Presentation is loading. Please wait.

Presentation is loading. Please wait.

LECTURE SERIES. 2 Business Continuity Planning April 2005 Inland Empire CIO Roundtable Claremont University Architectures & Strategies.

Published byKerry Stuart Rodgers Modified over 10 years ago

Similar presentations

Presentation on theme: "LECTURE SERIES. 2 Business Continuity Planning April 2005 Inland Empire CIO Roundtable Claremont University Architectures & Strategies."— Presentation transcript:

1 LECTURE SERIES

2 2 Business Continuity Planning April 2005 Inland Empire CIO Roundtable Claremont University Architectures & Strategies

3 3 Copyright ULTIGON 2005 The Premise Business Continuity Components Planning & management commitment Detection and response Project Life cycle Process integration & problem management Testing and reporting Cost of downtime Availability cost curve Market Dynamics Resourcing Overview

4 4 Copyright ULTIGON 2005 New risks Human Error/ Operations Risk Performance/Capacity Outsourced Service Providers Planned/Unplanned Downtime Security Incidents Content/Application Links to Third Parties Regulatory Compliance

5 5 Copyright ULTIGON 2005 New rules/ New realties IT and business process management are integrated — no longer separate views Production costs increase — no separate budget for BCP Risk identification and management take on a matrix management focus, e.g., technology, financial, trading, operations Problems are public — IT and business problem management must be integrated; root cause analysis Only as strong as your weakest link — good application/bad operations Contingency plans become critical when automation isn’t there — every component of the business process now must have a plan Sarbanes-Oxley- implies BCP plans are in place

6 6 Copyright ULTIGON 2005 Business Continuity Components Disaster Recovery Business Recovery Business Resumption Contingency Planning ObjectiveMission-critical applications Mission- critical business processing (workspace) Business process workarounds External event FocusSite or component outage (external) Site outage (external) Application outage (internal) External behavior forcing change to internal DeliverableDisaster recovery plan Business recovery plan Alternate processing plan Business contingency plan Sample Event(s) Fire at the data center; critical server failure Electrical outage in the building Credit authorization system down Main supplier cannot ship due to its own problem Sample Solution Recovery site in a different location Recovery site in a different power grid Manual procedure25% backup of vital products; backup supplier Crisis Management

7 7 Copyright ULTIGON 2005 Creating BC Plans Business Impact Analysis Risk Analysis Recovery Strategy Group Plans and Procedures Business Continuity Planning Initiation Risk Reduction Implement Standby Facilities Create Planning Organization Testing PROCESS Change ManagementEducationTestingReview Policy ScopeResources Organization Ongoing Process Project

8 8 Copyright ULTIGON 2005 Getting Management Commitment Catalysts like disasters, fires and outside audits Costs identified from business interruption and risk assessments Awareness programs and publicized information Fiduciary responsibilities and regulatory compliance

9 9 Copyright ULTIGON 2005 Detection and Response Prevention/Planning Detection Incident Response Investigation Evidence Legal actions Identified and established procedures in place and tested for:

10 10 Copyright ULTIGON 2005 Business Req. System Architecture System Design ConstructTest Implement Post Imple- ment Identify technology and business continuity risks from a business perspective – BIA/ risk analysis RTO/RPO Ensure complete cost estimate Ensure appropriatel y protected end product Assess risks of new technology products Identify secure infrastructure requirements Identify secure administrative requirements Establish security responsibilities and service- level regulations Identify BC/DR strategies Establish security test strategy Translate security architecture to detailed security infrastructure design Develop security baselines for new technologies/ products Develop detailed security admin. design Develop detailed BCP/DR design/ strategy Develop draft SLAs Develop security test plan Build/code security infrastructure environment and processes Build/code security admin. environment, roles/profiles and processes Build BCP/DR environment, plans and processes Build/code security test plan, processes, scripts and test environment Train secure administrati ve, operations, business unit, staff... Identify security noncomplia nce issues Identify new security exposures Test BCP/DR plans to ensure that RTO/RPO is attainable Turn over secure application infrastructure to production Implement secure administrative roles/profiles Implement business/ continuity DR environment Project Life Cycle Identify changes to tested env. Finalize secure admin. env. and processes Finalize security infrastructure environment and processes Finalize BCP/DR env., plans and processes Assess SLA accuracy Finalize risk acceptance with business Ensure that info. security policies are current

11 11 Copyright ULTIGON 2005 BC Integrated Processes Business Process Owner Architecture and Standards Application and Tech Design Business Continuity Operations Architecture and Design IT Operations Problem, Change, Performance, DR Risk Management (Financial, Technology, Operations) Information Security Recovery/continuity strategy/ design IT Recovery management BC Project Manager Business Manager Risk Manager Business Continuity Mgr. Audit IT Information Security Business Operations Legal/Compliance HR / Public Relations BC Recovery Team Business continuity strategy/design Audit — Financial and EDP OSPs/ Business Partners Rules and tools Security Incident identification/response design Regulatory Compliance - Sarbanes-Oxley, etc.

