Guide to IT Service Continuity Management (ITSCM) (2022)

IT service continuity management (ITSCM) is a key component of ITIL service delivery. It focuses on planning for incident prevention, prediction, and management with the goal of maintaining service availability and performance at the highest possible levels before, during, and after a disaster-level incident.

The goal of ITSCM is to reduce the downtime, costs, and business impact of incidents by putting effective, standardized processes in place for when those incidents do inevitably occur.

Because without a plan, there are a lot of factors that can slow—or stop—incident recovery. After all, your on-call expert might be responding when they’re bleary-eyed at 3 a.m. They might be out of touch with the code after working on something else for weeks or months. They might panic at the scale of the disaster-level incident. Or they might be the newest member of the disaster recovery team, without as much experience resolving issues.

Having a well-documented, clear plan for service continuity management will help minimize any delays caused by learning curves, time away from the code, disaster panic, or midnight alerts.


In ITIL 4, service continuity management is a process meant to support business continuity management (BCM). The goal of the process is to make sure services are back up and running within the agreed-upon business timelines after major service disruptions.

ITSCM vs. incident management

ITIL 4 makes a distinction between incident management—which handles incidents at a variety of impact levels—and ITSCM, which is about planning for large-scale disasters.

(Video) Service Continuity Management (BNCSC403_Mod_X)

So, what exactly constitutes a disaster? The answer may be different for each business, but the Business Continuity Institute defines it as: “A sudden unplanned event that causes great damage or serious loss to an organization. It results in an organization failing to provide critical business functions for some predetermined minimum period of time.”

The scale of what we call a disaster, the predetermined minimum time, and the definition of critical business functions are three things each business will need to define and document for themselves.

ITSCM and business continuity management (BCM)

Business continuity management is a process managed outside IT that identifies risks to the business and works to mitigate those risks. Some risks may be IT-related, including disaster-level incidents, and some risks may be outside IT control, such as natural disasters or facility fires.

Since BCM encompasses ITSCM as well as other risk-mitigation processes, it makes sense for IT teams to work closely with the BCM team to create:

  • A business continuity plan (BCP) that includes plans for prevention and recovery from disaster-level IT incidents
  • Business impact analyses (BIA) that identify the potential business impact of an IT disaster

ITSCM objectives

From a business perspective, the goal of ITSCM is to reduce the downtime, costs, and business impact of disaster-level incidents. On a more tactical level, objectives include:

  • Working closely with BCM to protect overall business continuity
  • Creating and managing plans for IT service continuity and recovery in case of disaster
  • Working with vendors to minimize the impact of any downtime in their products and services, as it relates to the business
  • Analyzing risk and impact and revising plans accordingly over time

The ITSCM process

Here at Atlassian, our own continuity plan, is built on the assumption that the process of disaster planning is ongoing, leadership-driven, and thoroughly tested. We are determined to not #@!% our customers. Our process includes planning, communication, clear responsibilities, testing, and continuous improvement.

(Video) IT Service Management Tutorial | What Is ITSM? | ITIL Foundation Training | Simplilearn


The planning process starts with asking high-level questions and then building a plan based on your answers. Starting questions should include:

  • What is our incident response?
  • What are the values we’ll follow?
  • What kinds of disasters do we need to plan for? What are the risks and threats inherent to our business?
  • What systems do we need to support? Which are critical?
  • How will we respond in case of each disaster?
  • Where is the information we’ll need to support and restore critical systems?
  • How can we centralize that information and simplify restoration processes?
  • Is the information and process documentation collaborative and reviewable by the teams who will be managing it?

Once you have answers to these questions, the next step is to use those answers to define:

  • Policies for disaster recovery
  • Scope of IT responsibilities
  • Scope of business impact of each risk
  • Plans and processes for each risk scenario
  • Personnel and documentation requirements

The key to a successful ITSCM planning phase is documenting and templatizing the resulting plan to make it clear and repeatable. Having assets such as an incident response playbook or other runbooks can be a source of truth and organization to responders during a high-stakes scenario.

