Business Continuity. Business continuity... “Drive thy business or it will drive thee.” —Benjamin Franklin (1706-1790), American entrepreneur, statesman,

Slides:



Advertisements
Similar presentations
Museum Presentation Intermuseum Conservation Association.
Advertisements

Business Continuity Training & Awareness by Sulia Toutai (ANZ)
Business Plug-In B4 MIS Infrastructures.
Business Continuity Section 3(chapter 8) BC:ISMDR:BEIT:VIII:chap8:Madhu N PIIT1.
DISASTER CENTER Study Case DEMIRBANK ROMANIA “Piata Financiara” ConferenceJanuary 29, 2002 C 2002.
JOELLE QUIAPO FOLA OYEDIRAN GREG SWENSON SUKHI BEDI CHENYU GONG Disaster Recovery and Business Continuity Planning: Testing an Organization’s Plans What.
1 Continuity Planning for transportation agencies.
GLOBRIN Business Continuity Workshop TECHNOLOGY & INFORMATION 13 th November 2013 Graham Jack.
© 2009 EMC Corporation. All rights reserved. Introduction to Business Continuity Module 3.1.
Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP)
Business Continuity Planning and Disaster Recovery Planning
Principles of Incident Response and Disaster Recovery
Pertemuan 20 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
TEL382 Greene Chapter /27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.
Business Services Emergency Preparedness. Agenda Emergencies Emergencies Business Continuation Business Continuation University Plan University Plan Building.
Concepts of Database Management Seventh Edition
Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FIVE INFRASTRUCTURES: SUSTAINABLE TECHNOLOGIES CHAPTER.
CHAPTER FIVE INFRASTRUCTURES SUSTAINABLE TECHNOLOGIES CHAPTER FIVE INFRASTRUCTURES SUSTAINABLE TECHNOLOGIES Copyright © 2015 McGraw-Hill Education. All.
Disaster Recovery and Business Continuity Ensuring Member Service in Times of Crisis.
John Graham – STRATEGIC Information Group Steve Lamb - QAD Disaster Recovery Planning MMUG Spring 2013 March 19, 2013 Cleveland, OH 03/19/2013MMUG Cleveland.
CHAPTER OVERVIEW SECTION 5.1 – MIS INFRASTRUCTURE
Business Crisis and Continuity Management (BCCM) Class Session
November 2009 Network Disaster Recovery October 2014.
Care Home Forum 19 th May 2015 Sarah Chittock – Merton Civil Contingencies Officer Taryn Milton – Emergency Planning Manager – Epsom St. Helier.
Discovery Planning steps (1)
Business Continuity and Disaster Recovery Chapter 8 Part 2 Pages 914 to 945.
Module 3 Develop the Plan Planning for Emergencies – For Small Business –
CHAPTER FIVE INFRASTRUCTURES SUSTAINABLE TECHNOLOGIES
CHAPTER FIVE INFRASTRUCTURES: SUSTAINABLE TECHNOLOGIES
Making Business Continuity Child’s Play Solutions Ltd Business Continuity Management Contact details: Contact : Mick O’Regan Mobile :
Concepts of Database Management Sixth Edition
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
HBCU National Workshop June 24, 2011 Disaster Recovery Reggie Brinson Assoc. VP/Chief Information Officer Clark Atlanta University.
ISA 562 Internet Security Theory & Practice
Incident Management By Marc-André Léger DESS, MASc, PHD(candidate) Winter 2008.
David N. Wozei Systems Administrator, IT Auditor.
Rich Archer Partner, Risk Advisory Services KPMG LLP Auditing Business Continuity Plans.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Business Continuity & Disaster recovery
C ONNECTING FOR A R ESILIENT A MERICA Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP) Skip Breeden.
Important points and activities.  The objective is to secure life, property, information in the event of a disaster and to facilitate business continuity.
By Srosh Abdali.  Disaster recovery is the process, policies and procedures related to preparing for recovery or continuation of technology infrastructure.
©2006 Merge eMed. All Rights Reserved. Energize Your Workflow 2006 User Group Meeting May 7-9, 2006 Disaster Recovery Michael Leonard.
Business Continuity and Disaster Recovery Planning.
Disaster Recovery and Business Continuity Planning.
INFORMATION SECURITY MANAGEMENT L ECTURE 3: P LANNING FOR C ONTINGENCIES You got to be careful if you don’t know where you’re going, because you might.
E.Soundararajan R.Baskaran & M.Sai Baba Indira Gandhi Centre for Atomic Research, Kalpakkam.
INFORMATION SECURITY MANAGEMENT L ECTURE 3: P LANNING FOR C ONTINGENCIES You got to be careful if you don’t know where you’re going, because you might.
Phases of BCP The BCP process can be divided into the following life cycle phases: Creation of a business continuity and disaster recovery policy. Business.
Chapter 16 Presented By: Stephen Lambert Disaster Recovery and Business Continuity.
Erman Taşkın. Information security aspects of business continuity management Objective: To counteract interruptions to business activities and to protect.
Business Continuity Disaster Planning
CBIZ RISK & ADVISORY SERVICES BUSINESS CONTINUITY PLANNING Developing a Readiness Strategy that Mitigates Risk and is Actionable and Easy to Implement.
Disaster Recovery Planning Barry Navarre Charter Business.
Introduction to Business continuity Planning 6/9/2016 Business Continuity Planning 1.
Disaster Recovery Planning (DRP) DRP: The definition of business processes, their infrastructure supports and tolerances to interruptions, and formulation.
AUDITING BUSINESS CONTINUITY PROGRAMS AND PLANS What to Look For Presented by: Tommye White, CBCP, DRP Chuck Walts, CBCP, CRP.
Disaster Recovery Management By: Chris Rozic COSC 481.
Business Continuity Steven S. Keleman, CPM. Emergency Management Prevention Response Preparation Mitigation Recovery.
THINK DIFFERENT. THINK SUCCESS.
CompTIA Security+ Study Guide (SY0-401)
MANAGEMENT of INFORMATION SECURITY, Fifth Edition
It’s all about the dpisd dr plan
Audit Planning Presentation - Disaster Recovery Plan
Disaster Recovery at UNC
Barton Financial Aid Office Business Continuity Plan
Business Continuity Program Overview
The Survival Plan.
Presentation transcript:

