Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 The Basics of Business Continuity Presented by Mary F. Sandy, CBCP Business Continuity/Disaster Recovery Class DePaul University ©Mary F. Sandy, 2006.

Published byCody Thomas Modified over 10 years ago

Similar presentations

Presentation on theme: "1 The Basics of Business Continuity Presented by Mary F. Sandy, CBCP Business Continuity/Disaster Recovery Class DePaul University ©Mary F. Sandy, 2006."— Presentation transcript:

1 1 The Basics of Business Continuity Presented by Mary F. Sandy, CBCP Business Continuity/Disaster Recovery Class DePaul University ©Mary F. Sandy, 2006 Intro.ppt

2 2 What is Business Continuity? Business Continuity Components Phase I: Risk Assessment Phase II: Business Impact Analysis Phase III: Select Recovery Strategies Based on RTOs & RPOs Phase IV: Implement Recovery Organization Structure Phase V: Conduct Education & Exercises for Employees Phase VI: Develop Recovery Plans Phase VII: Test, Test,Test!!!!! Phase VIII: Incorporate Changes to Keep Current Contents

3 3 What is Business Continuity? Process of Ensuring Continuance of a Business if a Disruption Occurs and Includes: Analysis of Criticalities (Business Impact Analysis). Securing Accommodations to Restore People, Processes, and Information Systems. Documenting and Testing Processes, Procedures and Information Systems.

4 4 Phase I: Risk Assessment Phase II: Business Impact Analysis Business Continuity Components Phase III: Select Recovery Strategies Based on RTOs & RPOs Phase IV: Implement Recovery Organization Structure

5 5 Business Continuity Components (Contd.) Phase VI: Develop Recovery Plans Phase VIII: Incorporate Changes to Keep Current Phase VII: Test, Test, Test!!!!! Phase V: Conduct Education & Exercises for Employees

6 6 Phase I: Risk Assessment Identify and Evaluate Risks (such as single electrical feed, exposure to chemical spills, etc.) to an Organization: Those Required for a Company to Continue Operations Each Risk Evaluated for its Probability of Occurring Define Existing Controls to Mitigate Risks Recommend New/Enhanced Controls Evaluate Cost of Controls

7 7 Phase II: Business Impact Analysis The Process of Analyzing: A Business Functions Tolerance for Loss of Its Daily Activities Resulting From Inaccessibility to Its: Computers Work Areas How This Affects the Viability of the Company.

8 8 Phase II: Business Impact Analysis (Contd.) Establish Recovery Time Objectives (RTOs) for: Work Areas (Departments) Software Applications and Associated Hardware

9 9 Recovery Time Objective (RTO) The Amount of Time, Starting When the Disaster is Declared, by Which an Application Needs to be Restored and Ready for Use. Used as Basis for Recovery Strategy RTOs are Developed for: Departments (Work Area Recovery) Functions Software Applications/Hardware Phase II: Business Impact Analysis (Contd.)

10 10 Dollars Spent* $0 Cold Site/Shell Site Warm Site Quick Ship--Purchase At Time of Disaster (ATOD) Electronic Vaulting Remote Journaling Data Shadowing/Mirroring Standby Processing Fault-Tolerant System Hot Site Redundant Data Center RPO 0 hrs-24 hrs; RTO 0-<3 daysRPO 24 hrs; RTO 3 days-1 month *This chart shows that costs increase for strategies that meet lower RTOs and RPOs and decrease for strategies that accommodate higher RTOs and RPOs. COSTSINCREASECOSTSINCREASE Phase III: Select Recovery Strategies Based on RTOs & RPOs

11 11 Exhibit 2. High Availability Solutions for Hardware/Software with Recovery Time Objectives (RTOs) <3 Days Criteria Alt #4 Electronic Vaulting Alt #5Remote Journaling Alt #6Data Shadowing/ Mirroring Alt #7 Standby Processing Alt #8Fault- Tolerant Systems Alt #9Hot Site Alt #10Redun- dant Data Center DefinitionElectronically conduct data backups by transmitting data to equipment located in an offsite facility. This is disk to disk backup with critical equipment located at an alternate facility. Changes/updates logged to a database (DB) on a real-time basis since the last full backup. Note: Restore of current journal not immediate since these journal entries are archived & must be incorporated into current dataset prior to restore from backup media. Immediate dupli- cation of data on separate disks that are located remotely which is considered a shadow. The remote facility can be an alternate location owned by the client or at a vendors location. Secondary server in stand- by mode & takes over as primary server when primary server is interrupted. System either located in facility owned by company or by vendor. Systems ability to respond gracefully to hardware or software failure & redirect traffic seamlessly to a device not affected by this failure. Alternate processing site ready for immediate use since it is equipped with all hardware, software & environmental infrastructure. Hot Site is provided by a vendor. A secondary Data Center in an alternate location with the same computer components as the first. May be located in a facility owned by the company or by another company. Is There Any Data Loss? NoNo, but restore not immediate since current files are archived & used together with image copies to recover DB to point of failure. No No. Hardware disks are usually mirrored in the equipment to eliminate any data loss. Depends upon whether one of these High Availability solutions is used to backup data at the hot site. No Phase III: Sample Recovery Strategies Based on RTOs & RPOs (Contd.)

