ENTERPRISE CONTINUITY PLANNING PRINCIPLE OF DISASTER RECOVERY AND ENTERPRISE CONTINUITY. Presented by: John O. Adeika

Similar documents
Citizens Property Insurance Corporation Business Continuity Framework

Enterprise-wide Business Continuity and Disaster Recovery Planning. Presented by Kelley Okolita

Advancing your BCP Program

Protecting Information Assets - Week 9 - Business Continuity and Disaster Recovery Planning. MIS 5206 Protecting Information Assets

Technology Services RFP Town of Hooksett. Administration Department Dr. Dean Shankle May 2, 2019

AIMS LABOR CATEGORY DESCRIPTIONS (SINS 541-1, 541-2, 541-3, 541-4A, 541-4B, 541-4D, 541-4F, AND 541-5)

Business Continuity & IT Disaster Recovery

Creating an Actionable Disaster Recovery Plan

A Guide to Business Continuity

CPOtracker Template Package

Proven Strategies for Overcoming Business Continuity Challenges for Healthcare Organizations

State College of Florida, Manatee-Sarasota Job Description

Outsourcing for Success. Moving from In-house to an FIS Outsourced Solution

Points of Discussion

Business Continuity Planning

2015 Business Plan. Abe Kani Department Director/CIO

(ISC)2 CISSP EXAM BUNDLE

BCP Methodology Benefits realisation

Don t Panic! How to develop and implement an emergency response plan for your attraction

Administrative Services About Administrative Services

Meet Our Presenter. Equipping You For Success: An ISO Certification Case Study

US Business Continuity Safeguarding Your Business from a Disaster

Business Continuity Management for Singapore s Logistics Sector. By Singapore Business Federation and Singapore Logistics Association

Company Vision. Innovation distinguishes betweena leader and a follower. Steve Jobs

Business Recovery & Continuity Plan

your resume to Initial screening of candidates to occur no later than May 1, Position open until filled.

DISASTER PREPAREDNESS Guide & Template

Protecting Information Assets - Unit #9 - Business Continuity and Disaster Recovery Planning. MIS 5206 Protecting Information Assets

Auditing the Corporate Business Continuity and Disaster Recover Plan

Facilities Management Workshop A Fred Pryor Seminar Washington D.C. May 17-18, 2016

Risk Assessment - Balancing Risk While Enhancing Controls

Preparing for Disaster

Business Continuity Management and Resilience Framework

Business Recovery & Continuity Plan

Effectively Communicating Enterprise-Wide Business Continuity to Senior Management and Stakeholders. October 7, 2014

BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING. Marci McCloskey, CISA, ABCP Toan Nguyen, CIA, ABCP

David Nolan, CEO Fusion Risk Management, Inc.

General Guidance for Developing, Documenting, Implementing, Maintaining, and Auditing an SQF Quality System. Quality Code. SQF Quality Code, Edition 8

FEI Behavioral Health, Inc. Job Description

Building a Standard for Business Continuity Planning

GOVERNANCE TOOLKIT. Business Continuity Management. Version 1: 1 March 2016 THIS TOOLKIT PROUDLY SUPPORTED BY

Emergency Ready Profile: A Fit For Any Contingency Plan. Disaster Recovery Team

Enterprise Availability Management

Equipping You For Success

RONALD E. HENRY, II AREAS OF EXPERTISE EDUCATION

Ensuring Organizational & Enterprise Resiliency with Third Parties

Business Continuity Management (BCM) Chicagoland Safety Conference October 24, 2013

Preferred Education, Experience or Other Qualifications

BY TED BROWN, CBCP CBCV MBCI PRESIDENT & CEO KETCHCONSULTING BCI USA BOARD MEMBER CPM HALL OF FAME

Internal Audit s Role in Third Party Risk Management (TPRM)

Seven Critical Mistakes to Avoid in Continuity of Operations Planning (COOP) boldplanning.com. White Paper

Business Continuity Framework

CERTIFICATIONS IN HUMAN RESOURCES. SPHRi TM Senior Professional in Human Resources - International TM SPHRi. Exam Content Outline

Fordham University BCP / DRP Lunch. Lunch

Creating a Business Continuity Plan for your Health Center

Business Continuity & Disaster Recovery

5/28/2018. Disaster Recovery Are You Ready. Speaker. Agenda

Business Resilience: Equipping the FM for Success

Introduction to Business

Achieving Enterprise Resiliency and Corporate Certification August 2, 2013

JOB DESCRIPTION. DATE ISSUED: 08/15 FLSA: Exempt PTO: VCS TITLE. Manager, Applications Development Ellucian Colleague JOB SUMMARY

Oversight by Board, Risk Management & Audit Committee (RMAC) and other committees. Second line of defense