12 12 Copyright ULTIGON 2005 Problem Management Problem Identification and Impact Assessment Problem Status/ Communication Problem Prevention and Planning Problem Resolution Root Cause Analysis Problem Mgmt Team Business Process Owner Customer/Partner Relationship Owner Risk Management Business Continuity Information Security IT Technical Support IT Applications Support Vendors/OSPs/Third Parties Legal/Compliance Public Relations

13 13 Copyright ULTIGON 2005 Testing and Reporting BCP Phase Accounts Payable Accounts Receivable Cash Mmgt. R&DProd. Eng. Order Fulfillment Impact Analysis Risk Analysis Strategy Resources Committed Last Tested Change Mgmt. Last Major Review Workable Solution Audit Location, Business Process or Department Management Reporting is Critical

14 14 Copyright ULTIGON 2005 Cost of Downtime Revenue Know your downtime costs per hour, day, two days... Productivity Number of employees impacted X hours out X burdened hourly rate Damaged Reputation Customers Suppliers Financial markets Banks Business partners Financial Performance Revenue recognition Cash flow Lost discounts (A/P) Payment guarantees Credit rating Stock price Other Expenses Temporary employees, equipment rental, overtime costs, travel expenses... Direct loss Compensatory payments Lost future revenue Billing losses Investment losses Regulatory Sarbanes-Oxley, HIPAA, SB1386 Cost Of Operation

15 15 Copyright ULTIGON 2005 Availability-Cost Curve CostCost Disaster Recovery Times 24hrs48hrs72hrs Minutes 12 hrs. Standard Recovery Elec. Vaulting Electronic Journaling Shadowing Mirroring Database and/or file and/or object backup Log/journal transfer (continuous or periodic) Database and/or file and/or object replication Assumes mirroring or shadowing plus a complete application environment net $ host $ disk $ tape $ net $ tape $ net $-$$+ host $$+ disk $$$$+ net $$$+ host $$+ disk $$$$+ net $$$+ host $$$+ disk $$$$+ appl. $+ Hot Standby or Load-Balanced

16 16 Copyright ULTIGON 2005 Market Dynamics High- Availability- Based Service 20022005 Warm Site and Mobile Recovery Quick Ship Warm Site and Mobile Recovery Quick Ship Load-Balanced (2+Sites)

17 17 Copyright ULTIGON 2005 Resourcing External (dedicated) External (shared)Internal You have an alternative facility (50 km distant) BC vendors have insufficient capacity BC is a recognized and respected discipline You cannot economically benefit from syndication You do not have an alternate facility You desire multisite continuous availability or hot standby support RTOs/RPOs are very short You want to focus on core competencies Getting management sign- off for dedicated capital is difficult Experience of supporting an invocation is important Your planning scenarios include loss of technical staff

18 18 Copyright ULTIGON 2005 Laws - Regulation & Technology Warm Site and Mobile Recovery Sarbanes–Oxley  802, 302, 404, 409 HIPAA Gramm Leach Bliley Act SEC Rules 6835 & 17-a 21 CFR Part 11 (FDA regulated Companies IRS Revenue Procedure Ruling 97-22 Patriot Act California Security Breach Notice Law Government Paper Work Elimination Act (GPEA)

19 19 References www.TechRepublic.com Gartner References (www.gartner.com/1_researchanalysis/focus/aftermath.html) –Integrating BCP into IT Project Life Cycles –BCP and Management –BCP Tools –BCP Checklist –Key Elements of BCP Thinking Outside the SOX – Strohl Systems, 2004 Regulatory Compliance and BCP – InQuest Corp, 2004

20 LECTURE SERIES LECTURE SERIES Part VIII

21 21 Copyright Notice This document contains materials that are proprietary to G. M. Parker, Yorba Linda, CA. This work is protected as an unpublished work under the copyright laws of all countries that are signatories to the Berne Convention and the Universal Copyright Convention. Copyright, © 2005 by Gregg M. Parker., All rights reserved.

Download ppt "LECTURE SERIES. 2 Business Continuity Planning April 2005 Inland Empire CIO Roundtable Claremont University Architectures & Strategies."

