Presentation is loading. Please wait.

Presentation is loading. Please wait.

Principles of Incident Response and Disaster Recovery Chapter 10 Business Continuity Operations and Maintenance.

Published byEsther Thomas Modified over 8 years ago

Similar presentations

Presentation on theme: "Principles of Incident Response and Disaster Recovery Chapter 10 Business Continuity Operations and Maintenance."— Presentation transcript:

1 Principles of Incident Response and Disaster Recovery Chapter 10 Business Continuity Operations and Maintenance

2 Principles of Incident Response and Disaster Recovery2 Objectives Discuss the details of how a BC plan implementation unfolds Understand the methods used to continuously improve the BC process Describe the steps taken to maintain the BC plan

3 Principles of Incident Response and Disaster Recovery3 Introduction BC plan is implemented when an organization needs to get critical services back in action May take place at an alternate location if the DR plan cannot restore the primary site operations

4 Principles of Incident Response and Disaster Recovery4 Implementing the BC Plan BC plan takes over when it is clear that the organization cannot return to normal operations at the primary site immediately Trigger point (or set point): predetermined state that causes the BC plan implementation to begin Due to high costs, the organization should ensure that the benefits of implementing the BC plan justify its expenses

5 Principles of Incident Response and Disaster Recovery5 Implementing the BC Plan (continued) BC plan implementation involves these steps: –Preparation for BC actions –Relocation to alternate site (first by advance team, then main team, then the rest of the employees) –Establishment of operations –Return to the primary site or new permanent alternate site

6 Principles of Incident Response and Disaster Recovery6 Preparation for BC Actions BC team’s functions will always be generally the same, regardless of the type of disaster: –Prepare to duplicate one or more of the organization’s critical functions at an alternate site Planning and training encompasses the bulk of the preparation activities Entire organization should be prepared for their role in a BC operation

7 Principles of Incident Response and Disaster Recovery7 Preparation for BC Actions (continued) Generally impossible to prepare for all possible contingencies, but a general training program can be developed Command & Control (C&C) functions: –Critical functions that are prepared for alternative deployment –Core administrative functions required to keep the company operational for 90 days BC team should rehearse setting up one or more of the critical functions at an alternate site

8 Principles of Incident Response and Disaster Recovery8 Preparation for BC Actions (continued) C&C functions will likely include at least: –Customer service –IT operations All C&C functions may not be implementable at the same alternate BC site Organization may be able to make changes in normal policies and procedures that will improve the effectiveness of BC preparation Remember that standard procedures for data backup must continue at the alternate site to avoid additional disruptions

9 Principles of Incident Response and Disaster Recovery9 Preparation for BC Actions (continued) Additional preparations may include: –Issuance of P-cards to designated BC team members –Off-site storage of key forms in hard copy Advance preparation pays off in efficiency when the BC plan must be implemented

10 Principles of Incident Response and Disaster Recovery10 Relocation to the Alternate Site First decision: whether essential functions should be started at the alternate site Second decision: which services must be available Next steps: –Advance party is deployed to begin coordinating the move –Key service providers are notified –Rest of the BC team moves to the site –Needed supplies and materials are acquired –Affected employees are relocated and begin work

11 Principles of Incident Response and Disaster Recovery11 Relocation to the Alternate Site (continued) Advance party should include members from each of the BC subteams –Management team: command and control group –Operations team: works to establish core business functions needed to sustain critical business operations –Computer setup (hardware) team: sets up hardware in the alternate location –Systems recovery (OS) team: installs operating systems on hardware

12 Principles of Incident Response and Disaster Recovery12 Relocation to the Alternate Site (continued) Advance party (continued): –Network recovery team: establishes short- and long- term networks, including hardware, wiring, and Internet and intranet connectivity –Applications recovery team: responsible to get internal and external services up and running –Data management team: responsible for data restoration and recovery –Logistics team: provides any needed supplies, materials, food, services, or facilities needed at the alternate site

13 Principles of Incident Response and Disaster Recovery13 Relocation to the Alternate Site (continued) Service providers: –May be notified by the BC service provider or by the BC team –Include water, power, telephone, data services BC team leader must notify HR that the BC plan has been activated Where possible, supplies and equipment should be prepurchased and prepositioned at the alternate site If not possible, the requirements should be predetermined to allow rapid ordering and procurement

14 Principles of Incident Response and Disaster Recovery14 Relocation to the Alternate Site (continued) Staff relocation: –Should be coordinated to occur at the earliest possible point in time –Provide logistics guidance to incoming employees Provide organized check-in procedures to help employees quickly assimilate into the new environment

