BCP/DRP Consultancy Project- An approach

Slides:



Advertisements
Similar presentations
Business Continuity Training & Awareness by Sulia Toutai (ANZ)
Advertisements

Disaster Preparedness I Lessons Learned Don Hall Thomson Prometric 2006 Annual ConferenceAlexandria, Virginia Council on Licensure, Enforcement and Regulation.
BUSINESS CONTINUITY MANAGEMENT THROUGH STANDARDS AND BEST PRACTICES Jasmina Trajkovski, CISA, CISM.
Maximizing Uptime and Your Firm's Bottom Line: Understanding risk and budget when evaluating business continuity & disaster recovery protocols Michael.
Business Continuity Section 3(chapter 8) BC:ISMDR:BEIT:VIII:chap8:Madhu N PIIT1.
Service Design – Section 4.5 Service Continuity Management.
1 Disaster Recovery “Protecting City Data” Ron Bergman First Deputy Commissioner Gregory Neuhaus Assistant Commissioner THE CITY OF NEW YORK.
Introduction to Business Continuity Planning An Introduction to the Business Continuity Planning Process Including Developing your Process and the Plans.
© 2009 EMC Corporation. All rights reserved. Introduction to Business Continuity Module 3.1.
Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP)
1 Disk Based Disaster Recovery & Data Replication Solutions Gavin Cole Storage Consultant SEE.
Business Continuity Planning and Disaster Recovery Planning
1 Business Continuity: The sixth international payment system conference MNB, Budapest 14 November, 2007.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Copyright 2004 Turning Point Solutions Establishing Lines Of Communication Before a Crisis.
Security Controls – What Works
Principles of Incident Response and Disaster Recovery
Disaster Prevention and Recovery Presented By: Sean Snodgrass and Theodore Smith.
TEL382 Greene Chapter /27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.
Planning for Contingencies
1 Disaster Recovery Planning & Cross-Border Backup of Data among AMEDA Members Vipin Mahabirsingh Managing Director, CDS Mauritius For Workgroup on Cross-Border.
Gulf Coast Energy International Business Continuity / Disaster Recovery Planning and Design Proposal Prepared by Andrew Rolf, Felipe Torres, Pranay Jaiswal.
Welcome Councillor Michael Braley. ‘ Helping you deliver your promises’ The Business Case for Resilience Planning ‘ Helping you deliver your promises’
Business Continuity and You! The Ohio State University Business & Finance Enterprise Continuity Program Quarterly Update October 2008Business and Finance.
Business Crisis and Continuity Management (BCCM) Class Session
EASTERN MICHIGAN UNIVERSITY Continuity of Operations Planning (COOP)
Business Continuity & Disaster Recovery Daniel Griggs Solutions Architect Ohio Valley September 30, 2008.
RBTC: Business Continuity 101 July 18, What is Business Continuity? Scenario Part 1 Why is BC important? What types of plans are needed? How do.
Evolving IT Framework Standards (Compliance and IT)
Making Business Continuity Child’s Play Solutions Ltd Business Continuity Management Contact details: Contact : Mick O’Regan Mobile :
IS 380.  Provides detailed procedures to keep the business running and minimize loss of life and money  Identifies emergency response procedures  Identifies.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
ISA 562 Internet Security Theory & Practice
Incident Management By Marc-André Léger DESS, MASc, PHD(candidate) Winter 2008.
David N. Wozei Systems Administrator, IT Auditor.
Rich Archer Partner, Risk Advisory Services KPMG LLP Auditing Business Continuity Plans.
