IT service continuity management is the process through which plans are created and executed in order to guarantee that IT services can be recovered and continue operation in the event that a serious incident, such as a natural disaster, should occur. Its responsibilities cover more than just the reaction to such an occurrence, however. The IT service continuity team is also charged with the responsibility of minimizing the risk of severe damage in the first place.
Much of the team’s work is dedicated to the continued development of a Business Impact Analysis (BIA), which is essentially a process of identifying vital business functions and their many dependencies. While not necessarily responsible for the development of the entirety of the plan, the IT service continuity management team must be able to pinpoint various recovery requirements for each IT service, such as recovery time objectives, recovery point objectives, and targets for a minimum service level. This is usually done in conjunction with an assessment of the relative priority of various IT functions, creating a hierarchy of services which must take priority in the event of an incident.
Recovery time objectives are basically deadlines to have near-comprehensive IT usage restored to normal levels. On the other hand, recovery point objectives dictate the deadlines to have specific functions available, such as having system memory restored, allowing individual users to log on, etc.
Minimum service level targets are established to specify how much of the system’s capacity and services should be available in any given circumstance. For instance, in the event of a minor incident such as a server crash, the system might still be able to continue as if it were business as usual. However, should a larger-scale event occur, such as an earthquake or a hurricane, it would likely be more reasonable to expect the system to function at half its normal capacity and with a reduced number of services available?
It is also necessary for the team to identify which forms the losses may take. Hard factors are physical losses, such as the destruction of data or equipment. Soft factors are abstract losses, such as the loss of income or reputability. Both are important considerations, as each of them results in severe financial repercussion for the company. In addition, the team must be able to identify the manner in which the degree of loss or damage is likely to escalate, most commonly in monetary terms. Is it a set amount per hour that the company will lose? Or is it an amount that will grow exponentially over time? Plans must be put in place to slow or prevent the escalation of soft factor losses, before they spiral uncontrollably.
Lastly, the team needs to consider which resources and capabilities are prerequisites to restore functionality to acceptable levels. For instance, if the system is absolutely dependent on a given server operating, then the restoration of the aforementioned server becomes one of the first priorities on the hierarchy of needs to be attended to.
With an effective continuity management team and IT department can significantly minimize or even avoid the effects of a major incident. The savings to a company in what would have been lost income can be absolutely enormous, ranging from a hundred dollars to millions, and anywhere in between.