15 Principles of Incident Response and Disaster Recovery15 Returning to a Primary Site Tasks involved in returning to the primary site include: –Scheduling employee move –Clearing the BC site –Conducting the after-action review (AAR) Easiest scheduling for the move back is over a weekend Data operations should make all normal backups first before relocating

16 Principles of Incident Response and Disaster Recovery16 Returning to a Primary Site (continued) Other activities include: –Disconnecting temporary services –Disassembling equipment –Packaging recovered equipment and supplies –Storage or transportation of recovered equipment and supplies –Clearing the assigned BC space –Returning control to the BC space provider Expect a transition period for employees after the return

17 Principles of Incident Response and Disaster Recovery17 Returning to a Primary Site (continued) Employee issues may include: –Dealing with personal issues caused by a widespread disaster –Need to resume all duties, instead of just the critical functions performed at the BC site –Readjusting to regular management hierarchies –Possible changes in procedures and functions based on lessons learned while at the BC site

18 Principles of Incident Response and Disaster Recovery18 BC After-Action Review After relocation back to the primary site, the BC team must conduct the after-action review (AAR) Each team member should come prepared with notes and suggestions Lessons learned should be incorporated into the BC plan

19 Principles of Incident Response and Disaster Recovery19 Continuous Improvement of the BC Process Change is inevitable, in the marketplace and in a business’s interactions with the marketplace Continuous monitoring and review of the BC processes is required to ensure their effectiveness when needed

20 Principles of Incident Response and Disaster Recovery20 Improving the BC Plan Ever-increasing reliance on information systems and technological infrastructure in business Problem areas in the BC planning process include: –Over-reliance on a BC plan that has not been updated frequently enough –Scope of the BC plan is limited to systems recovery –Faulty prioritization of critical business functions –Lack of formal mechanisms for updating the plan –Lack of executive ownership of the process

21 Principles of Incident Response and Disaster Recovery21 Improving the BC Plan (continued) Problem areas (continued): –Overlooking or under-prioritizing key communications issues –Lack of security considerations for BC operations, leading to greater risk exposure during recovery operations –Failure to plan for public relations during disasters, leading to failure to control public and investor perceptions –Failure to manage the insurance claims process, resulting in delayed or reduced settlements –Failure to adequately evaluate service providers

22 Principles of Incident Response and Disaster Recovery22 Improving the BC Plan (continued) Important points to consider (from Katherine Lucey, Fellow of the Business Continuity Institute): –A BC plan is not a single unified plan; it is a set of specialized plans –Individual default response (IDR) should be coded into the plan by name and on individual wallet cards –Use an automated notification system because human calling trees are not reliable –Keep detailed reference information off-site and out of the plan –The best recovery is one that does not have to happen: identify and eliminate as many risks as possible

23 Principles of Incident Response and Disaster Recovery23 Improving the BC Plan (continued) Important points to consider (continued): –Start planning with the most likely types of interruptions, and then work up to the worst case scenario –Hire a BC specialist to help develop your plan

24 Principles of Incident Response and Disaster Recovery24 Improving the BC Staff Provide training and encourage professionalism in the BC team members Include both managerial and technical training, as well as formal BCP training Training choices include: –Continuing education classes –Private professional training institutes –National conferences

25 Principles of Incident Response and Disaster Recovery25 Improving the BC Staff (continued)

26 Principles of Incident Response and Disaster Recovery26 Improving the BC Staff (continued) Consider attaining BC professional certification Currently there are two dominant professional institutions that certify business continuity professionals: –Business Continuity Institute (BCI) –DRI International (DRII)

27 Principles of Incident Response and Disaster Recovery27 Improving the BC Staff (continued)

28 Principles of Incident Response and Disaster Recovery28 Improving the BC Staff (continued)

29 Principles of Incident Response and Disaster Recovery29 Maintaining the BC Plan BC plan requires a formal maintenance and update strategy Formal review should occur at least annually If the organization is in a very dynamic environment, the plan should be reviewed more frequently

30 Principles of Incident Response and Disaster Recovery30 The Periodic BC Review BC review serves the following purposes: –A refresher on the contents of the plan –An assessment of the suitability of the plan –An opportunity to reconcile BC activities with other regulatory activities –An opportunity to make needed minor changes that have been documented but not implemented since the last form review All suggestions for improvement should go through a formal review before incorporation into the plan

31 Principles of Incident Response and Disaster Recovery31 BC Plan Archivist One individual should be responsible for the maintenance of the BC document, including: –Incorporating approved revisions –Redistribution of the revised plan –Collection and secure destruction of previous versions

