SP8: Ensure continuity

From YaSM Service Management Wiki
Revision as of 16:15, 10 November 2023 by Stefan (talk | contribs) (Updated process name to: SP8: Ensure continuity; replaced the term disaster with critical event in process definitions, data object names and definitions, etc.)

auf Deutsch


 

Process name: Ensure continuity - Part of: Supporting processes

Previous process: Ensure security

Next process: Ensure compliance

 

Process description

The service continuity process in YaSM (fig. 1) ensures service continuity in the case of critical, disruptive events, such as floods, fires, power failures, etc.

Preparing for critical events starts with the compilation of a register of managed critical events, which lists the types of disruptive events for which the service provider has decided to put some kind of preparation in place. The register also specifies the responses to the identified events, in particular the related service continuity plans.

Fig. 1: Ensure continuity. - YaSM continuity management and disaster prevention process SP8. - Related with: Practice of ITIL 4 service continuity management.
Fig. 1: 'Ensure continuity':
YaSM service continuity management process SP8.


The continuity manager may ensure service continuity in a number of ways. Most importantly, this role is involved in the service design and build stages to ensure continuity aspects are taken into account when creating or updating services. Once it has been established during service design which continuity arrangements and mechanisms are required for a new service, these can be put in place, notably

  • Through the service build process, by adding suitable continuity features to the service infrastructure that is to be created
  • Through the continuity management process, by updating continuity arrangements and mechanisms which are operated under the responsibility of the service continuity manager.

The service continuity manager is also involved in service or process improvement initiatives if service continuity aspects are to be considered.

If new types of critical events are to be addressed or if the continuity arrangements need to be upgraded for other reasons, the service continuity management process may start continuity improvement initiatives on its own account. Such initiatives are managed through the continuity improvement plan.

 

Compatibility: The YaSM continuity management process is aligned with ISO 20000, the international standard for service management (see ISO/IEC 20000-1:2018, section 8.7), and it corresponds to the practice of 'ITIL 4 service continuity management'.

Sub-processes

YaSM's service continuity management process has the following sub-processes:

SP8.1: Assess risks associated with critical events
Process objective: To identify the disruptive events which need to be managed by the service provider, and to define appropriate continuity arrangements and mechanisms.
SP8.2: Define continuity improvements
Process objective: To define the objectives of initiatives to improve service continuity and the approach for their implementation. This includes creating business cases for the initiatives.
SP8.3: Start up continuity improvement initiatives
Process objective: To launch initiatives aimed at ensuring or improving service continuity. This includes obtaining authorization by requesting a budget and submitting a request for change.
SP8.4: Implement continuity arrangements
Process objective: To implement, test and deploy new or improved continuity arrangements and mechanisms.
SP8.5: Operate the continuity arrangements
Process objective: To arrange adequate training to prepare the service provider's staff and customers for critical events, and to ensure regular maintenance and testing of the continuity arrangements and mechanisms.
SP8.6: Review the continuity arrangements
Process objective: To submit the continuity arrangements and mechanisms to regular reviews, in order to identify potentials for improvement to be addressed by continuity improvement initiatives.

Process outputs

This section lists the documents and records produced by 'ensure service continuity'. YaSM data objects [*] are marked with an asterisk, while other objects are displayed in gray.

