Original post in Brazillian portuguese by Emerson Dorow. He authorized me to post in english language.
In the definition of Cobit, framework for IT governance, this process is responsible to ensure minimal business impact of an event that can stop (partially or completely) one or more IT services. The ITSCM is a sub-process management in business continuity, it is useless to have a functioning IT infrastructure without anyone or anything that uses it, which is why IT exists.
The ITSCM includes activities such as:
- Assess the cost / benefit of being able to achieve business continuity.
- Assess the damage this could cause the company’s image in front of their customers.
- Risk Assessment, which events may affect the delivery of services.
- Identification of critical services and critical to the operation of the business.
- Implementation Planning.
- Development of recovery plans.
- Testing
- Audits
- Promote the alignment of ITSCM to Change Management, ensuring that changes in the production environment, are properly assessed and, where necessary, reflected in the Plan of IT Services Continuity Management.
Recovery plans cited by ITIL are:
- No contingency: The very name implies.
- Administrative procedures: Without IT infrastructure, can be used, for example, paper forms in the absence of a system.
- Strategy of Fortification: This method has an extremely high cost because it comprises an IT infrastructure “where nothing can go wrong”.
- Reciprocal Arrangements: Where companies provide a space one another.
- Gradual Recovery: In this strategy the organization itself has a space with an infrastructure that contains electrical connections, telephone, air conditioning, where applications can be migrated and service levels restored.
- Intermediate Recovery: In this scenario there is an evacuation site rented or available.
- Immediate Recovery: It’s what we call the backup site, where there is a structure or similar servers, services and applications available.
Some performance indicators used to measure the efficiency and effectiveness of the process are:
- Costs;
- Results of the test plan;
- Losses due to disasters;
- Number of incidents identified in the audit that are not included in the plan ITSCM.
Even companies that host their stock of servers in data centers or in the “cloud” must the ITSCM, and perhaps include items such as: know the contingency plans that the contractor has, creation of SLAs, penalties for failure to comply with contracts among others.
This issue certainly is not cheap for organizations, so it is often overlooked, however, in at a low cost we must think of solutions to mitigate risk of events such as blackouts.
Thanks!
