Service Continuity (SCON) (CMMI-SVC)

Introductory Notes

Service continuity is the process of preparing mitigation for significant disruptions to service delivery so that delivery can continue or resume, although perhaps in a degraded fashion. These practices describe how to prepare service systems and the resources they depend on to help ensure that a minimum critical level of service can continue if a significant risk is realized. Part of service continuity is identifying which services cannot be disrupted and which can be disrupted and for what amount of time.

The Service Continuity process area builds on the practices in the Risk Management process area. The Risk Management process area describes a general systematic approach to identifying and mitigating all risks to proactively minimize their impact on the work. Service continuity practices are a specialization of risk management that focuses on dealing with significant disruptions of normal operations. If risk management has been implemented, some of the resulting capability can be used to provide for more effective service continuity. However, generic risk management does not guarantee that service continuity is accomplished. Therefore, the specific practices of the Service Continuity process area are required in addition to the practices of the Risk Management process area.

Service Continuity can be applied at both the organization level and the work group level. Therefore, the use of the term “organization” in this process area can apply to a work group or the organization as appropriate.

Typically, service disruption is a situation that involves an event (or sequence of events) that make it virtually impossible for a service provider to conduct business as usual.

 

A service provider may only have a short period of time in which to recover and resume providing services.

The Service Continuity process area covers developing, testing, and maintaining a service continuity plan. First, the following should be identified:

• The essential functions that support the services the organization has agreed to deliver
• The resources that are required to deliver services
• The potential hazards or threats to these resources
• The susceptibility of the service provider to the effects of each hazard or threat
• The potential impact of each threat on service continuity

This information is used to develop a service continuity plan that, in the event of a disruption, enables the organization to resume service delivery. Creating the service continuity plan typically involves the following three activities conducted after the information listed above has been collected. All of these activities, including the collection of information, are repeated periodically to keep the plan current:

• Documenting the service continuity plan based on the information previously collected
• Documenting the tests to validate the service continuity plan
• Documenting the training materials and training delivery methods for carrying out the service continuity plan

Finally, service continuity plans should be validated. Because it is unwise to wait until an emergency occurs to first execute the service continuity plan, staff who will perform the procedures in the service continuity plan should be trained in how to perform these procedures. In addition, periodic tests should be conducted to determine whether the service continuity plan would be effective in an actual emergency or significant disruption and what changes to the plan are needed to enable the organization to continue to deliver service reliably.