it160service160continuity160management(编辑修改稿)

it160service160continuity160management(编辑修改稿)内容摘要：

he IT infrastructure vulnerabilities that these processes face from a myriad of possible risks. This requires a great deal of research to be conducted with diligence in order to identify all critical business processes and their vulnerabilities. This task begins by dividing the effort into three phases:  Define the service level objectives  Propose a solution to meet those objectives  Formalize the written agreements and contingency plan. Each phase has tasks and deliverables associated with them that assist in determining costeffective solutions. The deliverables need to be maintained as active documents and updated as needed. Scope IT service continuity management primarily considers those IT assets that support key business processes. However, the installation of mechanisms to deliver IT service continuity management will not necessarily be sufficient to keep those business processes operating after a service disruption. Should it be necessary to relocate to an alternative working location, provisions are required for items such as office and personnel acmodations, copies of critical paper records, courier services, and telephone facilities to municate with customers and third parties. The IT service continuity management process identifies the required and agreed minimum level of business operation following a service disruption, along with a requirements definition covering systems, facilities, and service requirements. The process then examines the risks and threats to these requirements and develops an IT risk reduction or mitigation program. This program implements mechanisms delivering the continuity requirements necessary to provide the required optimum level of business operation. Key Definitions Business impact analysis. A business impact analysis (BIA) focuses on the business needs of IT services. Being without any IT service will have a detrimental effect on the business, but the severity of the impact will vary with time and also be affected by its point in the processing cycle. The impact in the loss of a realtime service, such as trading in a money market, will be felt immediately while the business may cope for some time without other services. When establishing the urgency of each service, the BIA identifies the minimum requirements of each service to meet the critical business needs. Cold site, fixed center. This can include the provision of empty acmodations that are fully equipped with power, environmental controls, local work cabling infrastructure, and telemunications connections and available in a disaster situation for an anization to install its own puter equipment. Cold site, mobile center. This option is the same as a cold site, fixed center, except that the site is mobile or portable. This site may be erected on a predesignated location or near the actual facilities. Service Management Function 7 Contingency plan. A tested plan, documenting the actions to be taken and implemented in the event of a disaster. Hot site, fixed center. Dedicated puter equipment mirroring critical business systems ready to take over immediately with no loss of data. Warm site, fixed center. A location with suitable puter equipment ready to recover service. Warm site, mobile center. Commercial recovery services can be provided in portable form where a preconfigured puter is delivered to a customer’s site within a certain time, typically 24 hours. The puter equipment is contained in a trailer and transported to the site by truck. The trailer is outfitted as a puter environment with the necessary services and only needs power and telemunications links from the site to the trailer for the service to be established. 4 Processes and Activities This chapter provides a detailed discussion of the processes and activities that occur in the IT Service Continuity Management SMF. Process Flow Summary IT service continuity management consists of four main processes and a number of subprocesses as follows:  Acquire service level requirements  Identify information technology service layers  Identify risks to each information technology service layer  Propose contingent solution  Design for failover  Design for recovery  Formalize operating level agreements  Formalize the contingency plan  Definition of contingency levels  Escalation and notification procedures  Startup and shutdown procedures  Communications methods  Status reporting requirements 10 IT Service Continuity Management Figure 1 illustrates the process of IT service continuity management. Figure 1. IT service continuity management process flow Process Flow Steps The Availability Management SMF defines availability requirements for business services. The IT Service Continuity Management SMF typically continues where the availability management process left off to address those availability risks that the Availability Management SMF cannot or chooses not to address. The process flow steps followed by the IT service continuity management process are described in the sections that follow. Start Requirements Acquire Service Level Solution Propose Contingent Level Agreements Formalize Operating Contingency Plan Formalize the End Service Management Function 11 Acquire Service Level Requirements Once risks are known, the users, with the help of IT, must decide which risks are to be mitigated and which are to be assumed. Mitigating a risk requires people, time, and money. IT management might determine that a risk is so small that they do not want to incur the cost of mitigating it. For example, meteor damage to the data center often falls under this category. The likelihood of a meteor shower damaging the data center is so small and the cost of installing antimeteor shielding to the building is so large that most an。