Since the methodology of “Contingency Planning”, there have been significant changes in technology and the way in which technology is used within the business. The dependencies between business processes and technology are now inter-twined that Contingency Planning (or Business Continuity Management as it is now sometimes referred) Incorporates both a business element ( Business Continuity Planning) and a technology element (IT Service Continuity Management Planning). Their dependencies on each other determine that one is a subset of the other, depending on the nature of the business and the extent to which technology has pervaded the organisation.
In today’s highly competitive and service-oriented business environment, organisations are judged on their ability to continue to operate and provide a service at all times. ITSCM is concerned with managing an organisations ability to continue to provide a pre-determined and agreed level of IT Services to support the minimum business requirements following an interruption to the business. This may range from an application or system failure to a complete loss of the business premises. As such, ITSCM forms an integral part of the BCM process to ensure that IT Services and facilities can be provided.
The goal for ITSCM is to support the overall Business Continuity Management process by ensuring that the required IT technical and services facilities (including computer systems, networks, applications, telecommunications, technical support and Service Desk) can be recovered within required, and agreed, business timescales.
ITSCM focuses on the IT Services required to support critical business processes. The impact of a loss of a business process, such as financial loss, damage to reputation or the regulatory breach, are measured through a Business Impact Analysis, which determines the minimum critical requirements The specific IT technical and service requirements are supported by ITSCM. The scope of ITSCM within an organisation is determined by the organisational structure, culture and strategic direction (both business and technology) in terms of the services provided and how these develop and change over time.
As organisations become more dependent upon technology, which is now a core component of most business processes, continued Availability of IT is critical to their survival. This Availability is accomplished by introducing risk reduction measures such as resilient systems, and recovery options including backup facilities. Successful implementation of ITSCM can only be achieved with visible senior management commitment and the support of all members of the organization. Ongoing maintenance of the recovery capability is essential if it is to remain effective.
The annual spend on ITSCM can be likened to an insurance premium and, like insurances, the optimum spend is determined by the circumstances and risks that could influence the organizations business. The variety and frequency of events that pose a threat to business in today’s technology age have forced organisations to regard the continuing requirements for ITSCM as part of their corporate and management philosophy and culture. This allows an organization to identify, assess and take responsibility for managing its risks, thus enabling it to understand better the environment in which it operates, decide which risks it wishes to counteract and act positively to protect the interest of all stakeholders (Including staff, Customers, Shareholders, third parties, creditors). ITSCM can complement this activity and help to deliver business benefit.