IT Service Continuity Management is ITIL’s term for business continuity and disaster recovery management, or BC and DR. Because of the prevelance of CM in ITIL acronyms, BC/DR is arguably a much better identifier. Regardless of the moniker, it is concerned with the organizations ability to continue to provide a pre-determined and agreed level of IT services to support the minimum business requirements following a business service interruption.
BC/DR is a vital subset of, and provides support to the overall business continuity management (BCM) process by ensuring that the required IT services / facilities (including computer systems, networks, applications, telecommunications, technical support and Service Desk) can be recovered within required and agreed business time-scales.
The BC/DR process is based on the identification of the required, minimum levels of business operation that are required following an incident, and the necessary systems, facilities and service requirements. It is driven by these business needs, not by the perceived needs of the IT community, and requires senior management commitment.
The process consist of the following.
- Risk / Priority Analysis: Examining the risks and threats to IS services, and the development of an IT risk reduction or mitigation program to deliver the continuity requirements necessary to provide the required level of business operation. The identification of business operational priorities influences the determination of critical services and data, and their relative priorities in the event of a contingency situation (e.g. a disaster).
- Planning for Contingency: This covers the development, proving, sign-off and ongoing maintenance of plans to be invoked in the event of a range of contingency scenarios. The main product is a detailed set of contingency plans.
- Testing: Probably the most well-known aspect, this covers the ongoing verification that the plan is valid and can successfully meet goals, RPOs, and RTOs.
- Risk Management: This covers the active management of identified risks, beyond the normal recovery procedures embodied in the contingency plans, with particular emphasis on prevention or reduction of risk.
Organizations my periodically assess the maturity of their BC/DR programs.