Presentation on theme: "Business Continuity / Disaster Recovery from a Business Perspective Dan Esser, CBCP, FLMI 109 Haywood Ct. Columbia, MO 65203 573-234-2948"— Presentation transcript:
Business Continuity / Disaster Recovery from a Business Perspective Dan Esser, CBCP, FLMI 109 Haywood Ct. Columbia, MO
2 Not just Computer Back-Up IT functionality - limited usefulness if the rest of the business is not present. Todays primary discussion - non-IT functionality.
3 What you get to take with you An overview of BCP Structure and Techniques. A set of questions you can ask in your business to help you gauge preparedness. Some Tools and Resources that may be useful.
4 Disaster Fact Out of every FIVE businesses that suffer a major disaster, TWO will never reopen and A THIRD will fail within 2 years. [DRI International]
5 BCP Like Life Insurance? Uses up resources. Only pays off if something bad happens. Costs every year - Never Finished
6 Kinds of Risks / Dangers Natural Proximity People Environmental
7 Natural Risks Earth Wind Fire Water
8 Proximity Risks Government Buildings Airports / Heliports Industries using Chemicals or Flammables Trains Highways
9 Risks from People Disease Bomb Threats Workplace Violence Cyber Attacks
10 Environmental Risks Asbestos PCBs Mold / Sick Building Syndrome Piled up Paper Ongoing Construction
11 BCP as Advance Planning Business Continuity Planning is at least partially the art of making all the decisions that can be made in advance of a disaster.
12 BCP - Four Major Components BIA Life/Safety Departmental Recovery EM & R
13 BCP - Four Major Components Life/Safety Plan
14 BCP - Four Major Components Business Impact Analysis
15 BCP - Four Major Components Emergency Management & Response
16 BCP - Four Major Components Departmental Recovery
17 RTOs, RPOs & Declaration Disaster Event Disaster Declaration Department RTO Info Tech RTO Reconstruct WIP & Lost Stockpiled Transaction Input Normal Business Activities Catch-up Processing GAP Pre-Processing Opportunity
18 How Important is Information Technology? If you can only afford to protect one thing in your business, protect your data. You will not recover without it. Just don't expect that alone to save you from a disaster.
19 Functionality is the Issue A business must regain process functionality. Computers are just a tool. They make things faster, but they are not the business.
20 Scenario You are a Progressive Organization. Your Data is Backed up and Off Site - Daily. You can Recover from any Disaster that Dares to hit you.
21 Scenario You are a Progressive Organization. Your Data is Backed up and Off Site - Daily. You can Recover from any Disaster that Dares to hit you. NOT
22 Scenario - 2 A disaster event – fire, flood, anthrax, something – has made your primary business location unusable, either permanently, or for a long time…
23 Good News - Maybe You already have the answers. Here are some of the questions to assist your planning process.
24 Management Organization Where is the default meeting place for senior managers if telephones are unavailable? Is there a succession plan if several senior managers are killed in the disaster?
25 Management Organization Who would face the media and regulatory authorities? Is he or she prepared to do so? Is there a backup person? Do all others know to NOT talk to the media?
26 Management Organization How many days can the company be completely down before serious business repercussions are inevitable? (loss of customers, employees, regulatory intervention)
27 Notification How would you contact employees, suppliers, key customers, etc. without access to your business records?
28 Infrastructure How much space would you need and how quickly could it be acquired? What space is available today in your city? Who is in charge of office layout, furniture, wiring, etc. …and who backs them up if they are made unavailable by the disaster?
29 Resource Requirements Who has purchasing authority? Who is the purchasing backup? How quickly would the company need replacement resources? Day 1, day 3, etc.? –Do you know where to get those resources in the quantities you need on a rush basis? –Have you ever tested whether or not those suppliers can deliver on a rush basis?
30 Resource Requirements What custom documents and forms does the company have where the entire supply is on site? (checks, envelopes, letterhead, invoices)
31 Advance Agreements Who is in charge of liaison with fire, police or other emergency authorities? Who is his/her backup? –Have you met with those authorities to determine their protocols in emergencies and establish a liaison relationship with them?
32 Advance Agreements Does the company have arrangements with its telephone carrier to place messages on inbound lines until they can be answered? –What messages will you use? –Who will the telephone carrier recognize as having the authority to institute them or make changes?
33 Emergency Operations How would the company go about setting up an Emergency Operations Center? Who would staff the EOC? Do you have EOC supplies already off site? (Sample list in packet)
34 Emergency Operations Which critical business functions need to be up and running first? –How long can functions be down before the company incurs regulatory scrutiny and penalties? –How long can functions be down before customers abandon you for another supplier? –What can you do to mitigate this?
35 Financial Preparation Are emergency lines of credit in place and the authority to access them clearly delineated? Does the company have arrangements with its bank(s) to continue repetitive payments for a short time?
36 Financial Preparation Are corporate accounting records and processes backed up and documented off site? (Key people may not be available after a disaster.) Does the company have manual disbursement procedures?
37 Salvage Did you know that wet records could be freeze-dried and often saved? Do you have an agreement with someone who does that kind of work? Do you know who does that kind of work? (See list at end)
38 Salvage Information from hard drives of smoke or water damaged PCs can also be retrieved by experts.
39 Mail Mail handling operations are often overlooked. What would the company do about lost mail, both incoming and outgoing? Is there a plan to get mail flowing in an orderly fashion after a disaster?
40 Security How easy is it for a non-employee to get into your office today? How would you maintain security at your primary site until salvage could be carried out?
41 Departmental Readiness Who is the recovery coordinator for each department and what preparations have they made? What are those things that each department needs that may be below the radar of corporate planners and not easily obtainable?
42 Departmental Readiness Have the departments taken any steps to safeguard those things? – Every Department should consider what kind of problems an off-site box at a remote storage facility could save them.
43 Departmental Readiness Has each department determined how to recover work-in-progress? Does each department know what resources it requires to resume business operations? (How many computers, desks, chairs, file cabinets, fax machines, printers, copiers, phones, etc.?)
44 Departmental Readiness How quickly would each Department need replacement resources? How much on day 1, day 3, day 5, etc.? (This is how you build the company list.)
45 Departmental Technology Is the operating department responsible for replacing desktop technology or is IT? Does everyone understand that? Have you written into your plan the minimum hardware/software configuration you require for desktop workstations?
46 Resources For Clean Up / Restoration –BMS Catastrophe – (www.bmscat.com)www.bmscat.com –ServiceMaster (www.servicemasterclean.com/)www.servicemasterclean.com/ Mobile Office Space / Data Centers / Equipment –Agility Recovery Solutions (www.agilityrecovery.com)www.agilityrecovery.com –Sungard (www.sungard.com)www.sungard.com –Rental Systems (www.rentsys.com)www.rentsys.com
47 Resources Business Continuity Education and Certification –DRI International (www.drii.org)www.drii.org Professional Journals – Articles and links to vendors –Disaster Recovery Journal (www.drj.com)www.drj.com –Contingency Planning & Management (www.contingencyplanning.com)www.contingencyplanning.com
48 Resources Workplace Violence Resources –Occupational Safety & Health Administration (http://www.osha.gov/SLTC/workplaceviolence/)http://www.osha.gov/SLTC/workplaceviolence/ –National Institute for Occupational Safety and Health (http://www.cdc.gov/niosh/violcont.html)http://www.cdc.gov/niosh/violcont.html –Minnesota Department of Labor & Industry – Workplace Violence Prevention Resources (http://www.doli.state.mn.us/violence.html)http://www.doli.state.mn.us/violence.html –USDA Handbook on Workplace Violence Prevention and Response (http://www.usda.gov/news/pubs/violence/wpv.htm)http://www.usda.gov/news/pubs/violence/wpv.htm