Business Continuity & Disaster Recovery

Similar documents
Developing an Effective Disaster Recovery Plan

Mock Disaster Exercises How to Test True Capability

Effectively Communicating Enterprise-Wide Business Continuity to Senior Management and Stakeholders. October 7, 2014

Protecting Information Assets - Week 9 - Business Continuity and Disaster Recovery Planning. MIS 5206 Protecting Information Assets

BC & RISK MANAGEMENT: CONVERGENCE IS REAL David Halford Forsythe Solutions Group Frank Perlmutter Strategic BCP

Fail to Prepare, Prepare to Fail. Business Continuity Management in the Food Industry

Business Continuity Planning. LGMA Conference October 27, 2011 Presented by Lisa Benini

Business Continuity Planning and Disaster Recovery Planning

Advancing your BCP Program

The 13th Annual Continuity Insights Management Conference

BCM Lite a quick and easy guide to BCM for beginners and/or small businesses

Equipping You For Success

Protecting Information Assets - Unit #9 - Business Continuity and Disaster Recovery Planning. MIS 5206 Protecting Information Assets

Creating a Business Continuity Plan for your Health Center

Introducing ISO 22301

Meet Our Presenter. Equipping You For Success: An ISO Certification Case Study

A Guide to Business Continuity

WHITE PAPER KEY PRINCIPLES OF INTEGRATED BUSINESS RESILIENCY

BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING. Marci McCloskey, CISA, ABCP Toan Nguyen, CIA, ABCP

GUIDE TO CONTINUITY PLANNING

Abraham E. Binder MA, ABCP York University Disaster & Emergency Management Program

Keep Your Company Moving After A Disaster With A Business Continuity Plan (BCP)

Building and Maintaining a Business Continuity Program

Business Continuity Management and Resilience Framework

Yale University Business Continuity Planning Quick Start Guide

How Your Business Survival Depends On Disaster Recovery.

Business Continuity Management for Singapore s Logistics Sector. By Singapore Business Federation and Singapore Logistics Association

Enabling a Comprehensive Platform for BCMP that integrates People, Process and Technology

Don t Panic! How to develop and implement an emergency response plan for your attraction

Building a Standard for Business Continuity Planning

ALL APPS ARE NOT CREATED EQUAL BUILDING THE BUSINESS CASE FOR BUSINESS CONTINUITY & DISASTER RECOVERY IN SMALL & MID-SIZED ORGANIZATIONS

Keeping your business in business

Citi Institutional Clients Group - Business Continuity Management

1/8/2015. Learning Objectives. Why have a plan? Emergency Preparedness, Business Continuity, and Disaster Recovery. Can you anticipate the unexpected?

Proven Strategies for Overcoming Business Continuity Challenges for Healthcare Organizations

University of Houston Business Continuity Planning Office of Emergency Management

US Business Continuity Safeguarding Your Business from a Disaster

WIC 104 RISK MANAGEMENT AND BUSINESS CONTINUITY PLANNING FOR LOCAL WIC AGENCIES. Peg Jackson, DPA, CPCU National WIC Association

Leading Change: Building Organisational Resilience. Jean D. Rowe, MBCI, CDCP May 1, 2017

EDINBURGH NAPIER UNIVERSITY BUSINESS CONTINUITY POLICY AND FRAMEWORK

12.0 Business Continuity Management

Auditing the Corporate Business Continuity and Disaster Recover Plan

Hidden Prizes of BC/DR Projects

An introduction to business continuity planning

Business Continuity & IT Disaster Recovery

Business Continuity Planning: As A Business Owner, What Do I Need to Consider? David Sutton Manager, Environment, Safety and Health.

Resilience: Internal Audit s role in Strengthening Business Continuity Capabilities

City of Saskatoon Business Continuity Internal Audit Report

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY

BACK TO BASICS BUSINESS CONTINUITY MANAGEMENT 101. June 11, 2013

USING FREVVO S CLOUD FOR SECURE APPROVAL WORKFLOWS

Citizens Property Insurance Corporation Business Continuity Framework

Head of Security and Business Continuity

Office of Internal Audit. The University of Texas Southwestern Medical Center Business Continuity/Disaster Recovery. Internal Audit Report 16:32

Business Continuity. Building a Program Fit for Purpose

Points of Discussion

Top 10 pitfalls to avoid when re-inventing your disaster recovery program

Disaster Recovery Planning

How to disasterproof critical. business data. 5 steps for keeping systems online and accessible in any scenario.

