Business Continuity & IT Disaster Recovery

Similar documents
Emergency Management, Business Continuity, & Crisis Management Self-Assessment Checklist

BUSINESS CONTINUITY PLANNING WORKPROGRAM

University Information Technology Services. Business Impact Analysis For {System Name}

12.0 Business Continuity Management

Yale University Business Continuity Planning Quick Start Guide

Introducing ISO 22301

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

INTELLECTUAL PROPERTY MANAGEMENT ENTERPRISE ESCROW BEST PRACTICES REPORT

Building and Maintaining a Business Continuity Program

(ISC)2 CISSP EXAM BUNDLE

Coastal Equities, Inc.

Business Continuity Planning and Disaster Recovery Planning

Business Resilience They Cannot Do This Without You!

ISO 28002: RESILIENCE IN THE SUPPLY CHAIN: REQUIREMENTS WITH GUIDANCE FOR USE

Business Resilience: Equipping the FM for Success

Business Continuity: Can Orange County Stay Open for Business After a Disaster?

Global Crises: What We Really Need to Do to Be Prepared. Day One / Session C5

BUSINESS CONTINUITY AS A SERVICE

BP3: Decomposing the Crisis/ Incident Management Timeline

Navigating the Intersection of Vendor Management and Business Continuity

Guide to Business Continuity and Recovery Planning

Business Continuity Management for Singapore s Logistics Sector. By Singapore Business Federation and Singapore Logistics Association

ISO Business Continuity Management. Your implementation guide

Celcius Technologies. safeguards revenue and reputation with CA Technologies partnership

DISASTER PREPAREDNESS Guide & Template

Infrastructure Hosting Service. Service Level Expectations

How Your Business Survival Depends On Disaster Recovery.

Business Continuity Planning

To effectively manage risks to supply chain performance, a public health supply chain manager should understand the following: THE LOGISTICS CYCLE

US Business Continuity Safeguarding Your Business from a Disaster

ENTERPRISE CONTINUITY PLANNING PRINCIPLE OF DISASTER RECOVERY AND ENTERPRISE CONTINUITY. Presented by: John O. Adeika

An introduction to business continuity planning

Evaluating Your Business Continuity Plan: Beyond Checklists and Walkthroughs. Troy Harris, Director McGladrey LLP. All Rights Reserved.

Business Continuity & Disaster Recovery

CLAconnect.com/creditunions. Impact the Future of Credit Unions

GUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2))

Essential Concepts. For Effective. Business Continuity Planning

INFORMATION SERVICES FY 2018 FY 2020

Manage Risk. Enhance Compliance. Boost Profitability.

Investment Analysis and Monitoring, Ex-post. Wm. Ross Willis Public Utilities Commission of Ohio Chief, Rates Division

Mitigation Plan Mission, Goals and Action Items

Thoughts on the Future Direction of Lifelines Engineering: Making it Relevant

Book A : REFERENCE DOCUMENTS

Information Technology Division Service Level Agreement (SLA) Description and Process

IBM High Availability Services for resilient infrastructure. Frequently Asked Questions

Disaster Recovery Planning

Leading financial institutions are transforming the way they manage IT risk

An Overview of the AWS Cloud Adoption Framework

University of Houston Business Continuity Planning Office of Emergency Management

Self-Assessment for the CoSN Certified Education Technology Leader (CETL ) Certification Exam

2016 Business Continuity / Disaster Recovery Internal Audit Report

Catching Fraud During a Recession Through Superior Internal Controls. FICPA s 25 th Annual Accounting Show. J. Stephen Nouss September 29, 2010

SaaS Listing CA Agile Central

Final Report. Guidelines on ICT Risk Assessment under the Supervisory Review and Evaluation process (SREP) EBA/GL/2017/05.

