DS04: Ensure continuos service

DS4 Ensure Continuous Service

Control over the IT process of ...
ensuring continuous service

with the business goal

to make certain IT services are available as required and ensuring a minimum business impact in the event of a major disruption

is enabled by

implementing an operational and tested IT continuity plan which is in line with the overall business continuity plan and its related business requirements
and takes consideration
- Critical Success Factors that leverage
- specific IT Resources and is measured by
- Key Performance Indicators

Record of Assessment

Assignment ID: *

Enter Name: *

Reference Code: *

Enter Location: * Tel. Num: *

Enter Full e-mail Address:

Control Objective:

Ensure continuous service

CRITICAL SUCCESS FACTORS
*Selected*	*Status*	Description
*		A no-break power system is installed and regularly tested
*		Potential availability risks are proactively detected and addressed
*		Critical infrastructure components are identified and continuously monitored
*		Continuous service provision is a continuum of advance capacity planning, acquisition of high-availability components, needed redundancy, existence of tested contingency plans and the removal of single points of failure
*		Action is taken on the lessons learned from actual downtime incidents and test executions of contingency plans
*		Availability requirements analysis is performed regularly
*		Service level agreements are used to raise awareness and increase co-operation with suppliers for continuity needs
*		The escalation process is clearly understood and based on a classification of availability incidents
*		The business costs of interrupted service are specified and quantified where possible, providing the motivation to develop appropriate plans and arrange for contingency facilities
*		*
*		*
KEY GOAL INDICATORS
*		No incidents causing public embarrassment
*		Number of critical business processes relying on IT that have adequate continuity plans
*		Regular and formal proof that the continuity plans work
*		Reduced downtime
*		Number of critical infrastructure components with automatic availability monitoring
*		*
*		*
*		*
*		*
KEY PERFORMANCE INDICATORS
*		Number of outstanding continuous service issues not resolved or addressed
*		Number and extent of breaches of continuous service, using duration and impact criteria
*		Time lag between organisational change and continuity plan update
*		Time to diagnose an incident and decide on continuity plan execution
*		Time to normalise the service level after execution of the continuity plan
*		Number of proactive availability fixes implemented
*		Lead time to address continuous service short-falls
*		Frequency of continuous service training provided
*		Frequency of continuous service testing
*		*

Conclusions:
* Non-existent

There is no understanding of the risks, vulnerabilities and threats to IT operations or the impact of loss of IT services to the business. Service continuity is not considered as needing management attention.

* Optimised

Integrated continuous service processes are proactive, self-adjusting, automated and self-analytical and take into account benchmarking and best external practices. Continuous service plans and business continuity plans are integrated, aligned and routinely maintained. Buy-in for continuous service needs is secured from vendors and major suppliers. Global testing occurs and test results are fed back as part of the maintenance process. Continuous service cost effectiveness is optimised through innovation and integration. Gathering and analysis of data is used to identify opportunities for improvement. Redundancy practices and continuous service planning are fully aligned. Management does not allow single points of failure and provides support for their remedy. Escalation practices are understood and thoroughly enforced.

* Managed and Measurable

Responsibilities and standards for continuous service are enforced. Responsibility for maintaining the continuous service plan is assigned. Maintenance activities take into account the changing business environment, the results of continuous service testing and best internal practices. Structured data about continuous service is being gathered, analysed, reported and acted upon. Training is provided for continuous service processes. System redundancy practices, including use of high-availability components, are being consistently deployed. Redundancy practices and continuous service planning influence each other. Discontinuity incidents are classified and the increasing escalation path for each is well known to all involved.

* Defined Process

Accountability is unambiguous and responsibilities for continuous service planning and testing are clearly defined and assigned. Plans are documented and based on system criticality and business impact. There is periodic reporting of continuous service testing. Individuals take the initiative for following standards and receiving training. Management communicates consistently the need for continuous service. High-availability components and system redundancy are being applied piecemeal. An inventory of critical systems and components is rigorously maintained.

* Repeatable but Intuitive

Responsibility for continuous service is assigned. The approaches to continuous service are fragmented. Reporting on system availability is incomplete and does not take business impact into account. There are no documented user or continuity plans, although there is commitment to continuous service availability and its major principles are known. A reasonably reliable inventory of critical systems and components exists. Standardisation of continuous service practices and monitoring of the process is emerging, but success relies on individuals.

* Initial / Adhoc

Responsibilities for continuous service are informal, with limited authority. Management is becoming aware of the risks related to and the need for continuous service. The focus is on the IT function, rather than on the business function. Users are implementing work-arounds. The response to major disruptions is reactive and unprepared. Planned outages are scheduled to meet IT needs, rather than to accommodate business requirements.

Settings will expire on:

(Do NOT edit.) Field set by Form.

Save and E-mail this form. (Saves only "*" fields & sends E-mail to address above):

Maintenance Functions

Note: If using Netscape on a Macintosh you may have to submit twice, the first will fail, or you can push the "Save Changes and/or Set New Expiration" then Submit.