Preface
In our last Newsletter, that was the second of several parts, presented in detail the processes and methods required to define, characterize, and develop ITSM Service Continuity best practices and deal directly with Disaster Recovery Planning. The first Newsletter in the series presented the high level areas that make up ITSM Service Continuity methods and processes and presented in detail those items that make up Business Impact Analysis in these areas.

Introduction
This newsletter for September/October, 2003 is the third of several parts that will finalize the presentation of the 14 necessary components and steps to developing an effective ITSM Service Continuity, Disaster Recovery Plan.

What is ITSM Service Continuity?
In review, ITSM Service Continuity typically includes the following major elements:
      Business Impact Analysis (Last Newsletter)
      Disaster Recovery Planning (This and the Next Newsletter)
      Information Technology Infrastructure for Service Continuity (Future Newsletter)

It should be noted that business impact analysis is included as the initial and critical purpose of any disaster recovery effort since a business impact analysis is necessary to provide input to a subsequent disaster recovery planning effort. Subsequently, disaster recovery is a main and critical component of ITSM Service Continuity.

Disaster Recovery Resource Requirements
In review, DRP resource requirements includes the following major elements, based on the business impact analysis findings, having an application system granularity level:
     1) Enter the estimated maximum amount of technology required by this application system for normal operation
           Amount of Processor, Memory, Disk Space (Gigs), Bandwidth, etc.
           Number of Devices: Servers, Workstations, Disk, CD, Tapes, Printers, etc.
           Number of Communications Devices: Routers, Hubs, etc.
           Physical and Logical Configuration and Communication of Network.
           Any other Special Considerations
     2) List all databases/files by ID that are required to restart this application system after a total disaster. Include filename/ID, whether backups are stored onsite or offsite, and the frequency of the backup
     3) List all actions or steps to restart this application system after a total disaster.

Disaster Recovery Business Requirements
In review, DRP business requirements includes the following major elements, based on the business impact analysis findings, having an application system granularity level:
     1) Enter the Customer, Department, Date, Application System Name and Number (if applicable)
     2) Enter the Disaster Recovery Priority assigned for this application and whether it is agreed by both Customer and IT. List the reasons if there is disagreement.
     3) List the Business Functions supported by this application.
     4) Operating impact if this application is lost.
     5) Legal and regulatory impact (if applicable) if this application is lost.
     6) Financial impact - Cost to the Agency, organization, or loss of profits if this application is lost. For 1 hour, 1 day, 2 days, and 1 week. Describe how this was calculated.
     7) Intangible losses if this application is lost.
     8) What are the important time cycles for this application (if any)?
     9) Could you use alternative methods to replace this application for a temporary period of time? If so, for how long?
     10) Would the loss of this application affect Customers? If so, then how and to what extent?
     11) If a disaster caused a loss of data entered the past day, two days, etc., how far back could that data be obtained and reentered? If so, then would this be done and how long would that take?

ITSM Service Continuity Methods and Best Practices
In review, the first 7 important ITSM Service Continuity Information Areas:
     1) Overview
     2) Application Inventory and Criticality Ratings
     3) Disaster Recovery Teams
     4) Off-Site Backups
     5) Critical Application System Resource Requirements
     6) Alternate Processing Strategies and Inventories Required
     7) Operating Procedures

RL Consulting IT Service Management Tools and Workshops

RL Information Consulting Announces an ITSM Self Assessment Solution Package
   » Documented Proprietary Methodology
   » Proprietary Excel Spreadsheet
   » GAP Analysis
   » Criticality Matrix
   » Evaluation Checklist
   » Orientation Presentation

CLICK HERE - For Additional Information and Pricing

Utilizing SolutionMethod™ proprietary questions and evaluation processes, RL Consulting employs 3 automated tools; ITSM Assessment Worksheet, ITSM ROI Worksheet, and ITSM Implementation Readiness Worksheet.

Education and Training - 1, 2, and 3 Day ITSM Workshops that offer a broad range of training beginning with Management level, through Strategy and Planning, to Implementation.

To Learn More About These Tools and Workshops and How They Can Help You - Click Here -

Find Out About Our 4 Week ITSM Maturity Assessment Service
and How It Can Assist You
- Click Here -


ITSM Service Continuity Methods and Best Practices
The disaster recovery planning methodology consists of many disaster recovery planning processes. The contemplated disaster recovery planning effort, which will be performed after the disaster recovery business impact analysis, will be accomplished utilizing the disaster recovery planning processes, which are summarized below.

Important ITSM Service Continuity Information Areas (Remaining 7 of 14)
     8) Critical Application Systems Recovery - The procedures and strategies required for recovery of each critical application system needed in the event of a disaster should be documented and tested. Application system recovery is the process of restoring application system data and software to a point of known integrity after the original integrity of the processing, or data, has been lost. Once the total recovery process has been completed, the system can be restarted and normal operations resumed. Recovery techniques will vary depending upon the nature of the processing; whether it is batch, on-line, or a combination of both. The criticality of the system and the data involved dictates the degree of recovery measures implemented. Recovery can involve the use of techniques to reconstruct the status of the system as it was immediately prior to failure. If the system cannot be recovered to where it was immediately prior to the disaster, the recovery process also involves the reconstruction and/or correction of any data that was lost or damaged. Systems recovery should be closely coordinated with off-site backup efforts to assure the proper and most current data is available.
     9) Vendor Contact Information - Documentation of vendor information is needed to provide for expeditious recovery. Designation of individuals at each vendor company will provide a focal point when emergencies occur and allow a vendor to be familiar with the requirements for successful recovery. Vendor agreements should be copied and maintained with the disaster recovery plan. This will allow easy reference and provide the information vendors require to service the account. Special procurement, supply and shipment considerations from vendors, in the event of a disaster, should be negotiated, documented and included in the agreements.
     10) Support Considerations - In the event of a disaster, a timely and orderly recovery of data processing capabilities is dependent on the availability and coordination of personnel and resources throughout the entire company. Therefore, as the disaster recovery strategy is formulated and external tasks and resource requirements are identified, involvement from external organizations (e.g. finance, facilities, personnel, public relations, etc.) is mandatory to produce a workable plan.
     11) Facility, Office and Reconstruction - Facility specifications and office space requirements needed in the event of a disaster should be documented. This forecast of facilities and office space must consider the recovery priorities assigned to each system, the amount of time during which processing will be performed without full capability and the hardware, software and support needs of existing systems. One approach to defining facility and office requirements in the event of a disaster is to document existing facilities, office space, physical and environmental specifications and any other information pertaining to the current environment. This specification of the current environment will serve a two-fold purpose. It will provide a reference for defining and documenting minimum facility and office requirements in a disaster situation and will assure the availability of documentation needed for reconstruction if a total disaster occurs.
     12) Training - Personnel should be knowledgeable of their responsibilities, roles and specific tasks required to execute the disaster recovery plan. Each supervisor or manager who has disaster recovery responsibilities or whose work force members are expected to participate in disaster recovery operations should insure that assigned personnel receive proper instructions. Well-trained personnel can often prevent a disaster or, at the very least, limit the resulting damage. Participation in plan testing and documentation of test results will insure that training takes place, that disaster recovery awareness exists and that responsibilities are understood and executable.
     13) Testing - In order to evaluate the disaster recovery plan and verify the accuracy of the data and strategies developed, the plan must be tested on a reoccurring basis. Testing serves to:
           Demonstrate the ability to recover from a disaster
           Verify that the disaster recovery plan documentation works
           Test the feasibility and compatibility of backup facilities
           Identify and correct weaknesses in the plan
           Train members of the disaster recovery teams
           Increase confidence in the ability to recover
           Evaluate the adequacy of external support
           Enforce continual maintenance of the disaster recovery plan
The overall testing of the disaster recovery plan usually proceeds in phases. The first phase tests the contents of the off-site storage facility. The next phase is a "paper" test involving each disaster recovery team. This is followed by testing recovery at the alternate processing facility with involvement of team members. A large "paper" test involves all teams working together to solve an exercise in responding to a disaster. It is best to wait until the plan has been tested many times before calling a mock disaster where most participants do not know when a test will be run. It is usually practical to start with testing components of the plan and, as problems are resolved, to build up to more comprehensive tests. An un-tested, un-maintained disaster recovery plan can be worse than having no plan at all since your organization and its Management may believe the business is protected, when in reality it is not.
     14) Maintenance and Review - The primary objective of maintaining disaster recovery capabilities is to ensure that planned and tested procedures will work properly regardless of personnel, hardware or system changes. Maintenance requirements must be incorporated into normal business functions and accomplished on a continuing basis. Maintenance instructions should be a part of the standard documentation that is used in the normal course of business operations. Changes in software, hardware, facilities, telecommunications or personnel require maintenance procedures to keep the disaster recovery plan up to date. This ensures that procedures are accurate and reflect the current environment.

In the next Newsletter we will present IT Infrastructure and Service Continuity considerations.

Is Your Company Triple "A" Rated?

      Aware - Of internal and external factors that could impact your business
      Adaptable - To change the focus of your company's resources and expertise depending on changes in internal and external factors
      Agile - To focus your company's resources and expertise effectively and efficiently in the quickest manner possible


What if you could do this proactively?


RL Consulting Utilizes:
The Proactive Business Model, Realization of Benefits, ITSM ROI, SAGA Business Strategy, and Enterprise Infrastructure Architecture

Leveraging Knowledge Management to Optimize Decision Support Systems Proactively
One step beyond IT Service Management,
One Generation beyond Information Systems

Downloads

White Papers:
   » SLA Description and Templates
   » Consolidation Questionnaires
   » Service Continuity Methods
   » Project Management Practices
   » Developing a Communication Plan
   » Data Management Process
   » Proactive Business Model
   » Realization of Benefits
   » SAGA Business Strategy
   » Enterprise Infrastructure Architecture

Service Briefs:
   » ITSM Maturity Assessment
   » Incident and Problem Management
   » Service Continuity
   » Configuration and Change Management
   » Service Level Management
   » Capacity Management
   » Availability Management
   » Release Management

- Click Here -

Additional Information
Visit www.itsm.info to learn about ITSM, IT Infrastructure Library (ITIL), and SolutionMethod™ (a Policy Based ITSM Approach). In addition, you can download free and informative white papers, questionnaires, and service briefs. This includes more in-depth information on the topics presented in this newsletter.

To learn how RL Consulting can assist in achieving IT Service Management goals and our full range of solutions:
Contact us at RL_Consulting@ITSM.info or phone us at 602-996-6830

Tell a fellow IT Professional

Sign up for our Monthly ITSM Newsletter

* In the upcoming months this newsletter will contain important information concerning the various aspects of IT Service Management. If you no longer wish to receive this newsletter simply reply to this message with "REMOVE" in the subject line.

Volume 7 - September/October, 2003
This newsletter and the information contained herein is maintained by Rick Leopoldi and property of RL Information Consulting LLC.