentations or when making business cases for Service Level
Management implementation.
The additional information will enable you to improve your organizations

methodology knowledge base.
The guide serves to act as a starting point. It will give you a clear path to
travel. It is designed to be a valuable source of information and activities.
The Service Level Management Guide:
Flows logically,
Is scalable,
Provides presentations, templates and documents,
Saves you time.
Page 5
Step 1
Start by reviewing the PowerPoint presentation.
Service Level Management ITIL V2 This presentation provides a detailed

and comprehensive overview of Service Level Management in the specialist
areas of ITIL Version 2 and in particular, within the Service Level
Management process as part of the Service Delivery phase.
These presentations will give you a good knowledge and understanding of all
the terms, activities and concepts required within Service Level Management.
They can also be used as the basis for management presentations or when
making a formal business case for Service Level Management
implementation. Make sure you pay close attention to the notes, as well as
the slides, as references to further documents and resources are highlighted
here.
Page 6
Step 2
If you did not look at the supporting documents and resources when prompted
during the PowerPoint presentations, do this now.
Below is an itemized list of the supporting documents and resources for easy
reference. You can use these documents and resources within your own
organization or as a template to help you in prepare your own bespoke
documentation.
Service Level Management ITIL V2:

Policies Objective and Scope
Business Justification Document
Objective and Goals
Emergency Response Plan
Communication Plan
Risk Assessment
ITSCM Process Manager
Business Impact Assessment
Salvage Plan Template
Business Continuity Strategy
Reciprocal Arrangements
Vital Records Template
Business and IT Flyers
Email Text
Reports KPIs Targets and Additional Metrics
Page 7
Step 3
Alternatively, continue by working through the Implementation Plan with the

focus on your organization. This will help you ascertain the Service Level
Management maturity for your organization. You will able to identify gaps and
areas of attention and/or improvement.
The supporting documents and resources found within the book will help you
fill these gaps by giving you a focused, practical and user-friendly approach to
Service Level Management.
Page 8
CONTINUITY MANAGEMENT PRESENTATION
For more information please refer to Policies Objectives and Scope on

page 57 within this workbook.
Page 9
For more information please refer to Business Justification Document

on page 63 within this workbook.
Page 10
These bullet points help to illustrate why it is that we need to introduce the
disciplines of effective and efficient Process management into our IT
environments.
For more information please refer to Objective and Goals on page within
this workbook.
Page 11
ITSM is not something on its own, but closely linked to the business.
Explain difference between effective (doing the right thing) and efficient
(doing the right thing the right way).
The objective tree is a useful way to help explain the importance of IT being a
supporting department to the business.
To meet organizational objectives, the organization has business

processes in place.
Examples of business processes are sales, admin and financial (who have a
sales process) or logistics, customer service and freight who have a
customer returns process.
Each of the units involved in these business processes needs IT Services

(e.g. CRM application, e-mail, word processing, financial tools).
Each of these services runs on IT infrastructure that has to be properly

managed (Service Management). IT Infrastructure includes hardware,
software, procedures, policies, documentation, etc.
ITIL provides a framework for the management of IT Infrastructure.
Page 12
Traditionally we look at the IT department as a collection of specialists with

specialist skills. This is a functional way to look at IT and it puts people into
departmental SILOs.
Page 13
Best practice processes will transverse functional departments and help to

break down the silos/walls/barriers to communication between them.
Other points to explain:

A process is a set of activities with a common goal.
A process can measure the input, output and activities.
A process will link these measurements to targets.
Page 14
An IT organization needs to focus on all these aspects to deliver the right IT

services (effective) in the right way (efficient).
Generally, the technology perspective gets a lot of attention (time, budget,

people etc).
More and more people see the importance of processes (which is why ITIL is
getting so popular).
There is also an organization perspective: the alignment of vision, strategy

and goals with the day to day activities in IT. This is useless, if it is not
communicated (which is virtually always the case and finally, there is the
people perspective, which looks at the soft side: is your staff happy, do they
have the right skills, are you managing them effectively etc.
Page 15
Service Level Management is one of 10 ITIL processes. Here we get to see

the others and the one function (Service Desk). Security Management can be
included as well, due to its critical importance.
Page 16
Page 17
ITSCM must be apart of the overall Business Continuity Process (BCM) and is
dependent upon information derived through this process. ITSCM is focused
on the Continuity of IT Services to the business. BCM is concerned with the
management of Business Continuity that incorporates all services upon which
the business depends, one of which is IT.
Page 18
For more information please refer to Emergency Response Plan on 73

page within this workbook.
Page 19
For more information please refer to Communication Plan on page 81

within this workbook.
Page 20
For more information please refer to Risk Assessment Template on page

87 within this workbook.
Page 21
It is not possible to develop an effective ITSCM plan in isolation; it must fully

support the requirements of the business. Consider all four stages of the
Business Continuity lifecycle with particular emphasis on the IT aspect.
Page 22
For more information please refer to ITSCM Process Manager on page

Page 23
For more information please refer to Business Impact Assessment on

Page 24

Page 25
Page 26
ITSCM does not usually directly cover longer-term risks such as those from
changes in business directions, diversification, restructuring, and so on. While
these risks can have material impact on IT Service elements and their
Continuity mechanisms, management usually has some time to identify and
evaluate the risk and include risk mitigation through changes or shifts in
business and IT strategies, thereby becoming part of the Change
Management program.
Page 27
Notes:
Page 28
For more information please refer to Salvage Plan Template on page 107
within this workbook.
Page 29
ITSCM does not usually cover minor technical faults (for example, non critical
disk failure), unless there is a possibility that the impact could have material
impact on the business. These risks would be expected to be covered mainly
through the Service Desk and the Incident Management process, or resolved
through the planning associated with the disciplines of Availability
Management, Problem Management; and to a lesser extent through Change
Management, Configuration Management and day to day operational
management.
Page 30
For more information please refer to Business Continuity Strategy on

Page 31
For more information please refer to Reciprocal Arrangements on page

Page 32
Notes:
Page 33

Page 34
Assess the Level of Risk - The overall risk can then be measured. This may
be done as a measurement if quantitative data has been collected, or
qualitative using a subjective assessment of, for example, low, medium or
high.
Page 35
Following the Risk Analysis it is possible to determine appropriate

countermeasures or risk reduction measures (ITSCM mechanisms) to
manage the risks, i.e. reduce the risk to an acceptable minimum level or
mitigate the risk.
Page 36
For more information please refer to Implementation and Project Plan on

Page 37
Page 38
For more information please refer to Vital Records Template on page

Page 39
Gradual Recovery this option (sometimes referred to as cold stand by) is

applicable to organizations that do not need immediate restoration of business
processes and can functions for a period of up to 72 hours , or longer, without
re-establishment of full IT facilities.
Page 40
Page 41
Immediate Recovery this option (sometimes referred to as hot standby)

provides for immediate recovery provided by a third party recovery provider.
The immediate recovery is supported by the recovery of other critical business
and support areas during the first 24 hours following a service disruption.
Instances where immediate recovery may be required are where the impact of
loss of service has immediately impact on the organizations ability to make
money, such as a Banks dealing room.
Page 42
Some organization may identify a need for their own exclusive immediate
recovery facilities provided internally. This is a costly option by may be
justified for a certain business process where non-Availability for a short
period could result in a significant impact.
Page 43
Notes:
Page 44
The ITSCM plan is dependent on specific technical tasks being undertaken. It

is necessary that these are full documented and comprehensive so that any
literate IT person can undertake the recovery
Page 45
Many procedures may already exists, such as the procedures for restoring
systems and data in the event of equipment failure, and these should be
refined and attached to the ITSC Plan.
Page 46
For more information please refer to Business and IT Flyers on page 155
and Email Text on page 159 within this workbook.
Page 47
Page 48
As with most IT issues, ITSCM crosses organizational boundaries and

consumes management time and financial resources, these should however
by in proportion to the risks being address.
Page 49
Page 50
Page 51
For more information please refer Reports and KPIs Targets and
Additional Metrics on page 165 within this workbook.
Page 52
ITSCM becomes one of the multitudes of corporate management activities

performed in operational and executives roles, enabling ITSCM to be
embedded, either explicitly or inexplicitly, within business strategy, business
objectives and key performance indicators through all levels of the
organization.
Page 53
Page 54
SUPPORTING DOCUMENTS
Through the documents, look for text surrounded by << and >> these
are indicators for you to create some specific text.
Watch also for highlighted text which provides further guidance and
instructions.
Page 55
Page 56
POLICIES OBJECTIVES AND SCOPE
IT Services
Policies, Objectives and Scope
Process: IT Service Continuity
Management
Status: In draft
Under Review
Sent for Approval
Approved
Rejected
Version: <<your version>>
IT Service
Continuity Date:
Page 57
Policies, Objectives and Scope for IT Service Continuity Management
The document is not to be considered an extensive statement as its topics

have to be generic enough to suit any reader for any organization.
However, the reader will certainly be reminded of the key topics that have to
be considered.
Policy Statement
A course of action, guiding principle, or procedure considered expedient,

prudent, or advantageous
Use this text box to answer the SENSE OF URGENCY question regarding this
process.
Why is effort being put into this process?

Not simply because someone thinks its a good idea. That wont do. The reason has to
be based in business benefits.
You must be able to concisely document the reason behind starting or improving this
process.
Is it because of legal requirements or competitive advantage? Perhaps the business

has suffered major problems or user satisfaction ratings are at the point where
outsourcing is being considered.
The relationship between ITSCM and Security is another aspect to build into the Policy
statement.
Page 58
The basic premise of Security and IT Service Continuity Management is the continual
identification and management of RISK.
The above Policy Statement was;
Prepared by:
On: <<date>>
And accepted by:

On: <<date>>
Page 59
Objectives Statement
Something worked toward or striven for; a goal.
Use this text box to answer the WHERE ARE WE GOING question regarding this
process.
What will be the end result of this process and how will we know when we have
reached the end result?
Will we know because we will establish a few key metrics or measurements or will it be
a more subjective decision, based on instinct?
A generic sample statement on the objective for IT Service Continuity

Management is:
The IT Service Continuity Management objective is described as a process for

controlling and coordinating the IT Service Continuity of IT Services and systems
in such a way as to support the requirements of the organization. IT
The service must be provided after and based on an on-going analysis of

organizational risks, costs and associated benefits (sometimes referred to as ROI
Return on Investment)
Service Continuity Management will provide a structure and repeatable process

to support this requirement without affecting the normal operating levels of
service.
Note the keywords in the statement. For the statement on IT Service Continuity
Management they are controlling and coordinating and without affecting
levels of service. These are definite areas that we can set metrics for and
therefore measure progress.
An objective statement any bigger than this text box, may be too lengthy to read, lose
the intended audience with detail, not be clearly focused on answering the WHERE
question for this process.
The above Objective Statement was;
Prepared by:
On: <<date>>
And accepted by:
On: <<date>>
Page 60
Scope Statement
The area covered by a given activity or subject
Use this text box to answer the WHAT question regarding this process.
What are the boundaries for this process?

