Presentation is loading. Please wait.

Presentation is loading. Please wait.

Business Continuity and Disaster Recovery Planning.

Published byFelicity Berry Modified over 8 years ago

Similar presentations

Presentation on theme: "Business Continuity and Disaster Recovery Planning."— Presentation transcript:

1 Business Continuity and Disaster Recovery Planning

2 2 Domain Objectives Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP) prepare for Adverse Events through: Response Programs focused on preserving life and business Recovery Plans to resume interrupted critical business operations Restoration Activities to return to normal operations

3 3 Information Security TRIAD Availability Confidentiality Integrity Information Security

4 4 Domain Agenda Project Scope Development and Planning Business Impact Analysis (BIA) and Functional Requirements Business Continuity and Recovery Strategy Plan Design and Development Implementation Restoration Feedback and Plan Management

5 5 Important Elements in this Step (Agenda) Management’s Commitment to the Project Agree upon resources and produce a project plan Analyze business and link BCP to organization’s mission

6 6 Business Organization Analysis BC Steering Committee Policy scope and authorization Mandates Current & future organization Inter-operational dependencies External dependencies

7 7 Resource Requirements Appraise budget Coordinate Personnel Availability Identify Key Personnel and Alternates

8 8 Resource Requirements Select BC Tools Evaluate Project Management Tools Consider Vendor Resources

9 9 Domain Agenda Project scope development and planning Business Impact Analysis (BIA) and Functional Requirements Business Continuity and Recovery Strategy Plan Design and Development Implementation Restoration Feedback and Plan Management

10 10 Business Impact Analysis Business Impact Analysis (BIA) Develop BIA Format Evaluate Potential Impact if interrupted Prioritize Business Functions

11 11 Important Elements in this Step (Agenda) Analysis of the Business Identification of Critical Business Processes Topics: Threat Analysis Emergency Assessment Critical Business Functions 3rd party and Networked Relationships

12 12 Threat Analysis Potential Risk Factors Man-made IT Natural Supply Chain Utility Failures Loss of Key Personnel

13 13 Emergency Assessment Affected Areas Triage and Escalation Procedures Notification and Alerting Procedures Safety and Security Provisions

14 14 Critical Business Functions Critical Function Characteristics Time Sensitivity Data Integrity Classification

15 15 Critical Business Functions Identification of Critical Business Functions Operational Impact Financial Impact Reputation or Public Image Impact Dependencies

16 16 Third Party and Networked Relationships Downstream Liabilities Identify Potentially Impacted Organizations Establish Compliance Requirements

17 17 Third Party and Networked Relationships Upstream Impacts Identify 3rd Party Relationships with Impact Potential Enforce Service Level Agreements (SLAs)

18 18 Domain Agenda Project scope development and planning Business Impact Analysis (BIA) and Functional Requirements Business Continuity and Recovery Strategy Plan Design and Development Implementation Restoration Feedback and Plan Management

19 19 Business Unit Priorities Meet identified business unit priorities Critical Processes Infrastructure Communications

20 20 Business Unit Priorities Recovery Time Objective Recovery Point Objective Cost/Benefit Analysis

21 21 Recovery Alternatives AlternativeDescriptionReadinessCost Multiple processing / mirrored site Fully redundant identical equipment & data Highest level of availability & readiness Highest Mobile site/Trailer Designed, self- contained IT & communications Variable drive time; load data & test systems High Hot site Fully provisioned IT & office, HVAC, infrastructure, & communications Short time to load data, test systems. May be yours or vendor staff High Warm site Partially IT equipped, some office, data & voice, infrastructure Days or weeks. Need equipment, data, communications Moderate Cold site Minimal infrastructure, HVAC Weeks or more. Need all IT, office equipment, & communications Lowest

22 22 Processing Agreements AgreementDescriptionConsiderations Reciprocal or Mutual Aid Two or more organizations agree to recover critical operations for each other. Technology upgrades/ obsolescence or business growth. Security and access by partner users. Contingency Alternate arrangements if primary provider is interrupted, i.e., voice or data communications. Providers may share paths or lease from each other. Question them. Service Bureau Agreement with application service provider to process critical business function. Evaluate their loading, geography and ask about backup mode.

