Common use of IT Service Continuity Management Clause in Contracts

IT Service Continuity Management. IT Service Continuity Management will support the overall Business Continuity and Disaster Recovery process by ensuring that the required IT technical and services operations (including computer systems, networks, Applications, data repositories, telecommunications, environment, technical support and Service Desk) can be recovered within required and agreed business time scales. Service Provider must provide IT Service Continuity Management as described in this Exhibit 2.1 and Exhibit 15 and Exhibit 16. Service Provider’s responsibilities include: 1. Facilitate and lead in the development and documentation of processes and procedures with Service Provider and other Service Component Provider(s). 2. Facilitate and lead information exchange between and among Service Provider and other Service Component Provider(s), DIR and DIR Customer, and/or Third Party Vendor(s) to improve end-to-end IT Service Continuity Management. 3. Validate that the IT Service Continuity Management process provides an audit trail that meets the legislative and policy requirements to which DIR and DIR Customer must comply. 4. Integrate Service Provider’s IT Service Continuity Management process with the IT Service Continuity Management processes of other Service Component Provider(s), DIR and authorized Third Party Vendors, with and where the processes interact. 5. Integrate Service Provider’s IT Service Continuity Management process with the other Service Management processes, including Service Level Management, Availability Management, Capacity Management, Configuration Management, Change Management and Incident Management. 6. Coordinate IT Service Continuity Management activities across all functions, other Service Component Provider(s), DIR Customer Sites, regions, and Third Party Vendor(s) that provide services to DIR Customer. 7. Conduct regularly scheduled IT Service Continuity Management meetings. 7.1. Document and publish IT Service Continuity Management meetings status reports to all relevant stakeholders, including DIR, DIR Customers, Service Component Providers and authorized Third Party Vendors. 8. Communicate and coordinate the IT Service Continuity Management Process within Service Provider’s own organization, other Service Component Provider(s), DIR, DIR Customers, and designated Third Party Vendor(s). 8.1. Provide on-going methods for training Service Provider staff, other Service Component Provider(s), DIR, DIR Customers and designated Third Party Vendors on the IT Service Continuity Management processes. 9. Facilitate and lead in the definition and documentation of IT Service Continuity Management Policies and procedures, as approved by DIR, which set the objectives, scope and principles that will ensure the success of the IT Service Continuity Management processes. 9.1. Continually verify the effective compliance with the IT Service Continuity Management Policies and procedures by Service Provider, other Service Component Provider(s), and designated Third Party Vendors. 10. Establish on-going IT Service Continuity Planning activities with DIR and DIR Customers in coordination with other Service Component Provider(s) and designated Third Party Vendors. 11. Create, maintain and effectively execute the IT Service Continuity Plan that is agreed to by DIR. 11.1. Continually verify the effective execution of the IT Service Continuity Plan, by Service Provider, other Service Component Provider(s), and designated Third Party Vendors. 12. Establish a single focal point for IT Service Continuity considerations in order to minimize the probability of conflicting priorities. 13. Develop and manage IT Service Continuity Management processes that will include the following: 13.1. Developing and maintaining IT Service Continuity Plans and IT Recovery Plans for DIR and DIR Customers. 13.2. Conducting regular testing of plans, including Business Impact Analysis (BIA) exercises and Risk Analysis and Management exercises, for DIR and DIR Customers. 13.3. Conducting Risk Analysis (RA) for DIR and DIR Customers – the risk identification and risk assessment to identify potential threats to continuity and the likelihood of the threats becoming reality, in relation with DIR and DIR Customers (as outlined in Exhibit 6). This also includes taking measures to manage the identified threats where this can be cost-justified with DIR and DIR Customer. 13.4. Producing an overall ITSCM strategy that must be integrated into the BCM strategy, which should include elements of risk reduction as well as selection of appropriate and comprehensive recovery options. 14. Following any disaster, conduct a post-disaster meeting with other Service Component Provider(s), DIR and DIR Customers in order to understand the cause of the disaster; and develop plans to eliminate or mitigate future occurrences.

IT Service Continuity Management. IT Service Continuity Management will support the overall Business Continuity and Disaster Recovery process by ensuring that the required IT technical and services operations (including computer systems, networks, Applications, data repositories, telecommunications, environment, technical support and Service Desk) can be recovered within required and agreed business time scales. The Service Provider must provide IT Service Continuity Management as described in this Exhibit 2.1 and 2.1.2, Exhibit 15 and Exhibit 16. Service Provider’s Provider responsibilities include: 1. Facilitate Actively participate in work with the MSI to develop and lead in the development and documentation of processes and procedures with Service Provider and other Service Component Provider(s)document processes. 2. Facilitate and lead Actively cooperate in information exchange between and among the Service Provider and Provider, the MSI, other DCS Service Component Provider(s), DIR and DIR Customer, and/or Third Party Vendor(s) to improve end-to-end IT Service Continuity Management. 3. Validate that Facilitate the transparency of IT Service Continuity Management process provides an information through appropriate processes to provide a complete audit trail that meets for the MSI to meet the legislative and policy requirements to which DIR and DIR Customer must comply. 4. Integrate Service Provider’s Provider IT Service Continuity Management process with the MSI’s IT Service Continuity Management processes of other Service Component Provider(s), DIR process and authorized Third Party Vendors, with and where the processes interactsystems. 5. Integrate Service Provider’s IT Service Continuity Management process with the other Service Management processes, including especially Service Level Management, Availability Management, Capacity Management, Configuration Management, Change Management and Incident Management. 6. Coordinate Provide effective and agreed mechanisms for properly complying with the MSI directives on IT Service Continuity Management activities across all functions, other Service Component Provider(s), DIR Customer Sites, regions, and Third Party Vendor(s) that provide services to DIR CustomerManagement. 7. Conduct Participate in regularly scheduled IT Service Continuity Management meetings. 7.1. Document and publish IT Service Continuity Management meetings status reports to all relevant stakeholders, including DIR, DIR Customers, Service Component Providers and authorized Third Party Vendors. 8. Communicate and coordinate the IT Service Continuity Management Process within Service Provider’s Provider own organization, other and as appropriate to DCS Service Component Provider(s), DIR, DIR Customers, and designated Third Party Vendor(s). 8.1. Provide on-going methods for training Service Provider staff, other Service Component Provider(s), DIR, DIR Customers and designated Third Party Vendors on Providers associated with the IT Service Continuity Management processesprovision of Services. 9. Facilitate and lead Actively participate in the definition and documentation of defining IT Service Continuity Management Policies and procedures, as approved by DIR, which set the objectives, scope and principles principals that will ensure the success of the IT Service Continuity Management processes. 9.1. Continually verify the Provide effective compliance and agreed mechanisms for properly complying with the IT Service Continuity Management Policies and procedures by Service Provider, other Service Component Provider(s), and designated Third Party Vendorsprocedures. 10. Establish Actively participate in on-going IT Service Continuity Planning activities with DIR and DIR Customers in coordination with other DCS Service Component Provider(s) and designated Third Party Vendors. 11. CreateCooperate and work with the MSI to create, maintain and effectively execute the IT Service Continuity Plan that is agreed to by DIR. 11.112. Continually verify the effective execution of the Report issues and status related to IT Service Continuity Plan, by Service Provider, other Service Component Provider(s), and designated Third Party Vendors. 12. Establish a single focal point for IT Service Continuity considerations in order to minimize the probability of conflicting prioritiesMSI. 13. Develop Participate in the development and manage management of IT Service Continuity Management processes that will include in support of the following:MSI. 13.1. Developing and maintaining IT Service Continuity Plans and IT Recovery Plans for DIR and DIR Customers. 13.2. Conducting regular testing of plans, including Business Impact Analysis (BIA) exercises and Risk Analysis and Management exercises, for DIR and DIR Customers. 13.3. Conducting Risk Analysis (RA) for DIR and DIR Customers – the risk identification and risk assessment to identify potential threats to continuity and the likelihood of the threats becoming reality, in relation with DIR and DIR Customers (as outlined in Exhibit 6). This also includes taking measures to manage the identified threats where this can be cost-justified with DIR and DIR Customer. 13.4. Producing an overall ITSCM strategy that must be integrated into the BCM strategy, which should include elements of risk reduction as well as selection of appropriate and comprehensive recovery options. 14. Following any disaster, conduct participate in a post-disaster meeting with other Service Component Provider(s)MSI, DIR and DIR Customers in order to understand the cause of the disaster; and develop plans to eliminate or mitigate future occurrences. A.2.4.1 General IT Service Continuity Management 1. Effectively implement IT Service Continuity Management Policies and procedures, which at a minimum include: 1.1. Scope, methods, roles and activities for defining requirements for IT Service Continuity Plans and IT Recovery Plans. 1.2. Standard contents and use of IT Service Continuity Plans and IT Recovery Plans. 1.3. Standard methods, tools, roles and activities for effective Business Impact Analysis. 1.4. Standard methods, tools, roles and activities for engaging DIR Customers on ITSCM and conducting exercises. 1.5. Methods, tools, roles and activities for monitoring and reporting on ITSCM activity. 1.6. Methods, tools, roles and activities for evolving metrics where ITSCM is not meeting DIR Customer business goals. 2. Effectively execute the IT Service Continuity Management processes, include: 2.1. Actively participate in maintaining a set of IT Service Continuity Plans and IT recovery plans that support the overall Business Continuity Plans of DIR and DIR Customers 2.2. Participate in regular testing of the plans. 2.3. Participate in ongoing operation and maintenance of the plans. 2.4. Participate in regular Business Impact Analysis (BIA) exercises to verify that all continuity plans are properly maintained with changing business impacts and requirements, and to identify and report to DIR and DIR Customers where plans are out of compliance. 2.5. Participate in regular Risk Analysis and Management exercises, particularly in conjunction with the business and the Availability Management and Security Management processes, that manage IT services within an agreed level of business risk. 2.6. Provide advice and guidance to all other areas of the business and IT on all continuity- and recovery-related issues. 2.7. Ensure that appropriate continuity and recovery mechanisms are put in place to meet or exceed the agreed Services elements for business continuity targets of DIR Customers. 2.8. Assess the impact of all changes on the IT Service Continuity Plans and IT Recovery Plans and provide reports on the assessed impact. 2.9. Negotiate and agree the necessary contracts with Third Party Vendors for the provision of the necessary recovery capability to support all IT Service Continuity Plans.