What does the information flow look like into this process and from this process to
other processes and functional areas?
A generic sample statement on the scope for IT Service Continuity

Management is:
The IT Service Continuity Management process will be responsible for creating a

usable level of IT service provision following an unplanned outage, until such
time that standard levels of service can be restored.
IT Service Continuity Management will be responsible for the establishment and

on-going management of an environment that can be used during such times
(the nature of the environment being dependant on risk, cost and benefit
variables).
An scope statement any bigger than this text box, may be too lengthy to read, lose the
intended audience with detail, not be clearly focused on answering the WHAT question
for this process.
The above Scope Statement was;
Prepared by:
On: <<date>>
And accepted by:

On: <<date>>
Page 61
Page 62
BUSINESS JUSTIFICATION DOCUMENT
IT Services
Business Justification
Process: IT Service Continuity Management
Status:
Version: 0.1
Release
Date:
Page 63
Business Justification Document for IT Service Continuity Management

be considered.
This document serves as a reference for HOW TO APPROACH THE

TASK OF SEEKING FUNDS for the implementation of the IT Service
Continuity Management process.
This document provides a basis for completion within your own

organization.
This document was;
Prepared by:
On: <<date>>
And accepted by:
On: <<date>>
Page 64
IT Service Continuity Management Business Justification

A strong enough business case will ensure progress and funds are made
available for any IT initiative.
This may sound like a bold statement but it is true. As IT professionals we

have (for too long) assumed that we miss out on funds why other functional
areas (e.g. Human resources and other shared services) seem to get all that
they want.
However, the problem is not with them, its with US. We are typically poor
salespeople when it comes to putting our case forward.
We try to impress with technical descriptions, rather than talking in a language

that a business person understands.
For example
We say We should say
We have to increase IT security controls, Two weeks ago our biggest competitor
with the implementation of a new firewall. lost information that is now rumored to
be available on the internet.
The network bandwidth is our biggest The e-mail you send to the other national
bottleneck and we have to go to a managers will take 4 to 6 hours to be
switched local environment. delivered. It used to be 2 to 3 minutes,
but we are now using our computers for
so many more tasks.
Changes to the environment are We are making the changes on Sunday
scheduled for a period of time when we afternoon. There will be less people
expect there to be minimal business working then.
impact.
Doesnt that sound familiar?
To help reinforce this point even further, consider the situation of buying a
new fridge. What if the technically savvy sales person wants to explain the
intricacies of the tubing structure used to super cool the high pressure gases,
which flow in an anti-clockwise direction in the Southern hemisphere.
Wouldnt you say too much information, who cares does it make things
cold?
Page 65
Well IT managers need to stop trying to tell business managers about the
tubing structure and just tell them what they are interested in.
So lets know look at some benefits of IT Service Continuity Management.

Remember that the comments here are generic, as they have to apply to any
organization. If you need assistance in writing business benefits for your
organization please e-mail service@theartofservice.com for a quotation.
Benefits Notes/Comments/Relevance
Through a properly controlled and structured IT

Service Continuity Management process we will
be able to more effectively help in recovery of IT
services in the event of a disaster and provide
assurance of IT Services in line with the
business requirements.
This is achieved through the nature of the
process by understanding such things Business
Impact Analysis, Risk Assessment, Business
Continuity and the true needs of the business.
A reduction in the amount of unavailability from

a disaster will therefore allow IT to spend more
time on aligning the IT Services with the needs
of the Business.
A heightened visibility and increase

communication related to Availability of Services
for both business and IT support staff because
of reduced downtime in the event of a disaster.
The reader should be able to draw upon
experience regarding the overall negative impact
of the business when IT departments have been
concerned with high levels of unavailability for
services that are critical to the business.
Organizations and therefore IT environments are

becoming increasing complex and continually
facing new challenges.
The ability to meet these challenges is
dependent on the speed and flexibility of the
organization. The ability to cope with more
changes at the business level will be directly
impacted by how well IT Departments can
Page 66
reduce the amount of time in loss of service due

to bad IT Service Continuity Management
planning.
(Reader, here you can describe a missed
opportunity, due to bad IT Service Continuity
Management or a process dragged down by
bureaucracy)
Noticeable increases in the potential

productivity of end users and key personnel
through reduced interruption times, higher levels
of availability.
The goal statement of IT Service Continuity
Management is to ensure Business Continuity in
the event of an IT Disaster. By the very nature of
this statement we can expect to start seeing a
reduction in loss of time due to service
availability issues and bad planning.
Whether end users and staff take advantage of
this reduced down-time is not an issue for IT
professionals to monitor. Knowing that we have
made more working time available is what we
need to publish NOT productivity rates.
An ITIL IT Service Continuity Management

process will guide you towards understanding
the financial implications of all those necessary
requirements needed in the IT infrastructure.
This has real benefits as it may prevent an
organization from spending money on areas of
the IT Infrastructure where there really isnt a
need for building immediate recovery services
for the business.
IT Service Continuity Management aides in

improving the security aspects of the
organization with respect to IT.
IT Service Continuity Management will work in
conjunction with Security Management to
implement those security requirements
described in the Security Policy.
Correct management of Security Requirements

will help in maintaining the right levels of
availability needed by the business.
Page 67
The ITSCM Manager will ensure that any

potential impact of the loss of service has been
fully assessed prior to starting an IT Service
Continuity Management process.
With a sound IT Service Continuity Management

process we can expect an overall improvement
in the recovery of IT Services as better planning
can occur under a structured, repeatable
process.
Any ITIL process has the potential to increase

the credibility of the IT group, as they offer a
higher quality of service, combined with an
overall professionalism that can be lacking in ad-
hoc activities.
Page 68
OBJECTIVES AND GOALS
IT Services
Detailed Objectives/Goals
Status:
Version: 0.1
Release
Date:
Page 69
Detailed Objectives/Goals for IT Service Continuity Management

be considered.
The detailed objectives for IT Service Continuity Management should

include the following salient points:
Objective Notes
Met/Exceeded/Shortfall
To provide assurance to the business that in the event
of disaster, IT can recover the necessary services Dates/names/role titles
within agreed business time scales to support the
continuity of the business.
IT Service Continuity Management will provide a cost
effective and sustained level of recoverability that is
aligned with needs and objectives of the business.
Minimize the adverse affects on the IT Infrastructure

and the Business by designing for recovery in the
event of a disaster.
Once developed an IT Service Continuity
Management process can be used to plan for
recovery for the business before prolonged loss of
service can cause significant harm to the IT services
being delivered.
To establish efficient assessment guidelines that

covers the business, technical and financial aspects of
IT Service Continuity Management and the supporting
infrastructure.
Generally this will involve different people so the
challenge is designing a process that minimizes the
time taken.
To develop a variety of activities to cater for the
required levels of recoverability.
For example, there are a wide degree of potential
impacts that loss of service may have on the
environment. If we can categorize and target these
areas, then we can pre-build models for dealing with
them when a disaster occurs.
Page 70
To establish ground rules that distinguishes between

Continuity and Availability.
Develop working relationships with all other process

areas.
The IT Service Continuity Management process
should be considered a proactive one with requiring
input from other process areas. Obvious links include
Security Management (Confidentiality, Integrity and
Availability), Service Level Management(to help
gather requirements), Availability Management
(planning for availability) and Network Management
tools (to identify potential threats or loss of service to
the IT Infrastructure).
Develop a sound IT Service Continuity Management

process and look for continuous improvement.
Use these objectives to generate discussion about others that may be more
appropriate to list than those provided.
Page 71
Page 72
EMERGENCY RESPONSE PLAN
IT Services
IT Service Continuity Management
Emergency Response Template
Status: Draft
Version: 0.1
Release Date:
Page 73
Document Control
Author
Prepared by <name and / or department>
Document Source
This document is located on the LAN under the path:
I:/IT Services/Service Delivery/Emergency Response Plan/
Document Approval
This document has been approved for use by the following:
<first name, last name>, IT Services Manager
<first name, last name>, IT Service Delivery Manager
<first name, last name>, IT Service Continuity Process Manager
<first name, last name>, Customer representative or Service Level
Manager
Amendment History
Issue Date Amendments Completed By
Distribution List
When this procedure is updated the following copyholders must be advised
through email that an updated copy is available on the intranet site:
<Company Name> Business Unit Stakeholders
IT
Page 74
Introduction
Purpose
The purpose of this document is to provide an emergency response template.
Scope
This document describes the following:
An emergency response template
Note: It is assumed for each service described in this document that the
supporting back-end technology is already in place and operational.
Audience
This document is relevant to all staff in <company name>
Ownership
IT Services has ownership of this document.
Related Documentation
Include in this section any related Service Level Agreement reference
numbers and other associated documentation:
IT Service Continuity Management Policies, Guidelines and Scope

Document
Business Continuity Strategy Template
Risk Assessment
Relevant SLA and procedural documents
IT Services Catalogue
Relevant Technical Specification documentation
Relevant User Guides and Procedures
More templates and other ITIL process information available at

www.theartofservice.com
Page 75
Executive Overview
Describe the purpose, scope and organization of the document.
Scope
Not all IT Services may initially be included within the Emergency Response
Plan. Use this section to outline what will be included and the timetable for
other services to be included.
Scope for the assessment may be determined by the business, therefore

covering only a select few of the IT Services provided by the IT department
that are seen as critical to the support of the business processes.
The emergency response plan is fairly simple in concept and should be used
in conjunction with the ITSCM3200 Salvage Plan Template.
IT Service Emergency Response Summary
This section is to provide a brief summary of the information contained

in the next sections of the document.
The below table provides an example of information that can be

captured to create a summary of the Emergency Response plans for the
IT Services listed in this document.
Service Customer Description Response Recovery IT Contact Procedures

Times Options Owner Number
Page 76
This template can be distributed to the business as it helps in setting

the expectation of the level of service they will receive in the event a
disaster is experienced.
There should be no use of technical terms in the above table.