How to Choose a Managed Services Provider

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

OmniMath, Inc. Business Continuity Services Overview

Certified Information Professional 2016 Update Outline

LIBRARIES OF MIDDLESEX AUTOMATION CONSORTIUM TECHNOLOGY PLAN,

10 Steps to Preparedness

The Scope of a Migration Solution

IT Service Catalog College of Arts & Sciences

FDS Service Catalogue

Keep Your Company Moving After A Disaster With A Business Continuity Plan (BCP)

An Overview of the AWS Cloud Adoption Framework

Going Global. Michael Lazcano

ISO 28002: RESILIENCE IN THE SUPPLY CHAIN: REQUIREMENTS WITH GUIDANCE FOR USE

April 1, 2013 JD No

Supply Chain Management within Business Continuity

The technical resources for which the IT Support Analyst provides support and management include:

Request For Qualifications (RFQ) for

John Liuzzi, CBCP, CBRITP National Director, Business Continuity Southern Glazer s Wine and Spirits

Business Continuity 101. Fairchild Resiliency Systems

Dynamic Workplace Recovery

2018 SPHR. Exam Content Outline CERTIFICATIONS IN HUMAN RESOURCES. SPHR Senior Professional in Human Resources

Executive Presentation on using Management Dashboards to support the processes of Infrastructure, Production, Compliance, and Recovery Certification

Disaster Planning Checklist for Chief Financial Officers of Healthcare Organizations

Risk Based Testing Pragmatic Risk Analysis and Management

Action List for Developing a Computer Security Incident Response Team (CSIRT)

Business Continuity Planning and Disaster Recovery Planning

2018 WTW General Industry Information Technology Compensation Survey Report - U.S.

University Information Technology Services. Business Impact Analysis For {System Name}

EDINBURGH NAPIER UNIVERSITY BUSINESS CONTINUITY POLICY AND FRAMEWORK

NOGDAWINDAMIN FAMILY AND COMMUNITY SERVICES

BCP. from Theory to Practice. Theory Business Continuity Management Overview. Presented by Mark Pryce & Karl D. Bryant.

INFORMATION TECHNOLOGY Business Plan

BUSINESS CONTINUITY PLANNING WORKPROGRAM

IBM Emptoris Strategic Supply Management on Cloud

L44: Taking BCP to BCM. Victoria D. Leighton Avanade, Inc.

Firm Profile TURNING RISKS INTO OPPORTUNITIES

Fixed scope offering. Oracle Fusion Financials Cloud Service. 22 February 2016 A DIVISION OF DIMENSION DATA

Audit of Business Continuity Planning (BCP) Audit and Evaluation Branch

Transcription:

ENTERPRISE CONTINUITY PLANNING PRINCIPLE OF DISASTER RECOVERY AND ENTERPRISE CONTINUITY Presented by: John O. Adeika

The Roles of DRP/ECP Team Members The process of DRP/ECP is a concatenated process involving several phases which include project initiation, the assessment of risk, the business impact analysis, development of strategy, plan development, plan exercising and maintenance, emergency communications, awareness and training and public authorities linkage. Hence, the team has several unit to cater for the different phase. These are some and may not be limited to depending on the nature and type of the disaster, - Emergency/Recovery Management Team - Environmental Recovery Team - Systems Recovery Team - Network Recovery Team - Damage Assessment Team - Facility Recovery Team - Administrative Support Team (SCT, 2002)

The Roles of DRP/ECP Team Members Emergency/Recovery Management Team Responsible for the coordination of the entire project Overall assessment of an incident and for directing the resulting response to and recovery from that incident. Steering committee to direct the response to an incident Provides summary of responsibilities, roles, and specific actions to be implemented by the other Team (SCT, 2002)

Roles of DRP/ECP Team Members cont d Environmental Recovery Team Member (ERT) Providing communications to the EMT, Systems and Network recovery teams Performance of damage assessment, salvage disposition, and facilities cleanup monitoring Preparation of the list of equipment needed for restoration of the disaster site Coordinates with the other teams and vendors for the acquisition of needed equipment and services Develop time estimates for disaster site restoration

Roles of DRP/ECP Team Members cont d Systems Recovery Team Members (SRT) Responsible for preparing, documenting, and maintaining data center recovery procedures Installation and certification of recovery hardware and operating platform resources with applications programs and databases Performs tasks necessary to establish production schedules and initiate processing after system readiness is certification Responsible for shutting down of the alternate site operations after reactivating the primary site

Roles of DRP/ECP Team Members cont d Network Recovery Team Members (NRT) Directs the restoration of all network components and communications equipments Specifies communications and networking capabilities necessary for recovery Test and certify the recovered WAN and LAN networks

Roles of DRP/ECP Team Members cont d Platform Recovery Team Members (PRT) Determine which hardware, software, and supplies will be needed to start the restoration of a particular system Communicate list of components to be purchased and their specifications to the Administrative or Management Support Team Review the recovery steps documented in this plan and make any changes necessary to fit the present situations