32 Principles of Incident Response and Disaster Recovery32 Summary Implementation of the BC plan occurs when the organization realizes it cannot resume essential operations at the primary site Implementation includes preparations for BC actions, relocating to the alternate site, establishing operations, and returning to the primary site All employees should minimally receive generalized training for BC activities Advance party should include representative of each of the major BC subteams

33 Principles of Incident Response and Disaster Recovery33 Summary (continued) Supplies and equipment must be procured for the alternate site before relocating employees Final event at the alternate site is the relocation back to the primary site After relocation back to primary site, the BC team should conduct the after-action review (AAR) BC plan maintenance is an on-going process BC team members should receive BC training Certification of BC team members should be considered

Download ppt "Principles of Incident Response and Disaster Recovery Chapter 10 Business Continuity Operations and Maintenance."

Similar presentations

Business Continuity Training & Awareness by Sulia Toutai (ANZ)

Business Continuity Training & Awareness by Sulia Toutai (ANZ)
Planning for the Future Disaster Recovery Plan / Business Continuity Plan Jim Zukowski, Ed.D. Texas State Board of Dental Examiners 2006 Annual ConferenceAlexandria,

Planning for the Future Disaster Recovery Plan / Business Continuity Plan Jim Zukowski, Ed.D. Texas State Board of Dental Examiners 2006 Annual ConferenceAlexandria,
Disaster Preparedness I Lessons Learned Don Hall Thomson Prometric 2006 Annual ConferenceAlexandria, Virginia Council on Licensure, Enforcement and Regulation.

Disaster Preparedness I Lessons Learned Don Hall Thomson Prometric 2006 Annual ConferenceAlexandria, Virginia Council on Licensure, Enforcement and Regulation.
Join the conference call by dialing the conference number in your Invitation or Reminder Emails. Please put your phone on mute. Please stand by! The webinar.

Join the conference call by dialing the conference number in your Invitation or Reminder s. Please put your phone on mute. Please stand by! The webinar.
Continuity of Operations (COOP) Planning McDonnell A Tuesday 1:30 – 2:45 Emergency Preparedness 101: Personal, Organizational, and Community Don Sheldrew.

Continuity of Operations (COOP) Planning McDonnell A Tuesday 1:30 – 2:45 Emergency Preparedness 101: Personal, Organizational, and Community Don Sheldrew.
Principles of Incident Response and Disaster Recovery

Principles of Incident Response and Disaster Recovery
Unit 8: Tests, Training, and Exercises Unit Introduction and Overview Unit objectives:  Define and explain the terms tests, training, and exercises. 

Unit 8: Tests, Training, and Exercises Unit Introduction and Overview Unit objectives:  Define and explain the terms tests, training, and exercises. 
TEL382 Greene Chapter 11. 10/27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.

TEL382 Greene Chapter /27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FIVE INFRASTRUCTURES: SUSTAINABLE TECHNOLOGIES CHAPTER.

Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FIVE INFRASTRUCTURES: SUSTAINABLE TECHNOLOGIES CHAPTER.
Disaster Recovery and Business Continuity Ensuring Member Service in Times of Crisis.

Disaster Recovery and Business Continuity Ensuring Member Service in Times of Crisis.
Disaster Recovery Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.

Disaster Recovery Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.
John Graham – STRATEGIC Information Group Steve Lamb - QAD Disaster Recovery Planning MMUG Spring 2013 March 19, 2013 Cleveland, OH 03/19/2013MMUG Cleveland.

John Graham – STRATEGIC Information Group Steve Lamb - QAD Disaster Recovery Planning MMUG Spring 2013 March 19, 2013 Cleveland, OH 03/19/2013MMUG Cleveland.
Business Crisis and Continuity Management (BCCM) Class Session 15 15 - 1.

Business Crisis and Continuity Management (BCCM) Class Session
Services Tailored Around You® Business Contingency Planning Overview July 2013.

Services Tailored Around You® Business Contingency Planning Overview July 2013.
1 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Reducing your Risk Profile MIDWEST DATA RECOVERY INC.

1 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Reducing your Risk Profile MIDWEST DATA RECOVERY INC.
Unit Introduction and Overview

Unit Introduction and Overview
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Disaster Recovery, Business Continuity, and Organizational Policies.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Disaster Recovery, Business Continuity, and Organizational Policies.
RBTC: Business Continuity 101 July 18, 2013. What is Business Continuity? Scenario Part 1 Why is BC important? What types of plans are needed? How do.

RBTC: Business Continuity 101 July 18, What is Business Continuity? Scenario Part 1 Why is BC important? What types of plans are needed? How do.
PMP® Exam Preparation Course

PMP® Exam Preparation Course

Similar presentations

Ads by Google