Assessing the resilience of an IT portfolio
Abstract
One of the goals of the business impact analysis (BIA) process is to establish recovery objectives. Having established recovery objectives, the next step is to assess whether one’s IT portfolio can actually meet those objectives. Unfortunately, there is no well-defined and prescriptive process for this. This article describes a model that can be customised and applied in any organisation to take an IT-centric view to assessing resilience capabilities. The first stage of this process is to gather IT-specific data, either through a questionnaire or by querying the configuration management database directly. The next step is to leverage a set of scoring rubrics in order to assess the capabilities of each application with respect to meeting recovery point objectives, recovery time objectives and service-level targets, as well as the strength of staffing, documentation and disaster recovery plans. The output of the model is a composite score for each application (based upon an aggregate capability score and a weighting factor) that identifies those services in the IT portfolio with the greatest gaps in their capabilities (ie those services in greatest need of remediation). The logic of the model can either be built with spreadsheets or automated through business continuity management planning platforms.
The full article is available to subscribers to the journal.
Author's Biography
Matthew Ricks is the Senior Director of IT Facilities Management and Business Continuity Management at Stanford University. In addition to oversight of Stanford’s data centres and IT technical facilities, he has a focus on disaster recovery, business continuity planning and emergency management efforts. Matthew leads annual disaster recovery and life safety exercises, as well as designing and leading quarterly information security incident response exercises; he also serves as incident commander for major IT incidents. Matthew has an MBA from University of Maryland University College and a bachelor of science degree in information systems management from University of Maryland Baltimore County. He is currently pursuing a master’s degree in homeland security from Penn State University.
Lucrecia Boswell is the Manager of Hosting Services and Asset Management at Stanford University. She is responsible for the provisioning of servers and network systems in Stanford’s data centres and with Stanford’s cloud providers, and she manages the life cycle of IT assets. Lucrecia has also managed Stanford IT’s disaster recovery exercises. Lucrecia has a bachelor of arts degree in liberal studies from California State University, Fullerton.
Citation
Ricks, Matthew and Boswell, Lucrecia (2019, September 1). Assessing the resilience of an IT portfolio. In the Journal of Business Continuity & Emergency Planning, Volume 13, Issue 1. https://doi.org/10.69554/BDKY5442.
Publications LLP