Beruflich Dokumente
Kultur Dokumente
Notice of Rights: Copyright The Art of Service. All rights reserved. No part of
this book may be reproduced or transmitted in any form by any means,
electronic, mechanical, photocopying, recording, or otherwise, without the prior
written permission of the publisher.
Table of Contents
1 INTRODUCTIONROADMAP.......................................................................................................................5
2 DISASTERRECOVERY.................................................................................................................................9
3 SUPPORTINGDOCUMENTS.....................................................................................................................43
3.1 OBJECTIVESANDGOALS...............................................................................................................................45
3.2 POLICIES,OBJECTIVES&SCOPE.....................................................................................................................49
3.3 BUSINESSJUSTIFICATIONDOCUMENT.............................................................................................................55
3.4 BUSINESSIMPACTANALYSIS.........................................................................................................................61
3.5 EXAMPLEBUSINESSIMPACTASSESSMENT.......................................................................................................63
3.6 RISKASSESSMENTTEMPLATE........................................................................................................................71
3.7 ENVIRONMENTALARCHITECTURES&STANDARDS.............................................................................................79
3.8 RECIPROCALARRANGEMENTS.......................................................................................................................85
3.9 BUSINESSCONTINUITYSTRATEGY................................................................................................................105
3.10 MANAGEMENTOFRISK(MOR)FRAMEWORK..............................................................................................117
3.11 RISKASSESSMENTQUESTIONNAIRE............................................................................................................121
3.12 TYPICALCONTENTSOFARECOVERYPLAN....................................................................................................129
3.13 COMMUNICATIONPLAN..........................................................................................................................135
3.14 EXAMPLEEMAILTEXT............................................................................................................................141
3.15 EMERGENCYRESPONSETEMPLATE.............................................................................................................145
3.16 SALVAGEPLANTEMPLATE........................................................................................................................155
3.17 VITALRECORDSTEMPLATE.......................................................................................................................161
3.18 ROLESANDRESPONSIBILITIES....................................................................................................................167
3.19 PROCESSMANAGER................................................................................................................................169
3.20 REPORTS,KPISANDOTHERMETRICS..........................................................................................................173
3.21 BUSINESSANDITFLYERS.........................................................................................................................179
4 IMPLEMENTATIONPLAN.......................................................................................................................183
5 FURTHERREADING...............................................................................................................................193
Page 3
Disaster Recovery Workbook
Page 4
Disaster Recovery Workbook
1 INTRODUCTION ROADMAP
Many organizations are looking to implement IT Service Asset & Continuity Management
(ITSCM) as a way to improve the structure and quality of the business and recover from
disaster.
This document describes the contents of the Disaster Recovery Workbook. The information
found within the book is based on the ITIL Version 3 framework, specifically the Service Design
phase which incorporates the updated ITIL version 3 IT Service Asset & Continuity
Management process.
The workbook is designed to answer a lot of the questions that the IT Service Asset &
Continuity Management process raises and provides you with useful guides, templates and
essential, but simple assessments.
The supporting documents and assessments will help you identify the areas within your
organization that require the most activity in terms of change and improvement.
Presentations can be used to educate or be used as the basis for management presentations
or when making business cases for disaster recovery.
The additional information and bonus resources will enable you to improve your organizations
methodology knowledge base.
The workbook serves to act as a starting point. It will give you a clear path to travel. It is
designed to be a valuable source of information and activities.
Flows logically,
Is scalable,
Provides presentations, templates and documents,
Saves you time.
Page 5
Disaster Recovery Workbook
Step 1
Disaster Recovery
This presentation will give you a good knowledge and understanding of all the terms,
activities and concepts required within the IT Service Asset & Continuity
Management process and how they will enable recovery from disaster. They can
also be used as the basis for management presentations or when making a formal
business case for IT Service Asset & Continuity Management implementation. Make
sure you pay close attention to the notes pages, as well as the slides, as references
to further documents and resources are highlighted here.
Page 6
Disaster Recovery Workbook
Step 2
If you did not look at the supporting documents and resources when prompted
during the PowerPoint presentation, do this now.
Below is an itemized list of the supporting documents and resources for easy
reference. You can use these documents and resources within your own
organization or as a template to help you in prepare your own bespoke
documentation.
The supporting documents and resources found within the book will help you
fill these gaps by giving you a focused, practical and user-friendly approach to
IT Service Asset & Continuity Management.
Page 7
Disaster Recovery Workbook
Step 2 continued...
The supporting documents and bonus resources found within the workbook
will help you fill these gaps by giving you a focused, practical and user-friendly
approach to disaster recovery.
Page 8
Disaster Recovery Workbook
2 DISASTER RECOVERY
Disaster Recovery
Page 9
Disaster Recovery Workbook
Page 10
Disaster Recovery Workbook
Page 11
Disaster Recovery Workbook
Page 12
Disaster Recovery Workbook
Page 13
Disaster Recovery Workbook
Page 14
Disaster Recovery Workbook
Scope: The scope of IT Service Asset & Continuity Management considers all
identified critical business processes and IT service(s) that underpin them.
This may include hardware, software, essential services and utilities, critical
paper records, courier services, voice services & physical location areas e.g.
offices, data centres etc.
Page 15
Disaster Recovery Workbook
Immediate Recovery: aka Hot standby (< 24hrs, usually implies 1-2 hrs)
Page 16
Disaster Recovery Workbook
It is not possible to have effective ITSCM without support from the business.
These are the four stages of the Business Continuity lifecycle that have
particular emphasis on IT aspects.
Page 17
Disaster Recovery Workbook
Agree project and quality plans To enable the project to be controlled and
variances addressed. Quality plans ensure that deliverables are achieved
and to an acceptable level of quality.
The extent to which these activities need to be considered during the initiation
process depends on the contingency facilities that have been applied within
the organization.
Page 18
Disaster Recovery Workbook
continued
Some parts of the business may have an established continuity plan based on
manual workarounds, and the IT Organization may have developed their own
disaster plans for supporting critical systems. However, effective ITSCM is
dependent on supporting critical business functions and ensuring that the
available budget is applied in the most appropriate way.
Page 19
Disaster Recovery Workbook
This stage provides the foundation for ITSCM and is a critical component in
order to determine how well an organization will survive a business
interruption or disaster and the costs that will be incurred.
Page 20
Disaster Recovery Workbook
Page 21
Disaster Recovery Workbook
Assess threat and vulnerability levels the threat is defined as how likely it is
that a disruption will occur and the vulnerability is defined as whether, and to
what extent, the organization will be affected by the threat materializing.
Assess the levels of risk the overall risk can then be measured. This may
be done as a measurement if quantitative data has been collected, or
qualitative using a subjective assessment of, for example, low, medium or
high.
Page 22
Disaster Recovery Workbook
Page 23
Disaster Recovery Workbook
It is important that the organization checks the recovery options that are
chosen are capable of implementation and integration at the time they are
required, and that the required service recovery can be achieved.
As with Recovery Options, it is important that the reduction of one risk does
not increase another. The risk of Availability systems and data may be
reduced by outsourcing to an off-site third party; however, this potentially
increases the risk of compromise of confidential information unless rigorous
security controls are applied.
Page 24
Disaster Recovery Workbook
Page 25
Disaster Recovery Workbook
Page 26
Disaster Recovery Workbook
Phase 1: These plans are used to identify and respond to service disruption,
ensure the safety of all affected staff members and visitors and determine
whether there is a need to implement the business recovery process. If there
is a need, Phase 2 plans need to take place. These will include the key
support functions.
