Objective: business continuity (thanks to IT)

6 de May de 2020

...Or how to start your ITSCM practice in only 5 steps

At this point in the movie, there are in essence two things that could have happened to you:

  1. Either your business has foundered, brought down by the IT department or perhaps bringing the IT department down with it in which case it will not be very useful to you to learn for your next job.
  2. Or your business and the IT department have overcome the storm (or you are in the process), and hence you are learning a wealth of things the hard way.

I really hope that yours is the second of these two possible options, but in either case, you have no choice (nobody does, starting from myself) but to keep learning.

If yours is the second case, then you have surely had to do a balancing act with your resources, optimizing them to the greatest possible extent, making a thousand changes in order to keep operating, start up a few devices at one place and put up a few firewalls at another... And what is clear is that now you have two types of new knowledge that you cannot allow to escape: what you have done, and how you have done it. And so, before you forget it, document it! This way you can lay the foundation for business continuity management.

Document it and learn from it so that you do not forget for the next time. Because whether you like it or not or whether you realize it or reject the idea, there surely will be a next time. Hopefully not such a rude awakening as this time, but there will be a next time. . . Don’t doubt it! It is a question of when, and so we will have to be prepared. And we must have a plan for business continuity management.

And specifically for this purpose: to be prepared for the next emergency (and now I am talking about IT), I would like you to take advantage of the momentum and lay the cornerstone for your IT Service Continuity Management (ITSCM) process. On the other hand, this is a basic building block on which Business Continuity Management (BCM) process is based. I made a mistake, in ITIL 4, they are no longer called processes, now they are practices...

Let’s get on with business continuity!

1.- Understand and document what has happened

Basically, we have put into effect, as quickly as possible, a complete plan for IT service continuity. It might be that you are not aware of this, or that you have never called it by this name, but that is what has happened. And so, first of all, congratulations!!

Now the important thing is that this entire barrage of steps that you have taken for business continuity and the lessons that you have learned be recorded somewhere, that you do not forget them.

  • How did you start up the backup devices? Document this.
  • How did you configure the network for users who work remotely? Document this.
  • How was everything configured in the end? Document this.
  • Document it, document all of it.

Fill the knowledge base with all this information before it gets away. It makes no difference that it is a little bit disorganized. That is not important, since you can organize it later on, but don’t let your ideas get away.

2.- Make a list of the services that you are providing to your organization

Everything that you have done, you have done this way and not in any other way, because your business has requested of you that certain services -and not other- are operational, isn’t that right? Well, then, it is very simple: these are the critical services. Hang on to this concept. Which are these critical IT services that you organization needs so that business does not grind to a halt? Identify them, and ...document them, too. We will return to this topic later on, because it will be a very important point.

Since we have reached this point, the critical services are more or less clear, but surely these services are supported by or require the existence of other services. And surely there are services that were not critical the first week, but that gradually became more necessary.

Compile the list of all these other IT services that you provide to the organization, and while you are at it, put them in order according to their criticality for the business. You are well aware of the criticality of some of them, because you just experienced it, and for the rest, try to use your intuition. It doesn’t matter if you make a mistake, you will modify this later, but don’t forget to make a note of which services have been critical now, and in what order you have needed them.

3.- Guarantee that you know and control your entire infrastructure

After the deluge of changes in configuration, expansions, reconfigurations, maybe new applications and systems,...Are you sure that you have everything under control? The tsunami has ebbed, but this entire infrastructure remains. And you will have to maintain it. And arrange licenses for it. And renew it. And make a backup. And protect it. Shall I go on?

The idea is to have a clear idea (very clear) about how much of the mortgage remains and organize your affairs well to be able to pay it (in the figurative sense, .... Or not really).

Once again, document everything, although on this occasion you will not have to do so manually, because your Discovery system will do it for you. Because, either you have one, or you install one. You don’t have many more options, but now the important thing is that nothing gets out of control.

As above, you still remember now, more or less, what you have done, what you have purchased, what you have installed,...get the most out of your inventory system and guarantee that you have all the information.

Completeness, this is the objective of this step, to guarantee the completeness of the inventory. Why? In the next section, you will see why...

4.- Define who is who in the provision of the services

If you have a list of the services that you provide (because you identified them in Section 2), and you also have the details of your infrastructure (because you have taken inventory in the previous step), you only have to correlate one with the other. What do you use each of your IT assets for? Or in other words, what do you use to provide each of your services?

This model for identifying what you use each item for is documented in the CMDB (yes, once again you have to document it). The good news is that, if everything has been integrated properly, then you will have all elements of your infrastructure registered already in the CMDB (it should have done the inventory for you), and you will only have to link them with the services (the tool should take care of the rest of the work).

5.- Organize what to do when something (or everything) goes wrong

All done, now you are finished!

Since you now know the infrastructure that you have, you know what you use to provide each service, you know which are the most critical services and in the first step you have also documented what you did to keep them operational in times of crisis; this combination of all the preceding factors is the perfect starting point for your ITSCM process ( business continuity management)

To launch your brand-new disaster recovery plan, all you have to do is reuse everything above.

  • Identify which are the critical IT services that must be kept operational, and in what order you have to restore them if they crash (you already did this in Step 2).
  • Focus on the infrastructure that you need to keep these services operational (you already identified it in Steps 3 and 4).
  • Make a list of the tasks to be performed when the next tsunami comes - remember, it will come, we don’t know when, but it will…- (And you also did this, it was the first task, in Step 1)

Ready, done, now you have it!

Well, you have the first building block for your IT Service Continuity Management practice. We have simplified everything a little bit, and we have stuck to the basics, but it is already much more than nothing. Of course, we focused on the most reactive part of the practice, but at least it’s something. Starting from here, the usual, continuous improvement, spin the Deming Cycle on the slope (they should have drawn it going downhill and not going uphill, but that is another matter…). Where would I start with this improvement? Surely by endowing the ITSCM with a more proactive component (not only reactive) and analyzing somewhat which are the risks that your services must confront, and when possible, do something to attempt to mitigate them. But this is another matter, after everything that we have gone through (are going through), I think we deserve a break, don’t you? And so these improvements will be for next time, and for now we will stick with what we already have, and it is quite a lot!

I hope that you enjoy it, and farewell

Alejandro Castro, Proactivanet’s Technical Director

Subscribe to our Blog
Loading

5 steps to initiate your ITSCM practice

I am one of the people who try to find a...

Don’t have a negative attitude, not everything is bad in continuity management

Let’s recognize that every time we speak of continuity management we...

Risk Management: the Swiss cheese model

Can we use the Swiss cheese model utilized to analyze workplace...