In a certain sense, if you want to start off correctly with IT service continuity management or ITSCM, then don’t start. Or rather, don’t start your ITSCM before you start – or your organisation starts – the overall business continuity planning. The whole IT function must be driven by business requirements. Likewise, IT continuity must be architected according to the overall needs of the business. But does that mean that IT is fated to be entirely reactive?
There are at least two things to consider about IT’s role in business continuity in general, and the extent to which IT can drive, or should be driven.
- The IT governance viewpoint. IT is there to help an enterprise succeed, not vice versa. However, IT governance also encourages IT to proactively suggest ways to streamline operations and uncover opportunities. The IT function cuts across the whole of the organisation, giving it a unique ability (and responsibility) to help improve the business as a whole.
- The cost viewpoint. Being proactive and moving to predict and attenuate the effects of incidents on IT services might therefore seem the right things to do. Being reactive means taking measures to help IT recover from problems, rather than try to avoid all the problems in the first place. However, proactivity may have different costs compared to reactivity.
In the end, IT service continuity management and business continuity planning and management is really a three-legged race. If you remember that sporting event from your schooldays, the only way to get to the finishing line was to stay in sync with your partner. Any efforts to “do your own thing” inevitably led to disaster! Thus ITSCM and BCP/BCM have to move ahead in sync too. Decisions about whether to use resources to be proactive or reactive will then be driven by business requirements on one side, and IT insights on the other.