In the spirit of ITSCM, a solution with access to a built-in knowledge base—like Jira Service Management powered by Confluence—allows for continuous documentation that allows for revision, optimization and collaboration. That way, responders have access to previous resolution documentation and up-to-date resources.

Clear responsibilities

Who’s responsible in case of disaster? Who’s responsible for maintaining and updating plans, processes, and documentation? ITSCM should always have a clear sense of roles and responsibilities not only for disasters themselves, but for ongoing monitoring and improvement. Using Jira Service Management, responders can tag the appropriate party or person on issues to ensure responsibilities are properly delegated and to facilitate cross-functional collaboration.

At Atlassian, part of our approach is to have regular disaster recovery meetings with our site reliability engineers and our risk and compliance team. They discuss gaps in disaster recovery and identify where additional plans, improvements, assessments, or changes need to be made.


Openness is a core value at Atlassian and we believe the more informed your organization is about your ITSCM plans, the more effective those plans will be.

(Video) ITSCM 280 Sec #22 How to Study for Exam

Offering flexible communication channels throughout the incident response processallows teams to stay in touchby their preferred method. Jira Service Management integrates multiple communications channels to minimize downtime, such as embeddable status widget, dedicated statuspage, email, chat tools, social media, and SMS.

Not only does communication keep stakeholders on board and help the c-suite stave off panic during a disaster-level incident, but it also allows the team to reach out for help from other teams if needed and mitigate the risk of friction caused by organizational confusion.


How do you know if your plans work unless you test them? This is a foundational question for ITSCM and the reason that testing and incident management drills are vital to the success of the practice.

Testing can help you identify weak points in your process, unforeseen issues, and where teams may need re-training or better documentation.

Assess and improve

ITSCM is not a one-and-done process. It requires thoughtful planning up front and ongoing training, assessment, and improvement. That’s why we have regular disaster recovery meetings. It’s why we test system backups and run drills on what happens in case of a data center outage or AWS region failure. And it’s why any ITSCM plan worth its salt is a continually monitored, ever-changing thing.

Most companies represent the ITSCM process as a series of steps, but we think it’s more like a circle. Planning should lead to defined roles and responsibilities. From there, the team should communicate across the organization, test and test again, assess, monitor, and improve and, in those improvements, continue to update the plan, further define roles, and continue communicating.

Again, this is where a built-in, collaborative knowledge base comes into play. Knowledge base articles are a valuable resource when it comes to assessment and documentation. Incident postmortem reports are crucial for revision and repair following an incident, but can also act as a longstanding resource for potential problems in the future. Jira Service Management, powered by Confluence, offers a powerful collaborative platform to execute assessment and improvement solutions.

ITSCM roles and responsibilities

In order to effectively plan and implement ITSCM practices across the organization, many businesses appoint a Service Continuity Manager and a Service Continuity Recovery Team.

(Video) IT Management Frameworks Overview - Video 001

Service Continuity Manager (SCM)

As the name suggests, the Service Continuity Manager is responsible for overseeing service continuity. This person typically owns the process from A to Z, leading plan development, managing ongoing monitoring and assessment activities, and overseeing plans in action in case of disaster.

This person is typically an experienced, senior-level technical support professional, but may be in a management role and not directly involved with the tech day to day.

Service Continuity Recovery Team

Led by the SCM, this team is responsible for running tests and incident drills and continually improving ITSCM. The team typically includes technical staff, QA professionals or users for testing, and representatives from departments across the organization who are responsible for keeping lines of communication open between ITSCM and their teams.

Why does ITSCM matter?

Organizations with clear plans for disaster recovery will recover quicker and more fully in case of disasters.

ITSCM isn’t about planning for everyday outages. It’s about addressing worst-case scenarios and ensuring that if they happen, they cause minimal disruption to the lives of customers and employees.