Going Global. Michael Lazcano

Global Crises: What We Really Need to Do to Be Prepared. Day One / Session C5

Disaster Planning Checklist for Chief Financial Officers of Healthcare Organizations

CITY OF JOHANNESBURG METROPOLITAN MUNICIPALITY BUSINESS CONTINUITY MANAGEMENT FRAMEWORK

BUSINESS CONTINUITY MANAGEMENT

Unit 3: Elements of a Viable Continuity Capability

2018 Invenio IT SIMPLE STEPS. 20 tips for. to developing a solid business recovery plan. Created by. Invenio IT 2018

David Nolan, CEO Fusion Risk Management, Inc.

Navigating the Intersection of Vendor Management and Business Continuity

CISSP Certified Information Systems Security Professional (CISSP)

ISO Business Continuity Management. Your implementation guide

IT BUSINESS CONTINUITY PLAN CHECKLIST IT BUSINESS CONTINUITY PLAN PDF BUSINESS CONTINUITY PLAN - DCAG BUSINESS CONTINUITY PLAN FEMA.

Business Continuity Management PHILIPPINES :: MALAYSIA :: VIETNAM :: INDONESIA :: INDIA :: CHINA

LEVERAGING TECHNOLOGY TO OPTIMIZE CONTINUITY AND RECOVERY

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

Preparing for a Disaster or Business Disruption

LPL Financial Branch Offices. Oak Tree Financial Services, LLC. Business Continuity Plan (BCP)

UNIFIED ENTERPRISE CONTINUITY (UEC )

HB A Practitioners Guide to Business Continuity Management

Administrative Response Business Continuity Internal Audit Report

Business Recovery & Continuity Plan

BUSINESS CONTINUITY AS A SERVICE

Enterprise-wide Business Continuity and Disaster Recovery Planning. Presented by Kelley Okolita

AKTIVOV Asset Management System

The Best Offense. Presented by: Kimberly Hirsch MBCP, MBCI, ISO22301 Lead Auditor Fusion Risk Management

Forward. My Plan Today. Continuity / Disaster Recovery Planning. bank s current Business Continuity / Disaster Plan

Disaster Preparedness Critical Elements of Centurion Business Continuity Planning. Tom Williams Centurion Business Continuity Strategy Manager

BCP MANUAL. February 2012

Fordham University BCP / DRP Lunch. Lunch

LB35: Verifying IT and Business Continuity. Lucas G. Aimes & Terry DiVittorio, Project Performance Corporation (PPC)

What s the Weakest Link in DR plans? Canadian companies confess their shortcomings

Disaster Preparedness & Your Supply Chain

GP Bullhound Inc. Business Continuity and Disaster Recovery Plan

Supply Chain Management within Business Continuity

BP3: Decomposing the Crisis/ Incident Management Timeline

The worlds fastest BCP implementer!

Cloud Failover Appliance

A Practical and Effective Approach to Risk Assessment

Business Continuity Plan Summary (Revised October 8, 2014)

Business Recovery & Continuity Plan

Business Continuity and Disaster Recovery Overview

Transcription:

Business Continuity & Disaster Recovery Richard Long, Senior Advisory Consultant MHA Consulting Presented at CopperPoint SafetyWorks Aug & Sep, 2017 2017 MHA CONSULTING. ALL RIGHTS RESERVED.

COMPANY BACKGROUND KEY FACTS 18-year proven track record of applying industry standards and best practices across a diverse pedigree of clients. 18 Years in operation. 20 Average years industry experience. SENIOR LEADERSHIP MHA Consulting s senior team has an average of over 20 years of industry relevant experience in the areas of Business Continuity, Disaster Recovery, and Project Management. CAPABLE Comprehensive suite of services. GLOBAL Diverse, global client base. SAAS Compliance and risk tools. Richard Long, Practice Leader & Senior Advisory Consultant Phoenix, Arizona www.mha-it.com A simple mission: Ensure the continuous operations of our clients critical processes. 60% of revenue comes from Business Resiliency, 30% from IT Disaster Recovery, and 10% from SaaS tools. SaaS Tools: BIA On-Demand, Compliance Confidence, Residual Risk. 2017 MHA CONSULTING. ALL RIGHTS RESERVED. 2

DIVERSE, GLOBAL CLIENT BASE SERVICES HEALTHCARE EDUCATION FINANCIAL INSTITUTIONS CONSUMER PRODUCTS INSURANCE TRAVEL & ENTERTAINMENT GOVERNMENT/UTILITY 2017 MHA CONSULTING. ALL RIGHTS RESERVED. 3

