it infrastructure library (itil) part 4 – availability– capacity- it continuity connecting...
TRANSCRIPT
IT Infrastructure Library (ITIL) Part 4 – Availability– Capacity- IT Continuity
CONNECTING BUSINESS & TECHNOLOGY
04/19/231
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
Agenda
Service Delivery Model
Availability Management
Capacity Management
IT Continuity Management
2
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
Service Delivery
Service Level ManagementThe process of defining, agreeing, documenting and managing the levels of customer IT
service, that are required and cost justified.Capacity Management
Capacity Management is responsible for ensuring that the Capacity of the IT Infrastructure matches the evolving demands of the business in the most cost-effective and timely manner
IT Service Continuity ManagementThe goal for ITSCM is to support the overall Business Continuity Management process by
ensuring that the required IT technical and services facilities (computer systems, networks, applications…) can be recovered within required, and agreed, business timescales
Availability Managementto optimise the capability of the IT Infrastructure, services and supporting organisation to deliver
a cost effective and sustained level of Availability that enables the business to satisfy its business objectives
Cost Management (Finantial Management for IT services)All the procedures, tasks and deliverables that are needed to fulfil an organisation's costing and
charging requirements.
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
Agenda
Service Delivery Model
Availability Management
Capacity Management
IT Continuity Management
5
Capacity Management is responsible for ensuring that the Capacity of the IT Infrastructure matches the evolving demands of the business in the most cost-effective and timely manner.
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
Availability – Introduction
Objective ensure IT Services are designed to deliver the levels of Availability required by the business provide a range of IT Availability reporting to ensure that agreed levels of Availability,
reliability and maintainability are measured and monitored on an ongoing basis optimise the Availability of the IT Infrastructure to deliver cost effective improvements that
deliver tangible benefits achieve over a period of time a reduction in the frequency and duration of Incidents that
impact IT Availability ensure shortfalls in IT Availability are recognised and appropriate corrective actions are
identified and progressed create and maintain a forward looking Availability Plan
Scope Availability Management is concerned with the design, implementation, measurement and
management of IT Infrastructure Availability to ensure the stated business requirements for Availability are consistently met
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
Availability – Concepts (1)
IT infrastructure and IT support organisation
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
Availability – Concepts (2)
Guiding principles
Guiding Principle #1 - 'Availability is at the core of business and User satisfaction'
Guiding Principle #2 - 'Recognising that when things go wrong, it is still possible to achieve business and User satisfaction'
Guiding Principle #3 - 'Improving Availability can only begin after understanding how the IT Services support the business'
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
Availability – Concepts (3)
Terminologies Availability
Availability is the ability of an IT Service or component to perform its required function at a stated instant or over a stated period of time.
Reliability The reliability of an IT Service can be qualitatively stated as freedom from operational
failure.
Maintainability Maintainability relates to the ability of an IT Infrastructure component to be retained
in, or restored to, an operational state
Security The Confidentiality, Integrity and Availability of the data associated with a service; an
aspect of overall Availability
Serviceability Serviceability describes the contractual arrangements made with Third Party IT
service providers. This is to assure the Availability, reliability and maintainability of IT Services and components under their care
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
Availability – Concepts (4)
Terminologies Vital Business Function
The term Vital Business Function (VBF) is used to reflect the business critical elements of the Business Process supported by an IT Service
User The term User is used to describe the consumer of an IT Service
IT support organisation The term IT support organisation is used to describe the IT functions
necessary to support, maintain and manage the IT Infrastructure to enable an IT Service to meet the level of Availability defined within the SLA
Availability Management (the activity) The term 'Availability Management' is used to indicate the execution of
activities within the process.
