Business Continuity Planning Completing a Business Impact Assessment Pamela Hill Managing Director Hyperion Global Partners Judi Flournoy CIO Loeb & Loeb.

Slides:

Advertisements

Similar presentations

RETURN TO MAIN 1 Mobile Messaging, Remote Access and DR/BC Planning – What Does Working Remotely Really Mean? Presented by: Doug Caddell Chief Information.

Advertisements

Business Continuity Training & Awareness by Sulia Toutai (ANZ)

CTS Strategic Roadmap Walkthrough, v1.2 Dan Mercer.

BCM and Security ROGSI/DMS Präsentation ROGSI/DMS Suite for Corporate Survival ROGSI/Business Impact Analysis TOP 7 Best Practices for Business Continuity.

1 The process of analyzing all core business functions and establishing an optimized timetable for recovery. Provides baseline for:  Justification for.

CIOassist Technologies Your CIO on Demand… Business Continuity Planning Our Offering CIOassist Technologies (

University of Florida Incident Tracking and Reporting Kathy Bergsma

1 Disk Based Disaster Recovery & Data Replication Solutions Gavin Cole Storage Consultant SEE.

National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Copyright 2004 Turning Point Solutions Establishing Lines Of Communication Before a Crisis.

1 Disaster Recovery Planning & Cross-Border Backup of Data among AMEDA Members Vipin Mahabirsingh Managing Director, CDS Mauritius For Workgroup on Cross-Border.

SSL From Your Smartphone Support for Android Smartphones /

IT Risk Mitigation Lewan Technology, Agility Recovery, FORTRUST & Woodruff Sawyer.

1 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Reducing your Risk Profile MIDWEST DATA RECOVERY INC.

Building a Case for Digital Migration Anna Stratton Director, Information Management Southwest Solutions Group 1 Created in partnership with ARMA International.

EASTERN MICHIGAN UNIVERSITY Continuity of Operations Planning (COOP)

Confidential Crisis Management Innovations, LLC. CMI CrisisPad TM Product Overview Copyright © 2011, Crisis Management Innovations, LLC. All Rights Reserved.

Discovery Planning steps (1)

RBTC: Business Continuity 101 July 18, What is Business Continuity? Scenario Part 1 Why is BC important? What types of plans are needed? How do.

Department of Social Sciences Social Sciences Digital Training “A New Era in Social Sciences: A Digital Timeline for Success”

Transport Development and Solutions Alliance (TDSA) Technology Evolving Business Functions Scott Lawton – Chief Executive Officer 7 th of August 2015.

A Major Business Disruption A Strategy for Minimising the Downtime Anthony Hegarty Mitigating Risks.

2015 Risky Business Week Welcome to the 2015 Risky Business Week presentation regarding disaster recovery Risky Business Week.

Federal Aviation Administration Federal Aviation Administration 1 Presentation to: Name: Date: Federal Aviation Administration AMHS Security Security Sub-Group.

Risk Assessment Farrokh Alemi, Ph.D. Monday, July 07, 2003.

Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.

1. 2 Cost to Recover Time to Recover Last Backup Work Backlog Created Lost Data Recovery Operations Time Cost Disaster Recovery Time Frame Reconstruct.

Records & Information Management (RIM) Risk: Is Your Company Exposed? March 19, 2013.

Perspectives on Business Continuity Management Bill Wheeler, EPO.

LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.

Working with HIT Systems

HIPAA Security A Quantitative and Qualitative Risk Assessment Rosemary B. Abell Director, National Healthcare Vertical Keane, Inc. HIPAA Summit VII September.

Risk and Financial Management Panel FPPA 13 th Annual Convention Sanibel Harbour – Fort Meyers, Florida February 23, 2010.

Chap 8: Administering Security.  Security is a combination Technical – covered in chap 1 Administrative Physical controls SE571 Security in Computing.

1 New Enhanced Collaboration Workspace Pilot Initiative for 2006 ITSC Status Update Sally Waselik 02-Dec-2005.

Introduction to ITIL and ITIS. CONFIDENTIAL Agenda ITIL Introduction  What is ITIL?  ITIL History  ITIL Phases  ITIL Certification Introduction to.

Information Technology Assessment Findings Presented to the colleges of the State Center Community College District.

111 © 2001, Cisco Systems, Inc. All rights reserved. Presentation_ID Cisco Services & Support World Class Partners Technical Support Services Advanced.

Presentation on “Technology used by university student”

Business Continuity Disaster Planning

Disaster Recovery Planning (DRP) DRP: The definition of business processes, their infrastructure supports and tolerances to interruptions, and formulation.

Chapter 3 “A Case Study of Effectively Implemented Information Systems Security Policy[1]” John Doran, CST554, Spring 2008.