ROBUST SUITE OF SERVICES ASSESS THE CURRENT ENVIRONMENT RECOVERY STRATEGIES & SOLUTIONS RESPONSE & RECOVERY PLANS EXERCISES MAINTAIN & IMPROVE Current State Assessment Policy & Standards Business Impact Analysis Threat & Risk Assessment BCMMETRICS TM BIA On-Demand (BIA OD ) BCMMETRICS TM Compliance Confidence (C 2 ) Business Recovery Strategies & Solutions Data Center Recovery Strategies Crisis Management Business Recovery IT Disaster Recovery Training & Awareness Mock Disaster Exercises Plan Functional Walkthroughs Alternate Worksite Exercises Update Recovery Plans Update Current State Assessment Update Business Impact Analysis & Threat Assessment Third Party Assessments BCMMETRICS TM Residual Risk (R 2 ) 2017 MHA CONSULTING. ALL RIGHTS RESERVED. 4

Why Are You Here? What are Business Continuity & Disaster Recovery? BC/DR Basics Myths Why should it be important you? Integration between BC/DR and other departments How do safety & risk fit in to BC/DR? 2017 MHA CONSULTING. ALL RIGHTS RESERVED. 5

BUSINESS CONTINUITY MANAGEMENT SO, WHAT IS BUSINESS CONTINUITY MANAGEMENT? Business Resumption Planning The process initiated to resume business operations to a level consistent with the business requirements. IT Disaster Recovery Planning The recovery of information technology processes, systems, applications, databases, and network assets used to support critical business processes. Crisis Management A series of actions taken to gain control of the event quickly to minimize the effects of an interruption and prepare for recovery. 2017 MHA CONSULTING. ALL RIGHTS RESERVED. 6

CRISIS SPECTRUM ICM Annual Crisis Report, 2017. Institute for Crisis Management. OTHER: Catastrophe 1.01%; Casualty Accidents 0.14%; Financial Damage 0.14%; Hostile Takeover 1.64%; Labor Issues 0.14%; Sexual Harassment 0.48% 2017 MHA CONSULTING. ALL RIGHTS RESERVED. 7

THE BIG PICTURE 2017 MHA CONSULTING. ALL RIGHTS RESERVED. 8

BCM COMPLIANCE STANDARDS STANDARDS IN BUSINESS CONTINUITY MEASURE COMPLIANCE IN THESE BCM DIMENSIONS ISO 22301 FFIEC NIST 800 NFPA 1600 SEC FISMA FINRA Supply Chain Resiliency Leadership Council Program Administration Crisis Management Business Recovery IT Disaster Recovery Fire & Life Safety Supply Chain Risk Management Third Party Management 2017 MHA CONSULTING. ALL RIGHTS RESERVED. 9

DEFINITIONS Business Continuity Disaster Recovery Process Availability & Resiliency Application Overall continuation of business functions during an emergency event. Recovery of systems, applications, and processing capabilities. A business process is functional and available. Remains available even during potential impact events. Available for use by the organization based on requirements. Remains available even during potential outage events. 2017 MHA CONSULTING. ALL RIGHTS RESERVED. 10

BASIC COMPONENTS IN OVERALL PROGRAM 01 BUSINESS IMPACT ANALYSIS. Determination of the recovery time for each business process. This is not based on applications, but processes. 02 THREAT & RISK ASSESSMENT. Identifying potential risks and the impact they have on the organization. 03 DOCUMENTATION UPDATE SCHEDULE. Without regular updates to the documentation, they will become out of date quickly. 04 TRAINING. This include both exercises, policy review, and plan reviews. 05 ACTION ITEMS. Overall management and status of issues and needs. 2017 MHA CONSULTING. ALL RIGHTS RESERVED. 11

BASIC COMPONENTS IN BUSINESS RESUMPTION PLANNING 01 BUSINESS RECOVERY PLANS. The most important part - these are the tasks and actions taken when an emergency or outage event occurs. 02 CONTACT LISTS. Employee, vendor, third party contacts, phone numbers, email addresses, etc. 03 MOCK DISASTER EXERCISES. Verifying the usability of the plan; often scenario based. 04 ALTERNATE SITE CONTRACTS. Having a contract or agreement in place in case there is a need to relocate. 05 TECHNOLOGY. Ensure IT has documented the appropriate technology requirements and plans for implementation (loaner laptops, network access, etc.). 2017 MHA CONSULTING. ALL RIGHTS RESERVED. 12