23 23 Backup Strategies Replication Distributed Processing Electronic Vaulting

24 24 Backup Strategies Remote Journaling Media Archives Storage Area Network

25 25 Backup Locations and Storage Criteria On-Site Near-Site Off-Site Storage for additional documentation and supplies

26 26 Resilience Strategies Site resilience IT resilience Organizational Resilience

27 27 Domain Agenda Project scope development and planning Business Impact Analysis (BIA) and Functional Requirements Business Continuity and Recovery Strategy Plan Design and Development Implementation Restoration Feedback and Plan Management

28 28 Emergency Response Procedures Topics Event Reporting Life, Health, Safety Damage Assessment Triage and Escalation Disaster Declaration Alerting, Activation and Notification Reporting, Communication

29 29 Personnel Notification Executive Succession Planning Executive Crisis Management Role BC Coordinator and Teams Notification Lists Public Relations

30 30 Backups and Offsite Storage Backup and offsite storage Inventory Facility Accessibility Facility Resilience

31 31 Communications Emergency Communication Systems Business Communication Systems Networks

32 32 Alternate Site Considerations Utilities Communications Environmental Protections Space Critical IT and Communications

33 33 Logistics and Supplies Personnel and Materials Transportation Alternate Site Workspace Personnel Support and Welfare Remote Worker Environment Activation Emergency Funds Access

34 34 Logistics and Supplies Additional Contingencies Family Responsibilities Fraud and Looting Safety and Legal Issues Escalated Management Authority

35 35 Documentation Business Continuity Plan Business Continuity Plan BC/DR Plans Activity and Status Reports Issue Identification and Resolution Reports Checklists Recovery Deactivation Plans

36 36 Business Continuity and Resumption Planning Risk Avoidance and Mitigation Planning Emergency Business Recovery Procedures Contracts for Emergency Vendor Services

37 37 Domain Agenda Project scope development and planning Business Impact Analysis (BIA) and Functional Requirements Business Continuity and Recovery Strategy Plan Design and Development Implementation Restoration Feedback and Plan Management

38 38 Training Audience Key education expectation Example Methods All personnel Awareness of select emergency response Signage, videos or computer based training, drills Operations Backup procedures and transmittal/recall from offsite storage Emergency response procedures Drills, simulations, exercises Recovery Team Recovery procedures Drills, simulations, exercises, parallel tests EOC Teams Training on EOC procedures & criteria Workshops, simulations, exercises, parallel tests

39 39 Testing Purpose Measure Plan Effectiveness Assess Personnel Readiness and increase their Familiarity

40 40 Test Plans Explicit test objectives and success criteria Test Details Schedule Post-test Review

41 41 Types of Tests TypePurposeParticipants Checklist or Desk Check Review contents BC Coordinator, authors and independent parties Structured Walk-through Reviewed more thoroughly with interaction BC Coordinator, authors and team leaders Simulations Check plan integration Personnel have mock event roles and observers Parallel Testing Measure recovery against non- interrupted operations All recovery teams and recovery site staff and observers Full Interruption Most complete metric. Rely on plan All recovery teams and recovery site staff and observers

42 42 Testing Follow-up Deficiencies Plan Assessment Scheduled Test Program

43 43 Recovery Procedures Local Recovery Procedures Alternate Site Migration Prioritization Validation Transfer and Recovery Certification and Accreditation

44 44 Audit Assurance of effective BC and DR capability Measures compliance Ensure audit findings are addressed

45 45 Domain Agenda Project scope development and planning Business Impact Analysis (BIA) and Functional Requirements Business Continuity and Recovery Strategy Plan Design and Development Implementation Restoration Feedback and Plan Management

46 46 Restoration Restoration of Primary Location

47 47 Procurement Support of Recovery Activities Consolidation of Acquisitions and Disposition Reporting of Restoration Costs

48 48 Reversal Procedures Business Process Recovery Point Journal and Process Synchronization Data Recovery

49 49 Relocation to Primary Site Restoration Order and Prioritization End of Disaster Declaration

50 50 Domain Agenda Project scope development and planning Business Impact Analysis (BIA) and Functional Requirements Business Continuity and Recovery Strategy Plan Design and Development Implementation Restoration Feedback and Plan Management

51 51 Post-recovery Reporting Identification or Remediation of Plan Gaps Lessons Learned Performance Metric Review

52 52 Plan Review and Evolution Plan Review and Adjustment Training of Key Personnel

53 53 Communication Plan Distribution Communication of Plan to Stakeholders

54 54 Domain Summary A Business Continuity and Disaster Recovery Planning Project is a ongoing, continuous effort to ensure that the business is prepared to handle any type of disaster

55 55 Domain Summary

56 “Security TranscendsTechnology”

Download ppt "Business Continuity and Disaster Recovery Planning."

Similar presentations

Museum Presentation Intermuseum Conservation Association.

Museum Presentation Intermuseum Conservation Association.
Continuity of Operations (COOP) Awareness Training

Continuity of Operations (COOP) Awareness Training
Disaster Preparedness I Lessons Learned Don Hall Thomson Prometric 2006 Annual ConferenceAlexandria, Virginia Council on Licensure, Enforcement and Regulation.

Disaster Preparedness I Lessons Learned Don Hall Thomson Prometric 2006 Annual ConferenceAlexandria, Virginia Council on Licensure, Enforcement and Regulation.
CIOassist Technologies Your CIO on Demand… Business Continuity Planning Our Offering CIOassist Technologies (www.cioassist.in)www.cioassist.in

CIOassist Technologies Your CIO on Demand… Business Continuity Planning Our Offering CIOassist Technologies (
DISASTER CENTER Study Case DEMIRBANK ROMANIA “Piata Financiara” ConferenceJanuary 29, 2002 C 2002.

DISASTER CENTER Study Case DEMIRBANK ROMANIA “Piata Financiara” ConferenceJanuary 29, 2002 C 2002.
@TxSchoolSafety Continuity of Operations Planning Workshop Devolution & Reconstitution.

@TxSchoolSafety Continuity of Operations Planning Workshop Devolution & Reconstitution.
1 Continuity Planning for transportation agencies.

1 Continuity Planning for transportation agencies.
Alexander Brandl ERHS 561 Emergency Response Environmental and Radiological Health Sciences.

Alexander Brandl ERHS 561 Emergency Response Environmental and Radiological Health Sciences.
Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP)

Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP)
BCP/DRP Consultancy Project- An approach

BCP/DRP Consultancy Project- An approach
Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning
Copyright 2004 Turning Point Solutions Establishing Lines Of Communication Before a Crisis.

Copyright 2004 Turning Point Solutions Establishing Lines Of Communication Before a Crisis.
Business Crisis and Continuity Management (BCCM) Class Session 3 3 - 1.

Business Crisis and Continuity Management (BCCM) Class Session
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
TEL382 Greene Chapter 11. 10/27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.

TEL382 Greene Chapter /27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.
Planning for Contingencies

Planning for Contingencies
Disaster Recovery and Business Continuity Ensuring Member Service in Times of Crisis.

Disaster Recovery and Business Continuity Ensuring Member Service in Times of Crisis.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Gulf Coast Energy International Business Continuity / Disaster Recovery Planning and Design Proposal Prepared by Andrew Rolf, Felipe Torres, Pranay Jaiswal.

Gulf Coast Energy International Business Continuity / Disaster Recovery Planning and Design Proposal Prepared by Andrew Rolf, Felipe Torres, Pranay Jaiswal.
John Graham – STRATEGIC Information Group Steve Lamb - QAD Disaster Recovery Planning MMUG Spring 2013 March 19, 2013 Cleveland, OH 03/19/2013MMUG Cleveland.

John Graham – STRATEGIC Information Group Steve Lamb - QAD Disaster Recovery Planning MMUG Spring 2013 March 19, 2013 Cleveland, OH 03/19/2013MMUG Cleveland.

Similar presentations

Ads by Google