IVI Framework Viewer

Business Continuity Management

C6

Provide information to business continuity planning on the data and information that is needed to support various business functions and activities.

Improvement Planning

Practices-Outcomes-Metrics (POM)

Representative POMs are described for Business Continuity Management at each level of maturity.

2Basic
  • Practice
    Have IT participate in business continuity planning and test teams.
    Outcome
    Business continuity planning incorporates the recovery of essential IT systems into its plans.
    Metrics
    • Frequency of business continuity submissions.
    • # of high priority systems included in the plan.
3Intermediate
  • Practice
    Document and provide information on data owners and governance to business continuity planning.
    Outcome
    Business continuity planning is able to develop business recovery strategies while adhering to governance criteria.
    Metrics
    • Frequency of business continuity submissions.
    • # of high priority systems included in the plan.
    • # of governance and business priorities encompassed in the plan.
  • Practice
    Complete recovery plan reviews and critiques.
    Outcome
    A high quality recovery plan exists, to which people have buy in because they have contributed.
    Metrics
    • Frequency of reviews (as appropriate).
    • # of improvements based on reviews.
  • Practice
    Test the effectiveness of the recovery plan by executing it.
    Outcome
    There is confidence in the effectiveness of the recovery plan.
    Metrics
    • Frequency of tests (as appropriate).
    • # of improvements based on tests.
    • Levels of confidence in the recovery plan.
4Advanced
  • Practice
    Use and keep up-to-date sophisticated hardware and software inventory and configuration management systems.
    Outcome
    Plans are more likely to be complete and effective when they are based on complete hardware and software inventories with appropriate configuration information.
    Metrics
    • Frequency of business continuity submissions.
    • # of high priority systems included in the plan.
    • # of governance and business priorities encompassed in the plan.
  • Practice
    Design information governance so that it can be managed from any site.
    Outcome
    The improved reach and scope of governance makes it more robust.
    Metric
    # of governance and business priorities encompassed in the plan.
  • Practice
    Invite energy, telecommunications, hardware, software, and other vendors to review and contribute to the recovery planning and testing processes.
    Outcomes
    • Reviews by peers and vendors improve the quality and likelihood of success.
    • Lessons learned while testing improve the next iteration of plan submissions.
    Metrics
    • % of planning and testing processes that involve external experts.
    • % fit of their expertise to the nature of the review.
5Optimized
  • Practice
    Design, develop, procure, test, and deploy solutions and services that are compliant with the business continuity plan.
    Outcome
    The business is confident that all its solutions and services are compliant with its ability to recover if necessary.
    Metrics
    • Frequency of business continuity submissions.
    • # of high priority systems included in the plan.
    • # of governance and business priorities encompassed in the plan.
    • # of business continuity test failures.
    • # of tests of the effectiveness of the recovery plan (plan was executable as written, time to recovery was achieved, priorities were manageable, etc.).
  • Practice
    Use business continuity checks in change management approval and testing.
    Outcome
    The business is confident that ongoing changes and improvements will not detract from its ability to recover if necessary.
    Metrics
    • % of change management and approval processes that include business continuity checks.
    • # of change-induced business continuity test failures.