Page 27
Disaster Recovery Workbook
Page 28
Disaster Recovery Workbook
Training and new procedures may be required to operate, test and maintain
the stand-by arrangements and to ensure that they can be initiated when
required.
Page 29
Disaster Recovery Workbook
The recovery plans include key detail such as the data recovery point, a list of
dependent systems, the nature of dependency and the data recovery points,
system hardware and software requirements, configuration details and
references to other relevant or essential information about the system etc.
A check-list is included that covers specific actions required during all stages
of recovery for the system, for example after the system has been restored to
an operational state, connectivity checks, functionality checks or data
consistency and integrity checks should be carried out prior to handling the
system over to the business.
Page 30
Disaster Recovery Workbook
Page 31
Disaster Recovery Workbook
Education and Awareness this should cover the organization and the IT
organization, for service continuity specific items. This ensures that all staff
are aware of the implications of Business and Service Continuity and consider
them part of their normal routine and budget.
Review regular review of all of the deliverable from the ITSCM process
needs to be undertaken to ensure that they remain current. With respect to IT
this is required whenever there is a major Change to the IT Infrastructure,
assets or dependencies such as new systems or networks or a change in
service providers, as well as there is a change on business direction and
strategy or IT strategy.
Change Management following tests and reviews, and day to day changes,
there is a need for the ITSCM plan to be updated. ITSCM must be included
as part of the change management process to ensure all changes are
reflected in the contingency arrangements provided by IT or 3rd parties.
Inaccurate plans and inadequate recovery capabilities may result in
failure of ITSCM.
Page 32
Disaster Recovery Workbook
continued
Page 33
Disaster Recovery Workbook
Page 34
Disaster Recovery Workbook
Typical responsibilities for ITSCM in planning and dealing with disaster are
similar to how First Aid Officers and Fire Wardens act in planning and
operational roles.
Page 35
Disaster Recovery Workbook
Page 36
Disaster Recovery Workbook
Page 37
Disaster Recovery Workbook
Page 38
Disaster Recovery Workbook
Page 39
Disaster Recovery Workbook
Page 40
Disaster Recovery Workbook
Page 41
Disaster Recovery Workbook
Page 42
Disaster Recovery Workbook
3 SUPPORTING DOCUMENTS
Through the documents, look for text surrounded by << and >> these
are indicators for you to create some specific text.
Watch also for highlighted text which provides further guidance and
instructions.
Page 43
Disaster Recovery Workbook
Page 44
Disaster Recovery Workbook
IT Services
Detailed Objectives/Goals
Process: IT Service Asset &
Continuity Management
Status:
Version: 0.1
Release Date:
Page 45
Disaster Recovery Workbook
However, the reader will certainly be reminded of the key topics that have to
be considered.
Objective Notes
Page 46
Disaster Recovery Workbook
Use these objectives to generate discussion about others that may be more
appropriate to list than those provided.
Refer also to the Communication Plan on page 135 for ideas on how
to communicate the benefits of IT Service Asset & Continuity
Management.
Page 47
Disaster Recovery Workbook
Page 48
Disaster Recovery Workbook
IT Services
Policies, Objectives & Scope
Process: IT Service Asset &
Continuity Management
Status: In draft
Under Review
Sent for Approval
Approved
Rejected
IT Service
Continuity Date:
Page 49
Disaster Recovery Workbook
However, the reader will certainly be reminded of the key topics that have to be
considered.
Policy Statement
Use this text box to answer the SENSE OF URGENCY question regarding this
process.
You must be able to concisely document the reason behind starting or improving
this process.
The relationship between ITSCM and Security is another aspect to build into the
Policy statement.
Page 50
Disaster Recovery Workbook
The basic premise of Security and IT Service Asset & Continuity Management is the
continual identification and management of RISK.
A policy statement any bigger than this text box, may be too lengthy to read, lose the
intended audience with detail, not be clearly focussed on answering the WHY
question for this process.
Page 51
Disaster Recovery Workbook
Objectives Statement
Use this text box to answer the WHERE ARE WE GOING question regarding this
process.
What will be the end result of this process and how will we know when we have
reached the end result?
Will we know because we will establish a few key metrics or measurements or will it
be a more subjective decision, based on instinct?
Note the keywords in the statement. For the statement on IT Service Asset &
Continuity Management they are controlling and coordinating and without
affecting levels of service. These are definite areas that we can set metrics
for and therefore measure progress.
An objective statement any bigger than this text box, may be too lengthy to read, lose the intended
audience with detail, not be clearly focused on answering the WHERE question for this process.
Prepared by:
On: <<date>>
Refer to Reports, KPIs and other Metrics on page 173 for metrics, KPIs for IT
Service Asset & Continuity Management.
Page 52
Disaster Recovery Workbook
Scope Statement
Use this text box to answer the WHAT question regarding this process.
An scope statement any bigger than this text box, may be too lengthy to read, lose
the intended audience with detail, not be clearly focused on answering the WHAT
question for this process.
Prepared by:
On: <<date>>
Page 53
Disaster Recovery Workbook
Page 54
Disaster Recovery Workbook
IT Services
Business Justification
Process: IT Service Asset &
Continuity Management
Status: In draft
Under Review
Sent for Approval
Approved
Rejected
Release Date:
Page 55
Disaster Recovery Workbook
However, the reader will certainly be reminded of the key topics that have to be
considered.
Prepared by:
On: <<date>>
Page 56
Disaster Recovery Workbook
A strong enough business case will ensure progress and funds are made available for any
IT initiative.
This may sound like a bold statement but it is true. As IT professionals we have (for too
long) assumed that we miss out on funds while other functional areas (eg. Human
resources and other shared services) seem to get all that they want.
However, the problem is not with them, its with US. We are typically poor salespeople
when it comes to putting our case forward.
We try to impress with technical descriptions, rather than talking in a language that a
business person understands.
For example:
The network bandwidth is our biggest The e-mail you send to the other national
bottleneck and we have to go to a switched managers will take 4 to 6 hours to be delivered. It
local environment. used to be 2 to 3 minutes, but we are now using
our computers for many more tasks.
Changes to the environment are scheduled We are making the changes on Sunday
for a period of time when we expect there afternoon. There will be less people working
to be minimal business impact. then.
To help reinforce this point even further, consider the situation of buying a new fridge.
What if the technically savvy sales person wants to explain the intricacies of the tubing
structure used to super cool the high pressure gases, which flow in an anti-clockwise
direction in the Southern hemisphere.
Wouldnt you say too much information, who cares does it make things cold?
Well IT managers need to stop trying to tell business managers about the tubing structure
and just tell them what they are interested in.
Page 57
Disaster Recovery Workbook
So lets know look at some benefits of the process. Remember that the comments here
are generic, as they have to apply to any organization.
Benefits Notes/Comments/Relevance
Through a properly controlled and structured IT
Service Asset & Continuity Management process we
will be able to more effectively help in recovery of IT
services in the event of a disaster and provide
assurance of IT Services in line with the business
requirements.
