Leveraging ITIL to improve business continuity and availability
Downtime is debilitating for organizations of all types and sizes. A wide-sweeping outage caused by a disastrous event can threaten a business’s ability to continue operating and generating revenue for hours, or even days. At the other end of the spectrum, short, intermittent outages in customer-facing applications can undermine customer confidence and loyalty. The operational challenge stems from the fact that downtime has many causes. It can be caused by internal issues such as operator error or infrastructure failures, or it can be generated externally, from events such as hurricanes, fires, floods, or malicious attacks. In addition, most IT organizations independently address security, availability management, and business continuity management. However, these three functions have clear interdependencies which benefit from a comprehensive approach that integrates people, processes and technology to address the business challenges, deliver operational excellence and ensure that IT provides the quality, availability and security of IT service required by the business. For the most part, CIOs are keenly aware of the costs of downtime and recognize that minimizing it as part of an overall risk management strategy is one of the most difficult challenges they face, especially when coupled with the increasing pressure for IT to enable increased competitiveness and provide direct business value. Against this backdrop, business continuity and operational availability are taking on new meaning, with the integration of the two making the transition from desirable to mandatory. The most complete way of managing IT downtime risk is to align IT operations with the business, including the business continuity needs and goals, thereby ensuring that business continuity and availability solutions are in line with the organization’s needs. Toward this goal, progressive IT organizations are leveraging IT Service Management (ITSM) and IT Infrastructure Library (ITIL) best practices to facilitate integration across security, high availability and business continuity to achieve the right levels of availability for each IT service, and to weave business continuity processes into the fabric of the organization. These organizations are developing an integrated approach to business continuity and availability (BC&A). The recently released ITIL refresh (also known as ITIL v3) is a framework of global IT management best practices intended to help facilitate the delivery of high-quality IT services across the complete service management lifecycle. The creation of ITIL v3 shifts from IT process-centric practices (ITIL v2) to a more general, overarching service-centric approach across service strategy, design and transition so that enterprises can be more effective and efficient at synchronizing IT strategy with business needs. Running parallel to this trend of increasing interest in ITSM and ITIL is that of automating more and more business processes and deploying new business processes that are highly automated. They both require IT to approach service management in a different manner. By using best practices as a foundational element for automation projects, IT organizations can more confidently support change, deliver service quality at high levels, and free resources to focus on more innovative projects in support of the business. What we have is the ‘perfect storm’ of drivers, technologies and awareness for businesses to benefit significantly from ITIL best practices to achieve optimal IT infrastructure performance and efficiency. The relationship between ITIL and business continuity and availability There are benefits to be achieved for both business continuity and availability through the application of ITIL best practices. Even though historically business continuity and high availability have been considered distinct from each other, they are intrinsically linked as a means of providing 7x24x365 operations. As such, linking them at an operational level can yield valuable benefits. From a high availability perspective, ITIL drives proactive, ongoing improvement of IT operations by minimizing people, technology and process issues that cause downtime and refining processes for defining and maintaining appropriate service levels. This effect is greatly enhanced when ITIL is successfully deployed in conjunction with software tools that automate business processes. Business continuity, from an IT perspective, is comprised of enterprise-wide proactively-focused solutions and contingency plans that provide for the right levels of business continuity regardless of circumstances, and allow for quick and efficient recovery in the event of an unplanned interruption of operations. ITIL can help organizations identify and correct continuity problems within IT and achieve greater alignment with the business continuity plan – having an end-to-end plan is critical and helps ensure a coordinated and effective response in times of crisis. Business continuity integration points can be found throughout ITIL, which is divided into ten core ITSM processes: service level management, IT service continuity management, change management, availability management, capacity management, configuration management, incident management, problem management, release management and financial management. Organizations that are interested in leveraging ITIL to improve BC&A solutions should first focus on identifying and implementing the ITIL best practice areas that will have the greatest anticipated benefit to the business overall, then investigate how the processes can be used as a means of improving BC&A. Change management is one service management discipline that can be effectively integrated into business continuity planning and operational availability solutions. It is widely accepted that people and process are the most common causes of unplanned downtime. However, it is more accurate to say that uncontrolled change or improperly administered change is the actual cause of most unplanned downtime. Change management regulates change processes and plays a vital role in reducing infrastructure instability and improving operational availability. The effectiveness of any business continuity plan depends on the plan being up-to-date, but keeping plans current can be a difficult and time-consuming process. Once rigorous change management is implemented, you can make use of the change management governance procedures to dramatically improve the ability to keep the business continuity plan updated by flagging significant changes in the infrastructure that are