Professional Documents
Culture Documents
Alan McSweeney
Objectives
Availability Continuity
Availability Continuity
• Availability
− Defines availability of service during operating hours
• Under normal circumstances
• Under extraordinary circumstances
• Continuity
− Defines continued operations of critical services and their
availability
• Time until services are available and state of service after recovery
• Under extraordinary circumstances
Continuous
Operation
Business
Continuity
High Disaster
Availability Recovery
Last
Transaction
Recovery
Point
Minutes
Objective
(RPO) –
Amount
of Data Increasing Availability
Loss Hours (and Continuity)
Tolerable Requirements
After
Recovery
Days
• Add extra dimension to Availability and Continuity Heat Map to allow for explicit
identification of those systems that need to be continuously available
February 18, 2010 14
What is a Business Critical Application?
Twice 6%
Three 3%
Four 2%
Five or More 2%
None 73%
Flood 6.3%
Other 6.3%
Hurricane 5.6%
Fire 3.9%
Terrorism 1.9%
Earthquake 1.5%
Tornado 1.1%
2. Availability 3. Management
1. Availability Report Escalations of
Reporting Evaluation and Service Availability
Improvement Violations
2. Document
1. Availability 3. Gap Analysis
System and 4. Availability
Requirements and
Application Review
Analysis Recommendations
Architecture
1.1 Understand Service 2.1 Define Service Critical 3.1 Perform Gap and Risk 4.1 Define Availability
Goals Components Analysis Measurement Model
1.2 Document Produce draft availability Draft service level agreement Documented and agreed
Availability requirements based on availability requirements
Requirements understanding of business goals
1.3 Validate with Validate availability draft Overall service management plan Validated availability
Service Level requirements with service level requirements
Management agreements and overall service
Function management plan
4.4 Investigate Investigate large outages and Detailed incident analysis for Identified availability
Major Outages update availability design if specific incidents, fault, problems concerns
required and performance reports
4.5 Analyse Review availability reports and Availability reports Identified availability
Availability Reports update infrastructure if required concerns
Statement of work for
identified changes
1. Availability requirements are based on the agreed and defined needs of the
business
2. The IT function will determine the overall requirement of availability,
performance and recoverability of systems under the terms of a service
agreement with the business
3. Infrastructure needs to be designed to routinely incorporate availability
requirements
4. The availability design and management process must adhere to security policies
and procedures
5. An availability plan will be used to track and manage availability requirements
and information collected
6. Data on service reliability, maintainability, resiliency must be collected and
monitored
7. The IT function will use continuous process improvement to achieve and
maintain level of service availability
8. Planned downtime must be minimised for business-critical functions and
unplanned downtime is handled by service management processes including
Incident Management, Service Request Management, Continuity Management
• Elements • Benefits
• Elements • Benefits
• Elements • Benefits
3.1 Identify
2.1 Define 6.1 Identify
Backup and 4.1 Define 5.1 Determine 7.1 Design 8.1 Assign
1.1 Identify Business Impact Critical
Recovery Options Recovery Team DRP Structure and Rehearsal Responsibility for
Potential Threats Analysis Components for
for Critical Structure Methodology Programme DRP Maintenance
Methodology Continuity
Functions
3.3 Determine
1.3 Evaluate 2.3 Define 8.3 Integrate DRP
Backup and 4.3 Define Team 6.3 Develop 7.3 Plan and
Current Disaster Business Function 5.3 Define DRP Maintenance into
Recovery Options Leaders and Continuity Schedule
Avoidance Criticality Escalation Process Change
for Critical Members Processing Steps Rehearsals
Measures Categorisation Management
Functions
1.3 Evaluate Evaluates current disaster avoidance Potential threats affecting IT systems Evaluation of current disaster
Current Disaster measures are identified and their probability avoidance measures
Avoidance
Measures
1.4 Assess Risk Determine the effectiveness of Current avoidance measures Assessment of risk controls to
Controls to controls in deterring threats reduce threats
Mitigate Threats
1.5 Determine Determine how effective a control Assessment of risk controls to reduce Impact to organisation without
Impact of Reduced would be in deterring the threat, threats adequate disaster recovery
limiting the cost of the risk and controls
Controls minimising the impact threats have
1.6 Determine Determine which risks the Assessment of risk controls to reduce Value to organisation of