Page 58
Disaster Recovery Workbook
Page 59
Disaster Recovery Workbook
Page 60
Disaster Recovery Workbook
A valuable source of input when trying to ascertain the business needs, impacts
and risks is the Business Impact Analysis (BIA). The BIA is an essential element of
the overall business continuity process and will dictate the strategy for risk
reduction and disaster recovery. Its normal purpose is to identify the effect a
disaster would have on the business. It will show which parts of the organization
will be most affected by a major incident and what effect it will have on the
company as a whole. It therefore enables the recognition of the most critical
business functions to the companys survival and where this criticality differs
depending on the time of the day, week, month or year. Additional, experience has
shown that the results from the BIA can be an extremely useful input for a number
of other areas as well, and will give a far greater understanding of the service than
would otherwise be the case.
A BIA should be conducted to help define the business continuity strategy and to
enable a greater understanding about the function and importance of the service
as part of the design phase of a new or changed service. This will enable the
organization to define:
Which are the critical services, what constitutes a major incident on these
services, and the subsequent impact and disruption caused to the business
important in decided when and how to implement changes
Acceptable levels and times of service outage levels again important in
the consideration of change and implementation schedules
Critical business and service periods important periods to avoid
The cost of loss of service important for Financial Management
The potential security implications of a loss of service important
considerations in the management of risk.
Page 61
Disaster Recovery Workbook
Page 62
Disaster Recovery Workbook
IT Services
Example Business Impact Assessment
Process: IT Service Asset &
Continuity Management
Status: In draft
Under Review
Sent for Approval
Approved
Rejected
Release Date:
Page 63
Disaster Recovery Workbook
Document Control
Author
Prepared by <name and / or department>
Document Source
This document is located on the LAN under the path:
I:/IT Services/Service Delivery/Functional Specifications/
Document Approval
This document has been approved for use by the following:
<first name, last name>, IT Services Manager
<first name, last name>, IT Service Delivery Manager
<first name, last name>, IT Service Continuity Process Manager
<first name, last name>, Customer representative or Service
Level Manager
Amendment History
Distribution List
When this procedure is updated the following copyholders must be
advised through email that an updated copy is available on the
intranet site:
Page 64
Disaster Recovery Workbook
Introduction
Purpose
Scope
This document describes the following:
Summary of each service provided by IT Services including
Summary of the Continuity Strategy for each applicable service
Detailed list of Continuity Strategy for each applicable service
Note: It is assumed for each service described in this document that
the supporting back-end technology is already in place and
operational.
Audience
This document is relevant to all staff in <company name>
Ownership
IT Services has ownership of this document.
Related Documentation
Include in this section any related Service Level Agreement reference
numbers and other associated documentation:
Page 65
Disaster Recovery Workbook
Executive Overview
Scope
As not all IT Services may initially be included within the Business Impact
Analysis. Use this section to outline what will be included and the timetable for
other services to be included.
Scope for the BIA may be determined by the business, therefore covering only
a select few of the IT Services provided by the IT department that are seen as
critical to the support of the business processes.
Page 66
Disaster Recovery Workbook
IT Service Definition
This section is where you will document the Service Descriptions for the
services or applications used by the Business people. This information
should be x-referenced to your Service Catalogue and/or related Service
Level Agreements. You need to list all the Services here that the BIA is
required on.
Page 67
Disaster Recovery Workbook
Service A
(This section needs to be duplicated for each service listed in the table above)
Form of Loss
In this table for this service describe how a disruption to this service will be
seen within the business. For example, will the loss of service invoke a
contract that has set costs associated with it? If we lose this service can
we expect to lose customers/clients/market share. Define each form that
the loss of the service may take and give each a score for magnitude.
Escalation
Use this section to specify for this Service/application the speed at which it
is likely that the situation regarding the loss of this service will degrade
overall performance.
That is, provide a score of 1 (low) to 10 (highest) that indicates how the
service loss will grow in severity.
Escalation Score
(1 is slow/barely noticeable, 10 Rapid pace of overall
deterioration)
9
Page 68
Disaster Recovery Workbook
Resources Factor
Resources Score
(1 is minimal skills and resources required to maintain
service, 10 Expert level of skills and extensive resources)
3
Time Considerations
We must however remember that the impact of loss will change over
time. A BIA should be performed on a regular time basis (to coincide
with reviews of the Service Level Management Service Catalog or
Service Level Agreement reviews).
Page 69
Disaster Recovery Workbook
Appendices
E.g.
Terminology
E.g.
CMDB Configuration Management Data Base
ITSCM Information Technology Services Continuity Management
SLA Service Level Agreement
UC Underpinning Contract
Page 70
Disaster Recovery Workbook
IT Services
Risk Assessment Template
Process: IT Service Asset &
Continuity Management
Status:
Version: 0.1
Release Date:
Page 71
Disaster Recovery Workbook
Document Control
Author
Prepared by <name and / or department>
Document Source
This document is located on the LAN under the path:
I:/IT Services/Service Delivery/Risk Assessment/
Document Approval
This document has been approved for use by the following:
<first name, last name>, IT Services Manager
<first name, last name>, IT Service Delivery Manager
<first name, last name>, IT Service Continuity Process Manager
<first name, last name>, Customer representative or Service
Level Manager
Amendment History
Distribution List
When this procedure is updated the following copyholders must be
advised through email that an updated copy is available on the
intranet site:
Page 72
Disaster Recovery Workbook
Introduction
Purpose
Scope
This document describes the following:
Summary of services and their risks
A risk template
Note: It is assumed for each service described in this document that
the supporting back-end technology is already in place and
operational.
Audience
This document is relevant to all staff in <company name>
Ownership
IT Services has ownership of this document.
Related Documentation
Include in this section any related Service Level Agreement reference
numbers and other associated documentation:
Page 73
Disaster Recovery Workbook
Executive Overview
Scope
Not all IT Services may initially be included within the Risk Analysis. Use this
section to outline what will be included and the timetable for other services to
be included.
Page 74
Disaster Recovery Workbook
IT Service Definition
This section is where you will document the Service Descriptions for the
services or applications used by the Business people. This information
should be x-referenced to your Service Catalogue and/or related Service
Level Agreements. You need to list all the Services here that the BIA is
required on.
Page 75
Disaster Recovery Workbook
Service A
(This section needs to be duplicated for each service listed in the table above)
Service Description
Include a description of the service being assessed for risks that may
cause a disruption to the business services.
Threats
In the below table capture all the threats for the components that make up
the service.
Vulnerabilities
In the below table capture al the likely vulnerabilities for the components
that make up the service.
Page 76
Disaster Recovery Workbook
Risk Summary
15 working days
RISK
SCORE 1
Component Priority Magnitude Threat Vulnerability Risk Action Comments
Probability Probability Value
Server 1 1 1 1 1
Router 1 1 4 1 2
Backup Device 4 4 4 4 4
Page 77
Disaster Recovery Workbook
Appendices
E.g.
Terminology
E.g.
CMDB Configuration Management Data Base
ITSCM Information Technology Services Continuity Management
SLA Service Level Agreement
UC Underpinning Contract
Page 78
Disaster Recovery Workbook
Building / Site
Page 79
Disaster Recovery Workbook
Page 80
Disaster Recovery Workbook
Page 81
Disaster Recovery Workbook
Page 82
Disaster Recovery Workbook
Office Environments
Page 83
Disaster Recovery Workbook
Page 84
Disaster Recovery Workbook
IT Services
Reciprocal Arrangements
Process: IT Service Asset &
Continuity Management
Status:
Version: 0.1
Release Date:
Page 85
Disaster Recovery Workbook
Document Control
Author
Prepared by <name and / or department>
Document Source
This document is located on the LAN under the path:
I:/IT Services/Service Delivery/ITSCM/
Document Approval
This document has been approved for use by the following:
<first name, last name>, IT Services Manager
<first name, last name>, IT Service Delivery Manager
<first name, last name>, National IT Help Desk Manager
<first name, last name>, ITSCM Manager
Amendment History
Distribution List
When this procedure is updated the following copyholders must be
advised through email that an updated copy is available on the
intranet site:
Page 86
Disaster Recovery Workbook
Introduction
Purpose
The purpose of this document is to provide relevant Business Units
with the existing Reciprocal Arrangements for their IT Services.
