IT Service Continuity Management

Introduction and Objectives

The main objectives of IT Service Continuity Management (ITSCM) may be summarised as:

• Guaranteeing the rapid recovery of (critical) IT services after a disaster.
• Establishing policies and procedures that avoid, as far as possible, the harmful consequences of a disaster or instance of force majeure.

Although at first glance proactive policies that predict and limit the effect of a disaster on IT services might seem to be preferable to those that are purely reactive, it is important to evaluate the relative costs and the real impact on business continuity in order to opt for one or the other, or a judicious combination of both.

Proper ITSCM must form an essential part of Business Continuity Management (BCM) and must be at its service. IT services are only a part, although often a very important part, of the business as a whole and it does not make sense for an online ordering system continue operating perfectly after a disaster if the company is unable to supply goods to its customers

It is important to distinguish "ordinary" disasters, such as fires, floods, etc. from IT disasters, such as those caused by distributed denial of service attacks (DDOS), computer viruses, etc. Although ITSCM is responsible for predicting the risks associated in each case and restoring IT service rapidly, ITSCM clearly has a special responsibility in the latter case, as:

• They only affect IT services directly, but they paralyse the whole organisation.
• They are more predictable and more common.
• The customer's perception is different: natural disasters are easier to accept and are not generally associated with negligence, although this is not always true.

The main benefits of proper IT Service Continuity Management may be summarised as:

• Proper management of risks.
• A reduction in the length of interruption of service due to force majeure.
• Improved confidence in the quality of service among customers and users.
• Support for the Business Continuity Management process.

The main difficulties when implementing IT Service Continuity Management may be summarised as:

• There may be resistance to making investments which do not show an immediate return.
• The associated costs are not budgeted properly.
• Insufficient resources are assigned.
• There is insufficient commitment to the process within the organisation and the corresponding tasks and activities tend to be put off indefinitely in favour of "more urgent" matters.
• The risk analysis is not performed correctly and real threats and vulnerabilities are overlooked.
• Staff are not familiarised with the actions to take and procedures to follow in the event of a severe service interruption.
• There is a lack of coordination with BCM.