Value of Additional organisation is willing to accept and threats, impact to organisation additional controls
those to be controlled
Controls
February 18, 2010 51
Step 2 - Conduct Business Impact Analysis
2.1 Define Defines methodology and process to Business systems Agreed methodologies and
Business Impact be used in Business Impact Analysis processes to be used in
based on the risk and disaster Business Impact Analysis
Analysis avoidance assessment
Methodology
2.2 Identify Identify business functions to be Agreed methodologies and processes Business functions identified for
Business Functions analysed for risk and disasters to be used in Business Impact Analysis analysis
to be Analysed
2.3 Define Defined categorisation criteria for Identified business functions Criteria for categorising
Business Function each business function business functions
Criticality
Categorisation
2.4 Design Design and validate questions and Defined criteria for categories of Validation of business losses
Questions and conduct interviews business functions
Conduct Interviews
2.5 Analyse Results Analyse the data and validate findings Validation of business losses Analysis of data
of Interviews if necessary
2.6 Summarise and Develop conclusions and present final Analysis of data Conclusions and final report of
Present Results report regarding Business Impact Business Impact Analysis
Analysis
5.4 Define Key Consider the organisation’s key Escalation procedure Consideration of key recovery
Recovery recovery objectives and policies while objectives and policies
designing DRP
Objectives
5.5 Define Define the framework for disaster Consideration of key recovery Disaster recovery steps
Recovery Steps recovery to ensure it contains the objectives and policies
required recovery steps
5.6 Define Critical Discuss the DRP with business units Disaster recovery steps Accepted restoration process
Function to get acceptance to define final
restoration process and define
Restoration training to be provided
Process
February 18, 2010 55
Step 6 - Alternate Processing for Critical Service
Components
Step Scope Inputs Outputs
6. Alternate Evaluate critical business function Critical business function components Critical business function
Processing for components to determine if alternate Alternatives for processing critical components timelines
Critical Service processing procedures are necessary components Alternate procedures
Components and feasible for the period between a
disaster and recovery and how
recovery should be achieved
6.1 Identify Critical Work with business units to identify Accepted restoration process Critical components identified
Components for critical components that need
alternate processing
Continuity
6.2 Develop Develop options for alternate Critical components identified Options for alternate processing
Options for processing for critical components in
coordination with business units
Continuity
6.3 Develop Develop processing steps based on Options for alternate processing Alternate processing steps
Continuity the options for alternate processing
for critical components
Processing Steps
6.4 Develop Return Develop procedure to return from Alternate processing steps Steps to return critical
from Continuity alternate processing to normal components to normal
processing processing from alternate
Process processing
7.2 Develop Develop rehearsal scenarios based on Programs for rehearsals Rehearsal scenarios
Rehearsal the design of rehearsals
Scenarios
7.3 Plan and Plan and schedule rehearsals, both Rehearsal scenarios Schedule rehearsals
Schedule planned and unannounced
Rehearsals
7.4 Develop Develop evaluation techniques and Schedule rehearsals Evaluation techniques and
Rehearsal criteria for each rehearsal scenarios criteria
Evaluation Criteria
7.5 Conduct Conduct rehearsals in coordination Schedule rehearsals Conduct rehearsals
Rehearsals with all other members
7.6 Review and Document and distribute outcomes of Conduct rehearsals Reports on conducted
Analyse Rehearsals the rehearsals to all the members rehearsals
along with lessons learned and review
reports
• Elements • Benefits
3. Management
2. Continuity
1. Continuity Escalations of
Report Evaluation
Reporting Service Continuity
and Improvement
Violations
2. Availability 3. Management
1. Availability Report Escalations of
Reporting Evaluation and Service Availability
Improvement Violations
1.3 Generate Generate reports according to per Collected metrics Generated reports
Reports schedule or in response to ad hoc
requirements
1.4 Distribute Distribute the generated report to the Generated reports Distributed reports
Reports target recipients
1.5 Review Report Review regularly the report Report schedule Review results
Schedule requirements Report details
1.6 Update Update report schedule with the new Report schedule Updated report schedule
Reporting reports
Schedule
Alan McSweeney
alan@alanmcsweeney.com