Business Continuity & Disaster recovery
Expecting the Unexpected By Shaun Lindfield. Nearly 1 in 5 businesses suffer a major disruption every year. Yours could be next. With no recovery plan,
2010 Virginia RIMS and PRIMA Conference October 5, 2010 Business Impact Analysis: The Road Map to Managing Risks.
INFORMATION SECURITY & RISK MANAGEMENT SZABIST – Spring 2012.
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
1. 2 Cost to Recover Time to Recover Last Backup Work Backlog Created Lost Data Recovery Operations Time Cost Disaster Recovery Time Frame Reconstruct.
©2006 Merge eMed. All Rights Reserved. Energize Your Workflow 2006 User Group Meeting May 7-9, 2006 Disaster Recovery Michael Leonard.
Business Continuity and Disaster Recovery Planning.
I MPLEMENTING IT S ECURITY FOR S MALL AND M EDIUM E NTERPRISES Short Presentation by Subhash Uppalapati. - Edgar R. Weippl and Markus Klemen.
Disaster Recovery and Business Continuity Planning.
INFORMATION SECURITY MANAGEMENT L ECTURE 3: P LANNING FOR C ONTINGENCIES You got to be careful if you don’t know where you’re going, because you might.
Business Continuity Program Orientation (insert presentation date) (This presentation is a template that requires adjustments to meet your needs)
E.Soundararajan R.Baskaran & M.Sai Baba Indira Gandhi Centre for Atomic Research, Kalpakkam.
INFORMATION SECURITY MANAGEMENT L ECTURE 3: P LANNING FOR C ONTINGENCIES You got to be careful if you don’t know where you’re going, because you might.
Converting Policy to Reality Designing an IT Security Program for Your Campus 2 nd Annual Conference on Technology and Standards May 3, 2005 Jacqueline.
SecSDLC Chapter 2.
Lecture5 : Contingency planning Lecturer: Kawther Abas 25/12/ CS – Management of Programming Projects.
Erman Taşkın. Information security aspects of business continuity management Objective: To counteract interruptions to business activities and to protect.
Chapter 3: Business Continuity Planning. Planning for Business Continuity Assess risks to business processes Minimize impact from disruptions Maintain.
Tom Lenart & John Field CT DEMHS Region 2.  Department of Emergency Services and Public Protection (DESPP)  Commission on Fire Prevention and Control.
Business Continuity Disaster Planning
Business Continuity and You! The Ohio State University Business & Finance Enterprise Continuity Program Quarterly Update July 2008Business and Finance.
CBIZ RISK & ADVISORY SERVICES BUSINESS CONTINUITY PLANNING Developing a Readiness Strategy that Mitigates Risk and is Actionable and Easy to Implement.
A Lightweight Business Continuity & Disaster Recovery Plan Motahareh Moravej Issuers’ Affairs Director at CSDI PHD. Student of Computer Engineering, UT.
Introduction to Business continuity Planning 6/9/2016 Business Continuity Planning 1.
AUDITING BUSINESS CONTINUITY PROGRAMS AND PLANS What to Look For Presented by: Tommye White, CBCP, DRP Chuck Walts, CBCP, CRP.
1 Business Continuity Management Presenters: Miloš Kilibarda, Head of Security Department Igor Kutlača, CISSP, Head of BCM Unit Maj 2009.
Contingency Management Indiana University of Pennsylvania John P. Draganosky.
Business Continuity Planning 101
CompTIA Security+ Study Guide (SY0-401)
MANAGEMENT of INFORMATION SECURITY, Fifth Edition
Audit Plan Michelangelo Collura, Folake Stella Alabede, Felice Walden, Matthew Zimmerman.
Disaster Recovery at UNC
BCP/DRP Consultancy Project- An approach
Presentation transcript:

BCP/DRP Consultancy Project- An approach By D V Ramamohan Global Head of IT Consultancy Practice 3i Infotech Ltd

Agenda Overview of BCM- BCP/DRP ? Approach to Execution of BCP/DRP Assignments Interaction

What is BCM………….. Business Continuity Management is an holistic management process that identified potential impacts that threaten an organization and provides a framework for building resilience and capability for an effective response that safeguards the interest of its key stakeholders, reputation, brand and value creating activities. Business continuity means maintaining the uninterrupted availability of all key business resources required to support essential business activities.

What is BCP/DRP? The difference between business continuity and disaster recovery is not a ‚what' but a ‚whose'. This holistic view of business continuity management differs from what many managers traditionally term Disaster Recovery Planning which has been closely, if not solely, associated with information technology. By changing the focus, the emphasis is placed on the whole business, not just on technology issues alone. This reinforces the concept of continuity of all key processes, extending beyond information technology systems, important though they are in modern business.

Threats to Availability Why BCP-DRP…. COMPONENT FAILURE DATA CORRUPTION APPLICATION FAILURE MAINTENANCE USER ERROR SITE OUTAGE Why BCP-DRP….

Goals of Disaster Recovery Planning Disaster scenarios and Recovery Strategies: “Building on fire / Shambles” Alternate Site, Hot site vendor, Data vaulting Facility stands inaccessible Remote connectivity, tape libraries Facility accessible, physical failure Redundant systems, HW Vendor SLA’s Facilitate & equip operational, logical failure Standards, Documented procedures, security

Why DRP?.....Few statistics Major disasters: 9/11attack, UK bombings, Flooding in Mumbai, Earthquake in Indonesia Other statistics: % of Hardware failure % of Operational error Cost per hour of downtime? - $ 78000 Average incidents per hour? 9 Hours per incidents? 4.2 hrs Downtime cost per year? $ 2,970,000 (Research shows 80%) Source: Contingency Planning Research conducted on 450 fortune 1000 companies

Let us execute an DRP assignment…

What will be scope of work Subjects: IT Systems/Applications/Data Data Centre/Facilities/Services People Technical/Functional: Disaster Recovery Strategy and Solutions Disaster Recovery Plan and Procedures Implementation Guidance to implement proposed solutions Testing the Plan Training

What will be the deliverables…. Business Impact Study Analysis and Risk Assessment Report Disaster Recovery Strategy vis-à-vis Scenarios DR Solution Architecture DR Team Organization and Roles Disaster Recovery Plan and Procedures Setting up Disaster Recovery Site, if need be Test Plans/ Mock drills reports Maintenance Plan Training

What should be the Approach…….. Project Management Methodology: Your own…. Kick off meeting Execution Closure meeting Execution of assignment: Step one: Key IT Assets identification and RA Step two: Business impact analysis (BIA) Step three: Design continuity treatments Step four: Document the Plans Step Five: Implement continuity treatments Step Six: Test and maintain the plan Step Seven: Training

Step one: Key IT Assets identification and RA

Asset identification… Obtain/inventory the key assets Hardware System Software Applications Data People Facilities/Services Perform Risk Analysis Qualitative Quantitative Judgemental

Risk Assessment and Management Asset Identification And valuations Identification of vulnerabilities Identification of threats Asset Identification And valuations Business Riks Rating/Ranking Of Risks Level of Acceptable Risk

Step Two: Business Impact Analysis

Business Impact Analysis Establish the Organization’s Recovery requirements Requirements defined by Business Units Identify and Define Critical Business Processes Identify Systems Identify Recovery Timeframes and Recovery objectives for each process IT Department’s involvement is the enabler for the Plan

Step Three: Design Continue treatments

(Recovery Point Objective) (Recovery Time Objective) Recovery objectives Wks Days Hrs Mins Secs Secs Mins Hrs Days Wks Data Loss (Recovery Point Objective) Downtime (Recovery Time Objective) Mirroring / Replication Clustering Backup Restore from Disk Vaulting Restore from Tape

Step Four: Document the plans

Document Plans Organization of the Teams Detailed Procedures – Technical & Manual Workarounds Emergency Response Flow Emergency Contact Lists Crash Kits

Business Continuity Committee (Management Authorization) BCP Team Organization Business Continuity Committee (Management Authorization) Execution Teams BCP Team Leader BCP Spokesperson Internal Auditor Emergency Action Team Damage Asst. & Salvage Team Relocation Team IT Admin, Security & Support Team Operations

Documentation should cover Risk Management Environmental Management Emergency Management Crisis Management IT Disaster Recovery Knowledge Management Facility Management Human Management Supply Chain Management Security and Privacy Health and Safety Communications PR Enterprise business process, people and technology

Step Five: Implement Continue Treatments

Step six: Test/Exercise the plans

Test/Exercising the Plans Controlled Test of Procedures Structured Walkthroughs Desktop Tests Simulation Test Partial Technical Tests Full Scale Tests Allows Management to understand: Inaccuracies Omissions Apply Lessons Learned Revise Procedures & Incorporate into the Plan

Step six: Training…

Training………. Create Corporate Awareness of Developed Plans Team needs to be made knowledgeable of their role Training Primary & Alternates Contacts Awareness on task handling (JD) for Team “Management Support is Key for any BCP-DR Activity”

Few websites… www.pas56.com Guide for BCM www.thebci.org for BC Guidelines www.bsi-global.com for BS25999 (Replacement of PAS 56) www.iso.org/iso/catalogue_detail?csnumber=41532 for ISO/IEC 24762:2008

Interaction

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.