13 it service continuity management
TRANSCRIPT
![Page 1: 13 IT Service Continuity Management](https://reader036.vdocuments.site/reader036/viewer/2022082410/54663ba5b4af9f645d8b4c29/html5/thumbnails/1.jpg)
11
IT Service ContinuityIT Service Continuity ManagementManagement
![Page 2: 13 IT Service Continuity Management](https://reader036.vdocuments.site/reader036/viewer/2022082410/54663ba5b4af9f645d8b4c29/html5/thumbnails/2.jpg)
22
Goal – Primary ObjectiveGoal – Primary Objective
•To support the overall To support the overall Business Business ContinuityContinuity management process by management process by ensuring that the required IT technical ensuring that the required IT technical services and facilities can be services and facilities can be recoveredrecovered within required and agreed within required and agreed business time-scalesbusiness time-scales
![Page 3: 13 IT Service Continuity Management](https://reader036.vdocuments.site/reader036/viewer/2022082410/54663ba5b4af9f645d8b4c29/html5/thumbnails/3.jpg)
33
Why Continuity ManagementWhy Continuity Management
• Ensuring business survival by Ensuring business survival by reducing the impact reducing the impact of a disasterof a disaster or major failure or major failure
• Reducing the Reducing the vulnerabilityvulnerability and risk and risk to the to the business by effective risk analysis and risk business by effective risk analysis and risk managementmanagement
• Preventing the loss of Customer and User confidencePreventing the loss of Customer and User confidence
• Producing IT recovery plans that are integrated with Producing IT recovery plans that are integrated with and fully support the organisation’s overall Business and fully support the organisation’s overall Business Continuity PlanContinuity Plan
![Page 4: 13 IT Service Continuity Management](https://reader036.vdocuments.site/reader036/viewer/2022082410/54663ba5b4af9f645d8b4c29/html5/thumbnails/4.jpg)
44
ConsiderationsConsiderations
• IT Service Continuity options need to be understood IT Service Continuity options need to be understood and the most appropriate solution chosen in support and the most appropriate solution chosen in support of BCM requirementsof BCM requirements
• Roles and responsibilities need to be identified and Roles and responsibilities need to be identified and supported from a senior levelsupported from a senior level
• IT IT recovery plansrecovery plans and Business Continuity plans and Business Continuity plans need to be aligned regularly reviewed, revised and need to be aligned regularly reviewed, revised and testedtested
![Page 5: 13 IT Service Continuity Management](https://reader036.vdocuments.site/reader036/viewer/2022082410/54663ba5b4af9f645d8b4c29/html5/thumbnails/5.jpg)
55
The Business Continuity Life-The Business Continuity Life-cycle Overviewcycle Overview• Stage 1 – InitiationStage 1 – Initiation
– Initiate Business Continuity ManagerInitiate Business Continuity Manager
• Stage 2 – Requirements and StrategyStage 2 – Requirements and Strategy• Stage 3 - ImplementationStage 3 - Implementation• Stage 4 - Operational ManagementStage 4 - Operational Management
![Page 6: 13 IT Service Continuity Management](https://reader036.vdocuments.site/reader036/viewer/2022082410/54663ba5b4af9f645d8b4c29/html5/thumbnails/6.jpg)
66
Stage 2 – Requirements and Stage 2 – Requirements and StrategyStrategyBusiness Impact AnalysisBusiness Impact Analysis
Identification of Critical Business Processes and Speed of Identification of Critical Business Processes and Speed of RecoveryRecovery
Risk Assessment and MethodologyRisk Assessment and Methodology
Threats to AssetsThreats to Assets
CRAMM – CRAMM – CCCTA’s CTA’s RRisk isk AAnalysis nalysis MManagement anagement MMethodologyethodology
(Central Computer and Telecommunications Agency)(Central Computer and Telecommunications Agency)
Business Continuity StrategyBusiness Continuity Strategy
Based on Top RisksBased on Top Risks
![Page 7: 13 IT Service Continuity Management](https://reader036.vdocuments.site/reader036/viewer/2022082410/54663ba5b4af9f645d8b4c29/html5/thumbnails/7.jpg)
77
Risk Analysis (CRAMM)Risk Analysis (CRAMM)ANALYSIS
Assets Threats Vulnerabilities
MANAGEMENT
Risks
Countermeasures
![Page 8: 13 IT Service Continuity Management](https://reader036.vdocuments.site/reader036/viewer/2022082410/54663ba5b4af9f645d8b4c29/html5/thumbnails/8.jpg)
88
Risk AnalysisRisk Analysis
• Asset Categorise and RANK 1-10Asset Categorise and RANK 1-10– HardwareHardware– SoftwareSoftware– PeoplePeople– Buildings etc.Buildings etc.
• Threat List and RANK 1-3Threat List and RANK 1-3
• Vulnerability against Assets Matrix RANK 1-3Vulnerability against Assets Matrix RANK 1-3
Risk = Asset * Threats * VulnerabilityRisk = Asset * Threats * Vulnerability
![Page 9: 13 IT Service Continuity Management](https://reader036.vdocuments.site/reader036/viewer/2022082410/54663ba5b4af9f645d8b4c29/html5/thumbnails/9.jpg)
99
IT Recovery OptionsIT Recovery Options
• Do nothingDo nothing
• Manual back-up – revert to pen and paperManual back-up – revert to pen and paper
• Reciprocal arrangements with another companyReciprocal arrangements with another company
• Gradual recovery - Cold StandbyGradual recovery - Cold Standby
• Intermediate recovery - Warm StandbyIntermediate recovery - Warm Standby
• Immediate recovery - Hot StandbyImmediate recovery - Hot Standby
![Page 10: 13 IT Service Continuity Management](https://reader036.vdocuments.site/reader036/viewer/2022082410/54663ba5b4af9f645d8b4c29/html5/thumbnails/10.jpg)
1010
Gradual Recovery – COLD Gradual Recovery – COLD standbystandby• Time to recovery > 72hrsTime to recovery > 72hrs
• Empty Computer spaceEmpty Computer space– RemoteRemote– PortablePortable
• Nothing in the roomsNothing in the rooms
• Requires contracts / procedures in place to set upRequires contracts / procedures in place to set up
![Page 11: 13 IT Service Continuity Management](https://reader036.vdocuments.site/reader036/viewer/2022082410/54663ba5b4af9f645d8b4c29/html5/thumbnails/11.jpg)
1111
Intermediate Recovery – Intermediate Recovery – WARM standby WARM standby • Time to recovery 24hrs to 72hrsTime to recovery 24hrs to 72hrs
• Filled Computer spaceFilled Computer space– RemoteRemote– PortablePortable
• Networked Computers but with Networked Computers but with NO DataNO Data
![Page 12: 13 IT Service Continuity Management](https://reader036.vdocuments.site/reader036/viewer/2022082410/54663ba5b4af9f645d8b4c29/html5/thumbnails/12.jpg)
1212
Immediate Recovery – HOT Immediate Recovery – HOT standbystandby• Time to recovery “within the working day” 0hrs to Time to recovery “within the working day” 0hrs to
8hrs8hrs
• Filled Computer SpaceFilled Computer Space– RemoteRemote– PortablePortable
• Networked Computers Networked Computers with Data with Data (but not (but not necessarily up to date)necessarily up to date)
![Page 13: 13 IT Service Continuity Management](https://reader036.vdocuments.site/reader036/viewer/2022082410/54663ba5b4af9f645d8b4c29/html5/thumbnails/13.jpg)
1313
Benefits of Continuity Benefits of Continuity ManagementManagement• Management of risk and the consequent reduction of Management of risk and the consequent reduction of
the impact of failurethe impact of failure
• Fulfilment of regulatory requirementsFulfilment of regulatory requirements
• Potentially lower insurance premiumsPotentially lower insurance premiums
• A more business focussed approach to IT continuity A more business focussed approach to IT continuity and recoveryand recovery
• Reduced business disruption during an incidentReduced business disruption during an incident
• Increased customer confidence and organisational Increased customer confidence and organisational credibilitycredibility
![Page 14: 13 IT Service Continuity Management](https://reader036.vdocuments.site/reader036/viewer/2022082410/54663ba5b4af9f645d8b4c29/html5/thumbnails/14.jpg)
1414
Exam TipsExam Tips
•Know the Know the Disaster Recovery Disaster Recovery optionsoptions
ISCM
![Page 15: 13 IT Service Continuity Management](https://reader036.vdocuments.site/reader036/viewer/2022082410/54663ba5b4af9f645d8b4c29/html5/thumbnails/15.jpg)
1515
Exam QuestionsExam Questions
• In relation to IT Service Continuity Planning, the In relation to IT Service Continuity Planning, the severityseverity of a of a disasterdisaster depends upon: depends upon:
AA The time of day it occursThe time of day it occurs
BB How many people are available to assist in recoveryHow many people are available to assist in recovery
CC The type of disaster, whether flood, fire etcThe type of disaster, whether flood, fire etc
DD The The impact impact ((EFFECTEFFECT) upon customers’ businesses) upon customers’ businesses
![Page 16: 13 IT Service Continuity Management](https://reader036.vdocuments.site/reader036/viewer/2022082410/54663ba5b4af9f645d8b4c29/html5/thumbnails/16.jpg)
1616
Exam QuestionsExam Questions
• Consider the following statements about IT Service Continuity Consider the following statements about IT Service Continuity Planning:Planning:
11 The intermediate recovery external option offers a The intermediate recovery external option offers a remoteremote installation, fully equipped with all the required hardware, installation, fully equipped with all the required hardware, software, communications and environmental control equipmentsoftware, communications and environmental control equipment
22 The intermediate recovery external option is often shared between The intermediate recovery external option is often shared between multiple customers and in the event of a disaster may not be multiple customers and in the event of a disaster may not be available due to over-subscriptionavailable due to over-subscription
AA BothBothBB NeitherNeitherCC Only 1Only 1DD Only 2Only 2
![Page 17: 13 IT Service Continuity Management](https://reader036.vdocuments.site/reader036/viewer/2022082410/54663ba5b4af9f645d8b4c29/html5/thumbnails/17.jpg)
1717
Exam QuestionsExam Questions
• Your organisation has just entered into a Your organisation has just entered into a Gradual Recovery Gradual Recovery (Cold Standby) IT service Continuity Agreement. Within the ITIL (Cold Standby) IT service Continuity Agreement. Within the ITIL definition, which of the following lists is definition, which of the following lists is INCORRECTINCORRECT for what for what you could find at the contingency site?you could find at the contingency site?
AA A building, electricity, telecommunications equipment, office A building, electricity, telecommunications equipment, office space for technical staffspace for technical staff
BB Stand-by generator, telecommunications equipment, system Stand-by generator, telecommunications equipment, system manuals, support staff, watermanuals, support staff, water
CC A building, telecommunications equipment, A building, telecommunications equipment, a computera computer, , support staff, documentationsupport staff, documentation
DD A building, electricity, water, support staff, system manualsA building, electricity, water, support staff, system manuals
![Page 18: 13 IT Service Continuity Management](https://reader036.vdocuments.site/reader036/viewer/2022082410/54663ba5b4af9f645d8b4c29/html5/thumbnails/18.jpg)
1818
Exam QuestionsExam Questions
• Which of the following would you Which of the following would you NOTNOT expect to see in an IT expect to see in an IT Service Continuity Plan?Service Continuity Plan?
AA Contact listsContact lists
BB The version numberThe version number
CC Reference to change control proceduresReference to change control procedures
DD Full Service Level Agreements (Full Service Level Agreements (SLMSLM))