| ITIL : 2.6 Business Continuity Manager |
|---|
| 2.6 Business Continuity Manager: | | 1. Business Continuity Manager gets a lot of focus as the person who keeps the business running no matter what disaster may happen. Focus is given to those part of the service that are critical to the business and those may be restarted and working a long time before less important parts become fully operational. The time to switch data centers can be a few seconds or a few hours, it is just a matter of cost and the level of availability justified by the business. | | 2. Business Continuity Manager chooses to comply with ISO 22301 Business Continuity Standard (BCS). This standard defined best practice and is the logical way to provide bespoke application services that do not stop and cannot be stopped. | | 3. Business Continuity Manager deploys and is dependent on a Business Continuity Management Service (BCMS). |
| 2. Glossary: | | BCM means Business Continuity Manager as the person responsible. | | BCS means Business Continuity Standard as ISO 22301 and associated family of standards. | | BCMS means Business Continuity Management Service as the documentation application that makes it all happen. |
| 4. Backup: | | The BCM improved over doing backups many years ago when it was identified that 50 year old magnetic tape media had a 50% probability of failure - inadequate for our needs. | | Real-time data replication is undertaken and while it may take a few seconds to mirror data between data centers, the result is the ability to switch data centers within a few seconds. | | By sorting all data in multiple remote secure data centers, the probability of loosing all copies is too low to measure and the probability that anybody could steal or change all copies of data is beyond all expectations. |
| 5. Service Level Agreement: | | See terms to reference that SLA applicable to each application service. | | Availability is maximized for each application service. |
| 6. Recovery Restart: | | Recovery Time Objective (RTO) - acceptable amount of time to restore the service. | | 1. Analysis | | 2. Solution design | | 3. Implementation | | 4. Test and Acceptance | | 5. Maintenance | | Recovery Point Objective (RPO) - acceptable latency of data that will be recovered. The following threats must be documented: | | 1. Disease such as a pandemic | | 2. Earthquake or Volcano: such as volcano dust | | 3. Fire or Flood: building is not operational | | 4. Cyber attack: the most critical factor | | 5. Sabotage: internal staff problems | | 6. Hurricane: with power failure | | 7. Equipment: failure | | 8. Terrorism: non access to equipment |
| 7. Data Centers: | | Application services operate from at least 2 and normally 3 remote data centers. | | In the event that one data is not available for any reason, another data center will be able to take on the application service and deliver a continuation of the business application service. | | Data is continually replicated from one data center to another, but in the event that a one data center should fail, some transactions that were in progress at the time of the failure will not have been completed and will be lost. | | Other data centers will be able to deliver business continuity with data that was complete and correct at a time just before the equipment failure took place. |
| 8. Data Replication: | | An encoded message switch facility continually streams data from one data center database to others in other locations. | | The effect is that in the event of a disaster in one location, a data center in another physical location will be able to take over a continue the application service with the minimum of disruption. | | From time to time applications are switched from one data center to another without people noticing the switch. | | Periodically (monthly) copies of data are taken and copied to spinning hard disk archives as an extra layer of protection. | | Upon request, a CD or DVD copy of application data may be created for a customer - it is understood that disk media may not survive five-years before some corruption is detected. |
| 9. Backup: | | Backup is continual and incremental. | | Recovery is to switch to a parallel data center that is already running - some users will not notice that they are now using a different data center. | | Restart is not implemented as each transaction is limited to 30 seconds. Where such a transaction is to fail for any reason, the user will make the same request again as an automatic restart. |
| 9. Business Impact Analysis: | | BIA is documented to identify the cost balance to provide the right level of recovery and restart technology. |
| Document Control: | | 1. Document Title: Business Continuity Manager. | | 2. Reference: 162600. | | 3. Keywords: ITIL, Business Continuity, ISO 22301. | | 4. Description: Business Continuity Manager keeps applications continually working using ISO 22301 Business Continuity Standard. | | 5. Privacy: Public education service as a benefit to humanity. | | 6. Issued: 11 Dec 2016. | | 7. Edition: 1.2. |
|
|