The institution ensures the continuity of its services, especially those involving critical operations, and maintains the availability of information at an acceptable level in the event of significant disruption.
Guideline code
ICT_00900
Mechanism
Mechanism
- The management, with the assistance of specialized units where applicable, should define policies, objectives and scope for the continuity of critical social security processes and services (i.e. business continuity) aligned with the institution’s objectives, notably including:
- Contribution collection and benefit delivery;
- Operation of corporate resources (e.g. master data);
- E-services and citizen interaction.
- The ICT unit, with the assistance of specialized units, should:
- Define a service continuity strategy. This involves evaluating business continuity management options and choosing a cost-effective and viable strategy that will ensure enterprise recovery and continuity in the face of a disaster or other major incident or disruption;
- Develop and implement a business continuity response, based on a business continuity plan (BCP) according to the defined strategy;
- Maintain the availability of business-critical information and services, implementing the appropriate backup mechanisms and ensuring that systems, applications, data and documentation maintained or processed by third parties are adequately backed up or otherwise secured.
- The management should validate and communicate the continuity plans throughout the institution.
Parent
Structure
Structure
- A framework to respond to incidents and disruptions should be implemented in order to ensure the continued operation of critical processes and required ICT services and maintain the availability of information at a level acceptable to the institution.
- The framework should ensure that relevant services can be recovered in line with agreed business needs, requirements and timescales.
- A specialized organizational structure, reporting to the ICT management, should be established to manage IT service continuity. To establish accountability, the roles and responsibilities of the units within that structure have to be well defined and documented.
- The ICT operational practices implemented should follow the institution’s ICT governance framework and strategic plan, and be based on international standards and practices (e.g. ISO/IEC 22301 and 24762, COBIT® and ITIL).
Title HTML
Guideline 6. Managing service continuity
Type
Guideline_1
Weight
12