Emergency Response Plan (ERP) Service A
This section should be repeated for each Service.

Introduction
In this section provide some detail about the ERP. Include things like
which aspects of the infrastructure are included, which services, why it is
necessary etc.
<<
This document provides the necessary details and procedures that are
required in the event of disaster
>>
Response Strategy
In this section detail the strategy being used to respond to the IT Disaster.
Important things to cover are:
Service Agreements to Respond

Process of Response
Escalation Strategies
Key Personnel for the Service
Priorities for restoration
Page 77
Invocation
The following personnel are authorized to invoke this plan:
Business Sponsors IT Sponsors
<< first name, last name << department << first name, last name << department >>
>> >> >>
>> >> >>
>> >> >>
Dependencies
In this section list dependencies for this IT Service. Dependencies will be

other systems, infrastructure, facilities, documentation etc.
The below table provides a template for capturing this information:
Dependant Dependant Impact Service Operational Underpinning

Service Components on Level Level Contracts
Service Agreement Agreement
A # #
Dependant
or
contributor
Page 78
Response Team
The following listed people are responsible for performing the actions listed in
the Response Plan. They are to ensure that the procedures are carried out in
the most efficient and effective manner possible.
Name Title Phone Number Locations / Dept
Response Plan
Listed Procedures for Response for Service - A:
Procedure Name Description Owner Location
Response Plan for Service - A:
Step Action Responsibility Target Actual

Completion Completion
1 Record disasters Service Desk
2 Provide disaster Avail. Mgt, Inc

report Mgt, Problem Mgt
Page 79
3 Alert Business Service Delivery

Manager
4 Alert Salvage Team Network Manager
5 Perform initial Salvage Team

investigation
6 Implement Salvage Salvage Team,

Procedures Service Delivery
Manager
Equipment Needed:
IT Components
(Configuration Items (CI))
CI # Serial # CI Name Type Sub-Type
SER345 15434563 EMERO Hardware Server
RT5700 54444443 CISCO-002 Hardware Router
MS001 N/A MS Office Software Microsoft
Appendices
Include any applicable appendixes that are needed.
Terminology
Make sure that all terminology is captured and documented correctly.
Page 80
COMMUNICATION PLAN
IT Services
Communication Plan
Status: In draft
Under Review
Sent for
Approval
Approved
Rejected
Version: <<your
version>>
Release
Date:
Page 81
Communication Plan for IT Service Continuity Management

be considered.
This document serves as a GUIDE FOR COMMUNICATIONS REQUIRED

for the IT Service Continuity Management process. This document
provides a basis for completion within your own organization.
This document contains suggestions regarding information to share

with others. The document is deliberately concise and broken into
communication modules. This will allow the reader to pick and choose
information for e-mails, flyers, etc. from one or more modules if and
when appropriate.
This document was;
Prepared by:
On: <<date>>
And accepted by:
On: <<date>>
Page 82
Initial Communication
Sell the Benefits.
First steps in communication require the need to answer the question that most people
(quite rightly) ask when the IT department suggests a new system, a new way of
working. WHY?
It is here that we need to promote and sell the benefits. However, be cautious of using
generic words. Cite specific examples from your own organization that the reader will
be able to relate to (to help develop specific examples contact
service@theartofservice.com for competitive quotation).
Generic Benefit statements Specific Organizational example
Improved Customer Service This is important because

Reduction in the number of Incidents In recent times our incidents within IT
have
Provides quicker resolution of Incidents Apart from the obvious benefits, the IT
department in recent times has
Improved Organizational learning A recent example of saw the
individual and others in the company
start to
The above Communication module (or elements of) was/were distributed;
To:
On: <<date>>
By:
On: <<date>>
Page 83
IT Service Continuity Management Goal
The Goal of IT Service Continuity Management.
The Goal of IT Service Continuity Management can be promoted in the

following manner.
Official Goal Statement: To recover IT Services, in the event of a disaster,

within agreed business time scales so as to support the overall business
continuity of the organization.
High visibility and wide channels of communication are essential in this

process. Gather specific requirements from nominated personnel
(Special Tip: Beware of using only Managers to gain information from, as the
resistance factor will be high)
Oversee the monitoring of process to ensure that the business needs of IT

are not impacted, but taking into account that changes are required to
ensure continued high levels of IT Service Delivery and Support.
Provide relevant reports to nominated personnel.
(Special Tip: Beware of reporting only to Managers. If you speak to a lot of people
regarding Service Support and Delivery then you need to establish ways to report to
these people the outcomes and progress of the discussions).
Always bear in mind the so what factor when discussing areas like goals and
objectives. If you cannot honestly and sensibly answer the question so what
then you are not selling the message in a way that is personal to the listener and
gets their buy-in.
The above IT Service Continuity Management Goals module was distributed;
To:
On: <<date>>
By:
On: <<date>>
Page 84
IT Service Continuity Management Activities
Intrusive & Hidden Activities
The list of actions in this module will have a direct impact on end users and IT Staff.
They will be curious as to why working with them in this manner, rather than the
historical method of just doing it. There could be an element of suspicion and
resistance, so consider different strategies to overcome this initial skepticism.
Initiation
Interview and record the needs from the Business
Promote and advertise ITSCM
Show Business Benefits
Business Impact Analysis
Show impact on business due to loss of service
High Impact over a short time
Low Impact over a long time
Risk Assessment
Look at the threats and vulnerabilities
List assets that may be a target and their importance to the business
Communicate Countermeasures
Communicate the different recovery options
Gradual
Intermediate
Immediate
Implementation
Recovery Plans
Countermeasures
Operational Management
Initial Testing
Annual Testing
Change Management
Information regarding activities was distributed;
To:
On: <<date>>
By:
On: <<date>>
Page 85
IT Service Continuity Management Planning
Costs
Information relating to costs may be a topic that would be held back from general
communication. Failure to convince people of the benefits will mean total rejection of
associate costs. If required, costs fall under several categories:
Personnel IT Service Continuity Management staff, technical management
team (Set-up and ongoing of the technical infrastructure)
Accommodation Physical location (Set-up and ongoing)
Software Tools (Set-up and ongoing)
Hardware Infrastructure (Set-up)
Education Training (Set-up and ongoing)
Procedures external consultants etc (Set-up)
The costs of implementing IT Service Continuity Management will be outweighed by the
benefits. For example, many organizations have a negative perception of the IT Service
Continuity Management process as it doesnt seem to offer any visible services. To
alleviate this, customers and end-users need to be constantly informed of the service
being provided. This provides good customer service and adds a level of comfort to the
users in the sense that they can see action taking place.
A well run IT Service Continuity Management process will make major inroads into
altering the perception of the IT Organization.
Details regarding the cost of IT Service Continuity Management were distributed;
To:
On: <<date>>
By:
On: <<date>>
Page 86
RISK ASSESSMENT
IT Services
Risk Assessment
Status: Draft
Version: 0.1
Release
Date:
Page 87
Document Control
Author
Document Source
I:/IT Services/Service Delivery/Risk Assessment/
Document Approval
Manager
Amendment History
Distribution List
IT
Page 88
Introduction
Purpose
The purpose of this document is to provide a risk assessment template.
Scope
Summary of services and their risks
A risk template
Audience
Ownership

Document
Risk Assessment
Page 89

Executive Overview
Scope
Not all IT Services may initially be included within the Risk Analysis. Use this
section to outline what will be included and the timetable for other services to
be included.

Page 90
IT Service Definition
This section is where you will document the Service Descriptions for the
services or applications used by the Business people. This information should
be x-referenced to your Service Catalog (SLM2200) and/or related Service
Level Agreements. You need to list all the Services here that the BIA is
required on.
IT Service Owner Business Process Business SLA Risk Score Notes/Comments

Owners #/Service
Catalog (from Details
Reference below)
Service A J. Ned Billing T. Smith SLA001 Form +

escalation +
resource + time
Email A. Boon Communication R. Jones SLA234
SAP C. Jones Invoice and Payroll P. Boon SLA123
Service B L. Smith Marketing R. Reagan SLA009
Service C R. Smith Manufacturing R. Smith SLA007
Note: a high score here indicates a service

area that has a potentially high risk of impact
or loss. The Score can also be used as a
guide for the types of service recovery
(intermediate, immediate, etc.) that would be
acceptable to the business. This score is a
starting point for recovery options and
considerations.
Page 91
Service A
(this section needs to be duplicated for each service listed in the table above)
Service Description
Include a description of the service being assessed for risks that may cause a
disruption to the business services.
Threats
In the below table capture all the threats for the components that make up the
service.
Components Threats Probability
Vulnerabilities
In the below table capture al the likely vulnerabilities for the components that
make up the service.
Components Threats Probability
Page 92
Risk Summary
Business Logistics IT Service: Logistics Systems

Process:
Process Rob Thomas IT Owner: <first name, last name>,

Owner: <position>
RISK SUMMARY
Completed Troy Jones, Network Manager

By:
1
SERVICE
Completed 03 / 24 / 2002 RISK
Date: SCORE
Duration: 15 working days
Component Priority Magnitude Threat Vulnerability Risk Action Comments

Probability Probability Value
Server 1 1 1 1 1
Router 1 1 4 1 2
Backup 4 4 4 4 4
Device
Priority: This lists the priority in which the components of the IT Infrastructure
are assessed in the event of a disaster.
Magnitude: This indicates the criticality of the component to the IT Service

Threat Probability: Indicates likelihood of a threat materializing and affecting
the component.
Vulnerability Probability: This indicates the likelihood of any vulnerability for

the component being exploited either deliberately or accidentally.
Risk Value: The risk value is an arbitrary figure derived from the Threat and
Vulnerability Probabilities.
Page 93
Service Risk Score: Indicates the danger level of a risk actually taking place
with regards to this service. A number 1 indicates an extremely high level of
probability.
Appendices
e.g. Mission statement and/or business objectives, which drove this BIA.
Relevant details of people who provided input
Terminology
e.g.
CMDB Configuration Management Data Base
(www.theartofservice.com CONMGT stream)
ITSCM Information Technology Services Continuity Management
SLA Service Level Agreement (template example at

www.theartofservice.com SLM1901, 1902, 1903)
UC Underpinning Contract (template example at

www.theartofservice.com SLM2000)
Page 94
ITSCM PROCESS MANAGER
IT Services
Roles, Responsibilities
Management
Status:
Version: 0.1
Release Date:
Page 95
Detailed responsibilities of the IT Service Continuity Management

process owner
The ITSCM Manager..
Description Notes/Comments
1. Will develop and maintain the IT Service Continuity

Management Process. Use the
notes/Comment
Will develop, maintain and promote IT Service s column in
Continuity Management. different ways.
2. Will coordinate process reviews utilizing independent If you are
parties to provide an objective view on the simplicity of looking to apply
the process and areas for improvement. for a process
role, then you
Will be responsible for implementing any design can check
improvements identified. yourself against
the list (with
3. Will chair the Recovery meetings that are used to
ticks or look to
identify and action recovery issues and to verify that all
update your
steps were completed and the objective of the process
resume).
was achieved.
4. Arrange and run all IT Service Continuity Management

reviews with the IT Service Continuity Management If you are
team. looking to
appoint a
The reviews where necessary will include other IT process
Departments as well as key customers. manager or
5. Will control and review: promote
someone from
Any outstanding process related actions within the
Current targets for availability performance organization
The process mission statement you can make
6. Will manage IT Service Delivery during times of a notes about
disaster. This includes coordinating the disaster their abilities in
recovery team and liaising with the business. the particular
area.
7. Make available relevant, concise reports that are both

timely and readable for Customers and Management
Page 96
Detailed skills of the IT Service Continuity Management process owner
The ITSCM Manager..
Description Notes/Comments
1. The ITSCM Manager will display a communication

style based around information and escalation. Use the
notes/Comment
Have practical and quantifiable process management s column in
experience. different ways.
If you are
He / She will be a Senior IT Manager
looking to apply
2. High degree of analytical skills to be able to assess for a process
the impact of disasters on different business areas role, then you
and people. can check
yourself against
High degree of analytical skill needed to be able to the list (with
help in the process or restoring service as quickly as ticks or look to
possible in the event of a disaster. update your
resume).
3. Technical ability in being able to read data from the IT
Service Continuity Management process that will help
with the identification of trends and improvements
relating to disaster recovery. If you are
looking to
4. An ability to run a meeting according to strict appoint a
guidelines (not to get side-tracked on items that one process
person may be interested in). manager or
promote
Must possess skills in influencing and negotiation. someone from
within the
5. The ITSCM Manager must be able to communicate
organization
with people at all levels of the organization. This is
you can make
especially important during a disaster.
notes about
6. The process manager must be able to demonstrate their abilities in
ways to do things differently that will improve the the particular
process. area.
7. Must be able to think logically about disaster recovery

issues that could affect the organization and design
appropriate assessment and diagnosis activities.
This will provide a strong link into the Problem

Management process and Service Level Management
process.
Page 97
Page 98
BUSINESS IMPACT ASSESSMENT
IT Services
Business Impact Assessment
Status: Draft
Version: 0.1
Release Date:
Page 99
Document Control
Author
Document Source
I:/IT Services/Service Delivery/Functional Specifications/
Document Approval
Manager
Amendment History
Distribution List
IT
Page 100
Introduction
Purpose
The Business Impact Analysis allows an analysis and then an identification of
the basic critical IT requirements needed to support the business. The
purpose of this document is to provide an overview of findings in this analysis.
Scope
Summary of each service provided by IT Services including
Summary of the Continuity Strategy for each applicable service
Detailed list of Continuity Strategy for each applicable service
Audience
Ownership

Document
Risk Assessment
Page 101

Executive Overview
Describe the purpose, scope and organization of the Continuity Management
Strategy document.
Scope
As not all IT Services may initially be included within the Business Impact
Analysis. Use this section to outline what will be included and the timetable for
other services to be included.
Scope for the BIA may be determined by the business, therefore covering only
a select few of the IT Services provided by the IT department that are seen as
critical to the support of the business processes.
IT Service Definition
This section is where you will document the Service Descriptions for the
services or applications used by the Business people. This information should
be x-referenced to your Service Catalog (SLM2200) and/or related Service
Level Agreements. You need to list all the Services here that the BIA is
required on.
Page 102
IT Service Owner Business Process Business SLA BIA Score Notes/

Owners #/Service
Catalog (from Details Comments
Reference below)
Service A J. Ned Billing T. Smith SLA001 Form +

escalation +
resource + time
Email A. Boon Communication R. Jones SLA234
SAP C. Jones Invoice and Payroll P. Boon SLA123
Service B L. Smith Marketing R. Reagan SLA009
Service C R. Smith Manufacturing R. Smith SLA007
Note: a high score here indicates a service

area that has a potentially high Business
impact of lost. The Score can also be used as
a guide for the types of service recovery
(intermediate, immediate, etc.) that would be
acceptable to the business. This score is a
starting point for recovery options and
considerations.
Service A
(this section needs to be duplicated for each service listed in the table above)
Form of Loss
In this table for this service describe how a disruption to this service will be
seen within the business. For example, will the loss of service invoke a
contract that has set costs associated with it? If we lose this service can we
expect to lose customers/clients/market share. Define each form that the loss
of the service may take and give each a score for magnitude.
Page 103
Form Description Magnitude Score
(1 is negligible, 10 Severe)
Reputation Our industry is 9

reputation sensitive
Third party support Contract is invoked to 7

provide 24 hour
recovery
Frustration of end Not high, as end users 4

users have other tasks to
perform.
Etc. Etc. Etc.
Total Form of 56
Loss Score
Other triggers to identify forms of loss:

Breach of contract, Breach of law or industry imposed
standards
Safety issues
Confidence drop in skills of Service Providers
Escalation
Use this section to specify for this Service/application the speed at which it is
likely that the situation regarding the loss of this service will degrade overall
performance.
That is, provide a score of 1 (low) to 10 (highest) that indicates how the
service loss will grow in severity.
Escalation Score
(1 is slow/barely noticeable, 10 Rapid pace of overall deterioration)
Page 104
Resources Factor
Use this section to specify for this Service/application the combination of the
complexity of facilities and the level of skills required in the people that will
permit this service to stay operating, in the event of a failure.
That is, provide a score of 1 (low resource requirement) to 10 (maximum

resources and skills required).
Resources Score
(1 is minimal skills and resources required to maintain service, 10 Expert

level of skills and extensive resources)
Time Considerations
There are two time considerations to factor in to your decision on a score in
this area. The first time issue relates to how quickly/slowly the business
requires just bare levels of service restored. The second time issue relates to
how quickly/slowly the entire service and all associated systems should be
fully operational.
That is, provide a score of 1 (slow return to service is acceptable) to 10

(where any real delay in service restoration could have a dire impact upon the
business)
Time Factor Score
(1 is non-urgent, 10 is business critical)
Conclusion (not part of the repetitive process)

This template has given you a concise and simple way to look at the impact
that the loss of particular IT Services will have on an organization.
Page 105
We must however remember that the impact of loss will change over time. A
BIA should be performed on a regular time basis (to coincide with reviews of
the Service Level Management Service Catalog or Service Level Agreement
reviews)
Appendices
Terminology
e.g.
CMDB Configuration Management Data Base (www,.theartofservice.com
CONMGT stream)

www,.theartofservice.com )

www,.theartofservice.com )
Page 106
SALVAGE PLAN TEMPLATE
IT Services
Salvage Plan Template
Status: Draft
Version: 0.1
Release Date:
Page 107
Document Control
Author
Document Source
I:/IT Services/Service Delivery/Salvage Plan/
Document Approval
Manager
Amendment History
Distribution List
IT
Page 108
Introduction
Purpose
The purpose of this document is to provide a salvage plan template.
Scope
A salvage plan template
Audience
Ownership

Document (ITSCM2300)
Business Continuity Strategy Template (ITSCM2900)
Risk Assessment (ITSCM2800)
Reciprocal Arrangements (ITSCM3000)
Relevant SLA and procedural documents (SLM1901, 1902, 1903)
IT Services Catalogue (SLM2200)
Relevant Technical Specification documentation (SLM2202)

Page 109
Executive Overview
Scope
Not all IT Services may initially be included within the Salvage Plan. Use this
section to outline what will be included and the timetable for other services to
be included.

The salvage plan is fairly simple in concept and should be used in conjunction
with the ITSCM3100 Emergency Response Template.
Page 110
Sample Salvage Plan
DISASTER PLANNING
EXAMPLE SALVAGE ASSESSMENT WORKSHEET
IT Service Description: ___________________________
IT Service Owner: ___________________________
Business Process: ___________________________
Business Process Owner: ___________________________
Records Series Title ____________________________
Note: This is the title for this salvage plan for this service
Storage of Plan:
Hardcopy ( )
Microfilm ( )
Electronic ( )
Other (specify)
______________________________________________________________
Page 111
Salvage of Service Needed:
Yes ( )
No ( )
If Yes, By What Method:
Commercial Provider ( )
Backup ( )
Rebuild ( )
System Restore ( )
Listed Procedures for Service Salvage:
Procedure Name Description Owner Location
Page 112
Service Salvage Plan:
Step Action Responsibility
1 Record disasters Service Desk
2 Provide disaster report Avail. Mgt, Inc Mgt, Problem Mgt
3 Alert Business Service Delivery Manager
4 Alert Salvage Team Network Manager
5 Perform initial investigation Salvage Team
6 Implement Salvage Procedures Salvage Team, Service Delivery

Manager
Equipment Needed:
IT Components
(Configuration Items (CI))
CI # Serial # CI Name Type Sub-Type
SER345 15434563 EMERO Hardware Server
MS001 N/A MS Office Software Microsoft
Page 113
Page 114
BUSINESS CONTINUITY STRATEGY
IT Services
Status: Draft
Version: 0.1
Release Date:
Page 115
Document Control
Author
Document Source
I:/IT Services/Service Delivery/Functional Specifications/
Document Approval
<first name, last name>, National IT Help Desk Manager
Amendment History
Distribution List
IT
Page 116
Introduction
Purpose
The purpose of this document is to provide relevant Business Units with the
Business Continuity Strategies for the range of services provided by IT
Services to the <company name> community.
Scope
Summary of each service provided by IT Services including
Summary of the Continuity Strategy for each applicable service
Detailed list of Continuity Strategy for each applicable service
Audience
Ownership
Document
Business Impact Analysis Template
Risk Assessment
Page 117

Executive Overview
Describe the purpose, scope and organization of the Continuity Management
Strategy document.
Scope
As not all IT Services may initially be included within the Continuity
Management Strategy document, it is important to set the scope for what will
be included.
Scope for the Business Continuity Strategy may be determined by the

business, therefore covering only a select few of the IT Services provided by
the IT department that are seen as critical to the support of the business
processes.
Page 118
IT Service Continuity Strategy Summary