Effective Business Continuity Management Guidelines for Mobile Network Operators

Developing an Effective Disaster Recovery Plan

Information Technology Engineers Examination. Information Technology Service Manager Examination. (Level 4) Syllabus

Enterprise Risk Management Handbook. June, 2010

Last Update: 25 June October 2014 Guide to Evaluating Total Cost of Ownership

Adaptive Business Continuity Manifesto

COMMUNITY ENERGY PLANNING STRATEGY OVERVIEW Travis Sheehan SENIOR INFRASTRUCTURE ADVISOR Boston Redevelopment Authority

Starting a Vendor Assessment Program

Concept of Operations. Disaster Cycle Services Program Essentials DCS WC OPS PE

Stocktake of IT risk supervision practices

Introduction. Background

Title: HP OpenView Configuration Management Overview Session #: 87 Speaker: Loic Avenel Company: HP

Managed IT Services. Eliminating technology pains for small businesses

Diversified Services. Our Diversified Services include:

The easy way to prepare your business for the unexpected. A PROGRAM OF IBHS

Module 5: POST-DISASTER REHABILITATION AND RECOVERY

Business Resilience: Proactive measures for forward-looking enterprises

ITIL from brain dump_formatted

The Newcastle upon Tyne Hospitals NHS Foundation Trust. Business Continuity Management Policy

Ministerial Review - Better Responses to Natural Disasters and Other Emergencies in New Zealand. Submission by the Engineering Leadership Forum

Content Specification Outline

Version manage enterprise risk, compliance, and resiliency. The Framework for Process Improvement. History

CLICNET TELECOMMUNICATIONS INC. Business Continuity Plan

Enterprise Risk Management. Applying enterprise risk management to environmental, social and governance-related risks.

CONTINUITY OF OPERATIONS PLANNING FOR PUBLIC HEALTH ENTITIES

ALL APPS ARE NOT CREATED EQUAL BUILDING THE BUSINESS CASE FOR BUSINESS CONTINUITY & DISASTER RECOVERY IN SMALL & MID-SIZED ORGANIZATIONS

Conseil scolaire Viamonde (Conseil scolaire de district du Centre Sud-Ouest)

Microsoft Dynamics 365 for Finance and Operations. Microsoft Dynamics AX. Service description. Version 4 July 2017

Strategic IT Review. Reach your full potential

Corporate Risk Profile. National Film Board of Canada

dependable systems Basic Concepts & Terminology

Review of Information Systems Development

THE BODY OF KNOWLEDGE FOR MEDICAL PRACTICE MANAGEMENT

Memorandum of Understanding

Business Risk Intelligence

IT Services Management Service Brief

Protect Your SharePoint Data

HQMC CONTINUITY OF OPERATIONS

Transparent Decision-Making

Empowering ERP Asset Management Solutions

LEADERSHIP OPPORTUNITY EXECUTIVE DIRECTOR

APCO Developing applications for the public safety marketplace: Traviss Green Business Development Manager Lockheed Martin Corporation

Contents An Introductory Overview of ITIL Service Lifecycle: concept and overview...3 I. Service strategy...6 The 4 P's of ITIL Service

SOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER

Transcription:

Business Continuity & IT Disaster Recovery DONALD L. SCHMIDT, ARM, CBCP, MCP, CBCLA, CEM PREPAREDNESS, LLC MARCH 30, 2017 www.preparednessllc.com

What are Business Continuity & IT Disaster Recovery? BUSINESS CONTINUITY: An ongoing process to ensure that the necessary steps are taken to identify the impacts of potential losses and maintain viable continuity and recovery strategies and plans. NFPA 1600 www.nfpa.org/1600 BUSINESS CONTINUITY MANAGEMENT: management process that identifies risk, threats, and vulnerabilities that could impact continued operations. Business continuity provides a framework for building organizational resilience and the capability for an effective response. DRI s Professional Practices www.drii.org DISASTER RECOVERY: The collection of resources and activities to re-establish information technology services (including components such as infrastructure, telecommunications, systems, applications and data) at an alternate site following a disruption of IT services. Disaster Recovery Journal (DRI s International Glossary for Resiliency) www.drii.org 2

Key Elements of a Continuity & Recovery Program 1. Management commitment, direction & support (policy statement) 2. Program management 3. Risk assessment 4. Business impact analysis 5. Resource needs assessment 6. Continuity & recovery strategies 7. Incident management system 8. Education & training 9. Testing & exercises 10.Reviews and continuous improvement 3

Why is senior management support so important? Provides leadership Approves program resources Ensures people get involved Provides insight into the business Can build a culture of preparedness 4

Understanding the business is critical! Mission & vision Value stream Profits vs. revenues Growth potential Research & development Customers Regulations Essential services (nonprofits and public sector) What are the priorities? 80 60 40 20 0 2015 % Sales 2015 % Profits Product A Product B Product A Product B Product C Product D Product C Product D Sales 2015-2018 projected 2015 2016 2017 2018 Product A Product B Product C Product D 5

