Your SlideShare is downloading. ×
  • Like
BCP Life Cycle
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply
Published

 

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,392
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
62
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • Identify departments and applications - Mission critical means that if a process or service is not available or working properly, it will have an adverse impact on conducting the business of the Commonwealth, cause legal or financial detriment, or endanger the health and safety of constituents and staff.
  • Identify departments and applications - Mission critical means that if a process or service is not available or working properly, it will have an adverse impact on conducting the business of the Commonwealth, cause legal or financial detriment, or endanger the health and safety of constituents and staff. Define RTO/RPO
  • Identify departments and applications - Mission critical means that if a process or service is not available or working properly, it will have an adverse impact on conducting the business of the Commonwealth, cause legal or financial detriment, or endanger the health and safety of constituents and staff.
  • Identify departments and applications - Mission critical means that if a process or service is not available or working properly, it will have an adverse impact on conducting the business of the Commonwealth, cause legal or financial detriment, or endanger the health and safety of constituents and staff.
  • Identify departments and applications - Mission critical means that if a process or service is not available or working properly, it will have an adverse impact on conducting the business of the Commonwealth, cause legal or financial detriment, or endanger the health and safety of constituents and staff.
  • Identify departments and applications - Mission critical means that if a process or service is not available or working properly, it will have an adverse impact on conducting the business of the Commonwealth, cause legal or financial detriment, or endanger the health and safety of constituents and staff.
  • Provides Agencies with the appropriate breakpoints during implementation ITD recommends reviewing/Reassessing timelines following each phase
  • Identify departments and applications - Mission critical means that if a process or service is not available or working properly, it will have an adverse impact on conducting the business of the Commonwealth, cause legal or financial detriment, or endanger the health and safety of constituents and staff.

Transcript

  • 1. Business Continuity Management, Framework, Planning Lifecycle, & ITD Implementation Strategy
  • 2. Objectives
    • To establish a framework for a policy governing Business Continuity Planning for the Commonwealth of Massachusetts
    • Provide a framework for the type of Business Continuity services ITD offers to Agencies
  • 3. Business Continuity Planning Lifecycle
    • The Business Continuity Planning Lifecycle is comprised of 6 steps, guiding coordinators in through their planning efforts.
    • The methodology follows industry best practices as described by DRII and ITIL.
    • Business Continuity is not a one-time project; it is an ongoing program that will mature over time.
    Step 2: Conduct Business Impact Analysis & Risk Assessment Step 1: Initiate Business Continuity Program Step 3: Develop Recovery Strategies Step 4: Document Business Continuity Plan Step 6: Update Business Continuity Plan Step 5: Test Business Continuity Plan
  • 4. Step 1 – Initiate Business Continuity Program
    • Obtain executive sponsorship
      • Educate management & stakeholders on BC
      • Gain approvals and support
      • Review roles and responsibilities
        • Agency Steering Committee
        • Plan owner
    • Understand the agency’s current state of BC readiness and prior work efforts
    • Create BCM Project Plan
      • Scope
      • Timelines
  • 5. Step 2 – Conduct Business Impact Analysis & Risk Assessment
    • Business Impact Analysis (BIA): 
      • A process designed to prioritize essential business functions by assessing quantitative and qualitative impacts
      • Identify resource dependencies (e.g., telecom; vital records, staffing, etc)
        • Recovery Time Objectives (RTO)
        • Recovery Point Objectives (RPO)
    • Risk Assessment (RA): Process of identifying the risks & probabilities to an organization
      • Review of potential risks to the business processes
      • Review of Technical Infrastructure and data dependencies
    • Identify gaps between function RTO & technical RPO
  • 6. Step 3 – Develop Recovery Strategies
    • Identify process recovery strategies based on the BIA and RA data
      • Recommend risk mitigation measures
      • Develop alternative strategies to meet the agency RTO/RPO requirements
      • Prepare cost benefit analysis & timeline for recommended solutions
      • Evaluate alternative strategies
      • Present to Agency Leadership
      • Document alternative strategy decisions
  • 7. Step 4 – Document Business Continuity Plan
    • Document recovery strategies & procedures
      • Define roles & responsibilities
      • Scripts and Checklists
    • Create activation procedures
      • Detail Communication / Notification procedures
      • Establish command and control requirements
  • 8. Step 5 – Test Business Continuity Plan
    • No Business Continuity Plan should be considered complete, unless tested
    • Testing Objectives:
      • Assess the Business Continuity Team’s ability to respond.
      • Clarify roles and responsibilities of Team members
      • Ensure agency Business Continuity Plans contain appropriate information and instructions.
    • Conduct post-exercise evaluation to identify and share lessons learned & opportunities for improvement
  • 9. Step 6 – Update & Maintain Business Continuity Plan
    • Business Continuity Plans are updated as appropriate based on lessons learned from exercises, real events requiring plan activation, essential process changes and team member updates.
    • Republish and distribute updated Plans to appropriate stakeholders
    • Regular awareness training for agency staff
  • 10. ITD BCP Implementation Strategy
    • Phase 1
    • (Steps 1 & 2)
    • Business Impact Analysis
    • Technical Assessment
    • Gap Assessment
    Step 2: Conduct Business Impact Analysis & Risk Assessment Step 1: Initiate Business Continuity Program Step 3: Develop Recovery Strategies Step 4: Document Business Continuity Plan Step 6: Update Business Continuity Plan Step 5: Test Business Continuity Plan
    • Phase 2
    • (Steps 3 & 4)
    • Strategy Selection
    • BC Plan Development
    • Phase 3 *
    • (Steps 5 & 6)
    • BCP Testing
    • Plan Maintenance
    • Continue with BCP Program lifecycle maturity
    • *Turnover to agency for BCP program oversight
  • 11. Definitions
    • BC – Business Continuity is the ability of an organization to maintain its viability, while continuing to provide service and support to its customers, before, during, and after an event
    • BIA – Business Impact Analysis is a process designed to prioritize business functions by assessing the potential impacts that might result if an organization was to experience a business interruption
    • DR - Disaster Recovery is the ability of an organization to recovery it’s Information Technology (IT) resources, i.e., infrastructure, databases, and applications
    • ITA – Information Technology Assessment is the process of identifying dependent critical applications and IT infrastructure and determining if their RTOs align with the business function RTO
    • RTO – Recovery Time Objective is period of time within which systems, applications, or functions must be recovered after a business interruption 
    • RPO – Recovery Point Objective is the maximum amount of data loss an agency can sustain during as a result of an event