Here are three clear benefits of a good ITSCM practice:

(Video) Freshservice Demo | Best ITSM Software | Right Sized ITSM Solution

  • If disaster strikes, a good ITSCM plan means essential services will be back up and running quickly.
  • The organization is always prepared for a major disaster and can react quickly and appropriately.
  • Everyone across the business understands what will happen in case of disaster and how long they can expect systems to be down.

Discover how ITSCM improves customer service quality and minimizes organizational downtime with Jira Service Management.

Try Jira Service Management free


What is Itscm in ITIL? ›

IT service continuity management (ITSCM) is a key component of ITIL service delivery. It focuses on planning for incident prevention, prediction, and management with the goal of maintaining service availability and performance at the highest possible levels before, during, and after a disaster-level incident.

What are the 7 steps of continuity management? ›

7 Steps to Create a Business Continuity Plan + Webinar Replay
  • Step 1: Regulatory Review and Landscape. ...
  • Step 2: Risk Assessment. ...
  • Step 3: Perform a Business Impact Analysis. ...
  • Step 4: Strategy and Plan Development. ...
  • Step 5: Create an Incident Response Plan. ...
  • Step 6: Plan Testing, Training and Maintenance. ...
  • Step 7: Communication.
26 Jun 2018

What should be in a IT business continuity strategy? ›

1. Business Continuity Strategy is a phase within the BCM planning process. It is the conceptual summary of preventive (mitigation) strategies, crisis response strategies and recovery strategies that must be carried out between the occurrence of a disaster and the time when normal operations are restored.

WHAT IS IT service continuity plan? ›

The Information Technology Service Continuity Plan is the collection of policies, standards, procedures and tools through which organisations not only improve their ability to respond when major system failures occur, but also improve their resilience to major incidents, ensuring that critical systems and services do ...

What are the 5 stages of ITIL? ›

There are five stages of the ITIL service lifecycle:
  • Service Strategy.
  • Service Design.
  • Service Transition.
  • Service Operation.
  • Continual Service Improvement.

What are the 4 main components of the BCM Programme management? ›

2) What are the 4 main areas of business continuity management? The four main areas of business continuity management are 1) disaster prevention, 2) disaster preparedness, 3) disaster response and 4) disaster recovery.

What are the 3 main areas of business continuity management? ›

Three key components of a business continuity plan

A business continuity plan has three key elements: Resilience, recovery and contingency.

What are the three branches of continuity? ›

Continuity of Government is a coordinated effort within each of the executive, legislative, and judicial branches to ensure that governance and essential functions continue to be performed before, during, and after an emergency.

What are the four P's of business continuity planning? ›

When devising a business continuity strategy, you should consider the 4 P's: people (staff and customers), processes (the technology and processes required), premises and providers, suppliers and partners.

What are the five 5 steps that should be followed when developing a business continuity plan? ›

Steps to Creating a Business Continuity Plan
  • Step 1: Assemble a Business Continuity Management Team. ...
  • Step 2: Ensure the Safety and Wellbeing of Your Employees. ...
  • Step 3: Understand the Risks to Your Company. ...
  • Step 4: Implement Recovery Strategies. ...
  • Step 5: Test, Test Again and Make Improvements.
28 Sept 2020

What are the three continuity strategy plans? ›

There are three phases to comprehensive continuity planning:
  • resolve;
  • respond; and.
  • rebuild.
6 Mar 2007

What are the roles in IT service continuity management? ›

The IT Service Continuity Manager is responsible for managing risks that could seriously impact IT services. He ensures that the IT service provider can provide minimum agreed service levels in cases of disaster, by reducing the risk to an acceptable level and planning for the recovery of IT services.

What are the main benefits of proper IT service continuity management? ›

Benefits of IT Service Continuity Management

Controlled recovery of systems. Reduction of downtime - increased continuity of service to customer. Minimal disruption to Departments business.

Which of these are KPIS relating to IT service continuity management? ›

KPIs IT Service Continuity Management
Key Performance Indicator (KPI)Definition
Implementation DurationDuration from the identification of of a disaster-related risk to the implementation of a suitable continuity mechanism
Number of Disaster PracticesNumber of disaster practices actually carried out
3 more rows
17 Jun 2019

What are the 3 main types of change ITIL? ›

Change types

In ITIL, we usually identify three types of change that are each managed in different ways i.e. standard, normal and emergency changes. A low-risk, pre-authorized change that is well understood and fully documented, and can be implemented without needing additional authorization.

What is the 7 step improvement process in ITIL? ›

The Seven-Step Improvement Process

The goal is to define and manage the steps needed to identify, define, gather process, analyze, present and implement improvements. The objective of the seven-step process is to identify opportunities for improving services, process etc and reduce the cost of providing services.

What is life cycle of ITIL? ›

ITIL V3 (ITIL 2011) organizes the ITIL processes around the five service lifecycle stages: Service Strategy, Service Design, Service Transition, Service Operation, and Continual Service Improvement (see fig.

What are the 4 dimensions of ITIL 4? ›

The four dimensions of ITIL 4 are an evolution of the four Ps seen in ITIL V3 (People, Products, Processes, Partners). They have been revised to consider the broader aspects of the service ecosystem (and the way these aspects influence each other) to encourage a change in the way we think about service value streams.

What is the difference between BCP and BCM? ›

BCP is about having a plan to recover and resume operations after an unexpected disruption. It covers just-in-case scenarios, ensuring an FI is prepared to respond to an outage or event. BCM goes beyond planning to address the risks and vulnerabilities that threaten resilience in the first place.

What are the two types of process classification in BCM? ›

They are micro (individual), meso (group or organization) and macro (national or interorganizational). There are also two main types of resilience, which are proactive and post resilience.

What are the key principles of business continuity? ›

Business Continuity plans only work if everyone understands them. Employees are also a great source of ideas and insights about how your business might be affected by a disaster. So business must communicate Business Continuity plans to employees regularly – and actively solicit their input.

What are the key elements of business continuity? ›

The following seven elements are essential parts of any effective business continuity strategy:
  • A clearly defined team. ...
  • A detailed plan. ...
  • Effective testing. ...
  • Crisis communications. ...
  • Employee safety. ...
  • Uninterrupted access to business resources. ...
  • Continuous IT operations.

How many phases of continuity are there? ›

Fortunately, business continuity planning falls neatly into five phases, each of which includes steps that, when followed, provide the foundation of any good plan.

What is ISO 22301 business continuity management? ›

Understand and prioritize the threats to your business with the international standard for business continuity. ISO 22301 specifies the requirements for a management system to protect against, reduce the likelihood of, and ensure your business recovers from disruptive incidents.

What is it called when all 3 branches work together? ›

The Constitution divided the Government into three branches: legislative, executive, and judicial. That was an important decision because it gave specific powers to each branch and set up something called checks and balances.

What are the 4 C's of analysis? ›

The 4Cs (Clarity, Credibility, Consistency, Competitiveness) is most often used in marketing communications and was created by David Jobber and John Fahy in their book 'Foundations of Marketing' (2009).

What are the 4 pillars of ITIL? ›

The four pillars of ITIL Capability | ALC Training News
  • ITIL Capability: Operational Support and Analysis. ...
  • ITIL Capability: Planning, Protection and Optimisation. ...
  • ITIL Capability: Release, Control and Validation. ...
  • ITIL Capability: Service Offerings and Agreements.

What is the difference between ISO 20000 and ITIL? ›

ISO 20000 is a standard and code of practice; ITIL is a best practice framework. ISO 20000 awards organizations with certification; ITIL does not. ISO 20000 has requirements for processes and management system; ITIL has guidance.

What are the 4 dimensions of ITIL 4? ›

The four dimensions of ITIL 4 are an evolution of the four Ps seen in ITIL V3 (People, Products, Processes, Partners). They have been revised to consider the broader aspects of the service ecosystem (and the way these aspects influence each other) to encourage a change in the way we think about service value streams.