Build a strong team to manage your program Program Coordinator Vested with authority and held accountable Program Committee Management Operations Information Technology Supply Chain management Facilities Management Quality Finance Sales & Marketing Human Resources EH&S Purchasing others Credit: katemangostar Freepik 6

Risk Assessment; Evaluate planning scenario(s) Make the best possible decisions about loss prevention, hazard mitigation, risk financing, and continuity planning. Identify availability of resources for planning scenarios. 7

Business Impact Analysis: What s critical and when? Management level analysis that identifies, quantifies, and qualifies the impacts resulting from interruptions or disruptions of an entity s resources. The analysis can identify time-critical functions, recovery priorities, dependencies, and interdependencies so that recovery time objectives can be established and approved. NFPA 1600 Identify impacts Lost sales and revenue Loss of customers Customer dissatisfaction Determine minimum acceptable production or service level to avoid unacceptable impacts Identify how quickly minimum level must be restored: Recovery Time Objective Assess the Timing of Interruption Customer requirements Peaks in business activity End of month or quarter Deadlines 8

Recovery Time Objective (RTO) Pre-Disaster Production or Service Level Production Minimum Acceptable Production or Service Level RTO Lost Production Production Downtime Avoided T disaster T recovery Time 9

BIA continued: What resources are required? People Facilities Machinery & equipment Internal dependencies Supply chain Vital records Information & communications technology 10

Conducting the BIA Focus on priorities identified by senior management Identify and agree upon the planning scenario(s) (e.g., loss of facility, supply chain failure, technology or power outage, pandemic, etc.) Provide specific criteria to quantify and qualify impacts and recovery time objectives 1. Develop questionnaires with built-in criteria specific to each function 2. Conduct a workshop to introduce the project and explain how to complete questionnaires 3. Use spreadsheets or a database to compile resource requirements 4. Review questionnaires and interview persons to validate information 11

BIA Methodology & Process Develop Questionnaire Impacts Resources Vital Records Dependencies Workarounds Pending Changes Conduct BIA Workshop & Distribute Questionnaires Why is the BIA important? What information is needed? How should questionnaire be completed? Conduct Interviews Validate Assumptions Fill-in Gaps in Information Question Criticality Report Quantify Impacts Recovery Time Objectives Compile Resource Requirements Prioritize Functions, Processes & Applications 12

Continuity & Recovery Strategies Considerations Availability, capability, capacity, and cost of resources Planning scenarios Consistent with assumptions Intellectual property Quality Customer requirements Time to execute Options Work extra shifts Relocate or transfer to a surviving site Displace lower priority operations Inventory management Partnership agreements Outsource Telecommuting Lease space Repair or rebuild 13

Implementation: IT Disaster Recovery Identify the acceptable amount of data loss for physical and electronic records to identify the recovery point objective (RPO) NFPA 1600 IT Strategies Data backups Application recovery The cloud Active-active sites Hot sites Mobile recovery center Equipment procurement and rebuild Scope Enterprise apps Productivity apps Process control systems Building management, security, and other systems Considerations Scope & alignment with business needs Cost Reliability Availability 14

Training, Testing & Exercises Training Alerting of team Activation of the plan Incident management, roles, responsibilities, lines of authority and lines of succession Coordination internally and externally Continuity strategies and manual workarounds Exercises evaluate plans, procedures, training, and capabilities Testing Data backups and restoration capabilities Failover of systems and equipment IT disaster recovery: validation of the sequence and procedures for restoration of operating systems, applications, and data on specified hardware and networks Recovery strategies Alerting capabilities 15

Program Reviews & Continuous Improvement Change is constant but does your program keep pace? Triggers for program review New/revised regulations Acquisitions and divestitures Changes in operations Changes in infrastructure including technology environment Resource availability or capabilities Funding change Appropriate action to address program deficiencies 16

Program Development Resources www.preparednessllc.com 17

For More Information Donald L. Schmidt, ARM, CBCP, MCP, CBCLA, CEM Preparedness, LLC (781) 784-0672 DLS@PreparednessLLC.com www.preparednessllc.com 2017 Preparedness, LLC 18

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback