Business continuity in IT systems
One of the main tasks for IT departments is to ensure the continuity of infrastructure and equipment. In short, “it has to work”.
The aim of IT continuity planning is to prevent business disruption, protect critical processes from information system service interruptions and ensure that operations can be resumed at the required time.
An important aspect of ensuring continuity is determining which systems are critical to our organisation. If you ask users, the answer is often: all of them. This can be costly and often unjustified. We help to identify which systems require continuity plans and the level of service they should provide.
In addition, the planning objectives are:
- Identification of event scenarios for information systems that threaten information processing,
- Estimation of the downtime, the impact on the organization, and the time it takes to restore business continuity,
- identification of hardware and software acquisition needs,
- development of a business continuity plan that meets the relevant information availability criteria,
- development of test plans,
- development of a schedule for testing plans,
- plan updates based on the needs arising from the changes being made.
We create continuity plans not only adequately, but above all where they are actually needed. The elements of the plan are, in particular:
- defined situations that may cause disruptions to processes essential to the functioning of the organisation,
- a restart scenario, which should include boundary conditions to trigger the plan, a list of steps to resume operations, including the required hardware and software, and who is responsible for each step,
- estimation of the time of implementation of individual steps of the plan,
- identification of the state after recovery,
- definition of how to test the plan.
We apply the following standards:
- ISO/IEC 22301,
- ISO/IEC 22313
and recommendations:
- NIST, including NIST SP 800-34.