What is SRM in ITIL? ›

Service request management can provide a channel for improvement initiatives, compliments, and complaints from users. It also contributes to improvement by providing trend, quality, and feedback information about fulfilment of requests. ITIL® is a registered trade mark of AXELOS Limited.

What are the 4 P's of Service Management? ›

The 4 Ps of Service Design

People. Products. Partners. Processes.

What are the six key SVC activities? ›

Key Service Value Chain Activities. The six key activities of the Service Value Chain are Plan, Improve, Engage, Design and Transition, Obtain/Build, and Deliver and Support. Each of these contributes to value creation by transforming various inputs into specific outputs.

What is ITIL lifecycle? ›

The ITIL service lifecycle is a process approach to the best practices laid out within the ITIL framework, and it is broken into five phases: service strategy, service design, service transition, service operation, and continual service improvement.

Is ITIL still relevant in 2022? ›

More than 40+ years after its inception, ITIL® certification continues to receive rave reviews in 2022. This article in TechData proclaims ITIL as one of the “best IT certifications of 2022”.

What is replacing ITIL? ›

DevOps can replace ITIL

Because while IT departments may move away from ITIL training and process silos, they still need to do some aspects of service management. Operations.

Which ISO certification is best for IT company? ›

ISO 9001. In the highly competitive IT industry, businesses need to continually improve to stay relevant and gain an important edge, this is where ISO 9001 certification is key.

What is the difference between ITIL and ITIL 4? ›

ITIL V3 processes describe a flow of activities, along with the information about suggested roles, metrics, and other process-related information. On the other hand, ITIL V4 practices are the capabilities that can be performed as an organization.

Is ITIL 4 agile? ›

ITIL 4 is here—and it's more agile than ever. To keep up with the speed of business, IT teams are transforming the way they work. Gone are the days of inflexible processes and heavy workflows.

What are two key ITIL 4 components? ›

The key components of the ITIL 4 framework are the ITIL service value system (SVS) and the four dimensions model.

What are the 6 steps in forming a SRM? ›

Let's look at each in turn.
  • Broaden your definition of SRM's value. ...
  • Get stakeholder buy-in as high up as possible. ...
  • 3.Understand your suppliers before defining the process. ...
  • Train everyone working with the suppliers, not just procurement people. ...
  • Use technology to kick-start your transformation.
31 May 2018

What is the 4th step of the SRM process? ›

4 - Define Acceptable Level of Safety (ALoS)

Acceptable Level of Safety (ALoS) establishes an aviation service provider's minimum level of acceptable risk for a hazard or risk.

What are SRM tools? ›

Supplier relationship management (SRM) software is a solution that helps companies streamline supplier selection and onboarding, supplier performance tracking and assessment, supplier document management, and other important supplier-related processes.


1. EasyVista IT Service Management (ITSM) Platform in 15 Minutes
2. Provance ITSM in 11 Minutes
3. Service Management Transformation @ BMC
(ITSM Academy)
4. ITIL/ITSM Overview
(Learn & Grow Together With Atul G)
5. ITSM Crowd 70 - To Continuity and Back
(The ITSM Crowd)
6. Free ITSM webinar from IT expert Vawns Murphy | ITSM in the next normal

Top Articles

You might also like

Latest Posts

Article information

Author: Foster Heidenreich CPA

Last Updated: 11/24/2022

Views: 6174

Rating: 4.6 / 5 (56 voted)

Reviews: 95% of readers found this page helpful

Author information

Name: Foster Heidenreich CPA

Birthday: 1995-01-14

Address: 55021 Usha Garden, North Larisa, DE 19209

Phone: +6812240846623

Job: Corporate Healthcare Strategist

Hobby: Singing, Listening to music, Rafting, LARPing, Gardening, Quilting, Rappelling

Introduction: My name is Foster Heidenreich CPA, I am a delightful, quaint, glorious, quaint, faithful, enchanting, fine person who loves writing and wants to share my knowledge and understanding with you.