This section provides a summary of all the IT Services covered within the
Business Continuity Strategy. It provides a breakdown of all the IT Services,
the Recovery Options, Owners of IT Service, Affected Business Processes,
and Threat to Business Operations, Service Level Agreements, and
associated procedures.
IT Owner Recovery Options Business Threat to Business Service Level Agreements Applicable
Service Work Grad-ual Intermediate Immediate Process Business Owners SLA Response Recovery Procedures
Around # Time Time
Service A J. Ned Yes Backup Reciprocal No Billing High T. Smith SLA 4 Hours 8 Hours IncMgt101
Tapes Arrangement 001
Email A. No Backup Reciprocal Replicated Comm- Low R. Jones SLA 2 Hours 4 Hours ComRec23
Boon CD Arrangement Server unication 234 1
SAP C. No Backup No Replicated Invoice and Very High P. Boon SLA 30 mins 2 Hours N/A
Jones Tapes Service Payroll 123
Service B L. Yes Rebuild No No Marketing Medium R. SLA 1 Hour 3 Hours N/A
Smith Reagan 009
Service C R. Yes Rebuild No No Manu- High R. Smith SLA 30 mins 2 Hours N/A
Smith facturing 007
Service A
Please Note. Some of the sub-headings here may not be applicable for the IT
Service. For example, in some instance where you have an Immediate
Recovery Option for a Service it may not be applicable to have spent money
on Gradual Recovery Options, and vice versa.
Description
Provide a description of the IT Services. Include all relevant SLA and
Ownership Details.
Service Owner Service Level Agreements Procedures Business Business

Process Impact
SLA Response Recovery
# Times Times
Page 119
Risk Summary
In this section provide a brief description of any know and major risks to the IT
Service. Risks are determined by understanding the assets that are involved
in the service, the threats to those assets and any identified threats.
A risk summary table, below, provides a summary of risks to the IT Service.
Assets/Service Threats Vulnerabilities Risk Level
Definitions:
A threat is 'how likely is it that a particular service will be disrupted.
Vulnerability assesses what the impact will be upon the organization if the
threat manifests.
The risk level is then the combination of the threat and the vulnerability. It
can be reached through a quantitative analysis or simply a subjective feel.
After completing the above table, summaries the overall risk to the service
and the impact on the business.
Manual Work Around

As it is not possible to always provide an immediate IT solution to every
disaster, it is therefore imperative to capture any manual work around options
that may be available.
A manual work around can be seen as an effective interim measure until the
IT Service has been restored.
The manual workarounds will be for both IT departments and the Business.
List all Manual Work Around options in this section.
Page 120
IT Procedure Owner Business Procedure Business

Owner
In some situations, organizations will rely on likeminded businesses to provide
services in the event that they experience some sort of loss of service. This is
called a reciprocal Arrangement.
Reciprocal Arrangements may be made with several organizations for the one
service.
Reciprocal Arrangement - <<Company Name>>
Contract or Agreed Services Business IT Service

Agreement Contact Contact
(Underpinning Contract or Service
Level Agreement)
Response Recovery Durations

Time Time
Reciprocal Arrangement - <<Company Name>>
Contract or Agreed Services Business IT Service

Agreement Contact Contact
(Underpinning Contract or Service
Level Agreement)
Response Recovery Durations

Time Time
Page 121
Gradual Recovery
This recovery options is used for services where immediate restoration of
business processes is not needed and can function for up to a period of 24 to
72 hours as defined in a service agreement.
Agreements
Agreements will include those with the business for Gradual Recovery. They
will also include any additional accommodation and services plans.
Technology
This section will provide details about the computer systems and network
plans, as well as any telecommunications plans.
Security
In the event of a disaster, there may be some impact on the security of the IT
Department and the business as a whole. In this section include any security
issues, appropriate security plans, and security to be tested and revisited after
recovery.
Finance
Include in this section any required finance for the recovery options. This
information will be used in the budgeting process for subsequent years.
Personnel
List all responsible personnel for the recovery of this service.
Summary
Provide a summary for the Gradual Recovery of Service << Service Name >>
Intermediate Recovery
This recovery options is used for services that are important enough to the
business that a 4 to 24 hour restoration period is required.
Page 122
Agreements
Technology
Security
recovery.
Finance
Personnel
Summary
Immediate Recovery
This recovery options is used for services where immediate restoration of
business processes is needed and the business will suffer severe
consequences if restoration is not within 2 to 4 hours.
Agreements
Page 123
Technology
Security
recovery.
Finance
Personnel
Summary
Appendices
e.g. Logical Schematic of the IT environment.
Contact details
Terminology
e.g.
CMDB Configuration Management Data Base (www.theartofservice.com
CONMGT stream)
SLA Service Level Agreement (template example at www.theartofservice.com)
UC Underpinning Contract (template example at www.theartofservice.com )
Page 124
RECIPROCAL ARRANGEMENTS
IT Services
Reciprocal Arrangement between
Client (X)
And
Client (Y)
Status: Draft
Version: 0.1
Release Date:
Page 125
Document Control
Author
Document Source
I:/IT Services/Service Delivery/ITSCM/
Document Approval
<first name, last name>, National IT Help Desk Manager
<first name, last name>, ITSCM Manager
Amendment History
Distribution List
IT
Page 126
Introduction
Purpose
The purpose of this document is to provide relevant Business Units with the
existing Reciprocal Arrangements for their IT Services.
Scope
Details of Reciprocal Arrangements between << company name >>
and << external company >>
Audience
Ownership

Business Impact Analysis Template (ITSCM2700)
Page 127

Executive Overview
Scope
As not all IT Services may initially be included within the Continuity

Management Strategy document, it is important to set the scope for what will
be included.
Scope for the Business Continuity Strategy may be determined by the

business, therefore covering only a select few of the IT Services provided by
the IT department that are seen as critical to the support of the business
processes.
Overview
General principles
Include in this section any general principles for the reciprocal

arrangement. Below are some examples of these principles.
<<
(Client 1) has agreed with (Client 2) to have a reciprocal arrangement for

disaster recovery. A consideration of $ has been paid in respect of this
agreement.
In these notes the following terms are used:

Host, to indicate the company that is providing facilities;
Page 128
Client, to indicate the company using these facilities; and

Service, to indicate all facilities within the provision.
In essence, the plan allows for the following:

Provision of (Specify Location) -based office facilities for up to
(Number of staff people) staff for a (Specify length of time)
period.
Provision of access to << Logistics System >> and PC facilities for
(Specify number of staff members) staff.
Periodic testing and checking of the plan.
Access to facilities in (Specify location) including (Specify client
2).
It is understood that:
Neither firm should make a profit or a loss from this arrangement.
Both parties will agree to confidentiality of data, clients, and
business practices.
Neither party will seek compensation from the other should any
problems or difficulties arise from the service provided.
This plan will be shown to (Client 1's) supplier and, although their
approval of such will not be sought, their comments, the subject of
the agreement of (Client 1) and (Client 2), will be incorporated into
the plan. Refer to Appendix F for (Specify supplier) agreement to
the Plan.
All items to be used in these plans will be maintained and kept in
good working order.
Termination can only occur within (Specify length of time) written
notice unless otherwise mutually agreed.
The agreement will run for (Specify duration of agreement) at a
time, to be renewable if both parties agree.
The insurers of each company will be made aware of these plans.
Page 129
If a service is provided for more than (Specify a number of days)

elapsed days (including weekends), then the host will be
compensated by the client by payment of agreed fees.
The client will advise all relevant parties of these temporary
arrangements (i.e., business clients, etc.) including the new
address, phone number(s) and fax number(s) and will also advise
reversion when the service terminates.
Any data tapes, letter-headed stationery, or other items at the
reciprocal partys office will be stored in a secure, lockable place.
The plan will be capable of being implemented within (Specify
Time) of a requirement arising within normal office hours. All effort
will be made to ensure rapid assistance out of normal office hours.
>>
Definition of a disaster
In this section provide an agreed upon definition of disaster. This is integral to

the success of the arrangement. Be very specific and provide all necessary
details.
Period of service
Capture the service period for the arrangement in the event of a disaster. This
will include maximum duration from the time of the disaster and will usually be
provided free of charge by the host for a specified time. This time will be
determined here.
Period beyond specified times may be charged at a nominal fee.
Include also the renewing of the contract, probably every year, but should
never exceed the date of the contract expiration date.
Page 130
Prerequisites
<<
For the arrangement to effective to both parties, there needs to be an

agreement on any prerequisites. Some examples may be:
An adequate backup of data should be lodged off-site. This will include

<< system name >> system data
Any necessary documentation and appropriate systems
Sufficient free space will be set aside on computer systems to handle
any loaded data.
Insurers for both companies will be made fully aware of these
arrangements.
Stationary concerns, i.e. adequate printing facilities etc.
A list of main staff contacts will be distributed, including contact
numbers and locations.
A current signed agreement to this plan is in force.
The host will only provide services if its own office is not subject to
disruption at the same time as the client's.
This is intended purely to cover both parties in the instance where one
or more events disrupt both offices simultaneously.
>>
This is very important.
Well established prerequisites allow both parties to understand the upfront

responsibilities. Remember that most reciprocal arrangements will be a two
way street. What is meant by this is that Company A will use Company B
facilities in the event of a disaster, and Company B will use Company A in the
As such, it is important not to use this list in an aggressive manner.
Page 131
Alignment
Specify kind of system, for example: Logistics system
<<
It is vital that the (Specify kind of system, for example: Logistics

system) each system is transferable
Bearing in mind that the << Logistics system >> has many options
available within it and that the << Logistics system >> programs will be
used from a common source.
Provision of the << Logistics system >> will be a minimum of, but not
limited to:
The follow should be maintained:

Transaction processing
Consignment processing
Risk Processing
Reporting
Document Archiving
If required and agreed at the time of need, provision may be made for <<
Logistics System >> facilities.
>>
Include in this section how administration of the system will be performed,

and what limitations or caveats will be in place for the administration of the
system.
Include responsibilities pertaining to data backup, restoration and storage.
Page 132
Keep in mind, that in the event of an emergency, Change and Release

procedures are imperative to ensure a structure recovered operation
without causing more issues. Include things like the following:
<<
It is agreed that: Releases of the << Logistics System >> will be aligned
so that no more than seven days elapse between installation of like
releases at each site.
This requires advance warning to the companies of planned releases. At

least (Specify time period, for example: two weeks) written notice will
be provided. If one party accepts a pre-release program/fix they should
notify the other in order that alignment can be maintained, if such is
required. If misalignment does occur, it is agreed that the oldest release
will be upgraded to the newer release, whether this relates to the client or
the host.
>>
Specific data and applications
It is important to ensure that alignment of specific data and applications is

maintained. To do this, release numbering and release processes becoming
integral to the arrangement. It is important that certain elements be consistent
across sites. List them here.
Also list products that do not have to be replicated:

