Use ITIL to Enhance Your Disaster Recovery Capability

You spent the time developing an actionable plan, assigned responsibility to various personnel and created confidence that business systems will be available during times of disaster. But, what happens on Day 2 after the plan is put in place? The plan must be maintained, tested and revised to stay aligned with business changes and increasing risk. Maintaining the plan becomes one of the most critical initiatives to reduce risk in the future.

One method to ensure your plan is kept current is to integrate your BC/DR efforts with the best practices contained in the IT Infrastructure Library (ITIL). Various processes within ITIL integrate seamlessly with BC/DR and, when implemented properly, can enable the ongoing maintenance of your BC/DR plan. Processes such as Service Level, Incident, Change and Configuration Management stipulate activities that can help ensure your plan stays current, regardless of the dynamic nature of the business.

The service lifecycle contained in ITIL v3 can provide for the ongoing improvement of your BC/DR plan over time. Let's take a look at some of the activities contained within ITIL that you can use to enhance your BC/DR capability:

Service Level Management (SLM) – Activities contained in this process establish the guidelines to design and implement services within your organization to ensure that the business and IT are aligned. Whether you are adding new services or maintaining existing services, continuity is a key component that must be addressed.

When determining your strategy for delivering services, its effect on your BC/DR plan needs to be addressed. Including continuity discussions when defining services and drafting service level agreements ensures that the business understands how the service will be recovered during disasters and other associated risks. Your service level manager should have a detailed understanding of the contents of your BC/DR plan in order to ensure that changes to business services that impact the plan are taken into consideration when revisions to the service catalog are made.

Incident Management (IM) – In its simplest form, an incident is any event that results in a service becoming unavailable or deteriorated. Disasters are major incidents that require the organization to follow an established workflow to restore the service to an acceptable and agreed upon service level. The process to detect, record, diagnose, resolve and close these incidents must be established in order to effectively manage the incident.

Integrating the contents of the BC/DR plan into your incident management process will ensure that the activities of the plan are executed in a timely and organized manner. Establishing the process that will be followed when these incidents occur will ensure that all the stakeholders involved will be notified of their responsibilities.

Service Desk – There are various service desk technologies available today that can be used to enable the process to work more effectively. The service desk is a tool you can use to create templates that will be followed to document the incident and establish the workflow that will be followed.

The BC/DR plan will stipulate the activities to be followed during a disaster and the service desk will be the place where the workflow will be documented. The standard template can be initiated, allowing each person with responsibility for the incident to be notified so they can take the appropriate actions established in the plan.

Configuration Management Database (CMDB) – All BC/DR plans contain a detailed list of the configuration items making up the critical services that need to be recovered during a disaster. Inclusion of the configurations in the CMDB will ensure that the information is available to all the required parties during the disaster. The CMDB will also contain all the attributes of the configuration items and establish ownership, control mechanisms, status, and verification requirements that will be needed to maintain the information so it stays current.