Undertaking the DR Business Impact Analysis (BIA)

Transcription

1 Undertaking the DR Business Impact Analysis (BIA) > David Danher National Practice Manager >Business Consulting Services >25 th March 2009

2 Agenda Who is Thomas Duryea? Disaster Recovery Programme Overview The DR Business Impact Analysis (BIA) The Consequence Table The BIA Spreadsheet Workshopping the BIA Spreadsheet Application Impact Rating MAO RTO RPO BIA Analysis & Report Thomas Duryea s IT DR Offerings 2

3 Who is Thomas Duryea? Company Overview Founded in 2000 Total employees: 85+ Offices in MLB, SYD & BNE Average growth of 300% pa Recent Awards VMware Partner of the Year 2008 Deloitte 2008 Tech Fast 50 [2 nd place] BRW Fast [6 th place] Ingram Micro 2008 Rising Star BRW ANZ 2008 Fastest Growing Private Business of the Year 3

4 Solutions & Services Strategic Technology Partners Enterprise Information Systems Data Centre Solutions Managed Services Systems Management Business Consulting Services Information Worker Solutions 4

5 Disaster Recovery Programme Overview Policy & Standards Framework Business Impact Analysis (BIA) Consequence Table Application importance to the Business Maximum Allowable Outage (MAO) Recovery Time Objective (RTO) Recovery Point Objective (RPO) Threat and Vulnerability Assessment Decide DR Solution Implement DR solution Train, Test, Review, Report, Maintain, Audit 5

6 Tangible Impacts Intangible Impacts Developing the BIA Consequence Table Aligns with HB Business Continuity Management Standard Business area of impact on left hand side Description of consequences left to right (low to high) Recommendation: Limit the number of Intangibles Severity/ Consequence Areas of Impact Stakeholders Product Image/Brand Financial Insignificant (1) No impact on clients/ stakeholders. No impact to Product No Impact to Image or Brand No loss of revenue Minor (2) Minor disruption of access to service for clients/stakeholders. Minor disruption to shipping product to distributers Negative publicity but can easily be countered Moderate (3) Major disruption of access to service for clients/ stakeholders. Major disruption to shipping product to distributers and/or customer delay in acquiring product. Adverse publicity in local media or negative customer feedback Unrecoverable Title loss of presentation of Unrecoverable loss revenue of up to $10K of revenue of between $10K and $50K Major (4) Significant loss of access to service for clients/stakeholders. Significant disruption to shipping product to distributers and/or major customer delay in acquiring product. Adverse publicity in national media or significant customer feedback Unrecoverable loss of revenue of between $50K and $100K Catastrophic (5) No service available to clients/ stakeholders. Complete inability to ship product to distributers or customers Adverse publicity in international media, very serious litigation including class action Unrecoverable loss of revenue of more than $100K 6

7 Developing the BIA Spreadsheet Applications and Dependencies Aligns with HB Business Continuity Management Standard Build by Site, Application Group, Applications and Dependencies Multiple Sites, Application Groups, Applications and Dependencies are allowed Note: Dependencies are Applications within their own right Site Application Group Applications Dependencies IT Manager Business Owner Prod All of Business AccPac Active Directory #REF! #REF! SQL #REF! #REF! Internet Gateway #REF! #REF! SQL Active Directory #REF! #REF! Exchange Active Directory #REF! #REF! Internet Gateway #REF! #REF! Internet Gateway Active Directory #REF! #REF! Active Directory 7

8 Developing the BIA Spreadsheet Areas of Impact and Timeframes Add Areas of Impact and timeframes to measure the Impacts against Add Total Impact Rating math Site Application Group Applications Dependencies Business Impact - Interval 1 1 hour Intangible Impacts Product Image / Brand Tangible Impacts Financial Business Impact - Interval 2 1 day Intangible Impacts Product Image / Brand Tangible Impacts Financial Business Impact - Interval 3 1 week Intangible Impacts Product Image / Brand Tangible Impacts Financial Stakeholders Stakeholders Stakeholders Stakeholders Business Impact - Interval 4 1 month Intangible Impacts Product Image / Brand Tangible Impacts Financial Total Impact Rating Prod All of Business AccPac Active Directory #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! SQL #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! Internet Gateway #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! SQL Active Directory #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! Exchange Active Directory #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! Internet Gateway #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! Internet Gateway Active Directory #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! Active Directory 8