Business Continuity

Business continuity... “Drive thy business or it will drive thee.” —Benjamin Franklin ( ), American entrepreneur, statesman, scientist and philosopher “It is your business when the wall next door catches fire.” —Horatius (65-8 BC), Roman poet

What is a Disaster? Any unplanned event that requires immediate redeployment of limited resources Natural Forces Fire Environmental Hazards Flood / Water Damage Extreme Weather Technical Failure Power Outage Equipment Failure Network Failure Software Failure Human Interference Criminal Act Human Error Loss of Users Explosions Sample Disasters

What is a Disaster Recovery Plan? A management document for how and when to utilize resources needed to maintain selected functions when disrupted by agreed upon incidents

business continuity plan: documented procedures that guide organizations to respond, recover, resume, and restore to a pre-defined level of operation following disruption disaster recovery plan: clearly defined and documented plan which recovers ICT capabilities when a disruption occurs business impact analysis (BIA): process of analysing business functions and the effect that a business disruption might have upon them

The Auditor’s Role in ReviewingBusiness Continuity Planning, Ravi Muthukrishnan –While a BCP refers to the activities required to keep the organisation running during a period of displacement or interruption of normal operation, a disaster recovery plan (DRP) is the process of rebuilding the operations or infrastructure after the disaster has passed. –A DRP is a key component of a BCP, and refers to the technological aspect of a BCP—the advanced planning and preparations necessary to minimise loss and ensure continuity of critical business functions in the event of a disaster. A DRP comprises consistent actions to be undertaken prior to, during and subsequent to a disaster.

