• Save
Optimizing the it and business environment through dashboards
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

Optimizing the it and business environment through dashboards

  • 181 views
Uploaded on

This presentation shows how the use of Dashboards can help achieve a more efficient environment by providing current and accurate data for team members from any authorized PC, thereby reducing......

This presentation shows how the use of Dashboards can help achieve a more efficient environment by providing current and accurate data for team members from any authorized PC, thereby reducing confusion on the accuracy of data and helping to improve delivery times. If you are interested in achieving these goals please contact me directly.

More in: Business , Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
181
On Slideshare
181
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
0
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Optimizing the IT and Business Environment through Dashboards bronackt@dcag.com / (917) 673-6992 Executive Presentation on Systems Development Life Cycle and Application Recovery Certification Management Dashboards Created by: Thomas Bronack, CBCP Phone: (917) 673-6992 Email: bronackt@dcag.com Web Site: www.dcag.com Created by: Thomas Bronack © Page: 1 Date: 1/15/2014
  • 2. Optimizing the IT and Business Environment through Dashboards bronackt@dcag.com / (917) 673-6992 Enterprise Resiliency and Corporate Certification Insurance Needs and Claims Enterprise Resiliency Security, Salvage, Restoration Emergency Operation Center (EOC) Business Continuity Management Emergency Management Enterprise Resiliency combines all recovery operations into one discipline using a common language and tool set. Corporate Certification guarantees that the company complies with all laws in the countries they do business in. Workplace Safety & Violence Prevention Risk & Crisis Management Physical and Data Security Processing Sites and Supply Chain Management Corporate Certification Business Locations, IT Sites, and Supply Chain Management Domestic Compliance Created by: Thomas Bronack © International Compliance Page: 2 Primary Site Supply Chain Secondary Site Date: 1/15/2014
  • 3. Optimizing the IT and Business Environment through Dashboards bronackt@dcag.com / (917) 673-6992 Enterprise Resiliency must be built upon a Solid Foundation Best Practices consist of: · · · House of Enterprise Resilience Enterprise Resiliency consist of: · · · · · · · Emergency Management; Business Continuity Management; Workplace Violence Prevention; Workflow Management; Functional Responsibilities; Job Descriptions; and Standards and Procedures. Workplace Violence Prevention · · · · Threats; Predators; Violent Events; and Employee Assistance Programs. Created by: Thomas Bronack © COSO / CobIT / ITIL; ISO 27000; and FFIEC, etc. Foundation consist of: · · · · · · Physical Security and Access Controls Enterprise Resiliency; Risks and Compliance issues; Corporate Certification Guidelines; Best Practices; Available Tools; and Certification Firm. Global Standards include: Corporate Certification consist of: · · · · BS 25999 / ISO 22301; Private Sector Preparedness Act; CERT Enterprise RMM Framework; and NFPA 1600. Page: 3 · · · · · ISO 22300 – Global Standard; NYSE 446; SS 540 (Singapore); ANZ 5050 (Australia) BC Guidelines (Japan); and more. Date: 1/15/2014
  • 4. Optimizing the IT and Business Environment through Dashboards bronackt@dcag.com / (917) 673-6992 Executive Dashboard Executive Dashboard Infrastructure Dashboard Operations Dashboard Recovery Dashboard Asset Management Vital Records, Access Control Disaster Planning Production Process DR Certification Development Verify Success and Performance Audit Compliance Maintenance Deliver Results Disaster Declaration Test, QA, Accept Status Reporting Disaster Recovery Created by: Thomas Bronack © Page: 4 Date: 1/15/2014
  • 5. Executive Management Dashboards Relationships Steering Committee Management EOC, CCC, &DR Teams Status Reporting DR Planning and Activation Dashboard Executive Management Dashboard on DR Planning and Activation Application Recovery Certification Dashboard Recovery Plans Training Materials Articles Library Management Standards and Procedures Business Location Recovery Dashboard Recovery Planning (7 Phases, each with 13 Steps) Statement of Work (SOW) Business / Project Plan Recovery Site Preparation Application Selection Procedures Business Recovery Site Workplace Safety and Violence Prevention Risk Analysis and Insurance Profile Dedicated BCM Organization Actual DR Test, or Activation VMware, vSphere, vConnect, and RPA Building Evacuation Plan OSHA,OEM, FEMA & Building Codes Audit, Legal, and Compliance Requirements Long-Term Management Commitment Post Mortem Meeting Failover / Failback for HA Applications Business Recovery & Resumption Plan First Responders and Government Agencies SDLA, Integration, and Version & Release Management Flip / Flop for CA Applications Created by: Thomas Bronack © Page: 5 Site Protection, Salvage, & Restoration Date: 1/15/2014