BASIC COMPONENTS IN DISASTER RECOVERY 01 IT RECOVERY PLANS. These are the tasks and actions taken to restore applications and processing when an emergency or outage event occurs. 02 CONTACT LISTS. Employee, vendor, third party contacts, phone numbers, email addresses, etc. 03 DR STRATEGY/IMPLEMENTATION. Technical implementation. 04 DR TESTS. Verifying the recovery strategy is functional. 2017 MHA CONSULTING. ALL RIGHTS RESERVED. 13

BASIC COMPONENTS IN CRISIS MANAGEMENT 01 03 02 04 CRISIS MANAGEMENT TEAM. Senior management responsible for direction and overall management of an emergency event. Roles and responsibilities include business functions, communication, logistics, security, risk, etc. CRISIS MANAGEMENT PLAN. These are the tasks and actions taken to manage overall emergency events at a corporate level, including both internal and external communication. CONTACT LISTS. Employee, vendor, third party contacts, phone numbers, email addresses, etc. MOCK DISASTER EXERCISES. Verifying the plan and team are functional. 2017 MHA CONSULTING. ALL RIGHTS RESERVED. 14

MYTH BC/DR ARE DEAD Most events are self-inflicted (recent airline outages). Unanticipated events not natural disasters. Customers will NOT understand. 2017 MHA CONSULTING. ALL RIGHTS RESERVED. 15

MYTH DOCUMENTATION IS NOT NEEDED WE HAVE IT The team will know how to execute People are good at what they do every day. You don t recover every day. They will be tired or trying to perform multiple recoveries. You may be using secondary resources or contractors. Information is always readily available. 2017 MHA CONSULTING. ALL RIGHTS RESERVED. 16

MYTH OUR PEOPLE WILL FIGURE IT OUT True, but that will take time. Your strategy to meet RTO/RPO is mostly likely based on best case. There will be unexpected issues even in best case. Secondary people will be participating and may be primarily responsible. Often the recovery environment is not completely in sync with production. 2017 MHA CONSULTING. ALL RIGHTS RESERVED. 17

WHAT CONTENT SHOULD BE INCLUDED? Consider: 01 Put the usable information at the beginning of the plan. 02 Put the audit information in appendices. RECOMMENDATION 06 05 03 04 Checklist based Think airlines or surgeries Functional/proprietary What will people forget? Identify risks and impacts in the plan. Don t have the team figure it out during an event. Reference/use information already available. Contact lists (make copies as backup) BIA/TRA Functional exercises/training. 2017 MHA CONSULTING. ALL RIGHTS RESERVED. 18

INTEGRATION BETWEEN BUSINESS CONTINUITY AND OTHER DEPARTMENTS 2017 MHA CONSULTING. ALL RIGHTS RESERVED. 19

INTEGRATION BETWEEN BUSINESS CONTINUITY AND OTHER DEPARTMENTS BUSINESS FIRST Everything should be about how it helps the organization. Increase revenue Decrease costs Regulatory/audit requirement Safety Every department is part of the business. Everyone (you) are part of BC/DR. 2017 MHA CONSULTING. ALL RIGHTS RESERVED. 20

WHAT ROLE DOES SAFETY & RISK PLAY? SAFETY Provide your input Look at the big picture and what is the BC team missing? You own safety issues don t let BC team usurp your authority Provide guidance policies and safety risks Impacts related to safety issues associated with recovery strategies Relocation impact 2017 MHA CONSULTING. ALL RIGHTS RESERVED. 21

WHAT ROLE DOES SAFETY & RISK PLAY? RISK Provide the risk profile to the BC team Coordinate and collaborate on the risk assessment Risk assessment provides input into the BC and DR plans 2017 MHA CONSULTING. ALL RIGHTS RESERVED. 22

SO, WHAT ARE THE NEXT STEPS? WHAT DO WE DO NOW? HOW DO WE START OR CONTINUE? If you don t know your BC leader, go say Hi. Do you know what your BCP says related to your department? Do you know how you fit in and what role you play? AREAS TO REVIEW WHERE TO PRIORITIZE Base infrastructure (server, VM, network, authentication) Integrations Technology gaps Resource constrained areas SaaS/IaaS environments Validate recovery strategy 2017 MHA CONSULTING. ALL RIGHTS RESERVED. 23

FINAL THOUGHTS 2017 MHA CONSULTING. ALL RIGHTS RESERVED. 24

FINAL THOUGHTS 2017 MHA CONSULTING. ALL RIGHTS RESERVED. 25

THANK YOU MHA CONSULTING, INC. www.mha-it.com long@mha-it.com (888) 689-2290 (602) 370-1864 2017 MHA CONSULTING. ALL RIGHTS RESERVED.

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback