1 The Basics of Business Continuity Presented by Mary F. Sandy, CBCP Business Continuity/Disaster Recovery Class DePaul University ©Mary F. Sandy, 2006.

Slides:



Advertisements
Similar presentations
IT Service Continuity Management
Advertisements

Museum Presentation Intermuseum Conservation Association.
Security and Control Soetam Rizky. Why Systems Are Vulnerable ?
Information Technology Disaster Recovery Awareness Program.
Creating a Data Disaster Recovery Plan. What is a DR Plan? Is your best solution to: Continuous business services Prompt and smooth recovery Prepare for.
OCHA UGANDA TESO FLOODS LESSONS LEARNT July-December 2007.
Business Continuity and Disaster Recovery Planning.
1 The process of analyzing all core business functions and establishing an optimized timetable for recovery. Provides baseline for:  Justification for.
Maximizing Uptime and Your Firm's Bottom Line: Understanding risk and budget when evaluating business continuity & disaster recovery protocols Michael.
Business continuity Disaster Recovery RESILIENCE PLANNING Incident Mgt. COOP Crisis Mgt. preparedness management EMERGENCY MGT. I NCIDENT R ESPONSE C ONTINGENCY.
1 Disaster Recovery “Protecting City Data” Ron Bergman First Deputy Commissioner Gregory Neuhaus Assistant Commissioner THE CITY OF NEW YORK.
Business Continuity Planning and Disaster Recovery Planning
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Disaster Recovery in IT David Irakiza CSC 585-High Availability and Performance Computing 2012.
Disaster Prevention and Recovery Presented By: Sean Snodgrass and Theodore Smith.
Planning for Contingencies
Disaster Recovery and Business Continuity Ensuring Member Service in Times of Crisis.
Saving Your Business from a Data Loss Randy Clark.
Business Continuity & Disaster Recovery Planning at The Chicago Board of Trade Presented By: Bryan Durkin Sr. Vice President The Chicago Board of Trade.
By Jeff Fetherolf. Business Impact Analysis (BIA) A process of having the business process owners, business subject matter experts, etc. identify the.
Gulf Coast Energy International Business Continuity / Disaster Recovery Planning and Design Proposal Prepared by Andrew Rolf, Felipe Torres, Pranay Jaiswal.
John Graham – STRATEGIC Information Group Steve Lamb - QAD Disaster Recovery Planning MMUG Spring 2013 March 19, 2013 Cleveland, OH 03/19/2013MMUG Cleveland.
Business Continuity and You! The Ohio State University Business & Finance Enterprise Continuity Program Quarterly Update October 2008Business and Finance.
Business Crisis and Continuity Management (BCCM) Class Session
1 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Reducing your Risk Profile MIDWEST DATA RECOVERY INC.
November 2009 Network Disaster Recovery October 2014.
EASTERN MICHIGAN UNIVERSITY Continuity of Operations Planning (COOP)
CISA REVIEW The material provided in this slide show came directly from Certified Information Systems Auditor (CISA) Review Material 2010 by ISACA.
Chapter 10: Computer Controls for Organizations and Accounting Information Systems
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Disaster Recovery, Business Continuity, and Organizational Policies.
Business Continuity and Disaster Recovery Chapter 8 Part 2 Pages 914 to 945.
IS 380.  Provides detailed procedures to keep the business running and minimize loss of life and money  Identifies emergency response procedures  Identifies.
Unit 8:COOP Plan and Procedures  Explain purpose of a COOP plan  Propose an outline for a COOP plan  Identify procedures that can effectively support.
ISA 562 Internet Security Theory & Practice
Rich Archer Partner, Risk Advisory Services KPMG LLP Auditing Business Continuity Plans.
Business Continuity & Disaster recovery
By Srosh Abdali.  Disaster recovery is the process, policies and procedures related to preparing for recovery or continuation of technology infrastructure.
1. 2 Cost to Recover Time to Recover Last Backup Work Backlog Created Lost Data Recovery Operations Time Cost Disaster Recovery Time Frame Reconstruct.
©2006 Merge eMed. All Rights Reserved. Energize Your Workflow 2006 User Group Meeting May 7-9, 2006 Disaster Recovery Michael Leonard.
Anne Arundel County COOP Kick-Off Office of Emergency Management Jim Weed, Director
Disaster Recovery and Business Continuity Planning.
INFORMATION SECURITY MANAGEMENT L ECTURE 3: P LANNING FOR C ONTINGENCIES You got to be careful if you don’t know where you’re going, because you might.
Business Continuity Program Orientation (insert presentation date) (This presentation is a template that requires adjustments to meet your needs)
Phases of BCP The BCP process can be divided into the following life cycle phases: Creation of a business continuity and disaster recovery policy. Business.
Security Administration. Links to Text Chapter 8 Parts of Chapter 5 Parts of Chapter 1.
Disaster Recovery: Can Your Business Survive Data Loss? DR Strategies for Today and Tomorrow.
Principles of Computer Security, Fourth Edition Copyright © 2016 by McGraw-Hill Education. All rights reserved. Disaster Recovery and Business Continuity,
Disaster Recovery 2015 Indiana Statewide Payroll Conference Michael Ievoli-Client Support Specialist IV, Major Accounts September 16, 2015 Copyright ©
Tom Lenart & John Field CT DEMHS Region 2.  Department of Emergency Services and Public Protection (DESPP)  Commission on Fire Prevention and Control.
INFORMATION SECURITY MANAGEMENT L ECTURE 8: R ISK M ANAGEMENT C ONTROLLING R ISK You got to be careful if you don’t know where you’re going, because you.
DISASTER RECOVERY PLAN By: Matthew Morrow. WHAT HAPPENS WHEN A DISASTER OCCURS  What happens to a business during a disaster?  What steps does a business.
Introduction to Business continuity Planning 6/9/2016 Business Continuity Planning 1.
Disaster Recovery Planning (DRP) DRP: The definition of business processes, their infrastructure supports and tolerances to interruptions, and formulation.
AUDITING BUSINESS CONTINUITY PROGRAMS AND PLANS What to Look For Presented by: Tommye White, CBCP, DRP Chuck Walts, CBCP, CRP.
Information Security Crisis Management Daryl Goodwin.
Business Continuity Planning 101
Information Systems Security
Planning for Application Recovery
Chapter 8 – Administering Security
Module – 9 Introduction to Business continuity
ISSAP Session 7 Technology Based Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP) 21 September 2011.
Business Continuity Plan Training
Audit Plan Michelangelo Collura, Folake Stella Alabede, Felice Walden, Matthew Zimmerman.
Audit Planning Presentation - Disaster Recovery Plan
Personal Introduction
Assessing Risk Impact Factors affecting the consequences Nature Scope
Dennis Reid Senior Consultant Elliot Consulting, LLC
BUSINESS CONTINUITY PLAN
BUSINESS CONTINUITY PROGRAM
BUSINESS CONTINUITY PLAN
Presentation transcript:

1 The Basics of Business Continuity Presented by Mary F. Sandy, CBCP Business Continuity/Disaster Recovery Class DePaul University ©Mary F. Sandy, 2006 Intro.ppt

2 What is Business Continuity? Business Continuity Components Phase I: Risk Assessment Phase II: Business Impact Analysis Phase III: Select Recovery Strategies Based on RTOs & RPOs Phase IV: Implement Recovery Organization Structure Phase V: Conduct Education & Exercises for Employees Phase VI: Develop Recovery Plans Phase VII: Test, Test,Test!!!!! Phase VIII: Incorporate Changes to Keep Current Contents

3 What is Business Continuity? Process of Ensuring Continuance of a Business if a Disruption Occurs and Includes: Analysis of Criticalities (Business Impact Analysis). Securing Accommodations to Restore People, Processes, and Information Systems. Documenting and Testing Processes, Procedures and Information Systems.

4 Phase I: Risk Assessment Phase II: Business Impact Analysis Business Continuity Components Phase III: Select Recovery Strategies Based on RTOs & RPOs Phase IV: Implement Recovery Organization Structure

5 Business Continuity Components (Contd.) Phase VI: Develop Recovery Plans Phase VIII: Incorporate Changes to Keep Current Phase VII: Test, Test, Test!!!!! Phase V: Conduct Education & Exercises for Employees

6 Phase I: Risk Assessment Identify and Evaluate Risks (such as single electrical feed, exposure to chemical spills, etc.) to an Organization: Those Required for a Company to Continue Operations Each Risk Evaluated for its Probability of Occurring Define Existing Controls to Mitigate Risks Recommend New/Enhanced Controls Evaluate Cost of Controls

7 Phase II: Business Impact Analysis The Process of Analyzing: A Business Functions Tolerance for Loss of Its Daily Activities Resulting From Inaccessibility to Its: Computers Work Areas How This Affects the Viability of the Company.

