Wood like to hear your feedback on what statements are correct, what are not and if any of the statements are going to far in to BCM.
There are three components to IT Service Continuity Management!
One is the technical part of it, what sort of solution is using to secure the RPO and RTO values, what is the cost, how will different solutions impact the business. And also to secure the resources to restore the service once there a disaster is reported.If you have a outsourced the first part, this is not that important, you need to setup some KPI’s to secure that the thresholds of dose KPI’s are meet.
The second part is the business knowledge, where in the business process is a application/service used, how is it used, if it the service is down what sort of implications will it have to the productivity of that unit/organisation or company.
For this part you need to start in a early stage, when you are taking in the demands for the application/service. You should review why there is a need for a new application/service, how it is going to be used, by whom and were in the business process will it be used, what are the impacts if the service is down and what sort of workaround alternativs is there? All these questions need to be asked to secure that the correct RPO and RTO are set.
Third part is disaster management, when and if a disaster happens there should be a management group ready to handle any types of problems that accrue, like media handling, priority setting (in-case that there is none set) and other types of decisions.
These three components are there just for one thing, and that is to minimise the risk, for the companies survival or minimise the finical risks that the company takes in the moment of a disaster… thats what IT Service Continuity Management is all about.