NT Server will be used
Microsoft software will be used
Page 133
Further example of information:

<<
However, it is agreed that each site will use the following products
(version/service pack is not vital:
Microsoft Word
Microsoft Excel
Microsoft Access
The following will not be made available as a matter of course, although

arrangements can be made as and when a need arises (and if possible):
List systems and applications that wont be made available
>>
Also include how access to the facilities will be made available. This will be
both physical and logical access.
Backup facilities
In this section, list the backup facilities that need to be kept in line with the
other sites or systems.
Provisions
<<
The plan provides for provision of a service by the host to the client within two
hours of notification that such is required by the client. Obviously not all
facilities may be in place within this timeframe.
The service will only be provided if the office of the client is not capable of
being used to provide an equivalent service. << include reasons why this
Page 134
could be the case, i.e. flood, fired etc >>. In addition, the service will be
provided if the client's office or surrounding area is closed by the authorities.
>>
The following sections list out those necessary provisions required in the
Office space
Include in this section how access to office space will be arranged. Include a
table of names for staff that will require access. Make sure you inform
security.
Establish if any passes are required for access or elevators. Directions to the
location of the hosting client's office should also be listed here.
The following points need to be considered:

Access hours
Access on weekends
Allowable office space
Access to pertinent areas within the hosts environment this may
exclude certain server rooms or floors in the building
Etc.
Work space
How will the work space be set up to cater for the client? Below are some
example words that can be used.
<<
Page 135
Workspace will be made available for up to (number) people. It should be

assumed that (number) attendees will be in the office at any one time, so
(number) desks and associated facilities will be made available. If more
space is available, then this may be offered. Office space assigned will be set
aside solely for this use during the required period.
Therefore the following will be made available:

Minimum of two dedicated desks
Minimum of two dedicated chairs
These will be located, if at all possible, in the Boardrooms of both (Client 1)

and (Client 2), although it is accepted that this may not always be possible.
>>
Meeting space
List any requirements for meeting space.
Storage space
Provide details about applicable storage space for the client.
This may include such things as:

Store Room
Lockable cabinet
Etc.
Disaster Recovery Plan Template
Safe
Provide details about facilities for storing cash, cheque books, or other
valuable items will be made available to the client as available.
Page 136
Office equipment
<<
It is essential that the host provide facilities to enable the client to perform its
normal business as much as is possible. Therefore it is agreed to provide:
>>
Telephone
Number of phones and reimbursement plan should be included here.
Fax
Include details about fax facilities.
E-mail
Include details about e-mail facilities.
Mail, courier, and messenger services
Include details about mail, courier and messenger services and

reimbursement plans.
Stationery, photocopying, and other facilities
Include details about general office services.
Page 137
Computer equipment
<<
All computer equipment will be maintained by the host. It is the responsibility

of the host to ensure that computer equipment is made immediately available
to the client.
>>
PC
Specify any details regarding the provision or supply of PC equipment,

including setup, storage, leasing schedules etc.
Printer
Include printer information. This will be the type of printer, the number of
printers, and any stationary.
Backups (initial data load)
Include any backup information. This will include:

Procedures
Technical Equipment
People
Roles and Responsibilities
Page 138
Backups (within service provision)
<<
When the client is able to return to its own office, the host will provide the
client with:
A backup of its system data
A backup of any data stored on the LAN
A backup of any data stored on PCs
It is agreed that the following backup facilities will be used:

UNIXNormal UNIX backup facility
LAN data
>>
Specify platform from which data should be backed up
Include platform information and responsibilities pertaining to the host and

client.
Specialist requirements
Non-standard items
Record any exceptions regarding client and host requirements in this section.
This could include things like nil access to specific equipment or services.
Slips, cover notes, and other documents
List any requirements covering documentation. Include how they are stored
and retrieved in the event of a disaster.
Page 139
Restrictions
List any restrictions that may be applicable when the arrangement is in place
and being used.
<<
If it is considered that the client is hindering the hosts own processing or

office procedures in any way, the client must change or stop such actions
immediately, if requested to do so.
>>
Termination Procedure
Of hosting service
This will normally occur when the client has restored adequate facilities in
their own environment.
List the reasons for termination and also the roles and responsibilities. Include
any necessary clean up.
Of the agreement
<<
This agreement can only be cancelled by one of the following:
Written notice being given by one company to the other.
At annual renewal, in which case one month notice should still be
provided.
If agreed between the two companies at any stage.
>>
Page 140
Responsibilities
Responsibilities for the plan rest with the following:
Client 1:
Client 2:
The Directors concerned are:
Client 1:
Client 2:
Testing the Plan
<<
The plan will be tested, at most, twice a year and at least once a year. Dates
will be agreed to no less than two weeks before the test date.
Testing will be restricted to the following:

Loading of data to each others system
Ensuring that access to the system is possible for the client via LAN
and
Logons
Loading of some documents
Testing that these documents are accessible
It is not anticipated that testing of the following will occur:

Telephones
Fax
Office space (including desks, chairs, etc)
PC- or LAN-related items
Printing
>>
Page 141
APPENDIX A
AGREEMENT TO
DIASTER RECOVERY PLAN
BETWEEN
CLIENT 1
Client 1
Name: _____________________________
Signed: _____________________________
Title: _____________________________
Dated: _____________________________
Client 2
Name: ______________________________
Signed: ______________________________
Title: ______________________________
Dated: ______________________________
Page 142
APPENDIX B
Disaster Recovery Plan
SERVICE CONTACTS
Client 1
Client 2
Page 143
APPENDIX C
STAFF TO BE RESIDENT
Client 1
Client 2
APPENDIX D
Page 144
STAFF NEEDING TO VISIT OTHER SITE
Client 1
Client 2
APPENDIX E
Page 145
Allocation of resources at Client 2
Item Description Comments
Desks
Phones
Fax
Laptops
PCs
Servers
Printers
LAN
WAN
Applications
Licenses
Logons
Page 146
APPENDIX G
Client 2 Limited - Items stored Off-Site
At CLIENT 1 under supervision of:
The list below is provided for example. Specify items to be stored and quantity of
items per your individual circumstances.
Item Qty Location
Stationary
PCs
Laptops
Backup Devices
Desks
Chairs
etc
Page 147
Page 148
VITAL RECORDS TEMPLATE
IT Services
Vital Records Template
Status: Draft
Version: 0.1
Release Date:
Page 149
Document Control
Author
Document Source
I:/IT Services/Service Delivery/Vital Records/
Document Approval
Manager
Amendment History
Distribution List
IT
Page 150
Introduction
Purpose
The purpose of this document is to provide a vital records template.
Scope
A Vital Records template
Audience
Ownership

Business Continuity Strategy Template (ITSCM2900)
Reciprocal Arrangements (ITSCM3000)

Page 151
Executive Overview
Scope
Each organization and department should develop a vital records plan. The
first part of the plan is a description of records that are vital to continued
operation or for the protection of legal and financial rights of the organization.
The plan should also include specific measures for storing and periodically
cycling (updating) copies of those records.
The description of vital records is based on identification and inventorying.
Organizations may take the following steps to identify and inventory vital
records:
Consult with the official responsible for disaster coordination,
Review organization statutory and regulatory responsibilities and
existing emergency plans for insights into the functions and records
that may be included in the vital records inventory,
Review documentation created for the contingency planning and risk
assessment phase of emergency preparedness. The offices performing
those functions are obvious focuses of an inventory,
Review current file plans of offices that are responsible for performing
critical functions or may be responsible for preserving rights, and
Review the organization records manual or records schedule to
determine which records series potentially qualify as vital.
Organizations must exercise caution in designating records as vital and in
conducting the vital records inventory. There are suggestions that from 1 to 7
percent of an organization records may be vital records. Only those records
series or electronic information systems (or portions of them) most critical to
emergency operations or the preservation of legal or financial rights should be
so designated. Agencies must make difficult and judicious decisions in this
regard.
The inventory of vital records should include:
The name of the office responsible for the records series or electronic
information system containing vital information
Page 152
The title of each records series or information system containing vital

information
Identification of each series or system that contains emergency-
operating vital records or vital records relating to rights
The medium on which the records are recorded
The physical location for offsite storage of copies of the records series
or system
The frequency with which the records are to be cycled (updated).
VITAL RECORDS INVENTORY FORM
Department:
Authorizing Signature: ____________________________
Division:
Date of Signature:
Sub-Division: _________________________
IT Service: ____________________________
Page 153
Records Title Location-- Retention Container Format Security Copy

Building,
Floor, Room Location-- Format
Building,
Floor, Room
Appendices

Terminology

e.g.
CMDB Configuration Management Data Base
(www.theartofservice.com CONMGT stream)

www.theartofservice.com )

www.theartofservice.com )
Page 154
BUSINESS AND IT FLYERS
IT Services
Process: Problem Management
Business and IT Flyers
Stat In draft
us: Under Review
Sent for Approval
Approved
Rejected
Ver <<your version>>

sion
:
Rel
eas
e
Dat
e:
Note: SEARCH AND REPLACE

<<Organization name>>
Search for any << or >> as your input will be required

Also review any yellow highlighted text
Page 155
Introduction
The following pages provide 2 examples of flyers that can printed and
distributed throughout your organization.
They are designed to be displayed in staff rooms.
Note, they are examples, and your input is required to complete the flyers.
Remember, the important thing is to ensure that the message delivered in the
flyer is appropriate to the audience that will be reading it.
So think about how and where you will be distributing the flyers.
Page 156

ProblemManagement

ITServicesDepartment

Key Wanted: Long Term Stability
Points: they occur. As of
The IT Department contains, for
example, IT <<mm-dd-yyyy>>
is embarking on a that will change.
Problem employees or
Proactive Management business staff. New processes will

