In partnership withBusiness Continuity & Disaster RecoveryStrategies for Success
About Action Point Established 8 Years - 2005 to 2013 Average growth rate of 48% per Year 30 Employees First Dell Certified Partner in Ireland Overall Winner in Limerick County Enterprise Awards 2011 Winner Best SME Award Midwest 2011 Winner Best Technology Business Award Midwest 2012
Business Continuity ManagementThe Cost of DowntimeSpeaker: Michael O’ReganABC SolutionsMichael O’Regan established Absolute Business ContinuitySolutions Ltd in 2005 and has over 10 years’ experience inbusiness continuity planning. ABC Solution’s primary functionis to aid small to medium enterprises in establishing businesscontinuity arrangements to enable them to weather anyincidents that may occur.
Business Continuity ManagementAgenda: Business Continuity Overview Business Continuity Plans – Key Contents Business Continuity Planning – IT Relationship
What is the Business requirement? To provide the service, ideally 100% of thetime, in a timely manner, to an acceptablelevel – may be defined in contract/SLA Stated another way – to reduce the risk ofservice interruption to an acceptable level If an incident occurs to be able to recover asquickly as possible with as little disruption tothe service as possible
What is Business Continuity Management (BCM)?BCM is about ensuring that your Businessprepares a plan to handle a serious incident.During this process you can identify ways toreduce the risk of an incident happening andminimise the impact if it does happen.If an incident occurs key staff should betrained to handle the situation through testingand exercising which will enable your businessto continue to function to the agreed levelwith the least disruption possible.
Drivers for Business Continuity ManagementKey Stakeholders: Customers/Clients Regulator – Financial Regulator Insurance Company Staff IT providers
Categories of Operational Risk Environmental Disasters – Fire, Floods Organized or Deliberate Disruptions – Labour dispute, Fraud Loss of Utilities or Services – Power, water, waste, phones Equipment or System Failure – Internal Power; Air Conditioning Serious Information Security Incidents – Laptop stolen;Disclosure of sensitive files; IT systems failure Other Emergency Situations – Negative publicity;Mergers & Acquisitions
Cork suburb badly hit by overnight floodingMarch 2013
June 2012 - Ulster Bankpayment problems to persistuntil the end of the week
Exercise/tests vital to successBlue Light Services (Fire brigade, Gardai, Ambulance)carry out regular training exercises – this is why theyare prepared for the real thing!
BCP Plan contents List of critical activities IT dependencies Alternative work area requirements Contact details – Staff, Clients etc. Incident Management details Testing/Exercising BCP Policy BCP Support infrastructure
BCM process overviewBackup &Recovery StrategyRecovery ActivitiesIncidentID Recovery Teams Emergency Disaster Recovery Business RecoveryRisk AnalysisThreat => Probability & ImpactID Controls – in place; required(Reduce risk to acceptable level)
Key output from BCM processIdentify Mission Critical Activities (MCA)Identify key InputsOutputs,Key Suppliers; DocumentsIdentify Maximum Tolerable Outage (MTO)and Minimum Essential Service (MES)Define the:Recovery Point Objectives (RPO)to what point in time you need to recover the MCARecovery Time Objectives (RTO)how quickly you need to recover the MCA
Recovery Management ObjectivesDefine RTO and RPOBackup to DiskReplicationRPO RTOWks Days Mins SecsHrs WksDaysMinsSecs HrsTape Backupwith Offsite StorageFail-Over/ReplicationBackup to DiskHow much data loss canyour business endure?Lost transactions = Lost businessHow much downtime canyour business endure?Time is moneyRecovery from Tape
Testing/ExercisesNeeds to consider different scenarios… Fire/flood impacting data centre Fire/flood impacting work area Data corruption Loss of broadband Loss of phones Supplier incidents
Critical Suppliers ID critical suppliers What would happen if they had an incident? Do they have a proven BCP plan? What alternatives exist?
Next Steps - Outline Process to put BC Plan in place Review current state of risks – ID gaps Prepare plan to eliminate gaps Document the plan Test/exercise the plan Annual Review or after major change
Continuity & TechnologyWhat are the top causes of downtime? Natural Disasters? Human Error? Hardware Failure? Software Failure?
Continuity & TechnologyTop causes of downtime: Natural Disasters 5% Human Error 22% Hardware Failure 55% Software Failure 18% Average Recovery Time – 30 HoursSource: Quorum. Q1 2013
Continuity & Technology 73% of downtime relates to InformationTechnology & Information Systems5%22%55%18%Natural DisastersHuman ErrorHardware FailureSoftware Failure
Continuity & Technology How do you calculate the cost of this to yourbusiness? Add: Employee Productivity Cost of Restoration Sales Lost Reputational Cost Online calculator available
Continuity & Technology Prevention is better than cure! Most downtime could be avoided- Prevent – Apply Best Practice & Maintain- Plan – Projects, Resources & Finances
Continuity & Technology Action Point’s methodology1. Identify the Risks2. Address the Risks3. Document4. Test
1. Identify the Risks Technology StackApplicationsServicesData BackupOperating SystemsDR & BCVirtualisationServer HardwareTelephonyActive NetworkPhysical NetworkExternal NetworkPowerEnvironmentPhysical Security Access Control SystemData Backup to Offsite LocationVMWare or HyperVDell PowerEdge Servers & EqualLogic StoragePhone System, Handsets & HeadsetsUPS, GeneratorAir Conditioning / General LocationBusiness Applications, Databases, ServicesCabling & PatchingDell PowerConnect SwitchesData Replication System (to Secondary Site)Microsoft Windows ServerMicrosft Exchange, Office Applications, SQL, File, Print QueuesInternet / WAN / Firewalls / Interbuilding Links
1. Identify the Risks Identify and catalogue the risks Catalogue the application services Are any pro-active maintenance routines needed? Establish the RTO & RPO of each This information dictates the minimumrequirements for protection: Is Backup sufficient? Is Continuity required?
2. Address the Risks Bring existing systems in line with Best Practice Introduce Resilience where required Install software systems and hardware systemsas needed Update maintenance routines to ensure systemsare kept operational and that potential issues arepre-empted. Employ pro-active monitoring of key services.
3. Document the Plan Document: Infrastructure Maintenance routines Procedures for Fail-over Keep it updated
4. Test, Test & Re-TestTest!!! Your plan is only as good as the last test
Client Case Study: VoxPro Client since September 2010 Have grown from 100 to 400 staff Core Systems based on Dell Infrastructure Implementation Services from Action Point
Client Case Study: Chill Insurance Client since October 2010 Have grown from 40 to 200+ staff Core Systems based on Dell Infrastructure Implementation Services from Action Point