Triggers, inputs, outputs and interfaces. Many events may trigger ITSCM activity
Many events may trigger ITSCM activity. These include:
- New or changed business needs, or new or changed services
- New or changed targets within agreements, such as SLRs, SLAs, OLAs or contracts
- The occurrence of a major incident that requires assessment for potential invocation of either Business or IT Continuity Plans
- Periodic activities such as the BIA or Risk Analysis activities, maintenance of Continuity Plans or other reviewing, revising or reporting activities
- Assessment of changes and attendance at Change Advisory Board meetings
- Review and revision of business and IT plans and strategies
- Review and revision of designs and strategies
- Recognition or notification of a change of risk or impact of a business process or VBF, an IT service or component
- Initiation of tests of continuity and recovery plans.
Integration and interfaces exist from ITSCM to all other processes. Important examples are as follows:
- Change Management – all changes need to be considered for their impact on the continuity plans, and if amendments are required to the plan, updates to the plan need to be part of the change. The plan itself must be under Change Management control.
- Incident andProblem Management – incidents can easily evolve into major incidents or disasters. Clear criteria need to be agreed and documented on for the invocation of the ITSCM plans.
- Availability Management – undertaking Risk Analysis and implementing risk responses should be closely coordinated with the availability process to optimize risk mitigation.
- Service Level Management – recovery requirements will be agreed and documented in the SLAs. Different service levels could be agreed and documented that could be acceptable in a disaster situation.
- Capacity Management – ensuring that there are sufficient resources to enable recovery onto replacement computers following a disaster.
- Configuration Management – the CMS documents the components that make up the infrastructure and the relationship between the components. This information is invaluable for all the stages of the ITSCM lifecycle, the maintenance of plans and recovery facilities.
- Information Security Management – a very close relationship exists between ITSCM and Information Security Management. A major security breach could be considered a disaster, so when conducting BIA and Risk Analysis, security will be a very important consideration.
There are many sources of input required by the ITSCM process:
- Business information: from the organization’s business strategy, plans and financial plans, and information on their current and future requirements
- IT information: from the IT strategy and plans and current budgets
- A Business Continuity Strategy and a set of Business Continuity Plans: from all areas of the business
- Service information: from the SLM process, with details of the services from the Service Portfolio and the Service Catalogue and service level targets within SLAs and SLRs
- Financial information: from Financial Management, the cost of service provision, the cost of resources and components
- Change information: from the Change Management process, with a Change Schedule and a need to assess all changes for their impact on all ITSCM plans
- CMS: containing information on the relationships between the business, the services, the supporting services and the technology
- Business Continuity Management and Availability Management testing schedules
- IT Service Continuity Plans and test reports from supplier and partners, where appropriate.
The outputs from the ITSCM process include:
- A revised ITSCM policy and strategy
- A set of ITSCM plans, including all Crisis Management Plans, Emergency Response Plans and Disaster Recovery Plans, together with a set of supporting plans and contracts with recovery service providers
- Business Impact Analysis exercises and reports, in conjunction with BCM and the business
- Risk Analysis and Management reviews and reports, in conjunction with the business, Availability Management and Security Management
- An ITSCM testing schedule
- ITSCM test scenarios
- ITSCM test reports and reviews.
Forecasts and predictive reports are used by all areas to analyse, predict and forecast particular business and IT scenarios and their potential solutions.