IT service continuity management (ITSCM) covers the processes by which
plans are put in place and managed to ensure that IT Services can
recover and continue even after a serious incident occurs. It is not
just about reactive measures, but also about proactive measures –
reducing the risk of a disaster in the first instance.
ITSCM is
regarded by the application owners as the recovery of the IT
infrastructure used to deliver IT Services, but as of 2009 many
businesses practice the much further-reaching process of business
continuity planning (BCP), to ensure that the whole end-to-end business
process can continue should a serious incident occur (at primary support
level).
ITSCM involves the following basic steps:
- prioritising the activities to be recovered by conducting a business impact analysis (BIA)
- performing
a risk assessment (aka risk analysis) for each of the IT services to
identify the assets, threats, vulnerabilities and countermeasures
for each service.
- evaluating the options for recovery
- producing the contingency plan
- testing, reviewing, and revising the plan on a regular basis.