Roles of DRP/ECP Team Members cont d Application Recovery Team Members (ART) Analysis of need for additional recovery activities such as database restores or individual file restores Programs/procedures development to any address specific problems Interface with application users to test applications

Roles of DRP/ECP Team Members cont d Management Support Team Members (MST) Provide support for executing acquisition paperwork Assist with the detailed damage assessment and insurance procedures Man the Help Desk to provide phone assistance and status information to end-users Provide support to track time and expenses related to the disaster Coordinate the logistics arrangements for the recovery team as required

Six Resilience Layers in ECP Strategy and Vision Example: Academic Excellency Student record storage in server offsite People and Organization Examples Obtaining executive report for the plan The need for a written justification to the executive team for the support of the project 350 employees working in the university The hiring of a consultant to organize and facilitate the process Processes Examples: Employee can get in to the secured office locations with a secure electronic key Staircase locked and only accessible via a key code punched in at each of the entrance The university facilities on accessible with the elevator and the secure electronic key Backup server runs three times daily

Six Resilience Layers in ECP cont d Applications and Data Example: Microsoft Server 2003 Exchange Server Sharepoint Server Technology Example: Laptop Monitor Wired and wireless access point VoIP phone equipment The physical network topological system Facilities Example: Sixth, seventh, and eighth floor of a n 11-story building Offsite location office 5 feet x 5 feet cubicles

Typical DRP Team Training Business Impact Analysis (BIA) & Risk Assessment (RA) BC & DR Plan Development / Maintenance Crisis Management & Pandemic Planning Process Development and Documentation Awareness Training Evacuation / Emergency Response Hot-Site Testing / Workspace Recovery Table Top / Mock Disaster Exercises (Pellegrini D., n.d.)

4. Outline of Guide for Outsourcing DRP Define the objective to be achieved and outline the benefit from the venture Form a steering committee to plan, monitor, and oversee the search for DR/BC provider or and staff finder Employ the service of an expert adviser technically and legally to guide the organization during the outsourcing decisions, selections, and contracting services Select vendor(s) that will handle the outsourced project Make a request for proposal to them Review, evaluate, and compare the offers received and make selection

Outline of Guide for Outsourcing DRP cont d Criteria for the Selection Availability of equipment and/or needed services Ability to support project goals, deliverables, performance and fulfillment requirements, and liquidity damages Experience stability, available services and reputation Staff details including project management, project teams and their technical experience and credentials Methodology that details project management, quality, regulatory compliance and security activities (Techtarget 2010)

Outline of Guide for Outsourcing DRP cont d Criteria for the Selection Documented success of vendor methodology Infrastructure stability and disaster recovery abilities Vendor profile, strategy, mission and reputation Vendor financial status, e.g., reviews of audited financial statements References, preferably from similar outsourced processes Quality initiatives and certifications (Techtarget 2010)

Outline of Guide for Outsourcing DRP cont d Criteria for the Selection Technology, infrastructure stability and applications Security and audit controls Legal and regulatory compliance, including complaints or litigation Policy regarding use of subcontractors Insurance coverage, e.g., liability, errors and omissions Vendor corporate policies for BC/DR and security (Techtarget 2010)

Outline of Guide for Outsourcing DRP cont d Schedule meeting to negotiate the contract The reached consensus must be sealed, signed and delivered Test, monitor, and maintain the DRP Constantly review and update the DRP plan as times go by.

5. One Method for Developing a DRP/ECP Awareness Campaign (Evaluation) Survey Research: This is one of the conceived means one can use to develop awareness campaign method. The information gathered will enable one to determine the best approach to use in the campaign. This is accomplished through the use of questionnaire. This will help one to know what method to use to prepare the other employees for disaster, what they should do during and immediately after the event and to identify their training needs, composition, and expectations. This will also help to address issues in regards to the least resistant path of the learning and absorption. Some of the items in the questionnaire which is aimed at testing and knowing the level of awareness of the plan are but not limited to the following depending on the organizational setup, location and operation. Knowledge of Disaster Recovery What medium of communication is accessible Actions to take Who to contact Who do what Where are DC resources located What staff competencies or duties are critical to continuing operations

Evaluation of Survey method of Developing a DRP/ECP Awareness Campaign Cont d Describe the firm s disasterrelated communication plan Actions to take in an emergency How often does management review the plan for needed updates Where does the firm maintain copies of the plan How often is the plan tested for effectiveness

Evaluation of Survey method of Developing a DRP/ECP Awareness Campaign Cont d Advantages/Relevance of The Survey Helps in knowing their Technical know-how in term of DR Draw the true nature/picture of the condition of the organization especially with anonymous research survey Helps in Data acquisition and identifications Provides justification for training and campaign Helps in understanding and to be able to provide relevant training need requirements and by who

Evaluation of survey method of Developing a DRP/ECP Awareness Campaign Cont d Advantages/Relevance of The Survey Can complete structured questions with many stakeholders within a relatively short time frame. Can be completed by telephone, mail, fax, or in-person. It is quantifiable and generalizable to an entire population if the population is sampled appropriately. Standardized, structured questionnaire minimizes interviewer bias. Tremendous volume of information can be collected in short period of time. Can take less time to analyze than qualitative data.

