TEL382 Greene Chapter 11. 10/27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.
Published byModified over 6 years ago
Presentation on theme: "TEL382 Greene Chapter 11. 10/27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For."— Presentation transcript:
10/27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For Disaster Responding to a Disaster Planning For Contingencies Recovering From Disaster Testing and Maintaining the Plan
10/27/09 3 What is a Disaster? A disruption of normal business functions where the expected time for returning to normalcy would impact the organization’s ability to maintain operations, including customer commitments and regulatory compliance Steps: –Determine Threats, Perform Business Impact Analysis (BIA), Determine Safeguards BIA provides direction and guidance to those who plan the response, recovery and continuity efforts
10/27/09 4 Disaster Strikes Without Warning Must have a written plan! Business Continuity Plan (BCP) should have: –Disaster Preparation : to be done in anticipation –Disaster Response: to be done immediately following incident –Business Contingency: alternate business processes prior to full recovery –Business Recovery: recovering information systems to their original state
10/27/09 5 Understanding Roles and Responsibilities Senior Management Leadership BCP Team Operational Management defines needs of department IT Department HR Department Internal Audit Department BCP Team Responsibilities: –Assessing damage, declaring a disaster, managing response, providing leadership, provide post-disaster assessment, plan impact analysis when changes made, testing plan, reviewing plan with management
10/27/09 6 Preparing For Disaster Predefined key elements: –Establish organizational structure to respond: chain of command and succession –Designate Emergency Command Center: Location where BCP Team meets and directs operations –Prepare Notification Procedures: Call trees, cell phones –Design Alternate Operations Sites: Delivery (product to customer) and Operational (HR, accounting, security, etc.) functions –Invest in redundant infrastructure: Hot Sites, Warm Sites, Cold Sites, Mobile Sites –Develop and implement procedures to support response, recovery and continuity activities
10/27/09 7 Responding to a Disaster Four Stages of Disaster Notification –Detection: Whoever first discovers it –Notification: Notify BCP Team –Declaration: BCP Team evaluates the situation and activates the plan –Activation: BCP Team Leader (or alternate) Non-operational Business Concerns to be addressed before disaster: –Public Safety: Who, how, when, etc –Employee Relations: Show up to work, where, when, how, etc. –Media Relations: Single media focal point –Customer Relations: Who, how, what, etc. –Crime:
10/27/09 8 Planning For Contingencies Contingency Operations Established at Main Site or Alternate Location Develop Business Contingency Operating Procedures (BCOP)
10/27/09 9 Recovering From Disaster Break Down into categories: –Mainframe, Network, Communications Detailed Procedures Need to be Developed and Documented Before Needed –What needs to be done, where it needs to be done, how it needs to be done Recovery Manuals on specific systems and/or devices
10/27/09 10 Testing and Maintaining the Plan Plans and Procedures are only theoretical until tested Must be accurate, relevant and operable under adverse conditions 5 Standard Testing Techniques: –Preliminary Review, Structured Walkthrough, Tabletop Simulation, Parallel Testing, Full-Scale Testing Must revisit plan frequently to take into account changes Should have SLAs with Major Vendors Some Regulated Industries MUST Audit Plan
10/27/09 12 Outline Introduction Initiating the Project Contingency Planning Coordinator Scope of the Project Adequate Funding Selecting a Team Planning the Project Executing and Controlling Closing the Project
10/27/09 13 Introduction Building a BCP is like any other business project In developing a BCP, the early stages must be done sequentially. After a certain point, then many tasks can be done in parallel Typical Steps: –Management Decision –Contingency Plan Coordinator (CPC) is selected –Sponsor and CPC define effort Scope –CPC selects Team –CPC and Team develop Project Plan –Project Plan is Executed –Reports Produced and CPC closes Project
10/27/09 14 Initiating the Project Sponsor from Senior Management Selection of CPC
10/27/09 15 Contingency Planning Coordinator Public announcement May begin by using an Outside Consultant Tasking begins as plan developer, evolves to plan implementer, then plan maintainer
10/27/09 16 Scope of the Project Defines boundaries of what will be accomplished A guideline: –Any event that would cost >5% of quarterly revenues merits its own plan Build slowly and systematically Written Scope Statement Focus on Critical Business Functions and the Processes that Support Them Most Plans can be developed within 6 Months
10/27/09 17 Adequate Funding Indicates Management Commitment Project Budget Items: –BCP Training for CPC and some Team Members –Consultant –Overtime Expenses –Temporary Administrative Help –Food/Beverages –Bonuses/Trinkets, etc.
10/27/09 18 Selecting a Team Identify Stakeholders Core Team (CPC, Assistant, Administrative Assistant) Other Team Members: –Building Maintenance or Facilities Manager –Facility Safety and Security –Labor Union Representative –HR –Line Management –Community Relations –Public Information Officer –Sales and Marketing –Finance and Purchasing –Legal Use Standard Tools Initial Training Knowledge of Department Processes Team Meetings
10/27/09 19 Planning the Project Identify Activities –Write Paragraph on Each Task, Document Assumptions and Constraints Estimate How Long Each Will Take Decide Who Should Do What Sequence the Tasks Into a Logical Work Flow –Assign Start Dates Look for Problems in Plan –Resource Overobligation, Availability, etc.
10/27/09 20 Planning the Project Common Problems –CPC lacks experience –Lack of Management Support –Inadequate Funding –Too Many Locations –Too Many Departments –Business Interruptions –Not Enough Time
10/27/09 21 Executing and Controlling Scope Verification Communications Plan –Mandatory, Informational, Marketing Controlling –Change –Scope –Cost –Quality –Performance Reporting –Risk Response Plan Testing
10/27/09 22 Closing the Project Turn Files over to Administrator Report Results to Management Identify Known Exposures Thank the Team