Scope
This document describes the following:
Details of Reciprocal Arrangements between << company name
>> and << external company >>
Note: It is assumed for each service described in this document that
the supporting back-end technology is already in place and
operational.
Audience
This document is relevant to all staff in <company name>
Ownership
IT Services has ownership of this document.
Related Documentation
Include in this section any related Service Level Agreement reference
numbers and other associated documentation:
Page 87
Disaster Recovery Workbook
1. Executive Overview
2. Scope
3. Overview
General principles
<<
It is understood that:
Neither firm should make a profit or a loss from this arrangement.
Both parties will agree to confidentiality of data, clients, and
business practices.
Page 88
Disaster Recovery Workbook
Neither party will seek compensation from the other should any
problems or difficulties arise from the service provided.
This plan will be shown to (Client 1's) supplier and, although their
approval of such will not be sought, their comments, the subject of
the agreement of (Client 1) and (Client 2), will be incorporated into
the plan. Refer to Appendix F for (Specify supplier) agreement to
the Plan.
All items to be used in these plans will be maintained and kept in
good working order.
Termination can only occur within (Specify length of time) written
notice unless otherwise mutually agreed.
The agreement will run for (Specify duration of agreement) at a
time, to be renewable if both parties agree.
The insurers of each company will be made aware of these plans.
If a service is provided for more than (Specify a number of days)
elapsed days (including weekends), then the host will be
compensated by the client by payment of agreed fees.
The client will advise all relevant parties of these temporary
arrangements (i.e., business clients, etc.) including the new
address, phone number(s) and fax number(s) and will also advise
reversion when the service terminates.
Any data tapes, letter-headed stationery, or other items at the
reciprocal partys office will be stored in a secure, lockable place.
The plan will be capable of being implemented within (Specify
Time) of a requirement arising within normal office hours. All effort
will be made to ensure rapid assistance out of normal office hours.
>>
Definition of a disaster
Period of service
Capture the service period for the arrangement in the event of a disaster.
This will include maximum duration from the time of the disaster and will
usually be provided free of charge by the host for a specified time. This
time will be determined here.
Include also the renewing of the contract, probably every year, but should
never exceed the date of the contract expiration date.
Page 89
Disaster Recovery Workbook
4. Prerequisites
<<
>>
Page 90
Disaster Recovery Workbook
5. Alignment
<<
Bearing in mind that the << Logistics system >> has many options
available within it and that the << Logistics system >> programs will be
used from a common source.
Provision of the << Logistics system >> will be a minimum of, but not
limited to:
If required and agreed at the time of need, provision may be made for <<
Logistics System >> facilities.
>>
<<
It is agreed that: Releases of the << Logistics System >> will be aligned
so that no more than seven days elapse between installation of like
releases at each site.
Page 91
Disaster Recovery Workbook
>>
<<
However, it is agreed that each site will use the following products
(version/service pack is not vital:
Microsoft Word
Microsoft Excel
Microsoft Access
>>
Also include how access to the facilities will be made available. This will be
both physical and logical access.
Backup facilities
In this section, list the backup facilities that need to be kept in line with the
other sites or systems.
Page 92
Disaster Recovery Workbook
6. Provisions
<<
The plan provides for provision of a service by the host to the client within two
hours of notification that such is required by the client. Obviously not all
facilities may be in place within this timeframe.
The service will only be provided if the office of the client is not capable of
being used to provide an equivalent service. << include reasons why this
could be the case, i.e. flood, fired etc >>. In addition, the service will be
provided if the client's office or surrounding area is closed by the authorities.
>>
The following sections list out those necessary provisions required in the
event of a disaster.
Office space
Include in this section how access to office space will be arranged. Include
a table of names for staff that will require access. Make sure you inform
security.
Work space
How will the work space be set up to cater for the client? Below are
some example words that can be used.
<<
Page 93
Disaster Recovery Workbook
space assigned will be set aside solely for this use during the required
period.
>>
Meeting space
Storage space
Provide details about facilities for storing cash, cheque books, or other
valuable items will be made available to the client as available.
Office equipment
<<
It is essential that the host provide facilities to enable the client to perform
its normal business as much as is possible. Therefore it is agreed to
provide:
>>
Telephone
Fax
Page 94
Disaster Recovery Workbook
Computer equipment
<<
>>
PC
Printer
Include printer information. This will be the type of printer, the number
of printers, and any stationary.
.
Backups (within service provision)
<<
When the client is able to return to its own office, the host will provide
the client with:
Page 95
Disaster Recovery Workbook
>>
Specialist requirements
Non-standard items
Restrictions
<<
>>
Page 96
Disaster Recovery Workbook
7. Termination Procedure
Of hosting service
This will normally occur when the client has restored adequate facilities in
their own environment.
List the reasons for termination and also the roles and responsibilities.
Include any necessary clean up.
Of the agreement
<<
>>
8. Responsibilities
Responsibilities for the plan rest with the following:
Client 1:
Client 2:
The Directors
concerned are:
Client 1:
Client 2:
9. Testing the Plan
<<
The plan will be tested, at most, twice a year and at least once a year. Dates
will be agreed to no less than two weeks before the test date.
Page 97
Disaster Recovery Workbook
>>
Page 98
Disaster Recovery Workbook
10. APPENDIX A
AGREEMENT TO
BETWEEN
CLIENT 1
AND
CLIENT 2
Client 1
Name: _____________________________
Signed: _____________________________
Title: _____________________________
Dated: _____________________________
Client 2
Name: ______________________________
Signed: ______________________________
Title: ______________________________
Dated: ______________________________
Disaster Recovery Plan Template
Page 99
Disaster Recovery Workbook
11. APPENDIX B
SERVICE CONTACTS
Client 1
Client 2
Disaster R
Page 100
Disaster Recovery Workbook
12. APPENDIX C
Disaster Recovery Plan
STAFF TO BE RESIDENT
Client 1
Client 2
Page 101
Disaster Recovery Workbook
13. APPENDIX D
Client 1
Client 2
Page 102
Disaster Recovery Workbook
14. APPENDIX E
Page 103
Disaster Recovery Workbook
15. APPENDIX G
The list below is provided for example. Specify items to be stored and quantity
of items per your individual circumstances.
Template
Page 104
Disaster Recovery Workbook
IT Services
Business Continuity Strategy
Process: IT Service Asset &
Continuity Management
Status:
Version: 0.1
Release Date:
Page 105
Disaster Recovery Workbook
Document Control
Author
Prepared by <name and / or department>
Document Source
This document is located on the LAN under the path:
I:/IT Services/Service Delivery/Functional Specifications/
Document Approval
This document has been approved for use by the following:
<first name, last name>, IT Services Manager
<first name, last name>, IT Service Delivery Manager
<first name, last name>, National IT Help Desk Manager
Amendment History
Distribution List
When this procedure is updated the following copyholders must be
advised through email that an updated copy is available on the
intranet site:
Page 106
Disaster Recovery Workbook
Introduction
Purpose
The purpose of this document is to provide relevant Business Units
with the Business Continuity Strategies for the range of services
provided by IT Services to the <company name> community.
Scope
This document describes the following:
Summary of each service provided by IT Services including
Summary of the Continuity Strategy for each applicable service
Detailed list of Continuity Strategy for each applicable service
Note: It is assumed for each service described in this document that
the supporting back-end technology is already in place and
operational.
Audience
This document is relevant to all staff in <company name>
Ownership
IT Services has ownership of this document.
Related Documentation
Include in this section any related Service Level Agreement reference
numbers and other associated documentation:
Page 107
Disaster Recovery Workbook
Executive Overview
Scope
Page 108
Disaster Recovery Workbook
Page 109
Disaster Recovery Workbook
Service A
Please Note. Some of the sub-headings here may not be applicable for
the IT Service. For example, in some instance where you have an
Immediate Recovery Option for a Service it may not be applicable to
have spent money on Gradual Recovery Options, and vice versa.
Description
Risk Summary
In this section provide a brief description of any know and major risks to
the IT Service. Risks are determined by understanding the assets that are
involved in the service, the threats to those assets and any identified
threats.
Definitions:
After completing the above table, summaries the overall risk to the service
and the impact on the business.
Page 110
Disaster Recovery Workbook
Reciprocal Arrangements
Reciprocal Arrangements may be made with several organizations for the one
service.
Page 111
Disaster Recovery Workbook
Gradual Recovery
Agreements
Agreements will include those with the business for Gradual Recovery.
They will also include any additional accommodation and services
plans.
Technology
This section will provide details about the computer systems and
network plans, as well as any telecommunications plans.
Security
Finance
Include in this section any required finance for the recovery options.
This information will be used in the budgeting process for subsequent
years.
Personnel
Summary
Page 112
Disaster Recovery Workbook
Intermediate Recovery
This recovery options is used for services that are important enough to the
business that a 4 to 24 hour restoration period is required.
Agreements
Agreements will include those with the business for Gradual Recovery.
They will also include any additional accommodation and services
plans.
Technology
This section will provide details about the computer systems and
network plans, as well as any telecommunications plans.
Security
Finance
Include in this section any required finance for the recovery options.
This information will be used in the budgeting process for subsequent
years.
Personnel
Summary
Page 113
Disaster Recovery Workbook
Immediate Recovery
Agreements
Agreements will include those with the business for Gradual Recovery.
They will also include any additional accommodation and services
plans.
Technology
This section will provide details about the computer systems and
network plans, as well as any telecommunications plans.
Security
Finance
Include in this section any required finance for the recovery options.
This information will be used in the budgeting process for subsequent
years.
Personnel
Summary
Page 114
Disaster Recovery Workbook
Appendices
E.g.
Page 115
Disaster Recovery Workbook
Terminology
E.g.
CMDB Configuration Management Data Base
ITSCM Information Technology Services Continuity Management
SLA Service Level Agreement
UC Underpinning Contract
Page 116
Disaster Recovery Workbook
Communicate
M_o_R Approach
Plan Risk Management
Assess Plan
M_o_R Approach
Risk
Management
Policy
M_o_R Approach
Risk Management
Process Guide
Page 117
Disaster Recovery Workbook
The M_o_R approach is based around the above framework, which consists
of the following:
M_o_R principles: these principles are essential for the development
of good risk management practice and are derived from corporate
governance principles.
M_o_R approach: an organizations approach to these principles
needs to be agreed and defined within the following living documents:
Risk Management Policy
Process Guide
Plans
Risk registers
Issue Logs.
M_o_R Processes: the following four main steps describe the inputs,
outputs and activities that ensure that risk are controlled:
Identify: the threats and opportunities within an
activity that could impact the ability to reach its
objective.
Assess: the understanding of the net effect of the
identified threats and opportunities associated with
an activity when aggregated together
Plan: to prepare a specific management response
that will reduce the threats and maximize the
opportunities.
Implement: the planned risk management actions
monitor their effectiveness and take corrective
action where responses do not match
expectations.
Embedding and reviewing M_o_R: having put the principles,
approach and processes in place, they need to be continually reviewed
and improved to ensure they remain effective.
Communication: having the appropriate communication activities in
place to ensure that everyone is kept up-to-date with changes in
threats, opportunities and any other aspects of risk management.
Page 118
Disaster Recovery Workbook
The M_o_R method requires the evaluation of risks and the development
of a risk profile, see example shown in Figure 2.
Fire/
Most
explosion
Severe
Chemical Storm
damage
leak
Loss of
PBX/ACD
Server Major
failure network
Severity / failure
Impact Theft
Acceptable
risk Power
Failure
Coffee
Least Corrupt spill on
severe database PC
Figure 2 shows an example risk profile, containing many risks that are
outside the defined level of acceptable risk. Following the Risk Analysis it
is possible to determine appropriate risk responses or risk reduction
measures (ITSCM mechanisms) to manage the risks i.e. reduce the risk to
an acceptable level or mitigate the risk. Wherever, possible, appropriate
risk responses should be implemented to reduce either the impact or the
likelihood, or both, of these risks from manifesting themselves.
Page 119
Disaster Recovery Workbook
Page 120
Disaster Recovery Workbook
IT Services
Risk Assessment Questionnaire
Process: IT Service Asset & Continuity
Management
Status: In draft
Under Review
Sent for Approval
Approved
Rejected
Release
Date:
Page 121
Disaster Recovery Workbook
I hereby certify that the following statements are true and correct to the best of my knowledge and
belief.
Officers Name and Title Institutions Name and Location
This is an official document. Any false information contained in it may be grounds for prosecution and
may be punishable by fine or imprisonment.
Page 122
Disaster Recovery Workbook
e. Does the scope of your risk assessment include an analysis of internal and
external threats to confidential customer and consumer information as
described in ... of the ACMEs Rules and Regulations (Y/N)?
If yes, please provide the date that the risk assessment program was last
approved by the Board of Directors:
Page 123
Disaster Recovery Workbook
To help us assess how you manage risk through your information security
program, please answer the following questions for your environment. If any of
the following questions are not applicable to your environment, simply answer
N/A.
a. Please provide the name and title of your formally designated IT security
Officer:
Page 124
Disaster Recovery Workbook
o. Are all of your service providers located within the United States (Y/N)?
If yes, please provide how often employees must attest to the policy
contents:
r. Are you planning to deploy new technology within the next 12 months
(Y/N)?
If you answered Yes, were the risks associated with this new
technology reviewed during your most recent risk assessment (Y/N)?
s. Have you deployed new technology since the last ACME examination
that was not included in your last risk assessment (Y/N)?
Page 125
Disaster Recovery Workbook
To help us assess how you monitor operations and compliance with your
written information security program, please answer the following questions:
1. Audit Date:
2. Firm name (if external):
3. Was an audit report produced (Y/N)?
4. Date audit report was reviewed and approved by the Board:
5. Audit scope and objectives:
Page 126
Disaster Recovery Workbook
Page 127
Disaster Recovery Workbook
Page 128
Disaster Recovery Workbook
DOCUMENT CONTROL
Document distribution
Document Revision
Document Approval
Page 129
Disaster Recovery Workbook
SUPPORTING INFORMATION
Introduction
This document details the instructions and procedures that are required to be
followed to recover or continue the operations of systems, infrastructure,
services or facilities to maintain Service Continuity to the level defined or
agreed with the business.
Recovery Strategy
Invocation
1.
2.
Details of the inter-relationships and references with all other continuity and
recovery plans and how the interfaces are activated.
General Guidance
All requests for information from the media or other sources should be
referred to the Company procedure.
Page 130
Disaster Recovery Workbook
Dependencies
Contact Lists
Lists of all contact names, organizations and contact details and mechanisms:
Recovery Team
Page 131
Disaster Recovery Workbook
Recovery procedure
Page 132
Disaster Recovery Workbook
Page 133
Disaster Recovery Workbook
Page 134
Disaster Recovery Workbook
IT Services
Communication Plan
Process: IT Service Asset & Continuity
Management
Status: In draft
Under Review
Sent for Approval
Approved
Rejected
Release
Date:
Page 135
Disaster Recovery Workbook
However, the reader will certainly be reminded of the key topics that have to be
considered.
Prepared by:
On: <<date>>
Page 136
Disaster Recovery Workbook
Initial Communication
First steps in communication require the need to answer the question that most people
(quite rightly) ask when the IT department suggests a new system, a new way of working.
WHY?
It is here that we need to promote and sell the benefits. However, be cautious of using
generic words.
To:
On: <<date>>
By:
On: <<date>>
Page 137
Disaster Recovery Workbook
The Goal of IT Service Asset & Continuity Management can be promoted in the
following manner.
High visibility and wide channels of communication are essential in this process.
Gather specific requirements from nominated personnel
(Special Tip: Beware of using only Managers to gain information from, as the resistance
factor will be high)
Oversee the monitoring of process to ensure that the business needs of IT are not
impacted, but taking into account that changes are required to ensure continued
high levels of IT Service Delivery and Support.
(Special Tip: Beware of reporting only to Managers. If you speak to a lot of people
regarding Service Support and Delivery then you need to establish ways to report to these
people the outcomes and progress of the discussions).
Always bear in mind the so what factor when discussing areas like goals and objectives. If
you cannot honestly and sensibly answer the question so what then you are not selling
the message in a way that is personal to the listener and gets their buy-in.
The above IT Service Asset & Continuity Management Goals module was distributed;
To:
On: <<date>>
By:
On: <<date>>
Page 138
Disaster Recovery Workbook
The list of actions in this module will have a direct impact on end users and IT Staff.
They will be curious as to why working with them in this manner, rather than the
historical method of just doing it. There could be an element of suspicion and
resistance, so consider different strategies to overcome this initial skepticism.
Initiation
Interview and record the needs from the Business
Promote and advertise ITSCM
Show Business Benefits
Risk Assessment
Look at the threats and vulnerabilities
List assets that may be a target and their importance to the business
Communicate Countermeasures
Implementation
Reciprocal Arrangements
Recovery Plans
Countermeasures
Operational Management
Initial Testing
Annual Testing
Change Management
To:
On: <<date>>
By:
On: <<date>>
Page 139
Disaster Recovery Workbook
Costs
Information relating to costs may be a topic that would be held back from general
communication. Failure to convince people of the benefits will mean total rejection of
associate costs. If required, costs fall under several categories:
A well run IT Service Asset & Continuity Management process will make major inroads into
altering the perception of the IT Organization.
Details regarding the cost of IT Service Asset & Continuity Management were distributed;
To:
On: <<date>>
By:
On: <<date>>
Page 140
Disaster Recovery Workbook
IT Services
E-Mail Text
Process: IT Service Asset & Continuity
Management
Status: In draft
Under Review
Sent for Approval
Approved
Rejected
Release
Date:
Page 141
Disaster Recovery Workbook
Introduction
In the next section of this document is an example email text that can be
distributed across your organization.
Note, that this is just one piece of text for one email.
This is very important, as each time you send an email regarding your IT
Service Asset & Continuity Management process it should be different
and targeted to the correct audience.
Page 142
Disaster Recovery Workbook
Dear << insert audience here, for example, Customer, IT Staff, Marketing
Dept etc >>
In order to improve the IT Services and ensure that they are aligned with the
needs of the organization, we have decided to embark on a service
improvement programme. This programme will result in the implementation of
a process called IT Service Asset & Continuity Management.
Organizations are required to operate and provide a service at all times. Its that
simple. Increasing competition and a growth in the requirement by consumers for
instant or near real time response has fuelled the necessity for an agreed level of IT
services to be provided following an interruption to the business. Such interruptions
can be a loss of a single application or a complex system failure all the way through
to the loss of a building (e.g. through fire, flood, etc.)
We have defined the Goal for IT Service Asset & Continuity Management as
follows:
The goal for IT Service Continuity is to support the Business Continuity Management
process (following pre-defined losses in organizational ability), through the delivery of
IT services, within agreed times and costs.
<< INSERT YOUR OWN GOAL FOR IT SERVICE ASSET & CONTINUITY
MANAGEMENT HERE >>
The IT Department will be creating a list of IT Services that it delivers. This will
be captured in a Service Catalogue (SC). The list of services will then be
presented to the different departments within <<organization name>>. From
this list, each department will be able to pick the service that they use, and
through our requirements gathering, make comments about the requirements
for that service during times of major outage or loss.
Page 143
Disaster Recovery Workbook
From this, we will be able to then formulate agreements on the services being
provided. These agreements are called Service Level Agreements and they
include the requirements for continuity.
This will help ensure that the IT Department is aligning its Services with the
business needs, provide a way to measure the services, set expectations of
the services being delivered, and more importantly provide an avenue for
discovery in service improvement.
The IT Service Continuity Manager will work closely with the business in
defining the necessary services and agreeing their level of availability.
<<
>>
The commencement date of the new process is scheduled for: << insert date
>>
OR
If you have any questions regarding this, please do not hesitate to contact me
on << phone number >>
Page 144
Disaster Recovery Workbook
IT Services
Emergency Response Template
Process: IT Service Asset & Continuity
Management
Status: In draft
Under Review
Sent for Approval
Approved
Rejected
Release
Date:
Page 145
Disaster Recovery Workbook
Document Control
Author
Prepared by <name and / or department>
Document Source
This document is located on the LAN under the path:
I:/IT Services/Service Delivery/Emergency Response Plan/
Document Approval
This document has been approved for use by the following:
<first name, last name>, IT Services Manager
<first name, last name>, IT Service Delivery Manager
<first name, last name>, IT Service Continuity Process Manager
<first name, last name>, Customer representative or Service
Level Manager
Amendment History
Distribution List
When this procedure is updated the following copyholders must be
advised through email that an updated copy is available on the
intranet site:
Page 146
Disaster Recovery Workbook
Introduction
Purpose
Audience
This document is relevant to all staff in <company name>
Ownership
IT Services has ownership of this document.
Related Documentation
Include in this section any related Service Level Agreement reference
numbers and other associated documentation:
Page 147
Disaster Recovery Workbook
Executive Overview
Scope
Not all IT Services may initially be included within the Emergency Response
Plan. Use this section to outline what will be included and the timetable for
other services to be included.
The emergency response plan is fairly simple in concept and should be used
in conjunction with the Salvage Plan Template.
Page 148
Disaster Recovery Workbook
Page 149
Disaster Recovery Workbook
Introduction
In this section provide some detail about the ERP. Include things like
which aspects of the infrastructure are included, which services, why it is
necessary etc.