  • 6. Optimizing the IT and Business Environment through Dashboards bronackt@dcag.com / (917) 673-6992 Tracking Active Disaster Recovery Event – Drill Down Actions “Top Level” Phase VI - Initiate Recovery Plan when Disaster Event Occurs Help Desk Help Desk Contingency Failing Site Recovery Team is Called Recovery Identifies Disaster Notifies Coordinator Protection, Disaster Site is Operations are and Recovery Personnel are Event or a Disaster Contingency Declares Salvage, and Evacuated, as Initiated and Tasks Transferred to Event is reported to Recovery Plan Disaster and Restoration is needed Conducted for Performed Recovery Site Help Desk Coordinator Initiates Plan Initiated Life of Disaster Failing Site is Salvaged and Restored Personnel Return to Original Site and Resume Production Recovery Steps Post Mortem Improvements are added to is Conducted are Testing Process and Incorporated in and Improvement Future Periodicically s Identified Recovery Plans Repeated “Sub Level” “Activity Level” “Action Item Level” DR Planning Action Items Number: Status: Action Item Description: Priority: Assigned to: Due Date: Actions Taken: Comments: “Management & Control Level” Created by: Thomas Bronack © Page: 6 Contingency Command Center (CCC) Emergency Operations Center (EOC) Date: 1/15/2014
  • 7. Optimizing the IT and Business Environment through Dashboards bronackt@dcag.com / (917) 673-6992 Systems Development Life Cycle • Work Order Submitted by Client – • Development Performed – • Setup, Process, Verify Results, Deliver Output, perform Capacity and Performance reviews, generate management reports. Support – • Library Management (Global Applications Catalog), Vital Records Management, Access Controls, Documentation review and verification, Acceptance Testing. Production Operations – • Verify all required data and documentation is provided, Version and Release Management, Create Turnover package and submit to Production Acceptance. Production Acceptance – • Create Testing Environment (real or virtual), Test scripts and test scenarios, Successful (document, pass onto QA), if not (repair and retest until successful). Quality Assurance – • Business and Technical Reviews, Buy / Build Decision, Development Completed and Documented. Testing Performed – • User Information provided to Development Group. Documentation (Messages and Controls, Job Run Books, Manuals, etc.), Problem / Incident Management; Resolutions (Root Cause Analysis, Repair, and Documentation), Change Request. Maintenance – Problem Resolution Implementation, Enhancements, New Technology or upgrades, Equipment Refreshment, Update Global Applications Catalog. Created by: Thomas Bronack © Page: 7 Date: 1/15/2014
  • 8. Systems Development Life Cycle Created by: Thomas Bronack © Page: 8 Date: 1/15/2014
  • 9. Optimizing the IT and Business Environment through Dashboards bronackt@dcag.com / (917) 673-6992 SDLC Steps to Production Created by: Thomas Bronack © Page: 9 Date: 1/15/2014
  • 10. Created by: Thomas Bronack © Page: 10 Date: 1/15/2014
  • 11. Optimizing the IT and Business Environment through Dashboards bronackt@dcag.com / (917) 673-6992 Systems Management Organization IT & Business Environments Systems Management and Controls (SMC) Resource Management Service Level Management Asset & Inventory Management Configuration Management Support Management Application Development (SDLC) Production Acceptance Business Contingency Management Change Management Application Maintenance Production Operations Security Management Problem Management Capacity Management Application Testing Performance Management Quality Assurance Created by: Thomas Bronack © Recovery Management Systems Development Life Cycle (SDLC) Network Management Business Recovery Page: 11 (IT, Data, Physical) Vital Records Management Risk Management Incident Management Disaster Management Date: 1/15/2014
  • 12. Optimizing the IT and Business Environment through Dashboards bronackt@dcag.com / (917) 673-6992 Job Documentation Requirements and Forms Automation New Product / Service Development Request Form Life Cycle Documents are Linked to from Date Field Development Request Form Phase: Date User Information _____________ Technical Justification _____________ Build or Buy _____________ Development (Build / Modify) _____________ Test: _____________ Documentation _____________ Business Justification Development: Unit Testing Documentation _____________ Regression Testing _____________ Quality Assurance _____________ Production _____________ Support (Problem / Change) _____________ Maintenance (Fix, Enhancement) _____________ Documentation _____________ Recovery _____________ Awareness and Training _____________ Documentation Data Sensitivity & Access Controls IT Security Management System Encryption Vital Records Management Data Synchronization Backup and Recovery Vaulting (Local / Remote) Disaster Recovery Business Recovery · · · · · · · Application Owner Documentation & Training Application Support Personnel End User Coordinators Vendors and Suppliers Recovery Coordinators Testing Results Production Acceptance Documentation Main Documentation Menu Created by: Thomas Bronack © · · · · · · · · · Quality Assurance: _____________ Production Acceptance Development Request Form Number Business Need Application Overview Audience (Functions and Job Descriptions) Business / Technical Review Data Cost Justification Build or Buy Decision Interfaces (Predecessor / Successor) Request Approval Testing: _____________ System Testing Link to Documents · · · · · · · · · · · · · · · Application Setup Input / Process / Output Messages and Codes Circumventions and Recovery Recovery Site Information Travel Instructions Sub-Documentation Menus Page: 12 Date: 1/15/2014