Approach be in place to head
implementation The most exciting
Program. element of the off potentially
damaging, costly
program is the
Removal Problem and time consuming
Management is a set Proactive
ofKnown
activities, errors in advance.
Errors. of activities designed
to remove errors designed to Provide contact lists
from the IT prevent errors for the IT
infrastructure. even before they Department as well
Fewer as the business

incidents occur.
<<First, determine managers that they
the audience of this Traditionally our
can contact.>>
flyer. This could be focus has been
Increased anyone who might on fixing errors as
confidence
benefit from the
information it

<<other
points>> THE BENEFITS THE CONTACTS
PROCESS
List the benefits to
the intended Problem Control List the contacts
audience. To understand the

issue.
Input any graphics in
Keep it Simple here
Error Control
Use Bullet Points To identify the
cause
Proactive
activities
To prevent potential
issues
Page 157

Problem Management
<<Corporate Logo
or image of
IT SERVICE choice>>
IMPROVEMENT
PROGRAM
HELP US HELP YOU
Contact your immediate Manager to let them know what you

need to do your job better
INCREASED SERVICE AVAILABILITY THROUGH FEWER

PROBLEMS IS OUR GOAL
KNOW YOUR SERVICE RIGHTS
Sponsored by IT SERVICES
Constantly improving and aligning to your needs
Page 158
EMAIL TEXT
IT Services
Management
Email Text
Status: In draft
Under Review
Sent for Approval
Approved
Rejected
Release
Date:

<<organization name>>

Page 159
Introduction
In the next section of this document is an example email text that can be
distributed across your organization.
Note, that this is just one piece of text for one email.
However, it is advisable to create a few different versions of the below text,

which you can store in this document, for future use.
This is very important, as each time you send an email regarding your IT
Service Continuity Management process it should be different and targeted to
the correct audience.
This document provides a method for also keeping track of your

communication that you have made to the rest of the organization, and to
keep in focus the promises that have been made regarding this process.
Page 160
Dear << insert audience here, for example, Customer, IT Staff, Marketing
Dept etc >>
IT Service Continuity Management Program
The IT Department <<give a specific name here if appropriate>> is embarking

on a programme to ensure that in the event of an unplanned and major
service outage, we are able to respond and restore IT services.
What does this mean to you?
The IT Department continually strives to improve the service it delivers to its

customers. The IT Services department provides internal support for <<e.g.
Business applications and equipment: Enter any appropriate details here>>.
In order to improve the IT Services and ensure that they are aligned with the
needs of the organization, we have decided to embark on a service
improvement programme. This programme will result in the implementation of
a process called IT Service Continuity Management.
Why the need for IT Service Continuity Management?
Organizations are required to operate and provide a service at all times. Its
that simple. Increasing competition and a growth in the requirement by
consumers for instant or near real time response has fuelled the necessity for
an agreed level of IT services to be provided following an interruption to the
business. Such interruptions can be a loss of a single application or a
complex system failure all the way through to the loss of a building (e.g.
through fire, flood, etc.)
We have defined the Goal for IT Service Continuity Management as follows:
Page 161
The goal for IT Service Continuity is to support the Business Continuity

Management process (following pre-defined losses in organizational ability),
through the delivery of IT services, within agreed times and costs.
<< INSERT YOUR OWN GOAL FOR IT SERVICE CONTINUITY
MANAGEMENT HERE >>
What is your involvement?
The IT Department will be creating a list of IT Services that it delivers. This will
be captured in a Service Catalogue (SC). The list of services will then be
presented to the different departments within <<organization name>>. From
this list, each department will be able to pick the service that they use, and
through our requirements gathering, make comments about the requirements
for that service during times of major outage or loss.
From this, we will be able to then formulate agreements on the services being
provided. These agreements are called Service Level Agreements and they
include the requirements for continuity.
This will help ensure that the IT Department is aligning its Services with the
business needs, provide a way to measure the services, set expectations of
the services being delivered, and more importantly provide an avenue for
discovery in service improvement.
We have appointed as IT Service Continuity Manager to help drive this

process. The IT Service Continuity Manager will be the interface between the
IT Department and the Department heads within the organization.
The IT Service Continuity Manager will work closely with the business in
defining the necessary services and agreeing their level of availability.
Page 162
The following can be considered a list of benefits to be derived from the

process:
<<
List benefits applicable to your audience.

For example: Benefits to the Business:
o Improved relationship with customers
o IT and Customers have a clear and consistent expectation of
service
For example: Benefits to the IT Department
o Better understanding of the level of service to be provided
o Reacting appropriately due to IT Service Continuity Agreements
o Operation Level Agreements reinforce communications
>>
The commencement date of the new process is scheduled for: << insert date
>>
OR
Completion of the process will be: << insert date >>
This is a detailed process and there may be some operational difficulties to

overcome, but with your support, I am sure we can provide an extremely
beneficial process to both the Business / <<organization name>> and IT.
If you have any questions regarding this, please do not hesitate to contact me
on << phone number >>
<< Your Name and Titles >>
Page 163
Page 164
REPORTS KPIs TARGETS AND ADDITIONAL METRICS
IT Services
Reports and KPI Targets
Status: In draft
Under Review
Sent for Approval
Approved
Rejected
Release
Date:

<<organization name>>

Page 165
Reports and KPI Targets for IT Service Continuity Management

be considered.
This document serves as a GUIDE ON SUITABLE KEY PERFORMANCE

INDICATORS (KPIs) and REPORTS FOR MANAGEMENT for the IT
Service Continuity Management process. This document provides a
basis for completion within your own organization.
This document contains suggestions regarding the measures that would

be meaningful for this process. The metrics demonstrated are intended
to show the reader the range of metrics that can be used. The message
must also be clear that technology metrics must be heavily
supplemented with non-technical and business focused
metrics/KPIs/measures.
This document was;
Prepared by:
On: <<date>>
And accepted by:
On: <<date>>
Page 166
Key performance indicators (KPIs)

Continuous improvement requires that each process needs to have a plan
about how and when to measure its own performance. While there can be
no set guidelines presented for the timing/when of these reviews; the how
question can be answered with metrics and measurements.
With regard to timing of reviews then factors such as resource availability,

cost and nuisance factor need to be accounted for. Many initiatives begin
with good intentions to do regular reviews, but these fall away very rapidly.
This is why the process owner must have the conviction to follow through on
assessments and meetings and reviews, etc. If the process manager feels
that reviews are too seldom or too often then the schedule should be changed
to reflect that.
Establishing SMART targets is a key part of good process management.

SMART is an acronym for:
Simple
Measurable
Achievable
Realistic
Time Driven
Metrics help to ensure that the process in question is running effectively.
Page 167
With regard to IT SERVICE CONTINUITY MANAGEMENT the following

metrics and associated targets should be considered:
Key Performance Indicator Target Value Time

(some Frame/Notes/Who
examples)
Identification of Risks in scope .Increasing
Risks that the organization has an element dependency on
of control over business
systems
Identification of Risks out of scope Increased
incidents of
Risks that the organization has no element politically
of control over destabilizing
activity.
Meetings held (on time) to review A reducing
performance number here
may be a good
indication or at
least the
number should
be stable.
Costs of Service Continuity process
decreasing vs. level of expected service.
Number of tests carried out as part of the
ITSCM process
The number of invocations of the ITSCM
plan or element of the plan.
Number of interviews held with business
staff to discuss their continuity requirements.
Number of education or awareness sessions
held to brief IT and/or business staff on the
ITSCM process
Number of changes that resulted in a
change to the ITSCM plan.
Number of changes detected that should
have resulted in a change to the ITSCM plan
but didnt.
Others
Special Tip: Beware of using percentages in too many cases. It may even be
better to use absolute values when the potential number of maximum failures
is less than 100
Page 168
Reports for Management
Management reports help identify future trends and allow review of the
health of the process. Setting a security level on certain reports may be
appropriate as may be categorizing the report as Strategic, Operational or
Tactical.
The acid test for a relevant report is to have a sound answer to the question;
What decisions is this report helping management to make?
Management reports for IT Service Continuity Management could include:
Report Time Frame/Notes/Who
Expected growth in demand for the service (will

generally be high at start-up, but then plateau)
Serious outages and invocation steps of the Continuity

plan
Backlog details of process activities work outstanding

(along with potential negative impact regarding failure
to complete the work in a timely manner) but also
provide solutions on how the backlog can be cleared.
Simple breakdown of Continuity process and the

relationship between business and IT. Description of
the triggers that begin the Continuity process and
how these triggers are reviewed.
Analysis and results of meetings completed
The situation regarding the process staffing levels and

any suggestions regarding redistribution, recruitment
and training required.
Human resource reporting including hours worked

against project/activity (including weekend/after hours
work).
Relevant Financial information to be provided in

conjunction with Financial Management for IT Services
Page 169
Page 170
IMPLEMENTATION AND PROJECT PLAN
IT Services
Implementation Plan/Project Plan
Skeleton Outline
Status:
Version: 0.1
Release
Date:
Page 171
Planning and implementation for IT Service Continuity Management

This document as described provides guidance for the planning and
implementation of the IT Service Continuity Management ITIL process.
The document is not to be considered an extensive plan as its topics have to
be generic enough to suit any reader for any organization.
be considered for planning and implementation of this process.
Initial planning
When beginning the process planning the following items must be completed:
CHECK DESCRIPTION
or 2
or date
Get agreement on the objective (use the ITIL definition), purpose,

scope, and implementation approach (e.g. Internal, outsourced,
hybrid) for the process.
Assign a person to the key role of process manager/owner. This

person is responsible for the process and all associated systems.
This will person will generally be the Network or Operations

Manager or Service Delivery Manager.
Conduct a review of activities that would currently be considered

as an activity associated with this process. Make notes and
discuss the re-usability of that activity.
The key activities of IT Service Continuity Management are:
Business Impact Analysis

