ISO 20000 IT Service Continuity Plan

When it comes to planning expenditures, most mid-sized and large businesses fail to account for their IT service continuity plan. This collection of policies and procedures is key to improving the functionality of an organization and its ability to respond to crises promptly. This failure is usually due to a lack of knowledge about the IT service continuity plan - ISO 20000. Despite being the foundation of continuity activities, only a few organizations have ISO 20000 in place. In the most precise manner, this can be described as the action plan you need in case of disruptive incidents.

IT Service Continuity Plan: Why Do You Need It?

The importance of an IT service continuity plan is manifold. Being an international standard, the IT service continuity plan - ISO 20000 guides IT departments to ensure that their service management procedures align with their business needs and best practices followed all over the globe. Drawing on ITIL, the ISO 20000 helps organizations assess how they deliver services, measure service levels, and evaluate their performance.

The ISO 20000 certification can grant you access to key markets as a service provider. Many organizations mandate that their IT service providers comply with ISO 20000 since it assures them that their service requirements will be met. It also gives you a competitive edge by attesting to your higher quality of service and reliability.

Another benefit of ISO 20000 is that it helps you leverage ITIL practices to optimize resources and processes. You can also drive down the costs of conformance to various other laws and standards. Through ISO 20000, a measurable level of efficiency can be enforced, and organizations can seek consistent improvements from the service providers to monitor, measure, and review their service management processes and services.

In the case of critical system or service failure, the IT service continuity plan can help in recovery and recuperation, all within the terms described by international regulatory bodies. The hierarchy and step-by-step processes in such plans make it easier to assess and resolve crises when they present.

What Are the Requirements?

According to the ISO 20000-1, the standard can be used by the following collection of users:

• Service providers who need something to vouch for their capability to design, transition, deliver and improve services that fulfill client’s service requirements.
• Organizations that receive services from service providers and seek assurance that their requirements will be met seamlessly.
• In organizations where a consistent approach has to be maintained by all the service providers, even the ones in the supply chain.
• To a service provider who wants to monitor, measure, and review their service management procedures and services.
• Service providers need to improve their functioning and services through thorough implementation and operation of system management services.
• The assessor or auditor may use this as the criterion to assess the conformity of a service provider’s operation and service to the requirements in ISO/IEC 20000-1:2011.

What’s the Content?

Content of the ISO 20000 refers to what needs to be included in an IT service continuity plan. It is defined in the ISO 20000-1 as follows:

• The procedures that will be activated once the plan is implemented
• Goals or targets to be achieved relative to the availability of the services
• Recovery requirements as necessary
• A definition of how to return to the normal work settings

It needs to be mentioned that ITIL is not highly specific in requirements for the content of an IT service continuity plan testing. Instead, it focuses on how the plan can be established, developed, and improved. For this purpose, the following components need to be included in the continuity plan. Mentioning the components explicitly makes it easier to understand the approach and ensure the continuity of the plan that the service provider or organization is taking.

• Organization- The IT service continuity plan needs to have the members of the IT service continuity management team mentioned. Along with this, their responsibilities also need to be defined clearly.
• Requirements- IT Service Continuity requirements are the results of the BIA, risk assessment, or inputs from the SLA  and how to approach them. This includes the goals the team wishes to achieve, for instance, the minimum agreed service levels, the time within which the level must be established, and so on. The procedure to achieve meet these requirements is also detailed here.
• Activation/Deactivation Plan- This is a definition of how the service continuity plan should be activated or deactivated. It defines all the related roles and responsibilities as well.
• Recovery- Recovery is unique to each organization’s service continuity plan. Recovery options may include:

1. An alternative site.
2. Hot standby with mirrored data centers.
3. Installation of UPS.
4. Even implementation of a comprehensive backup and recovery strategy.

These options are business decisions made with the worst-case scenarios in mind, even when everything is functioning smoothly.

• Test- For a plan to be finalized and implemented, the organization needs to be confident that it works. Thus, the service continuity plan needs to include the timing, scope, responsibilities, and so on of testing the IT service management.
• Communication- The lines of communication need to be established for the plan to be executed smoothly. Who connects with whom, when, what, and other details are described here. If suppliers are involved, they need to be informed about the plan you are activating.

IT Service Continuity Plan – And Now What?

Once you comply with the IT service continuity plan - ISO 20000 and test it regularly, you are set to improve your service. Having a service continuity plan does not mean that your system is infallible, but you can see a fall in the number of crises and better management when one occurs.