8 Phase II: Business Impact Analysis (Contd.) Establish Recovery Time Objectives (RTOs) for: Work Areas (Departments) Software Applications and Associated Hardware

9 Recovery Time Objective (RTO) The Amount of Time, Starting When the Disaster is Declared, by Which an Application Needs to be Restored and Ready for Use. Used as Basis for Recovery Strategy RTOs are Developed for: Departments (Work Area Recovery) Functions Software Applications/Hardware Phase II: Business Impact Analysis (Contd.)

10 Dollars Spent* $0 Cold Site/Shell Site Warm Site Quick Ship--Purchase At Time of Disaster (ATOD) Electronic Vaulting Remote Journaling Data Shadowing/Mirroring Standby Processing Fault-Tolerant System Hot Site Redundant Data Center RPO 0 hrs-24 hrs; RTO 0-<3 daysRPO 24 hrs; RTO 3 days-1 month *This chart shows that costs increase for strategies that meet lower RTOs and RPOs and decrease for strategies that accommodate higher RTOs and RPOs. COSTSINCREASECOSTSINCREASE Phase III: Select Recovery Strategies Based on RTOs & RPOs

11 Exhibit 2. High Availability Solutions for Hardware/Software with Recovery Time Objectives (RTOs) <3 Days Criteria Alt #4 Electronic Vaulting Alt #5Remote Journaling Alt #6Data Shadowing/ Mirroring Alt #7 Standby Processing Alt #8Fault- Tolerant Systems Alt #9Hot Site Alt #10Redun- dant Data Center DefinitionElectronically conduct data backups by transmitting data to equipment located in an offsite facility. This is disk to disk backup with critical equipment located at an alternate facility. Changes/updates logged to a database (DB) on a real-time basis since the last full backup. Note: Restore of current journal not immediate since these journal entries are archived & must be incorporated into current dataset prior to restore from backup media. Immediate dupli- cation of data on separate disks that are located remotely which is considered a shadow. The remote facility can be an alternate location owned by the client or at a vendors location. Secondary server in stand- by mode & takes over as primary server when primary server is interrupted. System either located in facility owned by company or by vendor. Systems ability to respond gracefully to hardware or software failure & redirect traffic seamlessly to a device not affected by this failure. Alternate processing site ready for immediate use since it is equipped with all hardware, software & environmental infrastructure. Hot Site is provided by a vendor. A secondary Data Center in an alternate location with the same computer components as the first. May be located in a facility owned by the company or by another company. Is There Any Data Loss? NoNo, but restore not immediate since current files are archived & used together with image copies to recover DB to point of failure. No No. Hardware disks are usually mirrored in the equipment to eliminate any data loss. Depends upon whether one of these High Availability solutions is used to backup data at the hot site. No Phase III: Sample Recovery Strategies Based on RTOs & RPOs (Contd.)

12 Phase IV: Implement Recovery Organization Structure

13 Phase V: Conduct Education & Exercises for Employees Conduct a Business Continuity Week Invite Vendors for Presentations Show Videos Present Company Recovery Plan Make it Fun and Enjoyable If Possible, Have Take-Aways Advertise Use Your Marketing Department to Create Posters Display Posters in Cafeteria, Elevators, etc. Reminders Reeducate As Required

14 Phase VI: Develop Recovery Plans Document Recovery Plans for: Work Areas (Processes) Software and Hardware Document Recovery Plans for the Worst Case Scenario; DO NOT Create Plans for Different Scenarios. (Some exceptions are: Pandemic Plan, Flood Plan, etc.) Reevaluate and Change Plans Two Times Per Year, if They Need Updating Make Copies of Plans and Keep Accessible

15 Phase VI: Develop Recovery Plans (Contd.) At a Minimum, Include the Following in Recovery Plans: Backup Strategy Organization Chart Calling Trees With Telephone Numbers For Technology Plans, DETAILED Instructions for Restoring Software and Hardware Evacuation Alternate Recovery Site Location of Command Center List of Vendors

16 Phase VII: Test, Test, Test!!!! Test all Plans: Work Area Plans Technical Plans Types of Tests Walkthroughs Surprise Tests* Scenario Tests* *Note: These tests include restoration of required hardware and software.

17 Phase VIII: Incorporate Changes to Keep Current Continue to Reevaluate Organization and System Changes Change Strategy as Required Change Recovery Organization as Needed Change Recovery Plans IT IS BEST TO CONSIDER CONTINUITY BEFORE YOU DEVELOP AND/OR IMPLEMENT ANY INFORMATION SYSTEMS!!!!

18 Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.