Budget request
A budget request is typically issued to obtain funding for setting up, improving or operating a service or process. An approved budget request means that the required financial resources have been allocated by the financial manager. [*]
Change record
A change record contains all details of a change, documenting the lifecycle of a single change. In its initial state, a change record describes a request for change (RFC) which is to be assessed and authorized prior to implementing the change. Further information is added as the change progresses through its lifecycle. [*]
Change status information
Current status information related to the implementation of a change. This information is sent to the change manager from the various processes that implement authorized changes. It is used by the change manager to keep the change records and the change schedule up-to-date.
CI record
Configuration information is maintained in CI records for all configuration items (CIs) under the control of the configuration manager. In this context, CIs can be of various types: Applications, systems and other infrastructure components are treated as CIs, but often also services, policies, project documentation, employees, suppliers, etc. Configuration information is stored in the configuration management system (CMS). [*]
Continuity improvement plan
Items in the continuity improvement plan are used by the service continuity manager to record and manage continuity improvement initiatives throughout their lifecycle. Initiatives in the continuity improvement plan may aim to enhance the resilience of services or to put mechanisms in place for the recovery of services in the case of critical events. [*]
Continuity operation manual
The continuity operation manual specifies the activities required for the operation of the continuity arrangements and mechanisms operated under the responsibility of the service continuity manager. Some instructions related to the operation of particular security systems may be documented in separate technical manuals or 'standard operating procedures (SOPs)'. [*]
Continuity review report
A continuity review report records the details and findings from a continuity review. This report is an important input for the definition of continuity improvement initiatives. [*]
Data for project plan update
Current information related to project progress and resource consumption. This information is sent from various service management processes to the project manager as input for project control.
Guideline for critical events
The guideline for critical events contains detailed instructions on when and how to invoke the procedure for responding to critical, disruptive events. Most importantly, the guideline defines the first steps to be taken by 1st level support after learning that a (suspected) critical event has occurred. [*]
Index of continuity-relevant information
A catalogue of all information that is relevant in the context of responding to critical, disruptive events. This index is maintained and circulated by the service continuity manager to all members of staff with responsibilities for fighting critical events. [*]
Purchase request
A request to procure goods or services from an external supplier. Purchasing requests are typically sent to the supplier manager, for example if applications, systems or other infrastructure components are needed for setting up a new service, or if standard infrastructure components and consumables are required for service operation.
Recovery plan
Recovery plans contain detailed instructions for returning specific services and/ or systems to a working state, which often includes recovering data to a defined consistent state. [*]
Register of managed critical events
The register of managed critical events is a tool used by the service continuity manager to keep an overview of the critical events against which the service provider has decided to set up some kind of protection, considering the potential impacts and occurrence likelihoods. The register of managed critical events also specifies the responses to the identified events, in particular the related service continuity plans. [*]
Request to assess security risks
A request to assess security risks, typically issued during service design if new or changed security controls and mechanisms are likely to be needed for a new or improved service.
Service continuity plan
A service continuity plan describes how service continuity is ensured with regards to a particular type of critical event. The plan specifies the required preventive measures and describes how to effectively respond to the critical event. Service continuity plans usually include references to more detailed recovery plans with specific instructions for returning applications, systems or other infrastructure components to a working state. [*]
Suggested continuity improvement
A suggestion for improving service continuity. Suggestions for continuity improvements may originate from anywhere within the organization.
Suggested process modification
A suggestion for modifying one or several service management processes. Suggestions for process modifications or improvements may originate from anywhere within the organization.
Suggested service modification
A suggestion for modifying a service, for example to improve service quality or economics. Suggestions may originate from anywhere within or outside of the service provider organization.
Test report
A test report provides a detailed account of testing activities. A test report is created for example during tests of new or changed service components, or during tests of security or service continuity mechanisms. [*]
Test script
A test script specifies a set of test cases including their expected outcomes. The nature of the test cases will vary depending on what is to be tested. [*]

 


Notes:

[*] "YaSM data objects" are those documents or records for which the YaSM model provides detailed recommendations: Every YaSM object has an associated checklist (see example) describing its typical contents, and an associated lifecycle diagram depicting how the status of the object changes as it is created, updated, read and archived by various YaSM processes (see example).

"Other objects" are mostly informal data or information where YaSM has less strong views about their contents. There are no associated lifecycle diagrams or checklists.

Process metrics

Process metrics are used, for example, to assess if the service management processes are running according to expectations.

For suggestions of suitable metrics, please refer to the list of metrics for the YaSM service continuity process.

Roles and responsibilities

Process owner: Service continuity manager

  • The service continuity manager is responsible for managing risks that could seriously impact the service provider's services. In particular, this role ensures that the service provider can provide minimum agreed service levels in the case of critical, disruptive events.

 

Responsibility matrix: "SP8: Ensure continuity"
YaSM role / sub-process Compli. mgr. Oper. Proc. owner Secur. mgr. Serv. contin. mgr. Serv. owner Techn. domain expert
SP8.1 Assess risks associated with critical events - - R - AR R -
SP8.2 Define continuity improvements R - - R AR - -
SP8.3 Start up continuity improvement initiatives - - - - AR - -
SP8.4 Implement continuity arrangements - R - - AR - R
SP8.5 Operate the continuity arrangements - R - - AR - -
SP8.6 Review the continuity arrangements - - - - AR - -

 

Notes

Is based on: The service continuity management process from the YaSM Process Map.

By:  Stefan Kempter Author: Stefan Kempter, IT Process Maps GbR  and  Andrea Kempter Contributor: Andrea Kempter, IT Process Maps GbR, IT Process Maps.

 

Process description  › Sub-processes  › Process outputs  › Metrics  › Roles