DS04 Service Continuity Management

Operational and tested IT continuity plan which is in line with the overall business continuity plan and its related business requirements.

Framework: create a continuity framework which defines the roles, responsibilities, the risk based approach/methodology to be adopted, and the rules and structures to document the plan as well as the approval procedures,
Strategy and Philosophy: ensure that the information technology continuity plan is in line with the overall business continuity plan to ensure consistency,
IT Continuity Plan Contents: ensure that a written plan is developed and maintained,
Requirements minimization: establish procedures and guidelines for minimizing the continuity requirements with regard to personnel, facilities, hardware, software, equipment, forms, supplies and furniture,
Continuity Plan Maintenance: provide for change control procedures in order to ensure that the continuity plan is up-to-date and reflects actual business requirements,
Plan Testing: assess Continuity Plan adequacy on a regular basis,
Plan Training: ensure that all concerned parties receive regular training sessions regarding the procedures to be followed in case of an incident or disaster,
Plan Distribution: ensure plan is available and known to all authorized personnel.

No incidents causing public embarrassment
Number of critical business processes relying on IT that have adequate continuity plans
Regular and formal proof that the continuity plans work
Reduced downtime
Number of critical infrastructure components with automatic availability monitoring

Number of outstanding continuous service issues not resolved or addressed
Number and extent of breaches of continuous service, using duration and impact criteria
Time lag between organisational change and continuity plan update
Time to diagnose an incident and decide on continuity plan execution
Time to normalise the service level after execution of the continuity plan
Number of proactive availability fixes implemented
Lead time to address continuous service shortfalls
Frequency of continuous service training provided
Frequency of continuous service testing

A no-break power system is installed and regularly tested
Potential availability risks are proactively detected and addressed
Critical infrastructure components are identified and continuously monitored
Continuous service provision is a continuum of advance capacity planning, acquisition of high-availability components, needed redundancy, existence of tested contingency plans and the removal of single points of failure
Action is taken on the lessons learned from actual down-time incidents and test executions of contingency plans
Availability requirements analysis is performed regularly
Service level agreements are used to raise awareness and increase co-operation with suppliers for continuity needs
The escalation process is clearly understood and based on a classification of availability incidents
The business costs of interrupted service are specified and quantified where possible, providing the motivation to develop appropriate plans and arrange for contingency facilities