Similar presentations

THE ROLE OF CSDs DURING ENVIRONMENTAL CRISIS OR OPERATIONAL DISRUPTION THE ROLE OF CSDs DURING ENVIRONMENTAL CRISIS OR OPERATIONAL DISRUPTION A PRESENTATION.

THE ROLE OF CSDs DURING ENVIRONMENTAL CRISIS OR OPERATIONAL DISRUPTION THE ROLE OF CSDs DURING ENVIRONMENTAL CRISIS OR OPERATIONAL DISRUPTION A PRESENTATION.
Business Continuity Training & Awareness by Sulia Toutai (ANZ)

Business Continuity Training & Awareness by Sulia Toutai (ANZ)
BCM and Security ROGSI/DMS Präsentation ROGSI/DMS Suite for Corporate Survival ROGSI/Business Impact Analysis TOP 7 Best Practices for Business Continuity.

BCM and Security ROGSI/DMS Präsentation ROGSI/DMS Suite for Corporate Survival ROGSI/Business Impact Analysis TOP 7 Best Practices for Business Continuity.
BUSINESS CONTINUITY MANAGEMENT THROUGH STANDARDS AND BEST PRACTICES Jasmina Trajkovski, CISA, CISM.

BUSINESS CONTINUITY MANAGEMENT THROUGH STANDARDS AND BEST PRACTICES Jasmina Trajkovski, CISA, CISM.
CIOassist Technologies Your CIO on Demand… Business Continuity Planning Our Offering CIOassist Technologies (www.cioassist.in)www.cioassist.in

CIOassist Technologies Your CIO on Demand… Business Continuity Planning Our Offering CIOassist Technologies (
Maximizing Uptime and Your Firm's Bottom Line: Understanding risk and budget when evaluating business continuity & disaster recovery protocols Michael.

Maximizing Uptime and Your Firm's Bottom Line: Understanding risk and budget when evaluating business continuity & disaster recovery protocols Michael.
Module – 9 Introduction to Business continuity

Module – 9 Introduction to Business continuity
Business Continuity Section 3(chapter 8) BC:ISMDR:BEIT:VIII:chap8:Madhu N PIIT1.

Business Continuity Section 3(chapter 8) BC:ISMDR:BEIT:VIII:chap8:Madhu N PIIT1.
Chapter 13 Managing Computer and Data Resources. Introduction A disciplined, systematic approach is needed for management success Problem Management,

Chapter 13 Managing Computer and Data Resources. Introduction A disciplined, systematic approach is needed for management success Problem Management,
DISASTER CENTER Study Case DEMIRBANK ROMANIA “Piata Financiara” ConferenceJanuary 29, 2002 C 2002.

DISASTER CENTER Study Case DEMIRBANK ROMANIA “Piata Financiara” ConferenceJanuary 29, 2002 C 2002.
Introduction to Business Continuity Planning An Introduction to the Business Continuity Planning Process Including Developing your Process and the Plans.

Introduction to Business Continuity Planning An Introduction to the Business Continuity Planning Process Including Developing your Process and the Plans.
© 2009 EMC Corporation. All rights reserved. Introduction to Business Continuity Module 3.1.

© 2009 EMC Corporation. All rights reserved. Introduction to Business Continuity Module 3.1.
September 14, 2010 Measuring/Monitoring for Perfect Ground Transportation Services AGTA Meeting – San Antonio 10:45 AM Michael J. Corby, CISSP, CCP, PMP.

September 14, 2010 Measuring/Monitoring for Perfect Ground Transportation Services AGTA Meeting – San Antonio 10:45 AM Michael J. Corby, CISSP, CCP, PMP.
BCP/DRP Consultancy Project- An approach

BCP/DRP Consultancy Project- An approach
1 Disk Based Disaster Recovery & Data Replication Solutions Gavin Cole Storage Consultant SEE.

1 Disk Based Disaster Recovery & Data Replication Solutions Gavin Cole Storage Consultant SEE.
Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning
Copyright 2004 Turning Point Solutions Establishing Lines Of Communication Before a Crisis.

Copyright 2004 Turning Point Solutions Establishing Lines Of Communication Before a Crisis.
Security Controls – What Works

Security Controls – What Works
Disaster Prevention and Recovery Presented By: Sean Snodgrass and Theodore Smith.

Disaster Prevention and Recovery Presented By: Sean Snodgrass and Theodore Smith.
TEL382 Greene Chapter 11. 10/27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.

TEL382 Greene Chapter /27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.

Similar presentations

Ads by Google