Your SlideShare is downloading. ×
0
Business Continuity Planning In 5 Months or Less  ( Talk about a Deadline )
Session Agenda <ul><li>Business Continuity Planning Process </li></ul><ul><ul><li>Prince George’s Community College </li><...
BCP Agenda <ul><li>The Origins of Planning Effort </li></ul><ul><li>Who Plans ? </li></ul><ul><li>Planning Process </li></...
Introduction <ul><li>Name </li></ul><ul><li>Profession </li></ul><ul><li>Job Roles </li></ul><ul><li>Involvement in Compli...
Introductions <ul><li>Ajay Gupta, CISSP </li></ul><ul><ul><li>Director of IT Security Services </li></ul></ul><ul><ul><li>...
Alphabet Soup <ul><li>BCP </li></ul><ul><ul><li>Primary Systems to Secondary Systems </li></ul></ul><ul><li>DRP </li></ul>...
Best Laid Plans <ul><li>Planning for Bad Times </li></ul><ul><ul><li>Inconvenient </li></ul></ul><ul><ul><li>Inefficient <...
The Origins <ul><li>BCP included in long term College goals </li></ul><ul><ul><li>Early in current President’s term </li><...
The Planning Team <ul><li>The Most Critical Step </li></ul><ul><ul><li>Qualified People to do the Work </li></ul></ul><ul>...
College Reporting Structure
College Governance Structure
College-Wide Involvement <ul><li>Support from President / Board </li></ul><ul><ul><li>Give Charge </li></ul></ul><ul><li>I...
Criteria for Involvement <ul><li>Understand College-Wide Processes </li></ul><ul><ul><li>Goals, Mission, Vision </li></ul>...
The Committee <ul><li>Campus Police (1) </li></ul><ul><li>Facilities Management (1) </li></ul><ul><li>Finance (1) </li></u...
Planning Process <ul><li>Understand the Risks </li></ul><ul><ul><li>Why is a plan necessary ? </li></ul></ul><ul><ul><li>C...
Business Impact Analysis <ul><li>Identify the College’s Resources </li></ul><ul><li>Identify the Individual Business Units...
College Business Groups <ul><li>Library </li></ul><ul><li>Student Services </li></ul><ul><li>Instructional Services (Acade...
PGCC Business Functions <ul><li>Teach Classes </li></ul><ul><li>Payroll </li></ul><ul><li>Community Outreach </li></ul>
PGCC Primary Resources <ul><li>Personnel </li></ul><ul><li>Campuses / Building / Labs </li></ul><ul><li>Data Center </li><...
PGCC Secondary Resources <ul><li>Laserfiche  </li></ul><ul><ul><li>Document Scanning </li></ul></ul><ul><li>Ad Hoc Databas...
Ranking the Resources <ul><li>Knock-Down Drag Out Fight ?  </li></ul><ul><li>Not so in our Case Given Shared Dependence on...
Recommendations: Process <ul><li>Question for Planning Task Force: What do we do if we lose a Single Resource </li></ul><u...
Recommendations: Research <ul><li>With Draft Contingency Plan in Hand </li></ul><ul><li>How much will it Cost </li></ul><u...
Continuing Classes <ul><li>Move all Courses to Blackboard </li></ul><ul><li>Protects against loss of campuses, buildings, ...
Continuing Classes (2) <ul><li>Holes: </li></ul><ul><ul><li>Hands-On Courses </li></ul></ul><ul><ul><li>Shop Classes </li>...
Internet Connectivity <ul><li>Redundant Connection to Internet </li></ul><ul><ul><li>Multiple Carriers </li></ul></ul><ul>...
Preserving Ad Hoc Databases <ul><li>Databases Maintained by Offices – Off of the Mainframe </li></ul><ul><li>“Should” be A...
Recommendations <ul><li>Personnel:  </li></ul><ul><ul><li>Cross Train </li></ul></ul><ul><ul><ul><li>Part-Time Work Force ...
Recommendations (2) <ul><li>Network:  </li></ul><ul><ul><li>Improve Backup Power </li></ul></ul><ul><li>Telephone:  </li><...
Selling the Plan <ul><li>Right Team Members Involved </li></ul><ul><ul><li>Pick the Team Members Best Suited to Present to...
Single Voice – Different Message <ul><li>Different Message to Different Parties </li></ul><ul><ul><li>This is what we have...
Sell Slow <ul><li>Received Input from all Parties </li></ul><ul><ul><li>Make it seem as if they came up with the ideas </l...
Thank You Ajay Gupta, CISSP 301-785-4581 [email_address]  agupta@gsecurity.com
Upcoming SlideShare
Loading in...5
×

Business Continuity Planning

229

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
229
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
16
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Business Continuity Planning"

  1. 1. Business Continuity Planning In 5 Months or Less ( Talk about a Deadline )
  2. 2. Session Agenda <ul><li>Business Continuity Planning Process </li></ul><ul><ul><li>Prince George’s Community College </li></ul></ul><ul><li>Business Continuity Plan Testing Process </li></ul><ul><ul><li>University of Rochester </li></ul></ul><ul><li>Q&A </li></ul>
  3. 3. BCP Agenda <ul><li>The Origins of Planning Effort </li></ul><ul><li>Who Plans ? </li></ul><ul><li>Planning Process </li></ul><ul><li>Business Impact Analysis </li></ul><ul><li>Recommendations </li></ul><ul><li>Selling the Plan </li></ul>
  4. 4. Introduction <ul><li>Name </li></ul><ul><li>Profession </li></ul><ul><li>Job Roles </li></ul><ul><li>Involvement in Compliance </li></ul><ul><li>Favorite Technology </li></ul><ul><li>Favorite Tool </li></ul><ul><li>Hobbies </li></ul>
  5. 5. Introductions <ul><li>Ajay Gupta, CISSP </li></ul><ul><ul><li>Director of IT Security Services </li></ul></ul><ul><ul><li>Prince George’s Community College </li></ul></ul><ul><ul><li>President and CEO </li></ul></ul><ul><ul><li>Gsecurity, Inc </li></ul></ul>
  6. 6. Alphabet Soup <ul><li>BCP </li></ul><ul><ul><li>Primary Systems to Secondary Systems </li></ul></ul><ul><li>DRP </li></ul><ul><ul><li>Secondary Systems to Primary Systems </li></ul></ul><ul><li>COOP </li></ul><ul><ul><li>Term used most widely in the Government </li></ul></ul>
  7. 7. Best Laid Plans <ul><li>Planning for Bad Times </li></ul><ul><ul><li>Inconvenient </li></ul></ul><ul><ul><li>Inefficient </li></ul></ul><ul><ul><li>Costly </li></ul></ul><ul><ul><li>Will not Serve all Needs/Users </li></ul></ul><ul><li>We do the Best we Can </li></ul>
  8. 8. The Origins <ul><li>BCP included in long term College goals </li></ul><ul><ul><li>Early in current President’s term </li></ul></ul><ul><li>Slowly rose up the agenda </li></ul><ul><ul><li>9/11 </li></ul></ul><ul><ul><li>Proximity to Washington, DC </li></ul></ul><ul><li>ERP </li></ul><ul><ul><li>Significant change to College IT and Business Processes </li></ul></ul><ul><li>Retirement </li></ul><ul><li>‘ What – you don’t have a plan, yet!?!’ </li></ul>
  9. 9. The Planning Team <ul><li>The Most Critical Step </li></ul><ul><ul><li>Qualified People to do the Work </li></ul></ul><ul><ul><li>Public Relations – Selling the Plan </li></ul></ul><ul><li>Team must be College Wide </li></ul><ul><ul><li>Assigned by highest governing body </li></ul></ul><ul><ul><li>Represent all areas – especially the other governing bodies </li></ul></ul><ul><li>Get College-Wide Support </li></ul>
  10. 10. College Reporting Structure
  11. 11. College Governance Structure
  12. 12. College-Wide Involvement <ul><li>Support from President / Board </li></ul><ul><ul><li>Give Charge </li></ul></ul><ul><li>Involve President’s Council </li></ul><ul><ul><li>Appoint all Members </li></ul></ul><ul><li>Senior Representatives of College Organizations </li></ul>
  13. 13. Criteria for Involvement <ul><li>Understand College-Wide Processes </li></ul><ul><ul><li>Goals, Mission, Vision </li></ul></ul><ul><ul><li>Academic Programs </li></ul></ul><ul><ul><li>Community Relations </li></ul></ul><ul><ul><li>Budget Constraints </li></ul></ul><ul><ul><li>Have the Time!!! </li></ul></ul>
  14. 14. The Committee <ul><li>Campus Police (1) </li></ul><ul><li>Facilities Management (1) </li></ul><ul><li>Finance (1) </li></ul><ul><li>Media Relations (1) </li></ul><ul><li>Faculty (2) </li></ul><ul><li>Technology/Data Center (4) </li></ul><ul><li>Money $$$ Groups (2) </li></ul><ul><li>Health Center </li></ul><ul><li>Students </li></ul>
  15. 15. Planning Process <ul><li>Understand the Risks </li></ul><ul><ul><li>Why is a plan necessary ? </li></ul></ul><ul><ul><li>Consequences to not having a plan ? </li></ul></ul><ul><ul><li>Resist the “Snow Day” Temptation </li></ul></ul><ul><li>Review Past Disasters/Incidents </li></ul><ul><ul><li>At your institution </li></ul></ul><ul><ul><li>Neighboring institutions </li></ul></ul><ul><ul><li>Hurricane Katrina ? </li></ul></ul><ul><li>Business Impact Analysis </li></ul>
  16. 16. Business Impact Analysis <ul><li>Identify the College’s Resources </li></ul><ul><li>Identify the Individual Business Units </li></ul><ul><li>Identify the Functions of each Unit </li></ul><ul><ul><li>What does the Business Unit Do </li></ul></ul><ul><ul><ul><li>Does it Map to our Mission </li></ul></ul></ul><ul><ul><li>How does the Business Unit Do It </li></ul></ul><ul><ul><ul><li>Resources </li></ul></ul></ul><ul><li>Create a mapping between Functions and Resources </li></ul>
  17. 17. College Business Groups <ul><li>Library </li></ul><ul><li>Student Services </li></ul><ul><li>Instructional Services (Academic Departments) </li></ul><ul><li>Finance and Administration </li></ul><ul><ul><li>Human Resources </li></ul></ul><ul><ul><li>Institutional Research </li></ul></ul><ul><li>Alumni Development </li></ul><ul><li>Continuing Education </li></ul><ul><li>Distance Learning </li></ul><ul><li>College-Wide </li></ul>
  18. 18. PGCC Business Functions <ul><li>Teach Classes </li></ul><ul><li>Payroll </li></ul><ul><li>Community Outreach </li></ul>
  19. 19. PGCC Primary Resources <ul><li>Personnel </li></ul><ul><li>Campuses / Building / Labs </li></ul><ul><li>Data Center </li></ul><ul><li>Mainframe </li></ul><ul><li>Internet / Network </li></ul><ul><li>Telephone System </li></ul><ul><li>E-mail </li></ul>
  20. 20. PGCC Secondary Resources <ul><li>Laserfiche </li></ul><ul><ul><li>Document Scanning </li></ul></ul><ul><li>Ad Hoc Databases </li></ul><ul><ul><li>Donor Perfect </li></ul></ul>
  21. 21. Ranking the Resources <ul><li>Knock-Down Drag Out Fight ? </li></ul><ul><li>Not so in our Case Given Shared Dependence on Resources </li></ul><ul><ul><li>Mainframe (home grown) </li></ul></ul><ul><ul><li>Data Center </li></ul></ul><ul><li>On to Creating Recommendations </li></ul>
  22. 22. Recommendations: Process <ul><li>Question for Planning Task Force: What do we do if we lose a Single Resource </li></ul><ul><li>Develop Contingency Plan </li></ul><ul><ul><li>Around the Table Discussion </li></ul></ul><ul><ul><li>Take Notes </li></ul></ul><ul><ul><li>Write up Plan </li></ul></ul><ul><ul><li>Distribute </li></ul></ul><ul><ul><li>Review, Revise </li></ul></ul>
  23. 23. Recommendations: Research <ul><li>With Draft Contingency Plan in Hand </li></ul><ul><li>How much will it Cost </li></ul><ul><ul><li>Acquisition </li></ul></ul><ul><ul><li>Manpower </li></ul></ul><ul><ul><ul><li>Existing Staff </li></ul></ul></ul><ul><ul><ul><li>Temporary Staff </li></ul></ul></ul><ul><ul><li>Can we do without it? </li></ul></ul><ul><li>How Quickly can the Plan be put in Place </li></ul><ul><ul><li>Take Action Now </li></ul></ul><ul><ul><li>Defer to FY08, beyond </li></ul></ul><ul><li>Where are the Holes </li></ul>
  24. 24. Continuing Classes <ul><li>Move all Courses to Blackboard </li></ul><ul><li>Protects against loss of campuses, buildings, Data Center, faculty </li></ul><ul><li>Costs: </li></ul><ul><ul><li>Additional Blackboard Licensing Fees (take action now) </li></ul></ul><ul><ul><li>Additional Storage Requirement (take action now) </li></ul></ul><ul><ul><li>Additional Faculty Training (recommend for near term, not mandated) </li></ul></ul>
  25. 25. Continuing Classes (2) <ul><li>Holes: </li></ul><ul><ul><li>Hands-On Courses </li></ul></ul><ul><ul><li>Shop Classes </li></ul></ul><ul><ul><li>Vocational Courses </li></ul></ul><ul><ul><li>Faculty Readiness </li></ul></ul><ul><ul><li>Student Readiness </li></ul></ul><ul><li>Retake Class </li></ul><ul><li>Refunds </li></ul>
  26. 26. Internet Connectivity <ul><li>Redundant Connection to Internet </li></ul><ul><ul><li>Multiple Carriers </li></ul></ul><ul><ul><li>Single Carrier with Two+ Networks </li></ul></ul><ul><li>Costs: </li></ul><ul><ul><li>May have additional connectivity fees </li></ul></ul><ul><ul><li>May be able to leverage local, regional networks </li></ul></ul><ul><li>Holes: </li></ul><ul><ul><li>Downstream Considerations </li></ul></ul><ul><ul><li>We may have two carriers, but if both carriers run through the same connection point…. </li></ul></ul>
  27. 27. Preserving Ad Hoc Databases <ul><li>Databases Maintained by Offices – Off of the Mainframe </li></ul><ul><li>“Should” be Addressed by Conversion to ERP </li></ul><ul><li>Burn all data to CD/DVDs on regular basis </li></ul><ul><li>Holes: </li></ul><ul><ul><li>May not Provide Service </li></ul></ul><ul><ul><li>Users may not Self Report </li></ul></ul>
  28. 28. Recommendations <ul><li>Personnel: </li></ul><ul><ul><li>Cross Train </li></ul></ul><ul><ul><ul><li>Part-Time Work Force </li></ul></ul></ul><ul><ul><li>Expand Remote Access </li></ul></ul><ul><li>Campuses/Buildings </li></ul><ul><ul><li>Assign Alternate Work Space </li></ul></ul><ul><ul><li>Expand Remote Access </li></ul></ul><ul><li>Data Center / Mainframe: </li></ul><ul><ul><li>Improve Backup Power, HVAC – Keep in running </li></ul></ul><ul><ul><ul><li>Data Center Replaced in 5 years (Under Design) </li></ul></ul></ul><ul><ul><ul><li>Mainframe to be Obsolete in 3 years (ERP) </li></ul></ul></ul>
  29. 29. Recommendations (2) <ul><li>Network: </li></ul><ul><ul><li>Improve Backup Power </li></ul></ul><ul><li>Telephone: </li></ul><ul><ul><li>Cell Phones </li></ul></ul><ul><ul><ul><li>PBX to be replaced in 5 years or sooner </li></ul></ul></ul><ul><li>E-mail: </li></ul><ul><ul><li>Outsource E-mail (by Student E-mail Provider) </li></ul></ul>
  30. 30. Selling the Plan <ul><li>Right Team Members Involved </li></ul><ul><ul><li>Pick the Team Members Best Suited to Present to Each Specific Party </li></ul></ul><ul><ul><ul><li>Member of Chair’s Council to Present to Chair’s council </li></ul></ul></ul><ul><ul><ul><li>Member of Faculty Senate to Present to Faculty Senate </li></ul></ul></ul>
  31. 31. Single Voice – Different Message <ul><li>Different Message to Different Parties </li></ul><ul><ul><li>This is what we have to do to keep the institution running </li></ul></ul><ul><ul><li>This is what we have to do to keep classes going </li></ul></ul><ul><ul><li>This is what we have to do to maintain payroll </li></ul></ul>
  32. 32. Sell Slow <ul><li>Received Input from all Parties </li></ul><ul><ul><li>Make it seem as if they came up with the ideas </li></ul></ul><ul><li>Areas of Disagreement: </li></ul><ul><ul><li>“That’s something we’ll have to iron out during testing.” </li></ul></ul>
  33. 33. Thank You Ajay Gupta, CISSP 301-785-4581 [email_address] agupta@gsecurity.com
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×