Gmail Technical Support Toll free Number – For more information visit this link -

Business Continuity Planning 101

Incorporating Privacy Into Systems Development Methodology Phil Moleski Director Corporate Information Technology Branch Saskatchewan Health

Business Continuity and Disaster Recovery

THINK DIFFERENT. THINK SUCCESS.

Updating the Value Proposition:

Business Continuity Plan Training

HUIT Business Continuity

Planning your BC/DR Strategy You’re Doing it Backwards

Business Continuity Planning and IT Risk Management

Cyber Protections: First Step, Risk Assessment

BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT

Yahoo tech support Services Contact Now For more details visit at:- support-numberus.com/yahoo-support-number/ support-numberus.com/yahoo-support-number/

Berry College Disaster Recovery Soft Exit

Fundamentals of a Business Impact Analysis

Mission Essential Functions Identification and Prioritization

Audit Planning Presentation - Disaster Recovery Plan

Disaster Recovery AITR Meeting Aug 25, 2009.

Disaster Recovery AITR Meeting Aug 25, 2009.

Alignment of COBIT to Botswana IT Audit Methodology

Risk Analysis and HIPAA Security

Dennis Reid Senior Consultant Elliot Consulting, LLC

HIPAA Security A Quantitative and Qualitative Risk Assessment

Developing and testing the Plan

GRC - A Strategic Approach

Conducting a Business Impact Analysis (BIA)

Presentation transcript:

Business Continuity Planning Completing a Business Impact Assessment Pamela Hill Managing Director Hyperion Global Partners Judi Flournoy CIO Loeb & Loeb LLP

Business Impact Assessment Purpose – To understand how a disaster or business interruption will impact your business From a business process perspective From a technology perspective Allows you to define recovery time/recovery point objectives (RTO/RPO) – Create a 360 degree view of a process Technology People Process Inputs/outputs Vital records

Create a 360 View of Recovery

1.Gather information Survey Face to face Hybrid Recommend hybrid Survey first Follow up with interviews 2.Interviews allow you To push back on the “I want it all yesterday” approach many people will take To understand how the process is enabled by the underlying technology Discuss ways to work without technology for short periods of time Ask clarifying questions regarding inputs/outputs so you understand the process/information flow BIA Process

Survey questions – Discuss Example FINAL BIA and Home Computing Survey.pdf Process name Who does it Define inputs/outputs What processes, departments and people provide input What processes, departments and people receive information from you/your process Define underlying technology What is it How long can you be without it before it impacts your processes How much data can you lose and reasonably expect to recover – This is an IT consideration - don’t ask the end user this question BIA Process

Interview – What to Focus On – Describe your existing process(es) How do you use technology to complete the process – Detail all of the underlying technology – Don’t forget to start at the desktop Local applications or how the applications are accessed Security related items such as IP recognition for efiling, digital certificates, etc. – Understand where data are stored (even if you think you already know) BIA Process

Interview – what to focus on – Discuss how to complete the process if the office/app/data is/are unavailable – Discuss how to work remotely with their applications Identify trends for training opportunities Discuss post-disaster security considerations (e.g., won’t require an RSA token following a disaster) Discuss applications that are not on the remote access list (and why) – Be honest in your explanation of current recovery capabilities for applications and data This is an opportunity to educate – use it! BIA Process

What to do with the information – Compile it into usable bite-sized documents by audience Executive Team – Critical processes by RTO – Business recovery strategy » Final Sample BC Strategy.pdf Final Sample BC Strategy.pdf Operations/Facilities Team – Workspace requirements IT – RTO/RPO – Hardware/software requirements – Special considerations like digital certs/IP address authentication HR – People related to processes – Work from home capacity BIA Process

What to do with the information – Create a list of RTO/RPO – Complete a gap analysis of current recovery capabilities to what users expect – This information tells you Technical priority restore list What to focus BC/DR dollars and resources on What to focus people, workspace, and other resources on during a recovery BIA Process

0 – 4 Hours1 Day2 – 3 Days3 – 5 Days Network WAN Security Remote access continuity Mobile messaging Phones Documents Contact information recovery Records Conflicts/intake Filings Calendar/ docket Lit support Intra/extranets Workspace Accounts receivables Financial systems Cost recovery Practice apps Sample Critical Apps/Services

On-going Analysis – Threat Assessment Are there new threats? – HITECH Act – Privacy rules Has your organization’s vulnerability to any threat changed? Would the impact of certain risks be more devastating now than previously? Has the likelihood of any threat occurring increased? – BIA Follow up – see example Any significant change in technology Back end integration End user interface and/or workflow New applications BIA Process – Change Management

Free Resources Disaster Recovery Journal Sample plans The institute for continuity management Disaster recovery and business continuity supercast The source for business continuity CPM focused on convergence of business continuity,and security Business Continuity Links

Questions? Thanks for coming! (pandemic blog) Pamela Hill Judi Flournoy