Risk Assessment
Designing for Recovery
Procedural Testing
Create and gain agreement on a high-level process plan and a

design for any associated process systems. NOTE: the plan need
not be detailed. Too many initiatives get caught up in too much
detail in the planning phase. KEEP THE MOMENTUM GOING.
Page 172
Review the finances required for the process as a whole and any
associated systems (expenditure including people, software,
hardware, accommodation). Dont forget that the initial
expenditure may be higher than the ongoing costs. Dont forget
annual allowances for systems maintenance or customizations to
systems by development staff.
Agree the policy regarding this process
Create Strategic statements.
Policy Statement
The policy establishes the SENSE OF URGENCY for the process.
It helps us to think clearly about and agree on the reasons WHY effort is put
into this process.
An inability to answer this seemingly simple, but actually complex question is

a major stepping stone towards successful implementation
The most common mistake made is that reasons regarding IT are given as
the WHY we should do this. Reasons like to make our IT department more
efficient are far too generic and dont focus on the real issue behind why this
process is needed.
The statement must leave the reader in no doubt that the benefits of this
process will be far reaching and contribute to the business in a clearly
recognizable way.
Objective Statement
When you are describing the end or ultimate goal for a unit of activity that is
about to be undertaken you are outlining the OBJECTIVE for that unit of
activity.
Page 173
Of course the activity may be some actions for just yourself or a team of
people. In either case, writing down the answer to WHERE will this activity to
me/us/the organization is a powerful exercise.
There are many studies that indicate the simple act of putting a statement
about the end result expected onto a piece of paper, then continually referring
to it, makes achieving that end result realistic.
As a tip regarding the development of an objective statement; dont get caught

up in spending hours on this. Do it quickly and go with your instincts or first
thoughts BUT THEN, wait a few days and review what you did for another
short period of time and THEN commit to the outcome of the second review
as your statement.
Scope Statement
In defining the scope of this process we are answering what activities and
what information interfaces does this process have.
Dont get caught up in trying to be too detailed about the information flow into
and out of this process. What is important is that others realize that
information does in fact flow.
For example, with regard to the IT SERVICE CONTINUITY MANAGEMENT

process we can create a simple table such as:
Page 174
IT Service Continuity Management Information flows
Process Process Information

IT Service to Problem ITSCM planning awareness and training
Continuity Management
Management
Problem to IT Service Historical information for planning
Management Continuity
Management
IT Service to Change RFCs for evaluation pertaining to affects on

Continuity Management recovery
Management
Change to IT Service ITSCM planning awareness and training
Management
IT Service to Service Level Service Level Requirements

Continuity Management
Management
Service Level to IT Service ITSCM planning awareness and training
Management
Steps for Implementation.

There can be a variety of ways to implement this process. For a lot of organizations
a staged implementation may be suited. For others a big bang implementation
due to absolute equality may be appropriate.
In reality however, we usually look at implementation according to pre-defined

priorities. Consider the following options and then apply a suitable model to your
own organization or case study.
STEPS NOTES/
/RELEVANCE/DATES/
WHO
Define the Objective and Scope for IT Service Continuity
Management
Establish and agree on a clear definition for the words:
Disaster
Gradual Recovery
Intermediate Recovery
Page 175
Immediate Recovery
This is one of the most interesting aspects. It can be very
difficult to get everyone to agree to a definition, and it can
be very difficult to establish the correct understanding of
the definition.
However, get this right, and the rest of the process is
made easier.
Seek initial approval
Establish and Define Roles and Responsibilities for the
process. Appoint an ITSCM Manager.
Establish and Define the Scope for IT Service Continuity
Management and the relationships with IT Services
Establish IT Service Continuity Management Process
Establish and Define Relationship with all other
processes.
This is another key aspect of the IT Service Continuity
Management process. IT Service Continuity Management
is where we are helping set assurance of IT Service
capability in the event of a disaster. IT Service Continuity
Management works closely with Service Level
Management to achieve this.
Establish monitoring levels.
Continuity of service as seen by the business is related to
the service and not the components that make up the
service.
Define reporting standards
Publicize and market
The priority selection has to be made with other factors in mind, such as competitive
analysis, any legal requirements, and desires of politically powerful influencers.
Costs
The cost of process implementation is something that must be considered before,
during and after the implementation initiative. The following points and table helps to
frame these considerations:
(a variety of symbols have been provided to help you indicate required expenditure,
rising or falling expenditure, level of satisfaction regarding costs in a particular area,
etc.
Page 176
Initial During Ongoing

Personnel 0 /
Costs of people for initial design of process,
implementation and ongoing support
Accommodation
Costs of housing new staff and any associated new
equipment and space for documents or process related
concepts.
Software
New tools required to support the process and/or the
costs of migration from an existing tool or system to the
new one.
Maintenance costs
Hardware
New hardware required to support the process
activities. IT hardware and even new desks for staff.
Education
Re-education of existing staff to learn new techniques
and/or learn to operate new systems.
Procedures
Development costs associated with filling in the detail of
a process activity. The step-by-step recipe guides for all
involved and even indirectly involved personnel.
In most cases, costs for Process implementation have to be budgeted for (or
allocated) well in advance of expenditure. Part of this step involves deciding on a
charging mechanism (if any) for the new services to be offered. Build the team
Each process requires a process owner and in most situations a team of people to
assist.
The IT Service Continuity Management process is one of the processes in the

Service Delivery set that shows very visible benefits from the outset and is
very influential in setting the perception of IT Services to its customers and
end users.
Of course a lot will be dependent on the timing of the implementation and

whether it is to be staged or implemented as one exercise.
Page 177
Analyze current situation and FLAG

Naturally there are many organizations that have many existing
procedures/processes and people in place that feel that the activities of IT Service
Continuity Management is already being done.
It is critical to identify these systems and consider their future role as part of the new
process definition.
Examples of areas to review are:
Area Notes
Power teams
Current formal procedures
Current informal procedures
Current role descriptions
Existing organizational structure
Spreadsheets, databases and other repositories
Other
Implementation Planning
After base decisions regarding the scope of the process and the overall planning
activities are complete we need to address the actual implementation of the process.
It is unlikely that there will not be some current activity or work being performed that
would fit under the banner of this process. However, we can provide a
comprehensive checklist of points that must be reviewed and done.
Implementation activities for IT Service Continuity Management
Activity Notes/Comme
nts/Time
Frame/Who
Review current and existing IT Service Continuity Management
practices in greater detail. Make sure you also review current
process connections from these practices to other areas of IT
Service Delivery and Support.
Review the ability of existing functions and staff. Can we reuse

some of the skills to minimize training, education and time required
for implementation?
Establish the accuracy and relevance of current processes,

procedures and meetings. As part of this step if any information is
credible document the transition from the current format to any new
format that is selected.
Page 178
Decide how best to select any vendor that will provide assistance in
this process area (including tools, external consultancy or
assistance to help with initial high workload during process
implementation).
Establish a selection guideline for the evaluation and selection of

tools required to support this process area (i.e. IT Service
Continuity Management tools).
Purchase and install tools required to support this process (i.e. IT

Service Continuity Management tool). Ensure adequate skills
transfer and on-going support is catered for if external systems are
selected.
Create any required business processes interfaces for this process

that can be provided by the automated tools (e.g. reporting
frequency, content).
Document and get agreement on roles, responsibilities and training

plans.
Communicate with and provide necessary education and training

for staff that covers the actual importance of the process and the
intricacies of being part of the process itself.
An important point to remember is that if this process is to be implemented at the

same time as other processes that it is crucial that both implementation plans and
importantly timing of work is complementary.
Cutover to new processes

The question of when a new process actually starts is one that is not easy to answer.
Most process activity evolves without rigid starting dates and this is what we mean
when we answer a question with thats just the way its done around here.
Ultimately we do want the new process to become the way things are done around
here, so it may even be best not to set specific launch dates, as this will set the
expectation that from the given date all issues relating to the process will disappear
(not a realistic expectation).
Page 179
Page 180
FURTHER INFORMATION
For more information on other products available from The Art of Service, you can
visit our website: http://www.theartofservice.com
If you found this guide helpful, you can find more publications from The Art of
Service at: http://www.amazon.com
Page 181

1921523921

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

1921523921

Загружено:

Авторское право:

Доступные форматы

IT Service Continuity Management and

Disaster Recovery Best Practice Handbook:

Building, Running and Managing Effective IT

Notice of Liability: The information in this book is distributed on an As Is basis

Trademarks: Many of the designations used by manufacturers and sellers to

Up to $99 RRP Absolutely Free

How Does it Work?

What Happens When I Submit my Review?

Many organizations are looking to implement Service Level Management as a

This document describes the contents of the Service Level Management

Presentations can be used to educate or be used as the basis for

The additional information will enable you to improve your organizations

Start by reviewing the PowerPoint presentation.

Service Level Management ITIL V2 This presentation provides a detailed

Service Level Management ITIL V2:

Alternatively, continue by working through the Implementation Plan with the

CONTINUITY MANAGEMENT PRESENTATION

For more information please refer to Policies Objectives and Scope on

For more information please refer to Business Justification Document

To meet organizational objectives, the organization has business

Each of the units involved in these business processes needs IT Services

Each of these services runs on IT infrastructure that has to be properly

ITIL provides a framework for the management of IT Infrastructure.

Traditionally we look at the IT department as a collection of specialists with

Best practice processes will transverse functional departments and help to

Other points to explain:

An IT organization needs to focus on all these aspects to deliver the right IT

Generally, the technology perspective gets a lot of attention (time, budget,

There is also an organization perspective: the alignment of vision, strategy

Service Level Management is one of 10 ITIL processes. Here we get to see

For more information please refer to Emergency Response Plan on 73

For more information please refer to Communication Plan on page 81

For more information please refer to Risk Assessment Template on page

It is not possible to develop an effective ITSCM plan in isolation; it must fully

For more information please refer to ITSCM Process Manager on page

For more information please refer to Business Impact Assessment on

For more information please refer to Risk Assessment Template on page

For more information please refer to Business Continuity Strategy on

For more information please refer to Reciprocal Arrangements on page

For more information please refer to Risk Assessment Template on page

Following the Risk Analysis it is possible to determine appropriate

For more information please refer to Implementation and Project Plan on

For more information please refer to Vital Records Template on page

Gradual Recovery this option (sometimes referred to as cold stand by) is

Immediate Recovery this option (sometimes referred to as hot standby)

The ITSCM plan is dependent on specific technical tasks being undertaken. It

As with most IT issues, ITSCM crosses organizational boundaries and

ITSCM becomes one of the multitudes of corporate management activities

POLICIES OBJECTIVES AND SCOPE

Version: <<your version>>

Policies, Objectives and Scope for IT Service Continuity Management

The document is not to be considered an extensive statement as its topics

A course of action, guiding principle, or procedure considered expedient,

Why is effort being put into this process?

Is it because of legal requirements or competitive advantage? Perhaps the business

The above Policy Statement was;

And accepted by:

Something worked toward or striven for; a goal.

A generic sample statement on the objective for IT Service Continuity

The IT Service Continuity Management objective is described as a process for

The service must be provided after and based on an on-going analysis of

Service Continuity Management will provide a structure and repeatable process

The above Objective Statement was;

And accepted by: