You spent time developing an actionable plan, assigned responsibility to various personnel and created confidence that business systems will be available during times of disaster. But, what happens on Day 2 after the plan is put in place? The plan must be maintained, tested and revised to stay aligned with business changes and increasing risk. Maintaining the plan becomes one of the most critical initiatives to reduce risk in the future.
One method to ensure your plan is kept current is to integrate your BC/DR efforts with the best practices contained in the IT Infrastructure Library (ITIL). Various processes within ITIL integrate seamlessly with BC/DR and, when implemented properly, can enable the ongoing maintenance of your BC/DR plan. Processes such as Service Level, Incident, Change and Configuration Management stipulate activities that can help ensure your plan stays current, regardless of the dynamic nature of the business.
The service lifecycle contained in ITIL v3 can provide for the ongoing improvement of your BC/DR plan over time. Let's take a look at some of the activities contained within ITIL that you can use to enhance your BC/DR capability:
Service Level Management (SLM) – Activities contained in this process establish the guidelines to design and implement services within your organization to ensure that the business and IT are aligned. Whether you are adding new services or maintaining existing services, continuity is a key component that must be addressed.
When determining your strategy for delivering services, its effect on your BC/DR plan needs to be addressed. Including continuity discussions when defining services and drafting service level agreements ensures that the business understands how the service will be recovered during disasters and other associated risks. Your service level manager should have a detailed understanding of the contents of your BC/DR plan in order to ensure that changes to business services that impact the plan are taken into consideration when revisions to the service catalog are made.
Incident Management (IM) – In its simplest form, an incident is any event that results in a service becoming unavailable or deteriorated. Disasters are major incidents that require the organization to follow an established workflow to restore the service to an acceptable and agreed upon service level. The process to detect, record, diagnose, resolve and close these incidents must be established in order to effectively manage the incident.
Integrating the contents of the BC/DR plan into your incident management process will ensure that the activities of the plan are executed in a timely and organized manner. Establishing the process that will be followed when these incidents occur will ensure that all the stakeholders involved will be notified of their responsibilities.
Service Desk – There are various service desk technologies available today that can be used to enable the process to work more effectively. The service desk is a tool you can use to create templates that will be followed to document the incident and establish the workflow that will be followed.
The BC/DR plan will stipulate the activities to be followed during a disaster and the service desk will be the place where the workflow will be documented. The standard template can be initiated, allowing each person with responsibility for the incident to be notified so they can take the appropriate actions established in the plan.
Configuration Management Database (CMDB) – All BC/DR plans contain a detailed list of the configuration items making up the critical services that need to be recovered during a disaster. Inclusion of the configurations in the CMDB will ensure that the information is available to all the required parties during the disaster. The CMDB will also contain all the attributes of the configuration items and establish ownership, control mechanisms, status, and verification requirements that will be needed to maintain the information so it stays current.
The CMDB is an important component for Incident and Change Management in order to determine the appropriate scope of outages and changes. Any changes to the configurations of critical services will have a direct impact on the BC/DR plan and should be annotated as such in the CMDB.
Availability and Capacity Management – As the service catalog is developed, service level requirements will determine the level of availability and capacity needed to reduce risks associated with the infrastructure. These plans provide critical input to the BC/DR plan in that they indicate the level of redundancy and capacity requirements needed to ensure continuous service operations. Availability and capacity managers must be consulted when developing the BC/DR plan so the level of capability can be defined appropriately. A detailed process in this area will lead to a more effective BC/DR plan.
Continual Service Improvement – In order to ensure that IT transforms itself toward a higher level of maturity, service improvement plans must be developed and maintained. A key component of drafting an effective plan is identification of the impact improvements (changes) have on the BC/DR plan. A detailed process for coordinating and determining the effect on the BC/DR capability is critical in ensuring that when improvements to the plan are made, all stakeholders are informed and the impact on the business is considered.
Summary-
Integrating your ITIL program with your BC/DR capability can provide the business with the assurance that IT is considering all aspects of maintaining continuous service operations. The list of correlating processes between ITIL and BC/DR contained in this article are not all inclusive, however, they represent a good start toward transforming and aligning IT with the business.
When developing your BC/DR capability, it is a good practice to consider ITIL as a means to enhance your plan by taking the time to integrate your efforts and consider the effects of Services, People, Process and Tools. The time you spend to ensure effective maintenance of your BC/DR plan using the ITIL best practices will go a long way to ensure continuous business operations before, during and after a disaster.
One method to ensure your plan is kept current is to integrate your BC/DR efforts with the best practices contained in the IT Infrastructure Library (ITIL). Various processes within ITIL integrate seamlessly with BC/DR and, when implemented properly, can enable the ongoing maintenance of your BC/DR plan. Processes such as Service Level, Incident, Change and Configuration Management stipulate activities that can help ensure your plan stays current, regardless of the dynamic nature of the business.
The service lifecycle contained in ITIL v3 can provide for the ongoing improvement of your BC/DR plan over time. Let's take a look at some of the activities contained within ITIL that you can use to enhance your BC/DR capability:
Service Level Management (SLM) – Activities contained in this process establish the guidelines to design and implement services within your organization to ensure that the business and IT are aligned. Whether you are adding new services or maintaining existing services, continuity is a key component that must be addressed.
When determining your strategy for delivering services, its effect on your BC/DR plan needs to be addressed. Including continuity discussions when defining services and drafting service level agreements ensures that the business understands how the service will be recovered during disasters and other associated risks. Your service level manager should have a detailed understanding of the contents of your BC/DR plan in order to ensure that changes to business services that impact the plan are taken into consideration when revisions to the service catalog are made.
Incident Management (IM) – In its simplest form, an incident is any event that results in a service becoming unavailable or deteriorated. Disasters are major incidents that require the organization to follow an established workflow to restore the service to an acceptable and agreed upon service level. The process to detect, record, diagnose, resolve and close these incidents must be established in order to effectively manage the incident.
Integrating the contents of the BC/DR plan into your incident management process will ensure that the activities of the plan are executed in a timely and organized manner. Establishing the process that will be followed when these incidents occur will ensure that all the stakeholders involved will be notified of their responsibilities.
Service Desk – There are various service desk technologies available today that can be used to enable the process to work more effectively. The service desk is a tool you can use to create templates that will be followed to document the incident and establish the workflow that will be followed.
The BC/DR plan will stipulate the activities to be followed during a disaster and the service desk will be the place where the workflow will be documented. The standard template can be initiated, allowing each person with responsibility for the incident to be notified so they can take the appropriate actions established in the plan.
Configuration Management Database (CMDB) – All BC/DR plans contain a detailed list of the configuration items making up the critical services that need to be recovered during a disaster. Inclusion of the configurations in the CMDB will ensure that the information is available to all the required parties during the disaster. The CMDB will also contain all the attributes of the configuration items and establish ownership, control mechanisms, status, and verification requirements that will be needed to maintain the information so it stays current.
The CMDB is an important component for Incident and Change Management in order to determine the appropriate scope of outages and changes. Any changes to the configurations of critical services will have a direct impact on the BC/DR plan and should be annotated as such in the CMDB.
Availability and Capacity Management – As the service catalog is developed, service level requirements will determine the level of availability and capacity needed to reduce risks associated with the infrastructure. These plans provide critical input to the BC/DR plan in that they indicate the level of redundancy and capacity requirements needed to ensure continuous service operations. Availability and capacity managers must be consulted when developing the BC/DR plan so the level of capability can be defined appropriately. A detailed process in this area will lead to a more effective BC/DR plan.
Continual Service Improvement – In order to ensure that IT transforms itself toward a higher level of maturity, service improvement plans must be developed and maintained. A key component of drafting an effective plan is identification of the impact improvements (changes) have on the BC/DR plan. A detailed process for coordinating and determining the effect on the BC/DR capability is critical in ensuring that when improvements to the plan are made, all stakeholders are informed and the impact on the business is considered.
Summary-
Integrating your ITIL program with your BC/DR capability can provide the business with the assurance that IT is considering all aspects of maintaining continuous service operations. The list of correlating processes between ITIL and BC/DR contained in this article are not all inclusive, however, they represent a good start toward transforming and aligning IT with the business.
When developing your BC/DR capability, it is a good practice to consider ITIL as a means to enhance your plan by taking the time to integrate your efforts and consider the effects of Services, People, Process and Tools. The time you spend to ensure effective maintenance of your BC/DR plan using the ITIL best practices will go a long way to ensure continuous business operations before, during and after a disaster.