12 12 Phase IV: Implement Recovery Organization Structure

13 13 Phase V: Conduct Education & Exercises for Employees Conduct a Business Continuity Week Invite Vendors for Presentations Show Videos Present Company Recovery Plan Make it Fun and Enjoyable If Possible, Have Take-Aways Advertise Use Your Marketing Department to Create Posters Display Posters in Cafeteria, Elevators, etc. Email Reminders Reeducate As Required

14 14 Phase VI: Develop Recovery Plans Document Recovery Plans for: Work Areas (Processes) Software and Hardware Document Recovery Plans for the Worst Case Scenario; DO NOT Create Plans for Different Scenarios. (Some exceptions are: Pandemic Plan, Flood Plan, etc.) Reevaluate and Change Plans Two Times Per Year, if They Need Updating Make Copies of Plans and Keep Accessible

15 15 Phase VI: Develop Recovery Plans (Contd.) At a Minimum, Include the Following in Recovery Plans: Backup Strategy Organization Chart Calling Trees With Telephone Numbers For Technology Plans, DETAILED Instructions for Restoring Software and Hardware Evacuation Alternate Recovery Site Location of Command Center List of Vendors

16 16 Phase VII: Test, Test, Test!!!! Test all Plans: Work Area Plans Technical Plans Types of Tests Walkthroughs Surprise Tests* Scenario Tests* *Note: These tests include restoration of required hardware and software.

17 17 Phase VIII: Incorporate Changes to Keep Current Continue to Reevaluate Organization and System Changes Change Strategy as Required Change Recovery Organization as Needed Change Recovery Plans IT IS BEST TO CONSIDER CONTINUITY BEFORE YOU DEVELOP AND/OR IMPLEMENT ANY INFORMATION SYSTEMS!!!!

18 18 Questions?

Download ppt "1 The Basics of Business Continuity Presented by Mary F. Sandy, CBCP Business Continuity/Disaster Recovery Class DePaul University ©Mary F. Sandy, 2006."

Similar presentations

IT Service Continuity Management

IT Service Continuity Management
Museum Presentation Intermuseum Conservation Association.

Museum Presentation Intermuseum Conservation Association.
Security and Control Soetam Rizky. Why Systems Are Vulnerable ?

Security and Control Soetam Rizky. Why Systems Are Vulnerable ?
Information Technology Disaster Recovery Awareness Program.

Information Technology Disaster Recovery Awareness Program.
Creating a Data Disaster Recovery Plan. What is a DR Plan? Is your best solution to: Continuous business services Prompt and smooth recovery Prepare for.

Creating a Data Disaster Recovery Plan. What is a DR Plan? Is your best solution to: Continuous business services Prompt and smooth recovery Prepare for.
OCHA UGANDA TESO FLOODS LESSONS LEARNT July-December 2007.

OCHA UGANDA TESO FLOODS LESSONS LEARNT July-December 2007.
Business Continuity and Disaster Recovery Planning.

Business Continuity and Disaster Recovery Planning.
1 The process of analyzing all core business functions and establishing an optimized timetable for recovery. Provides baseline for:  Justification for.

1 The process of analyzing all core business functions and establishing an optimized timetable for recovery. Provides baseline for:  Justification for.
Maximizing Uptime and Your Firm's Bottom Line: Understanding risk and budget when evaluating business continuity & disaster recovery protocols Michael.

Maximizing Uptime and Your Firm's Bottom Line: Understanding risk and budget when evaluating business continuity & disaster recovery protocols Michael.
Business continuity Disaster Recovery RESILIENCE PLANNING Incident Mgt. COOP Crisis Mgt. preparedness management EMERGENCY MGT. I NCIDENT R ESPONSE C ONTINGENCY.

Business continuity Disaster Recovery RESILIENCE PLANNING Incident Mgt. COOP Crisis Mgt. preparedness management EMERGENCY MGT. I NCIDENT R ESPONSE C ONTINGENCY.
1 Disaster Recovery “Protecting City Data” Ron Bergman First Deputy Commissioner Gregory Neuhaus Assistant Commissioner THE CITY OF NEW YORK.

1 Disaster Recovery “Protecting City Data” Ron Bergman First Deputy Commissioner Gregory Neuhaus Assistant Commissioner THE CITY OF NEW YORK.
Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Disaster Recovery in IT David Irakiza CSC 585-High Availability and Performance Computing 2012.

Disaster Recovery in IT David Irakiza CSC 585-High Availability and Performance Computing 2012.
Disaster Prevention and Recovery Presented By: Sean Snodgrass and Theodore Smith.

Disaster Prevention and Recovery Presented By: Sean Snodgrass and Theodore Smith.
Planning for Contingencies

Planning for Contingencies
Disaster Recovery and Business Continuity Ensuring Member Service in Times of Crisis.

Disaster Recovery and Business Continuity Ensuring Member Service in Times of Crisis.
Saving Your Business from a Data Loss Randy Clark.

Saving Your Business from a Data Loss Randy Clark.
Business Continuity & Disaster Recovery Planning at The Chicago Board of Trade Presented By: Bryan Durkin Sr. Vice President The Chicago Board of Trade.

Business Continuity & Disaster Recovery Planning at The Chicago Board of Trade Presented By: Bryan Durkin Sr. Vice President The Chicago Board of Trade.
By Jeff Fetherolf. Business Impact Analysis (BIA) A process of having the business process owners, business subject matter experts, etc. identify the.

By Jeff Fetherolf. Business Impact Analysis (BIA) A process of having the business process owners, business subject matter experts, etc. identify the.

Similar presentations

Ads by Google