Continuity management ensures fail-safety of IT infrastructure

Power failures in the Netherlands, at the Bochum University, and at the Employment Agency cripple the whole IT

Be it floods, technical accidents, or complete power outages: nobody is immune to catastrophes and ever so often companies are affected as well, whose production stagnates as a result or even comes to a grinding halt. In this, the survivability of a lot of business operations is dependent on continuously available IT services and their underlying IT infrastructure.

Together with its customers, noventum consulting plans the safeguarding against failure of the IT infrastructure and helps with appropriate processes and procedures to be adequately prepared for emergencies and crises.

The availability of current and correct descriptions regarding the recovery is also the subject of statutory requirements and regulations. More and more customers demand a functioning continuity management as a prerequisite for order assignment. This is also of great significance for obtaining appropriate insurance coverage as well as for audit certifications.

WHAT IS THE CONCRETE CHALLENGE?

The planning and implementation of continuity management not just from a process point of view, but also taking into consideration the necessary fail-safe IT infrastructure:

The customer point of view:　

• How do I ensure that my IT infrastructure and my processes and procedures fulfil the requirements posed by a continuity management?
• Is my external provider capable of fulfilling my requirements with respect to continuity management?

 

The provider point of view:

• How do I ensure that my customer's requirements regarding a fail-safe infrastructure are planned and implemented efficiently?
• How do I manage to integrate my customer's requirements regarding continuity management into the existing internal processes and procedures?

WHAT DOES THE SOLUTION APPROACH OF NOVENTUM LOOK LIKE?

The noventum consultants utilise the "noventum lifecycle for continuity management". This is a recurring process that has to adapt itself constantly to the new requirements of the business operation and the fail-safety resulting therefrom. They pursue the approach of a holistic view of continuity management and of integrating processes and IT architecture in this.

 

THE PROJECT'S FLOW

Initiation

Based on the current business strategy, the scope is determined jointly, and a continuity project is initiated.

 

Requirement and strategy

Potential risks are identified, and an analysis is carried out as to which business processes are considered business-critical. Based on this information, a target architecture of the future IT infrastructure is developed that reflects the requirements with respect to fail-safety for, for example, business-critical environments. From this, a continuity strategy can be derived that represents an ideal balance between risk-reducing measures and recovery options.

 

Implementation

Planning and implementing

• an emergency organisation in which the roles and responsibilities are defined (this includes decision-makers, communication locations, and recovery teams)
• a fail-safe IT infrastructure with standby arrangements and risk-reducing measures
• IT recovery plans at an appropriate level of detail for dealing with emergencies and crises
• procedures for carrying out emergency tests
• A successful initial test for checking the quality of the IT recovery plans concludes the implementation phase.

 

Operational Management

To ensure a successful regular operation, the following activities must be performed regularly:

• Monitoring
• Continuing education and Training
• Review and Audit
• Regular emergency tests

 

Update and maintenance

• Updating of the IT recovery plans
• Maintenance of IT infrastructure, new releases

 

 

If the sourcing strategy plans for the provision of business-critical services by an external service provider, noventum helps in ensuring that the provider takes into consideration the requirements with respect to availability and fail-safety of the IT infrastructure. In addition, it is being ensured that this is done based on processes and procedures, and that it is tested regularly and adequately.

The noventum consultants utilise tried and tested methods to support providers in the planning and implementation of fail-safe IT infrastructures. Also, the existing internal processes and procedures are adjusted based on the customer's requirements.

The following steps and results are part of the continuity management process:

• A risk assessment and business impact analysis are carried out.
• Critical services and business processes have been identified.
• Potential risks have been analysed and assessed.
• An IT continuity strategy has been defined.
• A target architecture of the IT infrastructure has been defined and documented.
• An IT infrastructure with an optimal and balanced relationship between fail-safety and investment protection has been developed.
• The existing IT infrastructure has been recorded and documented. 
• An IT infrastructure with standby arrangements and risk-reducing measures has been implemented, adjusted to the identified need. 
• An emergency organisation has been set up, roles and responsibilities have been documented and communicated.
• A crisis team organisation has been defined.
• For the emergency management, employees have been named and responsibilities defined.
• IT recovery plans for dealing with emergencies and crises have been documented and communicated.
• Relevant flows/processes, activities, and methods for dealing with emergencies have been developed.
• Tried and tested documentations are available for dealing with emergencies.
• An initial test for checking the quality of the IT recovery plans has been carried out and the results have been analysed.
• Information regarding the completeness and correctness of the IT recovery plans is available. 
• The duration of the recovery after an emergency or a crisis is known. 
• The process for the "operational management" has been set up. 
• The activities for regular operation have been defined and set up.
• The awareness of the needs of a continuity management has been created.

WHY CONTINUITY MANAGEMENT?

• The next crisis or next emergency will certainly come (e.g. a power failure, flood, loss of a critical supplier). It is imperative to be prepared for this.
• The handling of the re-establishing of the IT services after an emergency or a crisis is predictable and planable.
• An IT service continuity management implemented as a process is relevant to an audit.
• Statutory requirements and regulations are fulfilled through proof of a functioning continuity management.