Evaluation of survey method of Developing a DRP/ECP Awareness Campaign Cont d The Disadvantage/Drawdown People could be providing false information More difficult to collect a comprehensive understanding of respondents perspective (in-depth information) compared to in-depth interviews or focus groups. Can be very expensive. Requires some statistical knowledge, sampling and other specialized skills to process and interpret results.

5b. One Method for implementing a DRP/ECP Awareness Campaign (Evaluation) Workshop and Training: Having known and gathered information from the developed DRP/ECP awareness plan, implementation make up the real plans. No matter how good a plan is, if it is or could not be executed, it is tantamount to not having it at all. This could be achieved through workshop and training. In a typical awareness training implementation, handbills, manual, postcard, and film show could be used to drive the concept close and the effect of non-existence or and failure.

One Method for implementing a DRP/ECP Awareness Campaign cont d The Advantage/Benefits of Awareness Training Implementation Awareness of the importance for a company-wide business continuity/disaster recovery program Awareness of company commitment to business continuity planning and disaster recovery Appreciation and understanding of what could happen to a business during an event Awareness and knowledge of procedures to mitigate impacts of events Awareness of emergency response procedures Awareness of employee roles and responsibilities - both professional and personal (Miller, 2004)

One Method for implementing a DRP/ECP Awareness Campaign cont d Campaign Strategy Elements A campaign strategy should include: Basic information such as why the program is being developed, the importance of business continuity planning and disaster recovery, and definitions of key terms so everyone in the organization is speaking the same language. Organizational information that includes who in your organization is involved in business continuity planning / disaster recovery activities, what your organization is doing to protect itself from various events, and your organization's emergency response procedures. Employee information including how an event may affect employees, what to do before/during/after an event, who to contact, where to go, how to deal with the media. Information on external entities such as information about the Red Cross, Federal Emergency Management Association, local emergency management offices and local fire/police. (Miller, 2004)

One Method for implementing a DRP/ECP Awareness Campaign cont d Campaign Strategy Media The following are some of the media of delivering the awareness campaign training program depending on the people concerned, level of literacy and also organizational hierarchy: Print Material like Billboard, newsletter, flyers and handbills. Website and mailing lists Online delivery like Chat room, blogging and forum. One on one or one on group Meeting Show-walk and film show

References McQuarrie R., Palo M., Suursalmi A. (May, 2002) Network Resiliency Retrieved from http://sysdoc.doors.ch/ibm/gw510-3036- 01F.pdf IBM Global Services (September, 2007). A comprehensive, best-practices approach to business resilience and risk mitigation. IBM Global Services (September, 2002). Resilient infrastructure: Improving your business resilience. Accounting Outsourcing (2011) Steps to select the Right Outsourcing Vendor. Retrieved from http://www.balticseaporpoise.org/stepsto-select-the-right-outsourcing-vendor.htm SCT (2002). Disaster Recovery Plan user s guide. Retrieved from http://www.njcu.edu/assoc/njcuitma/documents.html Tittel E. (2009). Disaster recovery team planning: Guidelines on DR roles and training. Retrieved from http://searchdisasterrecovery.techtarget.com/tip/disaster-recovery-team-planning-guidelines-on-dr-roles-andtraining?vgnextfmt=print Bryant University (2008). Bryant University Disaster Recovery Recovery Team. Retrieved from http://web.bryant.edu/~commtech/dr/drp005.pdf Plan 2008 Reid W. S. (1996). Outsourcing: The 20 Steps to Success. Retrieved from http://www.wsrcg.com/articles/outsourcing.pdf Techtarget (2010). IT disaster recovery services and outsourcing guide for beginners. Retrieved from http://searchdisasterrecovery.techtarget.com/tutorial/it-disaster-recovery-services-and-outsourcing-guide-for-beginners Pellegrini D. (n.d.) BC & DR Manager Retrieved from http://libertyvalley.acp-international.com/jobs.htm

References Conducting Survey Research (March 31, 1999) Retrieved from http://www.esfagentschap.be/uploadedfiles/voor_esf_promotoren/zelfevaluatie_esf-project/niet%20experimenteel%20onderzoek.pdf Miller L. (March 2004) BUSINESS CONTINUITY AND DISASTER RECOVERY: HOW AWARE IS YOURORGANISATION? Retrieved from http://www.continuitycentral.com/feature067.htm

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback