As technology is a core component of most business processes, continued or high availability of IT is critical to the survival of the business as a whole. This is achieved by introducing risk reduction measures and recovery options. Like all elements of IT service management, successful implementation of the ITSCM process can only be achieved with senior management commitment and the support of all members of the organization. Ongoing maintenance of the recovery capability is essential if it is to remain effective. Service continuity is an essential part of the warranty of a service. If a service continuity cannot be maintained and/or restored in accordance with the requirements of the business, then the business will not experience the value that has been promised. Without continuity the utility of the service cannot be accessed.
ITSCM focuses on those events that the business considers significant enough to be treated as a‘disaster’. Less significant events will be dealt with as part of the incident management process. What constitutes a disaster will vary from organization to organization. The impact of a loss of a business process, such as financial loss, damage to reputation or regulatory breach is measured through a BIA exercise, which determines the minimum critical requirements. The specific IT technical and service requirements are supported by ITSCM. The scope of ITSCM within an organization is determined by the organizational structure, culture and strategic direction (Both business and technology) in terms of the services provided and how these develop and change over time. The Goal of ITSCM is to Support the larger business continuity plan.
Its Objectives are to:
Ensure IT Service Continuity Plan and Recovery Plan is in alignment of Overall Business Continuity Plan (BCP) of the organization.
Ensure regular Business Impact Analysis (BIA) happens so that all continuity plans remain in line with changing business needs.
The ITSCM process includes:
The agreement of the scope of the ITSCM process and the policies adopted.
BIA to quantify the impact loss of IT service would have on the business.
Risk Assessment and Management
The risk identification and risk assessment to identify potential threats to continuity and the likelihood of the threats becoming reality. This also includes taking measures to manage the identified threats where this can be cost-justified. The approach to manage these threats will form the core of the ITSCM strategy and plans. Production of an overall ITSCM strategy that must be integrated into the BCM strategy. This can be produced following the BIA and the development of the risk assessment and is likely to include elements of risk reduction as well as selection of appropriate and comprehensive recovery options. Production of an ITSCM plan, which again must be integrated with the overall BCM plans.
Testing of the plans
Maintenance of the plans
IT’S Service Continuity Management (ITSCM) –
Key Activities ITSCM is a cyclic process through the lifecycle to ensure that once service continuity plans have been developed they are kept aligned with Business continuity plans and business priorities.
Here is an example of Business Impact:
A money market dealing environment where loss of market data information could mean that the organization starts to lose money immediately as trading cannot continue. Loss of the settlement system does not preventtrading from taking place, but if trades already conducted cannot besettled within a specified period of time. The organization may be in breach of regulatory rules or settlement periods and suffer fines and damaged reputation. This may actually be a more significant impact than the inability to trade because of an inability to satisfy customer expectations. This is a classic example where ITSCM Plans can be invoked.
Info Security Management (ISM) –
Goals & Objectives
Goal of Information Security Management is to align IT security with business security and ensure that information security is effectively managed in all services and Service Management activities. It’s Objective is to protect the interests of those relying on information, systems and communications. Scope of Information Security Managementincludes all IT Systems and Services. It is also essential to know that Information security is a critical part of the warranty of a service. If the security of a service information and information processing cannot be maintained at the levels required by the business, Then the business will not experience the value that has been promised. Without information security the utility of the service cannot be accessed. You must understand that Information security management needs to be considered within the overall corporate governance framework. And if you think, what is corporate governance, then it is the set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction, ensuring the objectives are achieved, as certaining the risks are being managed appropriately and verifying that the enterprise resources are used effectively.
Info Security Management – Key Terms Here are 4 key terms you need to know about the Info Security
Confidentiality: Information can only be accessed by those authorized.
Integrity: Information is complete, accurate and protected against unauthorized modification.
Availability: Information is available and can be used when required.
Authenticity and Non-repudiation: Information exchanges between parties can be trusted.
Info Security Management – Key Activities
The Key Activities of Info Security Management is maintaining and managing:
Information Security Policy
Produced & maintained
Communicate & publish
Business Impact Analysis (BIA):
Maintain, review & audit
Impact & volumes
SLAs & Statutory Requirements
Assess changes - CAB
Access: External partners & suppliers
Focal point for security issues
Supplier Management – Goals & Objectives
The Goal of Supplier Management is to manage suppliers and the services they supply, to provide seamless quality of IT Services to the business, ensuring value for money is obtained. The Supplier Management process should includethe management of all suppliers and contracts needed to support the provision of IT Services to the business. The main objectives of the supplier management process are to:
Obtain value for money from suppliers and contracts
Ensure that contracts with suppliers are aligned to business needs and support and align with agreed targets in SLRs and SLAs, in conjunction with SLM
Manage relationships with suppliers
Manage supplier performance
Negotiate and agree contracts with suppliers and manage them through their lifecycle
Maintain a supplier policy and a supporting supplier and contract management information system (SCMIS). Supplier Management works hand in hand with SLM for SLA negotiation and vendor selection
Supplier Management – Key Activities
Here are some key activities which are done by the Supplier Management Process:
Implementation and enforcement of the supplier policy
Maintenance of an SCMIS Supplier and contract categorization and risk assessment
Supplier and contract categorization selection
Development, negotiation and agreement of contracts
Contract review, renewal and termination
Management of suppliers and Supplier performance
Identification of improvement opportunities for inclusion in the CSI register and the implementation of service and supplier improvement plans Maintenance of standard contracts, terms and conditions
Management of contractual dispute resolution
Management of sub-contracted suppliers
Supplier Management – Key Role
Supplier Manager is the key role within this process and takes care of activities like:
SLAs, contracts, agreements, etc
Providing assistance in the development and review of SLAs, contracts, agreements or any other documents for third-party suppliers
Supplier & Contracts Database (SCD)
Maintaining and reviewing a Supplier and Contracts Database (SCD)
Termination / transfer
Reporting & improvement
Contract and Performance Review
In this session you have learnt about
Goals, objectives & business value of service design