<<
This document provides the necessary details and procedures that are
required in the event of disaster
>>
Response Strategy
In this section detail the strategy being used to respond to the IT Disaster.
Invocation
Page 150
Disaster Recovery Workbook
Dependencies
Response Team
The following listed people are responsible for performing the actions listed in
the Response Plan. They are to ensure that the procedures are carried out in
the most efficient and effective manner possible.
Page 151
Disaster Recovery Workbook
Response Plan
Equipment Needed:
IT Components
(Configuration Items (CI))
CI # Serial # CI Name Type Sub-Type
SER345 15434563 EMERO Hardware Server
RT5700 54444443 CISCO-002 Hardware Router
RT4567 76547457 CISCO-001 Hardware Router
MS001 N/A MS Office Software Microsoft
Page 152
Disaster Recovery Workbook
Appendices
Terminology
Page 153
Disaster Recovery Workbook
Page 154
Disaster Recovery Workbook
IT Services
Salvage Plan Template
Process: IT Service Asset &
Continuity Management
Status:
Version: 0.1
Release Date:
Page 155
Disaster Recovery Workbook
Document Control
Author
Prepared by <name and / or department>
Document Source
This document is located on the LAN under the path:
I:/IT Services/Service Delivery/Salvage Plan/
Document Approval
This document has been approved for use by the following:
<first name, last name>, IT Services Manager
<first name, last name>, IT Service Delivery Manager
<first name, last name>, IT Service Continuity Process Manager
<first name, last name>, Customer representative or Service
Level Manager
Amendment History
Distribution List
When this procedure is updated the following copyholders must be
advised through email that an updated copy is available on the
intranet site:
Page 156
Disaster Recovery Workbook
Introduction
Purpose
Audience
This document is relevant to all staff in <company name>
Ownership
IT Services has ownership of this document.
Related Documentation
Include in this section any related Service Level Agreement reference
numbers and other associated documentation:
Page 157
Disaster Recovery Workbook
1. Executive Overview
2. Scope
Not all IT Services may initially be included within the Salvage Plan. Use this
section to outline what will be included and the timetable for other services to
be included.
The salvage plan is fairly simple in concept and should be used in conjunction
with the Emergency Response Template.
Page 158
Disaster Recovery Workbook
DISASTER PLANNING
Storage of Plan:
Hardcopy ( )
Microfilm ( )
Electronic ( )
Other (specify)
______________________________________________________________
__
Yes ( )
No ( )
Commercial Provider ( )
Backup ( )
Rebuild ( )
System Restore ( )
Page 159
Disaster Recovery Workbook
Equipment Needed:
IT Components
(Configuration Items (CI))
CI # Serial # CI Name Type Sub-Type
SER345 15434563 EMERO Hardware Server
RT5700 54444443 CISCO-002 Hardware Router
RT4567 76547457 CISCO-001 Hardware Router
MS001 N/A MS Office Software Microsoft
Page 160
Disaster Recovery Workbook
IT Services
Vital Records Template
Process: IT Service Asset &
Continuity Management
Status:
Version: 0.1
Release Date:
Page 161
Disaster Recovery Workbook
Introduction
Purpose
Scope
This document describes the following:
A Vital Records template
Note: It is assumed for each service described in this document that
the supporting back-end technology is already in place and
operational.
Audience
This document is relevant to all staff in <company name>
Ownership
IT Services has ownership of this document.
Related Documentation
Include in this section any related Service Level Agreement reference
numbers and other associated documentation:
Page 162
Disaster Recovery Workbook
Executive Overview
Scope
Each organisation and department should develop a vital records plan. The
first part of the plan is a description of records that are vital to continued
operation or for the protection of legal and financial rights of the organisation.
The plan should also include specific measures for storing and periodically
cycling (updating) copies of those records.
Page 163
Disaster Recovery Workbook
Department:
Division:
Sub-Division: _________________________
IT Service: ____________________________
Page 164
Disaster Recovery Workbook
Appendices
E.g.
Terminology
E.g.
CMDB Configuration Management Data Base
ITSCM Information Technology Services Continuity
Management
SLA Service Level Agreement
UC Underpinning Contract
Page 165
Disaster Recovery Workbook
Page 166
Disaster Recovery Workbook
The IT Service Continuity Manager is responsible for ensuring that the aims of
IT Service Asset & Continuity Management are met. This includes such tasks
and responsibilities as:
Performing Business Impact Analyses for all existing and new services
Implementing and maintaining the ITSCM process, in accordance with
the overall requirements of the organizations Business Continuity
Management process, and representing the IT services function within
the Business Continuity Management process
Ensuring that all ITSCM plans, risks and activities underpin and align
with all BCM plans, risks and activities, and are capable of meeting the
agreed and documented targets under any circumstances
Performing risk assessment and risk management to prevent disasters
where cost-justifiable and where practical
Developing and maintaining the organizations continuity strategy
Assessing potential service continuity issues and invoking the Service
Continuity Plan if necessary
Managing the Service Continuity Plan while it is in operation, including
fail-over to a secondary location and restoration to the primary location
Performing post mortem reviews of service continuity tests and
invocations, and instigating corrective actions where required
Developing and managing the ITSCM plans to ensure that, at all times,
the recovery objectives of the business can be achieved
Ensuring that all IT service areas are prepared and able to respond to
an invocation of the continuity plans
Maintaining a comprehensive IT testing schedule, including testing all
continuity plans in line with business requirements and after every
major business change
Undertaking quality reviews of all procedures and ensuring that these
are incorporated into the testing schedule
Communicating and maintaining awareness of ITSCM objectives within
the business areas supported and IT service areas
Undertaking regular reviews, at least annually, of the Continuity Plans
with the business areas to ensure that they accurately reflect the
business needs
Negotiating and managing contracts with providers of third-party
recovery services
Assessing changes for their impact on Service Continuity and
Continuity Plans
Attending CAB meetings when appropriate
Page 167
Disaster Recovery Workbook
Page 168
Disaster Recovery Workbook
IT Services
Process Manager
Process: IT Service Asset & Continuity
Management
Status: In draft
Under Review
Sent for Approval
Approved
Rejected
Release
Date:
Page 169
Disaster Recovery Workbook
Description Notes/Comments
1. Will develop and maintain the IT Service Asset & Use the notes/
Continuity Management Process. Comments
column in
Will develop, maintain and promote IT Service Asset & different ways.
Continuity Management. If you are
2. Will coordinate process reviews utilizing independent looking to apply
parties to provide an objective view on the simplicity of for a process
the process and areas for improvement. role, then you
can check
Will be responsible for implementing any design yourself against
improvements identified. the list (with
3. Will chair the Recovery meetings that are used to ticks or look to
identify and action recovery issues and to verify that all update your
steps were completed and the objective of the process resume).
was achieved.
4. Arrange and run all IT Service Asset & Continuity If you are
Management reviews with the IT Service Asset & looking to
Continuity Management team. appoint a
process
The reviews where necessary will include other IT manager or
Departments as well as key customers. promote
5. Will control and review: someone from
Any outstanding process related actions within the
Current targets for availability performance organization
The process mission statement you can make
6. Will manage IT Service Delivery during times of a notes about
disaster. This includes coordinating the disaster their abilities in
recovery team and liaising with the business. the particular
area.