–Terms and definitions maximum tolerable period of disruption: duration after which an organization’s viability will be irrevocably threatened if product and service delivery cannot be resumed recovery time objective: period of time within which minimum levels of services and/or products and the supporting systems, applications, or functions must be recovered after a disruption has occurred recovery point objective: point in time to which data must be recovered after a disruption has occurred

Avoidance Strategy Redundant configuration to avoid incidents Site harden facilities to resist incidents Redundant utilities and hardware Automated operation recovery plan Mitigation Strategy Early warning detection Contractual agreements with vendors Mirrored data and documents Detailed migration recovery plan Recovery Strategy High level recovery plan Off-site data storage Very responsive vendor relationships Very knowledgeable employees Types of Strategy Options Hot site Cold site Self Backup Service Bureau Reciprocal Agreement Types of Strategies

Timing Requirements Minutes Hours Days Weeks Quarters Special Situations Criteria for a Critical Business Function Cost of Impact $ Impact Cost Cost of Control $ Cost of Control vs. Impact

Replication Failover Site Migration Wide Area Clustering

Audit Program/ICQ Get Preliminary Information Procedure Step: Policies Details/Test: Determine and obtain copies of all applicable policies for disaster recovery and business continuity, if any. Procedure Step: Get Applicable Documentation Details/Test: Obtain a copy of the organization's disaster recovery plan. Obtain a list of implementation team members list. Obtain a current copy of the organization chart. Obtain current inventory list. Obtain a copy of agreements relating to use of backup facilities. Procedure Step: Control Questionnaire Objective: To verify that the disaster recovery plan is adequate to insure resumption of computer systems in a timely manner during adverse circumstances, is in line with the current business continuation plan, and reflects the current business operating environment.

Details/Test: Is there a disaster recovery plan? If a plan exists, when was it last updated? What are your procedures for updating the plan? Who is responsible for administration or coordination of the plan? Is the plan administrator/coordinator responsible for keeping the plan up-to-date? Is there a disaster recovery implementation team (i.e., the first response team members who will react to the emergency with immediate action steps)? Where is the disaster recovery plan stored? (Verify that key team members have copies of the plan at home as well as at the office). Where are the implementation team contacts list stored? (Suggest each key team member should have contact names and addresses of all other key team members both on his person and at home, as well as in the office - contact numbers should include home and mobile as well as office number) Where is the backup facility site? Are there alternate sites? (Be suspicious of loose arrangements with local businesses!) What is your schedule for testing and training on the plan? When was the last drill performed? (Consider the adequacy of the test - a “desk test” is unlikely to reveal many potential problems) Did the drill include use of the backup facilities? If not, when were the backup facilities last used? If over 1 year, how has the organization determined that its programs can still run on the backup equipment? What was the outcome of the drill? How did it improve preparedness? What critical systems are covered by the plan? Does the plan clearly indicate priorities for system restoration, based on risk to the business in particular? Does the plan allow for the restoration within pre-determined “business critical” time frames? (I.e. If certain systems are down for longer than a predetermined time, restoration after this time may be useless if the business has already gone under.)

Details/Test (continued): Does the plan indicate the operational requirements for each of the systems? What systems are not covered by the plan? Why not? What equipment is not covered by the plan? Why not? Does the plan operate under any assumptions? What are they? What are the procedures for activation of the plan? Are inventories as they relate to your critical systems kept (including LAN servers and communication devices)? (Critically, are the procedures and practices for keeping them up to date sufficient?) If inventories are kept, where are they stored? Are there formal procedures that specify backup procedures and responsibilities? What functions/systems/components are covered under such procedures? What training has been given to personnel in using backup equipment and established procedures? Where is the off-site storage site? Are the responsibilities for each team documented? Are the restoration procedures documented? Does the documentation for each system to be recovered indicate the process flow and as well as the equipment that will be recovered? (i.e. for an application that makes use of desktop equipment for data entry and client server equipment for storage this should all be documented along with the software that will be required.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.