crucial to making the plan effective. Similarly, incident management is another good integration point for ITSM and business continuity. Experience shows that most major outages result from minor operational issues that quickly escalate into extended outages. Incident management can help by ensuring that service is restored as quickly as possible through effective processes, well trained front-line staff, a comprehensive knowledge base, and appropriate toolsets. Availability management works to mitigate the effects of routine and predictable failures on IT services such as hard disc failure, server failure and weaknesses in process execution. The goal of availability management is to ensure that IT services are available when needed and therefore supports the operational availability side of the BC&A equation. Business continuity processes should help the IT organization by defining recovery time objectives (RTO) and recovery point objectives (RPO) for each critical IT service. These objectives can then be used by availability management and IT service continuity management to design appropriate IT infrastructure and management processes to deliver the required levels of availability, continuity and performance to meet business objectives. ITIL availability management also plays a role in security and by facilitating the definition, tracking, and control of access to services, availability management helps avoid unwanted or unexpected access that can disrupt continuity of service. IT service continuity management (ITSCM) plays a major role in BC&A as it is responsible for managing high impact risks such as the loss of a computer room or a whole data center through fire or flood. Such risks are relatively unpredictable or too costly to mitigate through normal availability management measures. The goal of ITSCM is to ensure that critical IT services continue to provide agreed levels of service during such a crisis, and is a major contributor to the wider business continuity plan. There are many other ITIL best practices that can potentially provide value for integrated BC&A solutions. The key for any organization considering implementing ITIL processes is to start by identifying the one that makes the most sense for your organization in terms of ease of adoption and overall benefits, and to build out from there. Overcoming internal hurdles to an integrated approach In organizations where business management has already approved implementation of ITIL, the primary challenge for CIOs and IT managers interested in leveraging the benefits of ITIL to improve BC&A is to close the gap between those who consider themselves responsible for business continuity and those responsible for IT management. Having the buy-in and support of all parties involved is essential to maintaining interest in and allocating resources for an effective proactive process. In organizations where ITIL best practices have not yet been implemented, the benefits of ITIL for BC&A can play an important supporting role in getting funding approved. As ITIL is primarily focused on the IT organization, this is the best place to start. Connections can be made with IT management responsible for IT service continuity management, availability management and security management - and once the value of ITIL has been demonstrated, the learnings can be used to promote the benefits of ITIL to the business side. In presenting the case for investment in ITSM and ITIL to business management, the key is communicating and demonstrating how the best practices being proposed can help lower costs, mitigate risks and accelerate business growth. Explaining how ITIL can contribute to more successful, comprehensive business continuity plans that are easy to manage, update and test, can be a compelling supporting point. The benefits of integrating ITSM/ITIL with business continuity and availability There’s an old adage that comes to mind when thinking about the benefits of ITSM/ITIL for BC&A: “When you’re up to your neck in alligators, it’s hard to remember you’re there to drain the swamp.” Standardizing IT management and data center processes through ITSM/ITIL best practices is a great way to banish the alligators, which in all too many IT organizations are the threats to continuity and availability that come up day-in and day-out, demanding staff and budgetary resources and detracting from the ability to plan and implement strategic initiatives that add value to the business. When done right, ITIL/ITSM can transform the IT environment, dramatically reducing unplanned downtime and increasing confidence in the ability to meet or exceed service-level agreements. One example of the benefits of ITSM/ITIL comes courtesy of Agora, the largest brokerage house in Brazil and among the top 10 online brokerage Houses in the world, exchanging more than US $69 billion in 2006. With more than 30,000 trades a day, even one millisecond of downtime can cost its customers thousands of dollars in a missed transaction, so Agora is leveraging ITSM and ITIL to improve availability and quality of IT services. After a comprehensive ITSM assessment from HP Services, Agora implemented four ITIL processes – incident, problem, change and capacity management. Confident of the progress they have made so far, Agora will also use these process to help them prepare for ISO 20000 certification and the Programa de Qualificação Operacional (Operational Qualification Program) from the Brazilian Mercantile & Futures Exchange. Adopting ITSM as the gateway to business continuity can enhance the IT organization’s ability to run as a business by helping to identify risks and prepare for change, prioritize work efforts, flag problems and pinpoint key areas that underpin the overarching business continuity processes. Identifying the synergies between ITSM and business continuity planning and IT operational availability is about staying ahead of the risk curve. Using internal IT processes to automate updates to businesses continuity plans is a great starting point for ensuring that business continuity becomes engrained in the organization’s culture. Leveraging ITSM for a holistic approach to improving business continuity and operational availability proves to be a cost-effective and goal-oriented solution for organizations looking to maximize the value of their IT infrastructure as a business enabler. ITSM is the entry point and the driver of change. In the long run, the process frees up funds and people, benefiting the business with both reduced downtime and increased resources. About the author
•Date: 6th June 2008• Region: US/World •Type: Article •Topic: IT Continuity |
