When your consultancy assignment is all about Disaster Recovery Service Level Management (DR-SLM), you want to make sure you are well prepared.
It could be a disaster in itself when your Service Level Management process is missing vital bits, or when the agreements haven’t been signed by the proper people in the organisation. (To just name the first two things that came to mind)
To help your client in their understanding of the importance and impact of Service Level Management during a Disaster Recovery, it may be a good idea to prepare by doing an internal check.
This internal check can be done in the form of a Self Assessment. A Self Assessment gives you a current status overview, a line in the sand to give you clarity and understanding where DR-SLM adds value. This benchmark also visualizes where the weak spots / areas for improvement are, which makes it a perfect exercise before you allocate resources for an improvement project.
However, when you look at self assessment questions it’s important that you answer them based on your own personal opinion and experience. This becomes even more important when you fill out the Self Assessment with your team. Each individual in the team answers the questions differently – but keep in mind that the ultimate answer to each of these questions is:
‘In my belief, the answer to this question is clearly defined’.
If you want, you can go even further and ask for documented evidence, rather than just opinions. This will move the questionnaire more into an auditing realm as you require evidence to substantiate the answers.
Some of the most important management requirements for Disaster Recovery Service Level Management are listed below. For each of these questions, think about your current role and try to answer them truthfully.
Are these requirements identified, assessed, implemented and documented? Or is there room for improvement of Disaster Recovery Service Level Management processes in the organisation?
The management requirements are across 7 different phases, which coincide with the general life cycle of a business process. These phases loosely align with Deming’s Quality cycle: Plan – Do – Check – Act (PDCA for short).
- Plan what you are going to do
- Do what you planned for
- Check / study and analyse the results of what you did in the previous step
- Act accordingly – improve the activities, measurements and expected outcomes.
To help you to understand the style of questions you can ask during a Self Assessment, we chose a selection and placed them in the appropriate phases:
Phase 1: Recognize the value of Disaster Recovery Service Level Management for the overall business
- Do you need any special (e.g., flood) insurance now?
- Are the services provided by your organization identified?
- What are the expected benefits of Disaster Recovery Service Level Management to the stakeholder?
Obviously, these questions are quite high-level as they test whether or not you recognize the value of Service Level Management and Disaster Recovery processes in general. At this stage of the organisational maturity you’re looking at the big picture of what can happen during a disaster and what the value would be of formal processes.
You also want to ensure there is a clear and obvious benefit of Disaster Recovery SLM seen by stakeholders and budget holders. Having this kind of support is crucial at any stage of the project, but especially at the start.
Phase 2: Define what Disaster Recovery Service Level Management means within the context of our business
- What are the compelling stakeholder reasons for embarking on Disaster Recovery Service Level Management?
- Exactly what type of expertise is required?
- What critical operational or security controls require implementation prior to recovery?
The next phase is a step up in the business process maturity. There is a clear understanding of the value of Service Level Management in the context of Disaster recovery but we now need to identify what that means for our business.
The discussions with the executive team and the stakeholders should be more targeted towards the specific benefits for the business. Create clear definitions of the input, expectations and output for the processes. Ensuring that the expectations and deliverables are clearly defined within the boundaries of the business requires strategic thinking.
This step takes the whole program beyond a ‘cookie cutter’ approach. Especially when you think about Disaster recovery processes it is important to do everything within the business requirements. Skipping this step may cause you to spend too many resources on tasks and deliverables that do not provide any added value to the business.
Phase 3: Measure How Disaster Recovery Service Level Management is currently performed
- How large is the gap between current performance and the customer-specified (goal) performance?
- Are disaster recovery and business continuity programs based upon a business impact analysis?
- Are there current service level agreements/documents of understanding with all service providers for your critical business processes?
When you start doing the Self Assessment you will most likely realise that you already do some of the activities around Disaster Recovery Service Level Management. Just because you didn’t officially name the processes doesn’t mean nobody thought about doing this.
That’s why these self assessment questions are so valuable. It brings out in the open the decisions that have already been made, the processes and activities that are already providing value. So don’t think a self assessment is only to find out the gaps, or to realise there is so much more you need to do. Also consider doing this self assessment to find out where to celebrate your successes.
Most of the time though, going through a self assessment like this will create the realisation that while you’re already doing some of the steps, the activities need to be consolidated and delivered more consciously to achieve better results for the business.
Phase 4: Analyze how Disaster Recovery Service Level Management is performing
- Were any designed experiments used to generate additional insight into the data analysis?
- Does the DRP designate the retrieval procedures of the stored data?
- Do you have formal agreements for an alternate processing site and equipment should the need arise to relocate operations?
It’s one thing to measure what you currently do, but the raw data won’t give you insight in the benefits for the organisation. That’s why you need to have structural analysis processes to turn the raw data into information that makes sense for Disaster Recovery.
Running Disaster Recovery Service Level Management is all about consciously taken decisions. You need to document what you do and why so that when (if) the disaster occurs everybody knows exactly what is going to happen. This takes the uncertainty out of a very stressful situation.
Phase 5: Improve the disaster Recovery Service Level Management processes
- Were any criteria developed to assist the team in testing and evaluating potential solutions?
- How much of the IT effort goes to firefighting rather than enabling business improvements?
- Are there policies in place to address post-disaster redevelopment?
It goes without saying that the self assessment will uncover many areas for improvement.
Some of the improvements will focus on the technical infrastructure and how you create agreements to keep utilizing the technology during a disaster. Many improvements however are around the continuity of the processes and procedures. For example question about the policies to address post-disaster redevelopment.
The improvement projects will help shift your business from a reactive approach to DR-SLM to a more proactive approach. The proactive approach helps the business with the risk mitigation and management strategies and to forecast the potential impact of disasters on the future of the business.
Service Level Management and the Service Level Agreements play an important role in this shift as it helps to understand what everybody’s role is in case of a disaster and where the responsibilities lie for the steps taken to continue to deliver the service and to manage expectations.
Phase 6: Control the Disaster Recovery Service Level Management processes
- How should your organization prioritize DR/BC planning with so many other important priorities?
- Which process must consider Business Continuity Plans as a major part of its own planning?
- Do individuals responsible for contingency planning understand responsibilities?
It’s one thing to have a plan that is supported by processes, it’s a totally different level of sophistication to have control over every step in the process.
To control the outcomes and the various deliverables of DR-SLM, you need to appreciate and understand the interdependencies of the various business processes. You also need to check the dependency on internal and external suppliers, especially where Service Level Agreements are concerned.
Phase 7: Sustain the Disaster Recovery Service Level Management Objectives
- Who does what for DR plan maintenance?
- Do you have an adequate level of skills and competencies to manage the current and planned workload?
- What happens if a key supplier suddenly shuts its doors ?
- Are enterprise and IT objectives linked and synchronised?
The final maturity phase in the Self assessment looks mainly towards the future. How can we control the quality level and outcomes of the processes around disaster recovery and service level management? How can we sustain the way we deliver the expected level of services, even when the business scales? How do we anticipate the response to a disaster even when there are many new external influences?
All these questions need to be considered. It doesn’t matter that you don’t have clearly defined answers to these questions (yet), at least now you know that these questions matter and that this is something that you may need to look into for the future strength of the company.
By now you have an appreciation for the fact that these questions provide the basis for important strategic and tactical discussions, while offering a clear pragmatic approach to the implementation of the ideas for improvement.
You won’t be able to answer all 1000 questions, that’s not the intent behind the self assessment. The idea is to identify the questions you must have an answer to, to avoid expensive mistakes or oversight in relation to your Service Level Agreements within the context of Disaster Recovery.
When you perform these self assessments with regular intervals, they will give valuable insight into the growth in business process maturity, and tangible benefits from the implementation projects. Closing the loop back to the stakeholders and those responsible for the budget allocation becomes easier and with better business context.