How long can your organization continue profitably without a working IT infrastructure? How well-prepared is your organization for a worst-case scenario affecting a major part of your network and server infrastructure? How long could you survive?
Natural disasters such as floods, thunderstorms and fire are just a few of the scenarios that might endanger your organization. For unexpected crisis and damage handling, it is necessary to have adequate measures set in advance.
ICT Continuity Management is not just about safeguarding your IT Systems and preparing for a worst-case scenario. Providing for the availability of spare parts and backup plans for human losses and capabilities are also integral parts of risk mitigation. A holistic view of all participating ICT Continuity Management components must be ensured for stable and fail-safe operations of an organization’s critical business processes.
Also necessary is compliance with legal and regulatory requirements for data transaction and storage (e.g., Bundesabgabenordnung in Austria, SAS 70, Basel II).
How do the following factors reflect on your image and your revenues?
- Unexpected events, such as natural disasters, technical accidents and infrastructural as well as technical threats
- Security threats, such as worms, viruses and network attacks
- Loss/deficiency of 3rd party arrangements
- Increasing amount of contractual and legal requirements
The essential issues of ICT Continuity Management:
- What are your company’s core products and services?
- Which essential activities and resources are required to sustain key functions?
- Which risks are related to the critical business processes?
- How can critical business processes continue in a crisis situation?
Risk management encompasses a broad spectrum to identify, control and mitigate IT risks. Within continuity planning, risk management comprises two prime functions:
On the one hand, risk management identifies threats and vulnerabilities and sets countermeasures to mitigate them. Such controls are meant to prevent incidents or should at least minimize their impact. Security controls protect IT systems from natural, human und environmental disasters.
On the other hand, risk management identifies residual risks that should be properly handled with continuity plans.
ICT Continuity Management is mainly about Business Impact Analysis, Risk Assessment, Solution Design and its Implementation. Solutions include, for example, an Incident Response-Plan & -Structure, Business Continuity-Plan and Disaster Recovery-Plan.