1. Disaster Recovery (Business Continuity Planning) Tim Babco

2. AGENDA What is BCP? Key BCP Components How to Implement? How to Maintain? Effort Required Value Obtained Q&A

3. World’s largest distributor of swimming pool supplies, equipment and related leisure products ~$2 billion in revenues >3,600 employees; 285 locations; 8 countries >100,000 products >70,000 customers Headquartered in Covington, Louisiana Headquarters in “Hurricane Alley” Who is Poolcorp?

4. Task of identifying, developing, acquiring, documenting, and testing procedures and resources that will ensure continuity of a firm's key operations in the event of an accident, disaster, emergency, and/or threat. It involves:Task documentingtestingproceduresresourcesoperationseventaccidentdisasteremergencythreat (1)Risk mitigation planning (reducing possibility of the occurrence of adverse events)Risk mitigationplanning (2)Business recovery planning (ensuring continued operation in the aftermath of a disaster)Business recovery planning Keep the business running successfully What is BCP?

5. Business Continuity Planning (BCP) and Disaster Recovery (DR) are often used synonymously Continuum: Enterprise  Individual Corporate functions Remote locations Succession Planning Prevent and Recover Keep the business running successfully What is BCP?

6. Needs assessment Employees Communications IT Infrastructure Recovery site logistics Third party information Supplies Pre-event protection steps Trigger points Municipal, state, federal interaction and updates Many important facets Key BCP Components

7. RTO – Recovery Time Objective Amount of down time for each critical function before outage threatens company survival RPO – Recovery Point Objective How old can the data be before it is so out of date that recreation is not practical or possible Consider Time of Year, Month, etc. Economic Benefit Cost of protection vs. cost of down time Hard costs and opportunity costs Clearly define what’s important Needs Assessment

8. Current and complete contact information Know how to reach employees Employees

9. Current and complete contact information Employees know key BCP contacts Employees

10. Personal BCP plan Home Belongings Immediate family members Extended family members Pets, livestock Employees can’t be productive if worried about personal items Employees

11. Roles Executive team Make decisions Delegations of authority Communications team Internal External Execute quickly and correctly Employees

12. Roles Core team Coordinate detailed plan execution Tiered response teams Tier 1 – IT only; sent when disaster impact predicted Tier 2 – Employees with critical functions; sent when disaster impact is imminent Tier 3 – Important functions; work better as group; sent after significant impact realized Tier 0 – Can work remotely as situation unfolds Avoid the scattered workforce Employees

13. Voice Potential issues Land lines may be out Cell phones may be out Solutions Satellite phones Private 2-way radios IP telephony virtual phone system Call centers Key support teams High risk locations Communications Ability to verbally communicate

14. Voice Dedicated toll-free BCP lines Employee information line Command conference line Regularly scheduled, daily conferences Communications Ability to verbally communicate

15. Data Choose the right circuit provider Have redundant data circuits Different providers; different routes Broadband wireless capabilities Ability to access business systems Communications

16. Data Portable satellite systems Ability to access business systems Communications

17. Messaging Text messaging E-mail Web access from anywhere BCP web site – externally hosted Remotely connect & send/receive updates Communications

18. Backup power – Battery, Generator and fuel Offsite tape rotations (e.g. Iron Mountain) Low risk data center location Redundant data centers Co-location Cold failover facility (e.g. Sungard) Full mesh network Just like insurance policies IT Infrastructure

19.  PoolCorp Global Wide Area Network High speed, secure access from anywhere IT Infrastructure

20. Choose good partners Corporate grade equipment and solutions High reliability Fast response time Available technical support staff Cost competitive Willingness to go “above and beyond” Only as good as the weakest link IT Infrastructure

21. Central command/recovery center Wireless Size Proximity From chaos to recovery in hours Recovery Site Logistics

22. Laptops for key employees Remote connectivity (VPN) Transportation Housing – hotels, apartments Childcare Schools Kennels (house hold pets only) Expense reporting Cash advances Recovery Site Logistics Employees can quickly be productive

23. Vendors Consultants Financial institutions Investors Governmental agencies Media Board members Third Party Information Fast access to key parties

24. First aid Portable generators Extension cords Flashlights and batteries Tarps Tools (e.g. chain saws) Ice coolers Bottled water and non-perishable food Energy drinks Supplies Ability to ride out DR events

25. Full equipment inventory Protect equipment and information Unplug electronics Move electronics off of floor Safeguard important paperwork Close blinds and doors Take critical items if planned evacuation Focus on safety if unplanned event Pre-event Protection Steps Attempt to minimize loss

26. Define for all predictable events Example: 9-step hurricane process 1. Storm enters gulf 2. Projections converge with New Orleans in cone 3. Within 4 days of landfall; still in cone 4. Within 3 days of landfall; still in cone 5. Within 50 hrs of landfall; still in cone; material impact imminent 6. Within 40 hrs of landfall; still in cone; material impact imminent 7. Within 30 hrs of landfall; still in cone; material impact imminent 8. Next 36 hrs during/after storm 9.Authorities give “all clear” to return home Trigger Points Know what to do and when to do it

27. Participate in municipal DR planning/testing Get to know local and state officials Know evacuation routes Placards to re-enter impact areas Municipal, State, Federal Interaction Take advantage of available help

28. Start with basics Focus on critical systems, functions, people Use available “free” help and templates Hire consultants if needed Train and communicate How to Implement Don’t be overwhelmed Create Update Test Audit Annual testing Validation of tape backups Failover to backup facility User validation Signed acceptance forms

29. 300-400 hours can get you started 100-200 hours annually to test/audit 100-200 hours annually to enhance/update 5 person “core team” Senior Management Sponsor Project manager Tech writer IT manager Logistics/facilities coordinator Effort Required It can be a reasonable effort

30. Creating the initial plan: $15-20K Annual updates and testing:$10-20K Annual infrastructure costs:$200K Peace of mind during a disaster:Priceless Value Obtained – Basic BCP Plan The best insurance policy you’ll ever buy!

31. QUESTIONS ? Tim Babco (985)801-5230 tim.babco@poolcorp.com