{"id":6984,"date":"2017-05-02T17:26:20","date_gmt":"2017-05-02T17:26:20","guid":{"rendered":"https:\/\/multiacademstg.wpengine.com\/20000academy\/?p=6984"},"modified":"2024-12-12T16:29:04","modified_gmt":"2024-12-12T16:29:04","slug":"it-service-continuity-plan-why-do-you-need-it","status":"publish","type":"post","link":"https:\/\/advisera.com\/20000academy\/blog\/2017\/05\/02\/it-service-continuity-plan-why-do-you-need-it\/","title":{"rendered":"IT Service Continuity Plan \u2013 Why do you need it?"},"content":{"rendered":"<p>Most of the mid-size and large companies I work with have financial planning. That includes their monetary expenditures in the planning period (usually for the next 1-3 years), human resources, assets, projects, income &#8230; But, I rarely found that those same organizations planned the continuity of their IT services. Even worse, when I asked about it, I heard: \u201cWhat? What do you mean, planning IT service continuity?\u201d The exceptions were organizations who already had <a href=\"https:\/\/advisera.com\/27001academy\/what-is-iso-27001\/\" target=\"_blank\" rel=\"noopener noreferrer\">ISO 27001<\/a>\u00a0\/ <a href=\"https:\/\/advisera.com\/27001academy\/what-is-iso-22301\/\" target=\"_blank\" rel=\"noopener noreferrer\">ISO 22301<\/a>\u00a0\/\u00a0<a href=\"https:\/\/advisera.com\/20000academy\/what-is-iso-20000\/\" target=\"_blank\" rel=\"noopener noreferrer\">ISO 20000<\/a>\u00a0in place.<\/p>\n<p>The IT Service Continuity Plan is an important foundation for continuity activities. Let\u2019s see the ITIL (i.e. ISO 20000) approach to this plan.<\/p>\n<h2>What is it, and where does it come from?<\/h2>\n<p>The IT Service Continuity Plan is a company\u2019s formal plan for how to restore one or more IT services. By having such a plan, an ITSM organization prevents an ad-hoc approach or individual appraisal in case an emergency situation takes place and continuity of IT services needs to be ensured.<\/p>\n<p>Both <a href=\"https:\/\/advisera.com\/20000academy\/what-is-itil\/\" target=\"_blank\" rel=\"noopener noreferrer\">ITIL<\/a>\u00a0and ISO 20000 require companies to consider their business operations while establishing an IT Service Continuity Plan. That\u2019s good, and pretty important. While integrating an IT Service Continuity Plan and business operations, you will ensure that the IT Service Continuity Plan exists because \u2013 the business needs it. Otherwise, it would be a plan with questionable purpose.<br \/>\n<div id=\"middle-banner\" class=\"banner-shortcode\"><\/div><script>loadMiddleBanner();<\/script><br \/>\n<div id=\"side-banner-trigger\" class=\"banner-shortcode\"><\/div><br \/>\nITIL emphasizes the relationship between <a href=\"https:\/\/advisera.com\/20000academy\/documentation\/it-service-continuity-management-process-iso-20000\/\" target=\"_blank\" rel=\"noopener noreferrer\">IT Service Continuity Management<\/a>\u00a0(which is, by the way, responsible for creating and maintaining the IT Service Continuity Plan) and Business Continuity Management. Theoretically, that\u2019s excellent, but it looks a bit different in real life. Actually, most of the companies rarely document business continuity (of course, except the ones that have ISO 22301 in place). That doesn\u2019t mean that it doesn\u2019t exist, but it\u2019s rather in management\u2019s head (they know what is important for the continuity of the company\u2019s business operations). So, while setting up the IT Service Continuity Plan, IT Service Management (ITSM) will have to talk to the business end to get inputs.<\/p>\n<p>ISO 20000 has quite a similar approach. It requires talking to the customers and interested parties, identifying and agreeing on service continuity requirements, and taking into consideration business plans.<\/p>\n<p>Based on inputs from the business, IT Service Continuity Management will create the plan. In the scope of the activities that precede the creation of the plan, the following will be done:<\/p>\n<ul>\n<li>Business Impact Analysis (BIA) \u2013 this is a set of activities that will help ITSM to understand the business services, their importance, and their dependencies. Read the article <a href=\"https:\/\/advisera.com\/20000academy\/blog\/2014\/12\/02\/business-impact-analysis-in-itil-know-whats-important\/\">Business Impact Analysis in ITIL \u2013 Know what\u2019s important<\/a>\u00a0to learn more about <a href=\"https:\/\/advisera.com\/20000academy\/documentation\/business-impact-analysis-and-recovery-iso-20000\/\" target=\"_blank\" rel=\"noopener noreferrer\">BIA<\/a>.<\/li>\n<li>Definition of minimum agreed service level \u2013 this is one of the most important activities of the IT Service Continuity Management in order to create an efficient IT Service Continuity Plan. For example, ITSM will get input from the business that it is acceptable for the company that (in case of emergency) in first the 24 hours only 20% of employees have email service, in the next 24 hours another 20%, etc. In this way, the IT Service Continuity Plan will define how to fulfill this requirement.<\/li>\n<\/ul>\n<p style=\"text-align: center\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-6986\" src=\"\/wp-content\/uploads\/\/sites\/6\/2017\/05\/ITSCM_BCM.png\" alt=\"-\" width=\"466\" height=\"318\" srcset=\"\/wp-content\/uploads\/sites\/6\/2017\/05\/ITSCM_BCM.png 466w, \/wp-content\/uploads\/sites\/6\/2017\/05\/ITSCM_BCM-300x205.png 300w\" sizes=\"(max-width: 466px) 100vw, 466px\" \/><em>Figure: IT Service Continuity and Business Continuity are strongly related<\/em><\/p>\n<h2>The content<\/h2>\n<p>If you are implementing ISO 20000, it\u2019s much easier to define the content of the <a href=\"https:\/\/advisera.com\/20000academy\/documentation\/it-service-continuity-management-plan-iso-20000\/\" target=\"_blank\" rel=\"noopener noreferrer\">IT Service Continuity Plan<\/a>. Namely, ISO 20000-1 (set of requirements) defines (quite clearly) what the content of the plan should be:<\/p>\n<ol>\n<li>defined procedure(s) that will be implemented in case of the plan\u2019s activation<\/li>\n<li>defined targets (related to the availability of the services) that needs to be achieved<\/li>\n<li>definition of the recovery requirements<\/li>\n<li>definition of how to return to normal working conditions<\/li>\n<\/ol>\n<p>ITIL is not that explicit in listing requirements, but it provides more details in order to develop and establish the IT Service Continuity Plan, as well as activities of the IT Service Continuity Management process. So, the following items are important to ensure the continuity of IT services, and therefore should be defined in the plan:<\/p>\n<ul>\n<li>Organization \u2013 This defines the members of the IT Service Continuity Management Team and their responsibilities.<\/li>\n<li>IT Service Continuity requirements \u2013 These are the results of the BIA, risk assessment, or inputs from the SLA and how to approach them; i.e., defined targets (e.g., minimum agreed service level, time within which agreed service level must be established, etc.) and how to achieve them.<\/li>\n<li>Definition of how to activate\/deactivate plan \u2013 This includes related roles and their responsibilities.<\/li>\n<li>Recovery options \u2013 They will be different for each organization and include, e.g., alternative site or hot standby with two mirrored data centers. Read the article <a href=\"https:\/\/advisera.com\/20000academy\/blog\/2015\/09\/22\/itil-risk-response-measures-and-recovery-options-from-catastrophic-events\/\">ITIL risk response measures and recovery options from catastrophic events<\/a>\u00a0to learn more.<\/li>\n<li>Test \u2013 The plan needs to be tested for the ITSM organization to be confident that it works. Define timing, scope, responsibilities, etc.<\/li>\n<li>Communication \u2013 Who communicates, what, when, to whom, etc.<\/li>\n<\/ul>\n<p>And, one more thing \u2013 involve your suppliers, either in your plan or relate their plan with your own. If you use them for service delivery \u2013 you\u2019ll need them in case of the plan\u2019s activation.<\/p>\n<h2>Use of the plan<\/h2>\n<p>Once a disruptive event takes place (and the IT Service Continuity Plan gets activated) \u2013 that\u2019s the moment of truth, i.e., an appraisal of the quality of work invested in the plan\u2019s creation. Invocation of the plan needs to ensure that agreed service levels are achieved and that the (ITSM) organization can continue its activities.<\/p>\n<p>When establishing a plan and performing (regular) tests of the plan, you will get inputs and ideas for what could be done better (on existing services) and initiate improvement initiatives. Additionally, while informing and educating members of the IT Service Continuity Management Team, they will get an understanding of how IT services and business operations are related (which is important for decisions on <a href=\"https:\/\/advisera.com\/20000academy\/documentation\/budgeting-and-controlling\/\" target=\"_blank\" rel=\"noopener noreferrer\">IT budgets<\/a>, resources, investment in technology or people, etc.).<\/p>\n<p>The approach towards, and content of, the plan vary from organization to organization. There are a lot of parameters that influence its content. It is important that the company doesn\u2019t get surprised (i.e., that the plan exists) and that everyone involved knows what to do. And, don\u2019t forget \u2013 practice makes perfect. The same is valid for your IT Service Continuity Plan.<\/p>\n<p><em>To implement ISO 20000 easily and efficiently, use our<\/em> <a href=\"https:\/\/advisera.com\/20000academy\/iso-20000-documentation-toolkit\/\" target=\"_blank\" rel=\"noopener\">ISO 20000 Documentation Toolkit<\/a> <em>that provides step-by-step guidance for full ISO 20000 compliance.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Most of the mid-size and large companies I work with have financial planning. That includes their monetary expenditures in the planning period (usually for the next 1-3 years), human resources, assets, projects, income &#8230; But, I rarely found that those same organizations planned the continuity of their IT services. Even worse, when I asked about &#8230;<\/p>\n","protected":false},"author":32,"featured_media":6987,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[366,589,590,344],"class_list":["post-6984","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-iso-20000","tag-it-service-continuity","tag-it-service-continuity-plan","tag-itil"],"acf":[],"_links":{"self":[{"href":"https:\/\/advisera.com\/20000academy\/wp-json\/wp\/v2\/posts\/6984","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/advisera.com\/20000academy\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/advisera.com\/20000academy\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/advisera.com\/20000academy\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/advisera.com\/20000academy\/wp-json\/wp\/v2\/comments?post=6984"}],"version-history":[{"count":2,"href":"https:\/\/advisera.com\/20000academy\/wp-json\/wp\/v2\/posts\/6984\/revisions"}],"predecessor-version":[{"id":17947,"href":"https:\/\/advisera.com\/20000academy\/wp-json\/wp\/v2\/posts\/6984\/revisions\/17947"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/advisera.com\/20000academy\/wp-json\/wp\/v2\/media\/6987"}],"wp:attachment":[{"href":"https:\/\/advisera.com\/20000academy\/wp-json\/wp\/v2\/media?parent=6984"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/advisera.com\/20000academy\/wp-json\/wp\/v2\/categories?post=6984"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/advisera.com\/20000academy\/wp-json\/wp\/v2\/tags?post=6984"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}