Directory of ITIL, ITSM & security |
ITIL: Contingency Planning, Disaster Recovery and Business Continuity |
Continuity Management / Disaster Recovery / Business Continuity
Continuity management is the process by which plans are put in place and managed to ensure that IT Services can recover and continue should a serious incident occur. It is not just about reactive measures, but also about proactive measures - reducing the risk of a disaster in the first instance.
Continuity management is so important that many organisations will not do business with IT service providers if contingency planning is not practiced within the service provider’s organisation. It is also a fact that many organisations that have been involved in a disaster where their contingency plan failed, ceased trading within 18 months following the disaster.
Continuity management is regarded as the recovery of the IT infrastructure used to deliver IT Services, but many businesses these days practice the much further reaching process of Business Continuity Planning (BCP), to ensure that the whole end-to-end business process can continue should a serious incident occur.
Continuity management involves the following basic steps:
- Prioritising the businesses to be recovered by conducting a Business Impact Analysis (BIA)
- Performing a Risk Assessment (aka Risk Analysis) for each of the IT Services to identify the assets, threats, vulnerabilities and countermeasures for each service.
- Evaluating the options for recovery
- Producing the Contingency Plan
- Testing, reviewing, and revising the plan on a regular basis
Continuity Management and Contingency Planning Information & Resources
A number of portals exist which offer guidance upon the topic of continuity management and contingency planning:
- Business Continuity Planning
- Disaster Recovery World
- Disaster Recovery Shop
Continuity Management and IT Security
Continuity Management (and contingency planning, business continuity and disaster recovery) is an integral part of IT security and risk analysis. Inadequate contingency planning is regarded as a risk to the business, and is often overlooked until it is too late, when a security or other breach results in the loss of supporting IT systems.
This is a complex area, but fortunately a methodology and tool has evolved to greatly simplify it. The COBRA system emerged to counter the problems encountered through the use of older, less dynamic systems and approaches. It greatly reduces reliance upon external expertise, being equipped with significant knowledge within its 'knowledge bases'. A full evaluation copy of COBRA is downloadable from our Download Page.
Availability Management
Closely related to Continuity Management is Availability Management. This is the practice of identifying levels of IT Service availability for use in Service Level Reviews with Customers. See our Availability Management Page for more details.