7. Make available relevant, concise reports that are both
timely and readable for Customers and Management
Page 170
Disaster Recovery Workbook
Page 171
Disaster Recovery Workbook
Page 172
Disaster Recovery Workbook
IT Services
Reports, KPIs and other Metrics
Process: IT Service Asset & Continuity
Management
Status: In draft
Under Review
Sent for Approval
Approved
Rejected
Release
Date:
Page 173
Disaster Recovery Workbook
Reports and KPI Targets for IT Service Asset & Continuity Management
However, the reader will certainly be reminded of the key topics that have to
be considered.
Prepared by:
On: <<date>>
Page 174
Disaster Recovery Workbook
Simple
Measurable
Achievable
Realistic
Time Driven
Page 175
Disaster Recovery Workbook
Others
Special Tip: Beware of using percentages in too many cases. It may even be
better to use absolute values when the potential number of maximum failures
is less than 100.
Page 176
Disaster Recovery Workbook
Management reports help identify future trends and allow review of the
health of the process. Setting a security level on certain reports may be
appropriate as may be categorizing the report as Strategic, Operational or
Tactical.
The acid test for a relevant report is to have a sound answer to the question;
What decisions is this report helping management to make?
Page 177
Disaster Recovery Workbook
Page 178
Disaster Recovery Workbook
IT Services
Business and IT Flyers
Process: IT Service Asset & Continuity
Management
Status: In draft
Under Review
Sent for Approval
Approved
Rejected
Release
Date:
Page 179
Disaster Recovery Workbook
The following pages provide 2 examples of flyers that can printed and
distributed throughout your organization.
Note, they are examples, and your input is required to complete the
flyers.
So think about how and where you will be distributing the flyers.
Page 180
Disaster Recovery Workbook
Key Points:
IT Services Department
Ability to Wanted: Continued IT Services
cope with an
emergency this flyer? Which locations will
The IT Department is
embarking on an IT Service the flyer be posted at? << What process do
Agreed Asset & Continuity If you are posting the flyer in they need to follow
Levels of Management implementation staff rooms, then the content when recording
Service Programme. needs to reflect the information about
<< Provide brief description information that will be of use failures in IT
Recovery of IT Service Asset & to them. For example, list a Services? >>
options Continuity Management >> common set of services and
the level that they are provided
IT Supporting <<First, determine the at. This helps set the Provide contact lists
the business audience of this flyer. This expectations for the services for the IT Department
could be anyone who might being delivered from the IT as well as the
benefit from the information it business managers
Services at Departments. >>
the Right contains, for example, IT that they can
Time! employees or Business staff. contact.>>
>>
Page 181
Disaster Recovery Workbook
IT Service Asset
& Continuity
Management
KEEPING IT
GOING IN TIMES
OF ADVERSITY
Sponsored by IT SERVICES
Constantly improving and aligning to your needs
Page 182
Disaster Recovery Workbook
4 IMPLEMENTATION PLAN
IT Services
Implementation Plan/Project Plan
Skeleton Outline
Process: IT Service Asset & Continuity
Management
Status:
Version: 0.1
Release Date:
Page 183
Disaster Recovery Workbook
However, the reader will certainly be reminded of the key topics that have to
be considered for planning and implementation of this process.
Initial planning
When beginning the process planning the following items must be completed:
CHECK DESCRIPTION
or
2 or date
Get agreement on the objective (use the ITIL definition), purpose,
scope, and implementation approach (e.g. Internal, outsourced,
hybrid) for the process.
Page 184
Disaster Recovery Workbook
Review the finances required for the process as a whole and any
associated systems (expenditure including people, software,
hardware, accommodation). Dont forget that the initial
expenditure may be higher than the ongoing costs. Dont forget
annual allowances for systems maintenance or customizations to
systems by development staff.
Policy Statement
It helps us to think clearly about and agree on the reasons WHY effort is put
into this process.
The most common mistake made is that reasons regarding IT are given as
the WHY we should do this. Reasons like to make our IT department more
efficient are far too generic and dont focus on the real issue behind why this
process is needed.
The statement must leave the reader in no doubt that the benefits of this
process will be far reaching and contribute to the business in a clearly
recognizable way.
Objective Statement
When you are describing the end or ultimate goal for a unit of activity that is
about to be undertaken you are outlining the OBJECTIVE for that unit of
activity.
Of course the activity may be some actions for just yourself or a team of
people. In either case, writing down the answer to WHERE will this activity to
me/us/the organization is a powerful exercise.
There are many studies that indicate the simple act of putting a statement
about the end result expected onto a piece of paper, then continually referring
to it, makes achieving that end result realistic.
Page 185
Disaster Recovery Workbook
Scope Statement
In defining the scope of this process we are answering what activities and
what information interfaces does this process have.
Dont get caught up in trying to be too detailed about the information flow into
and out of this process. What is important is that others realize that
information does in fact flow.
Page 186
Disaster Recovery Workbook
There can be a variety of ways to implement this process. For a lot of organizations
a staged implementation may be suited. For others a big bang implementation
due to absolute equality may be appropriate.
Disaster
Gradual Recovery
Intermediate Recovery
Immediate Recovery
Page 187
Disaster Recovery Workbook
The priority selection has to be made with other factors in mind, such as competitive
analysis, any legal requirements, and desires of politically powerful influencers.
Costs
(A variety of symbols have been provided to help you indicate required expenditure,
rising or falling expenditure, level of satisfaction regarding costs in a particular area,
etc.
Accommodation
Costs of housing new staff and any associated new
equipment and space for documents or process related
concepts.
Software
New tools required to support the process and/or the
costs of migration from an existing tool or system to the
Page 188
Disaster Recovery Workbook
new one.
Maintenance costs
Hardware
New hardware required to support the process
activities. IT hardware and even new desks for staff.
Education
Re-education of existing staff to learn new techniques
and/or learn to operate new systems.
Procedures
Development costs associated with filling in the detail of
a process activity. The step-by-step recipe guides for all
involved and even indirectly involved personnel.
In most cases, costs for Process implementation have to be budgeted for (or
allocated) well in advance of expenditure. Part of this step involves deciding on a
charging mechanism (if any) for the new services to be offered.
Each process requires a process owner and in most situations a team of people to
assist.
Refer to Roles and Responsibilities on page 167 for roles, responsibilities and
tasks of involved personnel.
Page 189
Disaster Recovery Workbook
Area Notes
Power teams
Other
Implementation Planning
After base decisions regarding the scope of the process and the overall planning
activities are complete we need to address the actual implementation of the process.
It is unlikely that there will not be some current activity or work being performed that
would fit under the banner of this process. However, we can provide a
comprehensive checklist of points that must be reviewed and done.
Activity Notes/Comments/Time
Frame/Who
Review current and existing IT Service Asset & Continuity
Management practices in greater detail. Make sure you also
review current process connections from these practices to
other areas of IT Service Delivery and Support.
Page 190
Disaster Recovery Workbook
The question of when a new process actually starts is one that is not easy to answer.
Most process activity evolves without rigid starting dates and this is what we mean
when we answer a question with thats just the way its done around here.
Ultimately we do want the new process to become the way things are done around
here, so it may even be best not to set specific launch dates, as this will set the
expectation that from the given date all issues relating to the process will disappear
(not a realistic expectation).
Page 191
Disaster Recovery Workbook
Page 192
Disaster Recovery Workbook
5 FURTHER READING
For more information on other products available from The Art of Service, you can
visit our website: http://www.theartofservice.com
If you found this guide helpful, you can find more publications from The Art of
Service at: http://www.amazon.com
Page 193