Leveraging ITIL Business Continuity By Guta Basner Process Service Management Corporation (PSMC) Phone: 619-850-6052 firstname.lastname@example.org Business Continuity • Continuity management is the process by which plans are put in place and managed to ensure that IT Services can recover and continue should a serious incident occur. • It is not just about reactive measures, but also about proactive measures – reducing the risk of a disaster in the first instance. • Many businesses these days practice the much further reaching process of Business Continuity Planning (BCP) Disaster Recovery • Process by which you resume business after a disruptive event. The event might be something huge-like an earthquake, fire or the terrorist attack or something small, like malfunctioning software caused by a computer virus. • Often, the two terms are married under the acronym BC/DR. At any rate, DR and/or BC determines how a company will keep functioning after a disruptive event until its normal facilities are restored. Business Continuity vs. IT Service Continuity • IT Service Continuity, is a major process in the Service Delivery area of IT. • But what is often lost in the operational “commotion" of equipment moving and data recovery is the fact that IT Service Continuity is a major subset of an overriding Business Continuity plan. Systematic Approach to Planning • BUSINESS must create and drive a company’s Business Continuity plan; • IT will do its significant part, but this is a business issue. • The whole reason IT Departments try to recover all IT-related systems is for the business to continue. • Whether a disaster is natural or man made, the time to plan is before the event. Requirement • To ensure the effective delivery of services and products, an integrated service framework is required. • One such framework with well-defined supporting processes is Information Technology Infrastructure Library (ITIL). • Today, many industry leaders recognize ITIL as the de facto world standard in IT Service Management. ITIL How can ITIL enable your IT department to successfully recover critical business functions quickly and cost effectively? ITIL Coverage ITIL covers a multitude of IT related subjects including: • Service Support • Service Delivery • Service Management/Service Level Agreements • Security Management • Continuity Management/Disaster Recovery ITIL Service Level Management Change Incident Management 5 Management 4 3 Configuration Problem 2 Management Management 1 Capacity Release Management Management Continuity Availability Management Managment Financial Management ITIL Continuity Planning ITIL Component Goal Service Level Management To maintain and gradually improve business aligned IT service quality through a constant cycle of agreeing, monitoring, reporting, and reviewing IT service achievements and through instigating actions to eradicate unacceptable levels of service. Availability Management To optimize the capability of IT infrastructure and supporting organization to deliver a cost effective and sustained level of availability that enables the business to satisfy its objectives. Capacity Management To understand the future business requirements (the required service delivery), the organization's operation (the current serviced delivery), the IT infrastructure (the means of service delivery), and ensure that all current and future capacity and performance aspects of the business requirements are provided cost effectively. Financial Management for IT To provide cost effective stewardship of the IT assets and the Services financial resources used in providing IT services IT Service Continuity To support the overall Business Continuity Management process by ensuring that the required IT technical and services facilities can be recovered within required and agreed business time-scales. Availability and Capacity Management • As the service catalog is developed, service level requirements will determine the level of availability and capacity needed to reduce risks associated with the infrastructure. • These plans provide critical input to the BC/DR plan in that they indicate the level of redundancy and capacity requirements needed to ensure continuous service operations. • Availability and capacity managers must be consulted when developing the BC/DR plan so the level of capability can be defined appropriately. • A detailed process in this area will lead to a more effective BC/DR plan. Service Level Management • (SLM) – Activities contained in this process establish the guidelines to design and implement services within your organization to ensure that the business and IT are aligned. Whether you are adding new services or maintaining existing services • Continuity Planning is key to the successful compliance of all SLAs. Integrated Processes • Various processes within ITIL integrate seamlessly with BC/DR and, when implemented properly, can enable the ongoing maintenance of your BC/DR plan. • Processes such as Service, Incident, Change and Configuration Management stipulate activities that can help ensure your plan stays current, regardless of the dynamic nature of the business. ITIL Service Support Process Model The Organization, Customers and Users Incident Problem Change Management Management Management Release Configuration Management Management ITIL Component Goal Incident Management To restore normal service operation as quickly as possible with minimum disruption to the business, thus ensuring that the best achievable levels of availability and service are maintained. Problem Management To minimize the adverse effect on the business of incidents and problems caused by errors in the infrastructure, and to proactively prevent the occurrence of incidents, problems, and errors. Change Management To ensure that standardized methods and procedures are used for efficient and prompt handling of all changes, in order to minimize the impact of any related incidents upon service. Release Management To take a holistic view of change to an IT service and ensure that all aspects of a release, both technical and non- technical, are considered together. Configuration To provide a logical model of the IT infrastructure by Management identifying, controlling, maintaining and verifying the versions of all configuration items in existence. Incident Management • (IM) – In its simplest form, an incident is any event that results in a service becoming unavailable or deteriorated. • Disasters are major incidents that require the organization to follow an established workflow to restore the service to an acceptable and agreed upon service level. • The process to detect, record, diagnose, resolve and close these incidents must be established in order to effectively manage the incident. Service Desk • There are various service desk technologies available today that can be used to enable the process to work more effectively. The service desk is a tool you can use to create templates that will be followed to document the incident and establish the workflow that will be followed. Problem Management The Problem Management process is based on the concept of learning from past experience. The process provides the historical data to identify trends, and the means of preventing failures and of reducing the impact of failures, resulting in improved user productivity. Configuration Management Database • (CMDB) – All BC/DR plans contain a detailed list of the configuration items making up the critical services that need to be recovered during a disaster. • Inclusion of the configurations in the CMDB will ensure that the information is available to all the required parties during the disaster. • The CMDB will also contain all the attributes of the configuration items and establish ownership, control mechanisms, status, and verification requirements that will be needed to maintain the information so it stays current. Change Management Specific benefits of an effective CM system include: • Improved risk assessment. • A reduced adverse impact of Changes on the quality of services and on SLAs. • Fewer Changes that have to be backed-out • Improved problem and Availability Management through the use of valuable management information relating to changes accumulated through the Change Management process. What Can Go Wrong? The list of things that can go wrong is endless, especially in this age of supply chains that stretch around the globe, leaving companies vulnerable to strikes, natural disasters and civil unrest far from home base. Companies need to start cataloging what could go wrong, but they also need to examine their cultures to make sure theirs is resilient Risk & Benefits Strategic benefits of integrated management processes include: • Increased protection for the IT infrastructure • Increased service level, availability and customer delivery • Strategic change in IT service management culture from reactive to proactive • Significantly improved processes BC/DR, which comply with a recognized best practice standard (ITIL) Starting ITIL Initiative? “Be committed, train your people, and stay the course.” Also remember: ISO 17799 (The Information Security Standard) Processes Selecting a framework and building processes is like building a foundation for a house. If the foundation is not solid you can spend millions on what is above the ground, but it won't matter because your house will not be stable. But, if your foundation is rock-solid the house will withstand the storms of ever changing conditions. Every business has processes, but only the exceptional have the ability to measure how effective and efficient they are. Goals Continuous process and Service improvement Current State Long Term • Inward looking • Outward looking • Ad Hoc • Rationalized • Best efforts • Streamlined &Measured • Fragmented, Silos • Integrated, End-to-end • Reactive • Proactive ITIL Service Continuity • It’s far more than just Disaster Recovery Planning. • IT Service Continuity Management prepares for the worst case scenario, that is not just how to recover from disaster but to stop the disaster from occurring in the first place, if at all possible. • ITSCM investigates, develops and implements recovery options when an interruption to service reaches a pre-defined point. Summary Integrating your ITIL program with your BC/DR capability can provide the business with the assurance that IT is considering all aspects of maintaining continuous service operations. The list of correlating processes between ITIL and BC/DR contained in this presentation are not all inclusive, however, they represent a good start toward transforming and aligning IT with the business. Back-up Slides • If you want to know Measuring and Improving the Service Process Maturity • Service process capability - the range of expected results that can be achieved by following a service process • Service process performance - the actual results achieved by following a service process • Service process maturity - the extent to which a specific process is explicitly defined, managed, measured, controlled and effective Process Maturity on a Five Level Ordinal Scale • The first level - Few processes are defined, and success depends on individual effort and heroics. • Level two - Basic service management processes are established. • Level three - Processes are documented, standardized, and integrated into standard service processes. • Level four - Detailed measurements of the service delivery process and service quality are collected. • Level five - The entire organization is focused on continuous process and service improvement. Service Improvement Continual Service Improvement – to ensure that IT transforms itself toward a higher level of maturity, service improvement plans must be developed and maintained. A key component of drafting an effective plan is identification of the impact improvements (changes) have on the BC/DR plan. A detailed process for coordinating and determining the effect on the BC/DR capability is critical in ensuring that when improvements to the plan are made, all stakeholders are informed and the impact on the business is considered.
Pages to are hidden for
"Continuity Management Process"Please download to view full document