9 Total Impact Rating Developing the BIA Spreadsheet Recovery Objectives Add MAO, RTO (required and current) & RPO (required and current) Add Mitigation Strategies MAO, RTO & RPO MAO Required RTO Current RTO Required RPO Current RPO Mitigation Strategies Minutes Hours Days Minutes Hours Days Minutes Hours Days Minutes Hours Days Minutes Hours Days Viable Work Around Time to Implement Work Around Minutes Hours Days DRP in Place DRP Tested Date #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! #REF! 9

10 BIA Workshop Areas of Impact Workshop with both Business and IT representatives Using consequence table, complete values for each individual application Site Application Group Applications Dependencies Stake- Holders Business Impact 1 Hour Intangible Impacts Product Image / Brand Tangible Impacts Financial Stake- Holders Business Impact 1 Day Intangible Impacts Product Image / Brand Tangible Impacts Financial Business Impact 1 Week Intangible Impacts Stake- Product Holders Image / Brand Tangible Impacts Financial Stake- Holders Business Impact 1 Month Intangible Impacts Product Image / Brand Tangible Impacts Financial Total Impact Rating Prod All of Business AccPac Active Directory SQL Internet Gateway SQL Active Directory Exchange Active Directory Internet Gateway Internet Gateway Active Directory Active Directory

11 BIA Workshop Recovery Objectives Total Impact Rating Workshop with both Business and IT representatives Add MAO, RTO (required and current)& RPO (required and current) Note: The 1st BIA may deliver a large gap between required and current requirements Complete Mitigation Strategies (if applicable) MAO, RTO & RPO MAO Required RTO Current RTO Required RPO Current RPO Minutes Hours Days Minutes Hours Days Minutes Hours Days Minutes Hours Days Minutes Hours Days Viable Work Around Mitigation Strategies Time to Implement Work Around Minutes Hours Days DRP in Place DRP Tested Date no no no no no no no no no no no no no no no no no no no no no no no no 11

12 BIA Analysis & Report Analysis of data gathered in workshop Compares Business requirements against current IT capability Takes multiple views Whole of Company Site Application Group Application & dependencies Report Charts Commentary Delta is the DR solution Current vs. Required 12

13 BIA Analysis Amending the Total Impact Rating Modify Dependency rating so that it is, at minimum, equal to Application rating Site Application Group Applications Dependencies Original Total Impact Rating Total Impact Rating Work New Total Impact Rating Prod All of Business AccPac Active Directory SQL Internet Gateway SQL Active Directory Exchange Active Directory Internet Gateway Internet Gateway Active Directory Active Directory

14 BIA Analysis Amending the MAO, RTO & RPO Amend MAO,RTO & RPO values to a common denominator Site Application Group Applications Dependencies MAO, RTO & RPO Application MAO MAO Application RTO Required Current Application RPO for Required Current MAO Required RTO Current RTO Required RPO Current RPO for Charting for Charting RTO RTO Charting RPO RPO Minutes Hours Days Minutes Hours Days Minutes Hours Days Minutes Hours Days Minutes Hours Days Dependencies Days Dependencies Days Days Dependencies Days Days Purposes Only Purposes Only Purposes Only Prod All of Business AccPac Active Directory SQL Internet Gateway SQL Active Directory Exchange Active Directory Internet Gateway Internet Gateway Active Directory Active Directory

15 BIA Analysis - Charting 15

16 BIA Analysis - Reporting 16

17 TD s IT Disaster Recovery Offerings DR Capability & Readiness Assessment DR BIA Assessment DR Programme Implementation DR Programme Management Assesses current environment against standards & documents recommendations Builds Spreadsheet, conducts workshop, analyses findings and documents recommendations Implements all phases of the DR programme Individually tailored for organisations of any size. Reviews all phases of the DR programme Individually tailored for organisations of any size. Ideal client Organisations who are unsure of their DR capability or readiness Organisations who need to build a DR business case Ideal client Organisations who need to document new or review their application s business recovery objectives Includes Threat & Vulnerability Assessment for SMBs Ideal Client Organisations who understand what constitutes and needs to implement the DR Programme. Ideal Client Organisations who need to review their DR Programme. Price $5,000* Price $15,000* Price on Application Price on Application * Excludes travel costs and expenses 17

18 Questions? David Danher National Practice Manager Business Consulting Services Phone: Mobile: