Developing and testing the Plan

Slides:

Advertisements

Similar presentations

Museum Presentation Intermuseum Conservation Association.

Advertisements

Practical Preparations Planning for Safety and Emergencies.

Information Technology Disaster Recovery Awareness Program.

OHS Induction Training

A Complete and Absolute Shambles Prevention, Planning & Response and Library Disaster Planning RTO No CRICOS No 1505M Vicky Qin Special Collections.

Planning for the Future Disaster Recovery Plan / Business Continuity Plan Jim Zukowski, Ed.D. Texas State Board of Dental Examiners 2006 Annual ConferenceAlexandria,

Join the conference call by dialing the conference number in your Invitation or Reminder s. Please put your phone on mute. Please stand by! The webinar.

Records Emergency Planning and Response Webinar Session 2 Join the conference call by dialing the conference number in your Invitation or Reminder s.

Service Design – Section 4.5 Service Continuity Management.

Visual 3.1 Unified Command Unit 3: Unified Command.

1 Continuity Planning for transportation agencies.

Business Continuity Planning Jeremy Stacy. Objectives Understand the steps in Business Continuity Planning Understand the terminology used in Business.

BRC Storage & Distribution Safety and Quality Management System Training Guide

Emergency Plan GENERAL AWARENESS TRAINING. Aim To provide staff with an overview of the school emergency plan.

Business Crisis and Continuity Management (BCCM) Class Session

Disaster Recovery and Business Continuity Ensuring Member Service in Times of Crisis.

The Business Continuity Plan Chris Owens/Annette Mercer Public Health Knowsley MBC Local Pharmaceutical Committee 18 June 2014.

Gulf Coast Energy International Business Continuity / Disaster Recovery Planning and Design Proposal Prepared by Andrew Rolf, Felipe Torres, Pranay Jaiswal.

Business Continuity and You! The Ohio State University Business & Finance Enterprise Continuity Program Quarterly Update October 2008Business and Finance.

“A Prepared Marylander Creates a Resilient Maryland” Vital Records Identification and Maintenance February 6, 2014 This document was prepared under a grant.

Continuity of Operations Planning COOP Overview for Leadership (Date)

Discovery Planning steps (1)

Module 3 Develop the Plan Planning for Emergencies – For Small Business –

Incident Management By Marc-André Léger DESS, MASc, PHD(candidate) Winter 2008.

Disaster Recovery Strategies & criteria for evaluation of information management strategies.

A Major Business Disruption A Strategy for Minimising the Downtime Anthony Hegarty Mitigating Risks.

EPMA. Overview of Servpro Large loss capability Emergency Ready Profile.

Unit 8:COOP Plan and Procedures  Explain purpose of a COOP plan  Propose an outline for a COOP plan  Identify procedures that can effectively support.

ISA 562 Internet Security Theory & Practice

Asset & Security Management Chapter 9. IT Asset Management (ITAM) Is the process of tracking information about technology assets through the entire asset.

Incident Management By Marc-André Léger DESS, MASc, PHD(candidate) Winter 2008.

Developing a Disaster Recovery Plan Bb World ’06 San Diego, Calif. Poster Session Presented by Crystal Nielsen, M.A. Instructional Technologist Northwest.

David N. Wozei Systems Administrator, IT Auditor.

Perspectives on Business Continuity Management Bill Wheeler, EPO.

Continuity of Operations Planning (COOP) for Community Colleges Welcome Introductions Administration Agenda Classroom Decorum Participant-Instructor.

Paul Hardiman and Rob Brown SMMT IF Planning and organising an audit.

NFPA 1600 Disaster/Emergency Management and Business Continuity Programs.

Unit 4: Operational Phases and Implementation. Unit 4 Objectives  Explain the four phases of continuity and relate their application to the continuity.

Pittsburgh Alliance for Response Risk Management, Loss Control & Insurance February 2009.

Erman Taşkın. Information security aspects of business continuity management Objective: To counteract interruptions to business activities and to protect.

Writing an Emergency Operations Plan Why do we need to plan? Spring 2008.

Business Continuity Disaster Planning

Standard III Resources Effective Practices in Accreditation ASCCC Accreditation Institute, Feb , San Diego, CA Cheryl Aschenbach, ASCCC At-large.

CBIZ RISK & ADVISORY SERVICES BUSINESS CONTINUITY PLANNING Developing a Readiness Strategy that Mitigates Risk and is Actionable and Easy to Implement.

EXPECT THE UNEXPECTED Prepare Your Business for Disaster.

AUDITING BUSINESS CONTINUITY PROGRAMS AND PLANS What to Look For Presented by: Tommye White, CBCP, DRP Chuck Walts, CBCP, CRP.

Business Continuity Awareness Steve Lambert Biscon Planning Ltd.

Business Continuity Planning 101

Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-XI)

THINK DIFFERENT. THINK SUCCESS.

We will start momentarily…

Business Continuity Plan Training

Incident Command System (ICS)

Heritage Fund - Disaster Planning 101

Business Contingency Planning

OHS–Occupational Health & Safety

A Complete and Absolute Shambles

IS-700.A: National Incident Management System, An Introduction

1 2 Please stand by! The webinar will begin shortly.

Business Continuity Planning

Business Impact Analysis

Disaster Recovery at UNC

Barton Financial Aid Office Business Continuity Plan

Continuity of Operations Planning

BUSINESS CONTINUITY PLAN

Emerging Audit and Internal Control Issues

Stage 2 - review recovery options

Why important? Heavy reliance on IT Pressure to deliver IT services Increasing range of threats.

MANUFACTURING DISASTER RECOVERY PLAN

BUSINESS CONTINUITY PLAN

Presentation transcript:

Business Continuity A matter of survival Session 5 Develop, test and maintain the Plan

Developing and testing the Plan Develop plan Training Testing Review & update Stage 3 On- going System changes

Developing the Plan Object - the completed plan must contain everything that is necessary to recover the business following a disaster. What constitutes a disaster? Depends on - economic strength private or public sector nature of impact (e.g financial loss, loss of life, loss of control)

Sections of the Plan Administration - authority to invoke the plan guidance on when to invoke the plan Emergency Control Centre emergency response teams - roles, personnel IT infrastructure - lists of suppliers and contractors, system configuration details Support contracts - disaster recovery, equipment replacement

Sections of the Plan Remote media store - location, items held, arrangements for gaining access Computer operations - instructions for service restoration, service relaxation(s) Personnel - personnel to be re-located at standby site, welfare arrangements, sources of additional personnel Home site - security and salvage Standby site - contacts, transport, facilities Return to normal - roles & responsibilities

Supporting requirements Evacuation procedures Emergency Control Centre Re-locating personnel Re-establishing support services Vital records - security of essential paper documents Salvage

Training Limited value if staff are unaware of - need for a plan? emergency arrangements - scenarios what would happen if plan activated roles & responsibilities who to contact/where re-location sites, accommodation, transport Specialist training for response teams

Testing the Plan What use is a plan that doesn’t work when needed? Testing is essential to prove that the plan works

Testing Factors to consider - cost business disruption what changes have taken place? (new systems, changes, locations) any changes to the threat environment? (severe weather forecast, industrial action expected, terrorist activity increasing)

Testing strategy - full testing Most effective way to uncover flaws Impose near as possible disaster conditions Set performance targets Record - times to achieve targets problems Post mortem Update

Testing strategy - restricted testing Cheaper, less disruptive Provides limited assurance Periodically - test standby utilities - weekly? carry out “dry runs” - monthly? recover from backup - quarterly? practice evacuations - 6 monthly? arrange visits to standby site - annual?

Maintaining the Plan Accountability - need for an “Owner” Annual budget to maintain the plan Managing changing - business priorities IS/IT locations On-going need for - training/awareness testing

Summary “Business continuity” requires a comprehensive plan Training - specialists & others Live testing - costly but necessary Restricted testing - cheaper, but provides only limited assurance Accountability - need for an “Owner” On-going maintenance

Audit considerations Are business systems adequately backed up? Are backup copies held in a secure and remote media store? (go and see for yourself!) Is there evidence that the backing up strategy works in practice? Is there an appropriate disaster recovery plan? Is it based on thorough risk assessment? How do personnel know their role in the plan? How is the Plan maintained? Is the Plan demonstrably workable?