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
Availability – Process (1)
the Availability, reliability and maintainability requirements for the IT Infrastructure components that underpin the IT Service(s)
information on IT Service and component failure(s), usually in the form of Incident and Problem records
a wide range of configuration and monitoring data pertaining to each IT Service and component
service level achievements against agreed targets for each IT Service that has an agreed SLA
• Inputs– the Availability requirements of the Availability requirements of
the business for a new or the business for a new or enhanced IT Serviceenhanced IT Service
– a business Impact assessment a business Impact assessment for each vital Business function for each vital Business function underpinned by the IT underpinned by the IT Infrastructure Infrastructure
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
Availability – Process (2)
• Ouputs– Availability and recovery design criteria for each new or Availability and recovery design criteria for each new or
enhanced IT Service enhanced IT Service – details of the Availability techniques that will be deployed to details of the Availability techniques that will be deployed to
provide additional Infrastructure resilience to prevent or provide additional Infrastructure resilience to prevent or minimise the impact of component failure to the IT Service minimise the impact of component failure to the IT Service
– agreed targets of Availability, reliability and maintainability for agreed targets of Availability, reliability and maintainability for the IT Infrastructure components that underpin the IT the IT Infrastructure components that underpin the IT Service(s) Service(s)
– Availability reporting of Availability, reliability and Availability reporting of Availability, reliability and maintainability to reflect the business, User and IT support maintainability to reflect the business, User and IT support organisation perspectives organisation perspectives
– the monitoring requirements for IT components to ensure that the monitoring requirements for IT components to ensure that deviations in Availability, reliability and maintainability are deviations in Availability, reliability and maintainability are detected and reported detected and reported
– Availability Plan for the proactive improvement of the IT Availability Plan for the proactive improvement of the IT InfrastructureInfrastructure
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
Availability – Process (3)
• Activities– determining the Availability requirements from the business for an IT determining the Availability requirements from the business for an IT
Service and formulating the Availability and recovery design criteria Service and formulating the Availability and recovery design criteria for the IT Infrastructure for the IT Infrastructure
– in conjunction with ITSCM determining the vital business functions and in conjunction with ITSCM determining the vital business functions and impact arising from IT component failure. impact arising from IT component failure.
– defining the targets for Availability, reliability and maintainability defining the targets for Availability, reliability and maintainability (documented and agreed within SLAs, OLAs and contracts)(documented and agreed within SLAs, OLAs and contracts)
– establishing measures and reporting of Availability, Reliability and establishing measures and reporting of Availability, Reliability and Maintainability (business, User and IT perspectives)Maintainability (business, User and IT perspectives)
– monitoring and trend analysis of the Availability, Reliability and monitoring and trend analysis of the Availability, Reliability and Maintainability of IT components Maintainability of IT components
– reviewing IT Service and component Availability and identifying reviewing IT Service and component Availability and identifying unacceptable levels; investigating the underlying reasons for unacceptable levels; investigating the underlying reasons for unacceptable Availability. unacceptable Availability.
– producing and maintaining an Availability Plan which prioritises and producing and maintaining an Availability Plan which prioritises and plans IT Availability improvements.plans IT Availability improvements.
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
Availability – Process (4)
• Relationschip with other IT service management disciplines– All IT Service Management disciplines have an influence on IT All IT Service Management disciplines have an influence on IT
AvailabilityAvailability– Availability Management, by implication, interfaces with all disciplinesAvailability Management, by implication, interfaces with all disciplines
• Benefits– a single point of accountability for Availability (process owner)a single point of accountability for Availability (process owner)– IT Services are designed to meet the IT Availability requirements IT Services are designed to meet the IT Availability requirements
determined from the business determined from the business – the levels of IT Availability provided are cost justified the levels of IT Availability provided are cost justified – the levels of Availability required are agreed, measured and the levels of Availability required are agreed, measured and
monitored to fully support Service Level Management monitored to fully support Service Level Management – shortfalls in the provision of the required levels of Availability are shortfalls in the provision of the required levels of Availability are
recognised and appropriate corrective actions identified and recognised and appropriate corrective actions identified and implemented implemented
– the frequency and duration of IT Service failures is reduced over time the frequency and duration of IT Service failures is reduced over time
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
Availability – Process (5)
• Costs– the staff costs associated with the process owner Role for Availability
Management which include salary, training, recruitment costs and if needed the cost of initial consultancy
– accommodation costs – process deployment costs to define and implement the necessary
process, procedures and techniques – support tools for monitoring and reporting
• Possible problems– to not justify the costs of appointing a Availability manager
(responsibility of all senior managers) – difficulty understanding how Availability Management can make a
difference particularly where the existing disciplines are already deployed (Incident, Problem and Change)
– the current levels of Availability as good so see no compelling reason for the creation of a new role within the organisation
– fail to delegate the appropriate authority and empowerment to influence all areas of the IT support organisation.
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
Availability – (Un)availability (1)
Cost / Availability
New IT service provides indication of the costs (/ Availability requirement) where costs are seen as too high, enables alternative options with their associated costs
and consequences to be presented to the business higher levels of Availability can be achieved when Availability is designed in, rather than
added on avoids the costs and delays of late design Changes to meet the required levels of
Availability ensures the IT Infrastructure design will deliver the required levels of Availability.
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
Availability – (Un)availability (2)
Existing IT services Where high levels of Availability are already being delivered it may take
considerable effort and incur significant cost to achieve a small incremental Availability improvement
A key activity for Availability Management is to continually look at opportunities to optimise the Availability of the IT Infrastructure. The benefits of this approach being that enhanced levels of Availability may be achievable but with much lower costs
• Scope should not be restricted Scope should not be restricted to the IT Infrastructure, but also to the IT Infrastructure, but also include a review of the Business include a review of the Business process and other end-to-end process and other end-to-end business owned responsibilitiesbusiness owned responsibilities
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
Availability – (Un)availability (3)
The cost of Unavailability Impact on vital business functions
expls : number of business or IT transactions impacted provide an obvious indication of the consequence of failure
The monetary impact express the cost of failure arising from system, application or function loss to the business as a monetary
'value' Tangible costs
Lost user or IT staff productivity lost revenue overtime payments wasted goods and material imposed fines or penalties.
Intangible costs loss of customer goodwill (Customer dissatisfaction) loss of Customers loss of business opportunity (to sell, gain new Customers etc) damage to business reputation loss of confidence in IT service provider damage to staff morale
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
Availability Management
actual available time • %availability = --------------------------------------- x 100%
agreed time
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
Availability Management – measurements
• Mean Time To Repair (MTTR) : average downtime• Mean Time Between Failures (MTBF) : average elapsed time between failures • Mean Time Between System Incidents (MTBSI) : the average elapsed time from
the occurrence of an Incident to resolution of the Incident.
Time
Time between incidents
UptimeDowntime
Time
Detection
Repair time
Time Time Time
reaction diagnose repair
Incident IncidentRecovery
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
Availability Management – Key Indicators
• Traditional measures :
• % Available
• % Unavailable
• Duration
• Frequency of failure
• Impact of failure• User Availability :
• Impact by User minutes lost.
• Impact by business transaction.
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
Agenda
Service Delivery Model
Availability Management
Capacity Management
IT Continuity Management
22
The goal of the Availability Management process is to optimise the capability of the IT Infrastructure, services and supporting organisation to deliver a cost effective and sustained level of Availability that enables the business to satisfy its business objectives.
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
Capacity Management – Introduction (1)
Capacity Management : A balance act
The capacity Management answer to Which components to upgrade ? When to upgrade ? How much the upgrade will cost ?
KEY MESSAGE « Good Capacity Management ensures NO SURPRISES! »
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
Capacity Management – Introduction (2)
The two law of capacity management : Moore's Law
In 1965 Gordon Moore, one of the founders of Intel, observed that each new memory chip produced contained about twice as much processing Capacity as its predecessor, and that new chips were released every 18 - 24 months. This trend has continued ever since, leading to an exponential increase in processing power.
Parkinson's Law of Data We all know that work expands to fill the time available to complete it, but a variation on that law is that 'data expands to fill the space
available for storage'.
While these two laws hold true then effective Capacity Management is even more important as supply and demand grow exponentially.
The Capacity Management process’s goal is to ensure the cost justifiable IT Capacity always exists and that it is matched to the current and future identified needs of the business.
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
Capacity Management – Introduction (3)
The Capacity Management process should be the focal point for all IT performance and Capacity issues : hardware, networking equipments, peripherals, softwares, human ressources…
The driving force for
Capacity Management
should be the business
requirements of the
organisation
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
Capacity Management – Process (1)
– Capacity Management sub-processesCapacity Management sub-processes• Business Capacity Management : compare fure requirements (from Business Capacity Management : compare fure requirements (from
Business Plan) with current ressource utilisation modelBusiness Plan) with current ressource utilisation model• Service Capacity Management : management of the performance of the Service Capacity Management : management of the performance of the
livelive• Resource Capacity management : management of the iduividuals Resource Capacity management : management of the iduividuals
components of the IT infrastructurecomponents of the IT infrastructure
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
Capacity Management – Process (2)
Business Capacity Management Identify and agree Service Level Requirements Design, procure or amend configuration Update CMDB et CDB Verify SLA Sign SLA
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
Capacity Management – Process (3)
Service Capacity Management to identify and understand the IT Services, their use of resource,
working patterns, peaks and troughs to ensure that the services can and do meet their SLA targets To monitore collected data form service preformances
Resource Capacity Management to identify and understand the Capacity and utilisation of each of the
component parts in the IT Infrastructure To understand new technology and how it can be used to support the
business to identify the impact on the available resources of particular failures,
and the potential for running the most important services on the remaining resources
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
Capacity Management – Activities (1)
activities are undertaken when carrying out any of the sub-processes of Capacity Management and these activities can be done reactively or proactively
major difference between the sub-processes is in the data that is being monitored and collected, and the perspective from which it is analysed
number of the activities need to be carried out iteratively
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
Capacity Management – Activities (2)
Monitoring Objective
the utilisation of each resource and service is monitored on an on-going basis to ensure the optimum use of the hardware and software resources, that all agreed service levels can be achieved, and that business volumes are as expected
Examples of monitored data (for capacity or performance) : CPU utilisation, Memory utilisation Number of logon and concurrent users Tarnsaction response time
Set thresholds, baslines, profilesAnalysis Objective
The data should be analysed to identify trends from which the normal utilisation and service level, or baseline, can be established. By regular monitoring and comparison with this baseline, exception conditions in the utilisation of individual components or service thresholds can be defined. Also the data can be used to predict future resource usage.
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
Capacity Management – Activities (3)
Tuning Objective
The analysis of the monitored data may identify areas of the configuration that could be tuned to better utilise the system resource or improve the performance of the particular service.
Must be tested or validatedImplementation Objective
The objective of this activity is to introduce to the live operation service, any Changes that have been identified by the monitoring, analysis and tuning activities.
Must be undertaken throught a formal change management process Compare monitoring after and before the change (not to regress)
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
Capacity Management – Activities (4)
Storage of capacity management data CDB is the cornerstone of a successful Capacity Management Process Type of data
Business Data : number of web site business transactions Service Data : transaction response time Technical Data : CPU, network utilisation, disk Financial Data : IT element cost, budgets Utilisation Data : I/O, Memory
Ouputs from the CDB Service and components based reports Exception reporting Capacity forecasts
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
Capacity Management – Activities (5)
Demand management Objective
The prime objective of Demand Management is to influence the demand for computing resource and the use of that resource
Needs understand which services are utilising the resource and to what level know the schedule of when services must be run
Modelling Objective
A prime objective of Capacity Management is to predict the behaviour of IT Services under a given volume and variety of work. Modelling is an activity that can be used to beneficial effect in any of the sub-processes of Capacity Management
Types of modelling Trend analysis Analytical modelling Simulation modelling Baselines models
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
Capacity Management – Activities (6)
Application sizing Objective
The primary objective of application sizing is to estimate the resource requirements to support a proposed application Change or new application, to ensure that it meets its required service levels. To achieve this application sizing has to be an integral part of the applications lifecycle
Description Specify required service levels (application design) Specify resilience aspects Use modelling (resources could be shared…)
Production of the capacity plan Objective
The prime objective is to produce a plan that documents the current levels of resource utilisation and service performance, and after consideration of the business strategy and plans, forecasts the future requirements for resource to support the IT Services that underpin the business activities.
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
Capacity Management – Implementation
Review what exists already
Planning the process Structure of the capacity management process Monitoring The CDB Integration into the other planning processes Production of the capacity plan
Implementation of the process Train staff Establish monitoring and the CDB Business Capacity Management Service Capacity Management Resource Capacity Management
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
Capacity Management – Process Review
Metrics utilisation of all components / services recorded in theCDB correct amount of utilisation data collected in the CDB - SLM process is informed of any potential or actual breaches of the targets in
the SLAs constraints that are imposed on demand occur with the understanding of the
Customers the annual Capacity Plan is produced on time and is accepted by the senior IT
management Critical success factors accurate business forecasts knowledge of IT strategy and plans an understanding of current and future technologies an ability to demonstrate cost effectiveness interaction with other effectiveService Management processes an ability to plan and implement the appropriate IT Capacity to match business
need
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
Capacity Management – Interfaces with other SM processes (1)
Incident Management IM informs CM of incidents related to capacity CM resolves and documents capacity related incidents
Problem Management CM provides a specialist support to PM related to capacity Procative role of CM throught the analysis of performance and capacity
informationChange Management CM is represented on the Change Management Board (CAB) Effects of changes muts be monitored by Capacity Management
Release Management CM helps to determine the roll out strategy CM provides information on resources
Configuration Management CDB is a subset of CMDB
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
Capacity Management – Interfaces with other SM processes (2)
Service Level Management CM supports SLM to ensure that capacity targets an be achieved CM assists SLM in drafting and reviewing OLAs and contracts CM monitors and reports on performance
Financial Management for IT services Financial management determines the cost justification When IT charging, CM provides information on usage profiles
IT Service Continuity Management CM determines the capacity required for recovery Capacity Plan includes IT Service continuity requirements
Availability Management Performance and capacity problems results in unavailability Avalability and Capacity management should be aligned (same goals, shared
tools…)
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
Agenda
Service Delivery Model
Availability Management
Capacity Management
IT Continuity Management
39
The goal for ITSCM is to support the overall Business Continuity Management process by ensuring that the required IT technical and services facilities (including computer systems, networks, applications, telecommunications, technical support and Service Desk) can be recovered within required, and agreed, business timescales.
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
ITSCM – Introduction (1)
Scope ITSCM focuses on the IT Services required to support the critical business processes.
Benefits for managing the risk Potential lower insurance premiums Regulatory requirements Business relationship Positive marketing of contingency capabilities Organisational credibility Competitive advantage
Business Continuity Management (BCM) BCM is concerned with managing risks to ensure that at all times an organisation can
continue operating to, at least, a pre-determined minimum level. The BCM process involves reducing the risk to an acceptable level and planning for the recovery of business processes should a risk materialise and a disruption to the business occur.
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
ITSCM – Introduction (2)
Management commitment The implementation of ITSCM mechanisms, identified through the BCM
process, must be based on business requirements in order to reduce the risk from interruption or failure of critical business processes and ensure business benefit (Top management issue)
Key objective in a business manager’s job description Business-as-usual pressures must not being used as an excuse for the non
delivery of the recovery facilities ITSCM is a directive of the business strategy
Relationschip with other IT services SLM : uderstanding the obligatiopns IT service delivery Availability Management : delivering risk reduction measures to maintain
« business-as-usual » Configuration management : defining the core Infrastructure Capacity Management Change Management Service Desk/Incident Management
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
ITSCM – Scope
Risk in scope Identify the frequency, types and nature of regular service
disruptions major service disruptions, from terrorist activities to natural
disasters and Infrastructure Problems
Risk out of scope Changes in business direction Restructuring Minor technical faults
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
ITSCM – Business Continuity Lifecycle (1)
BCM Process Model
4 stages Initiation Requirements and
strategy Implementation Operational
Management
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
ITSCM – Business Continuity Lifecycle (2)
Stage 1 – Initiation
Policy setting management intention and objectives
Specify terms of reference and scope roles and responsabilities Risk assessment scope Business impact analysis scop
Allocate resources Define the project organisation and control structure
Use a project management methodology
Agree project and quality plans
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
ITSCM – Business Continuity Lifecycle (3)
Stage 2 – Requirements
analysis and strategy definition
Business Impact Analysis – Identify : Critical business processes Potential damage or loss as a result of a disruption to critical business
processes Form od dampage or loss (income, reputation, costs…) Staffing, skills, facilities, services necessary to enable critical business
processes to continue operating at a minimum level The time within which minimum should be recovered The time within all required business processes should be recovered
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
ITSCM – Business Continuity Lifecycle (4)
Stage 2 – Requirements analysis and strategy definition
Risk assessment Identify risks to particular IT
service component Asses threat and vulnerability levels Asses the levels of risk
a high threat and high vulnerability implies a high probability of occurrence
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
ITSCM – Business Continuity Lifecycle (5)
Stage 2 – Requirements analysis and strategy definition
Business Continuity Strategy Risk reduction measures Recovery options (people and accommodation) Recovery Options (critcal services : phone, post, water…) Recovery Options (critical assets : erefrence material…) IT Recovery Options
Do nothing Manula work arounds Reciprocal arrangement Gradual recovery (‘cold standby’) Itermediate recovery (‘warm standby’) Immediate recovery (‘hot standby’)
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
ITSCM – Business Continuity Lifecycle (6)
Stage 3 – Implementation Organisation planning (3 levels : executice, co-ordination, recovery
teams) Implementation planning Implement risk reduction measures : UPS, fault tolerant systems,
RAID, mirror disks, spare… Implement stand-by
arrangements Develop ITSCM plans Develop procedures(replacement, restoration…)
Initial testing
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
ITSCM – Business Continuity Lifecycle (7)
Stage 4 – Operational Management Education and awareness Training (IT and non IT
teams) Review (ongoing review
programme) Testing Change control Assurance
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
ITSCM – Business Continuity Lifecycle (8)
Invocation Decision by a crisis management team Factires to take account :
the extent of the damage and scope of the potential invocation the likely length of the disruption and Unavailability of premises and/or
services the time of day/month/year and the potential business impact. At year end
the need to invoke may be more pressing to ensure that year-end processing is completed on time
specific requirements of the business depending on work being undertaken at the time
Need to communication within the organisation Record all activities Maintain security and data protection
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
ITSCM – Management Structure (1)
Ojectives allow responsibilities for ongoingITSM to be clearly defined and
allocated integrate into existing management structures, hierarchies and
responsibilities avoid concentrating responsibility in an isolated centre of excellence allocate responsibilities to functions or individuals that have the
necessary presence, credibility, skills, knowledge and expertise within the IT organisation
ensure that the management structure to manage ITSC on an ongoing basis, closely resembles the structure that will control and facilitate Continuity or recovery should the ITSCM mechanisms have to be invoked
ensure the ITSCM strategy and requirements are integrated with the business and IT strategies.
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
ITSCM – Management Structure (2)
Roles and responsabilities (normal opertations and invocation)
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
ITSCM – Generating awareness
Of the need of ITSCM the range of risks and vulnerabilities the potential business impacts the likelihood of each of the risks materialising personal responsibilities and liabilities (directors) external pressures (regulators, shareholders or clients)
Initial awareness Initial briefing sessions
On going awareness briefings to all staff on the need for vigilance, on emergency procedures and
security guidelines and procedures demonstration of stand-by facilities to staff use of an organisation's newsletter, notice boards, or an intranet inclusion of an overview of the organisation's business and ITSCM
mechanisms in the staff induction process regular progress reports to the Board and regular agenda items on other
management and IT committees
C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y
Author
Date
FurtherInformation
Contact
Contact…Devoteam – Jean-Marc Chevereau
Phone …+33 1 41 48 48 48 / +33 6 64 48 96 99
Email ……[email protected]
Country …France
www.devoteam.com
Algeria
Austria
Belgium
Czech Republic
Denmark
France
Germany
Italy
Jordan
Luxembourg
Morocco
Netherlands
Norway
Poland
Russia
Saudi Arabia
Spain
Sweden
Switzerland
Tunisia
Turkey
United Arab Emirates
United Kingdom
© Devoteam GroupThis document is not to be copied or reproduced in any way without Devoteam express permission. Copies of this document must be accompanied by title, date and this copyright notice.
Jean-Marc Chevereau
Janvier 2010