Since time was very hard to find for me over the last couple of weeks, here's an extract from an article that I created together with John Bennett and still very much applicable today:

Security, availability management, and business continuity management have clear interdependencies that have historically not been recognised. They clearly benefit from a comprehensive approach that integrates people, processes and technology to address business challenges, deliver operational excellence and ensure quality, availability and security of IT service.

Toward this goal, IT organizations are implementing an IT Service Management (ITSM) solution leveraging ITIL best practices to facilitate integration across security, high availability and business continuity. Ultimately this will achieve the right levels of availability for each IT service, and to weave business continuity processes into the fabric of the organization. These organizations are developing an integrated approach to Business Continuity and Availability (BC&A).

Harnessing ITIL for business continuity and availability
So what is the relationship between ITIL and business continuity and availability? At its most basic level, ITIL provides a comprehensive and consistent set of best practices that aims to deliver the alignment of IT and business objectives, and provides assurance of specific performance and availability outcomes for business-critical IT services.  

Even though historically business continuity and high availability have been considered distinct from each other, they are linked as a means of providing 7x24x365 operations.  As such, linking them at an operational level can yield valuable benefits.

Business continuity integration points can be found throughout ITILv3's twenty-seven processes.  Organizations that are interested in leveraging ITIL to improve BC&A solutions should first identify and implement the ITIL best practice areas with the greatest anticipated benefit to the business overall, then investigate how the processes can be used as a means of improving BC&A. 

Change management is one service management process that can be effectively integrated into business continuity planning and operational availability solutions.  It is widely accepted that people and process are the most common causes of unplanned downtime.  However, it is more accurate to say that uncontrolled change or improperly administered change is the actual cause of most unplanned downtime.  Change management regulates change activities and plays a vital role in reducing infrastructure instability and improving operational availability. Once rigorous change management is implemented, you can make use of the change management governance procedures to dramatically improve the ability to keep the business continuity plan updated by flagging significant changes in the infrastructure that are crucial to making the plan effective.  

Similarly, incident management is another good integration point for ITSM and business continuity. Experience shows that most major outages result from minor operational issues that quickly escalate into extended outages. Incident management can help by ensuring that service is restored as quickly as possible through effective processes, well trained front-line staff, a comprehensive knowledge base, and appropriate toolsets.

Availability management works to mitigate the effects of routine and predictable failures on IT services such as hard disc failure, server failure and weaknesses in process execution. Business continuity processes should define recovery time objectives (RTO) and recovery point objectives (RPO) for each critical IT service. These objectives can then be used by availability management and IT service continuity management to design appropriate IT infrastructure and management processes to deliver the required levels of availability, continuity and performance to meet business objectives.  

IT service continuity management (ITSCM) plays a major role in BC&A as it is responsible for managing high impact risks such as the loss of a computer room or a whole data center through fire or flood. Such risks are relatively unpredictable or too costly to mitigate through normal availability management measures. The goal of ITSCM is to ensure that critical IT services continue to provide agreed levels of service during such a crisis, and is a major contributor to the wider business continuity plan.

There are many other ITIL best practices that can potentially provide value for integrated BC&A solutions.  The key for any organization considering implementing ITIL processes is to start by identifying the one that makes the most sense for your organization in terms of ease of adoption and overall benefits, and to build out from there.   

Conclusion
Identifying the synergies between ITSM and business continuity planning and IT operational availability is about staying ahead of the risk curve. Using internal IT processes to automate updates to businesses continuity plans is a great starting point for ensuring that business continuity becomes engrained in the organization's culture.

Leveraging ITSM for a holistic approach to improving business continuity and operational availability proves to be a cost-effective and goal-oriented solution for organizations looking to maximize the value of their IT infrastructure as a business enabler. ITSM is the entry point and the driver of change. In the long run, the process frees up funds and people, benefiting the business with both reduced downtime and increased resources.

More information on HP's Business Continuity and Availability Solutions is available at: www.hp.com/go/continuityandavailability

Regards,
Jeroen Bronkhorst