  • 13. Optimizing the IT and Business Environment through Dashboards bronackt@dcag.com / (917) 673-6992 Information Accounting and Charge-Back System Concept By utilizing Work Order (WO) and Purchase Order (PO) concepts, it is possible to track and bill clients for their use of Information Technology services associated with development and maintenance services. This concept is presented below: User Name: ____________________ User Division: ___________ User Identifier _______ Work Order #: __________________ Date: ___________ For: _________________________ Purchase Order Phases: PO for: Development, or Maintenance Cost: $ _____________ PO for: Testing Cost: $ _____________ PO for: Quality Assurance Cost: $ _____________ PO for: Production Acceptance Costs $ ____________ PO for: Production (on-going) Cost: $ _____________ PO for: Vital Records Management Cost: $ _____________ PO for: Asset Management (Acquisition, Redeployment, Termination) Cost: $ _____________ PO for: Inventory and Configuration Management Cost: $ _____________ PO for: Information and Security Management Cost: $ _____________ PO for: Safe Workplace Violence Prevention Cost: $ _____________ PO for: Recovery Management Cost: $ _____________ PO for: Documentation and Training Cost: $ _____________ PO for: Support and Problem Management Cost: $ _____________ PO for: Change Management Cost: $ _____________ PO for: Version and Release Management Cost: $ _____________ Total Cost: $ _____________ Bill can be generated via Forms Management, Time Accounting, or Flat Cost for Services. This system can be used to predict costs for future projects and help control expenses and personnel time management. Created by: Thomas Bronack © Page: 13 Date: 1/15/2014
  • 14. Optimizing the IT and Business Environment through Dashboards bronackt@dcag.com / (917) 673-6992 Application Recovery Certification • Select Application to be Certified – – – • Develop Application Profile to Update Global Application Catalog – – • Steps to be followed by Application Recovery Team. Complete Post-Test Activities Form – • Used to provide Site Replication and Data Synchronization for Testing Application Recovery Certification (CA, HA, Best Effort). Complete Actual-Test / Activation Work Activities Form – • Provide Form to Recovery Team so they can insure Recovery Site can support Production requirements, and updatedata synchronization to best meet Recovery Point Objective (when snapshots are taken) and Recovery Time Objective time needed to restore data to pnt of failure so that production processing can resume). Complete Pre-Test / Activation Staging form – • Contains Recovery Preparation, Set-up, processing, and Post Mortem phases of Application Recovery Certification. Complete Infrastructure Readiness Records – • Capacity and Performance Requirements, Tier Change, Updated Recertification date. Create Application DR Exercise / Activation Exercise Booklet – • New Resources, new SME names, New Management Names; New Application Recovery Certification dates, and New Compliance Requirements. Update Application Inventory Record – • From Global Application Catalog by: Region, Tier; Criticality, Compliance, and Last Time Certified; Recertify applications that have gone through a maintenance upgrade; Based on Growth or New Technology. Contains: Actual Times for Recovery and compares them to Estimated Times projected, Encountered Errors, and Comments. Conduct a Post Mortem Meeting – – – – A Management Report and Presentation is provided to meeting attendees that is Used to review Recovery Test / Activation; Obtain recommendations for improvement, then select recommendations for implementation; Implement selected improvements and retest recovery procedure to measure improvements; Update Recovery Procedures and train personnel on new process. Created by: Thomas Bronack © Page: 14 Date: 1/15/2014
  • 15. Optimizing the IT and Business Environment through Dashboards bronackt@dcag.com / (917) 673-6992 Application Recovery Certification Flow The Road to Successful Recovery Certification Ready for Testing Test Gaps & Exceptions Success Failure Obstacles & Impediments Recovery Plans and Personnel Procedures need improvement CA Gold Standard Mediate Mitigate Compliance to Country Laws and Regulations HA Recovery Certification Infrastructure & Suppliers capable of supporting needs Hardware capable of supporting workload processing Software capable of supporting workload processing Testing Failure Loop, until Successful Recovery Certification Ready for Re-Testing Created by: Thomas Bronack © Problem Repaired Page: 15 Date: 1/15/2014
  • 16. Optimizing the IT and Business Environment through Dashboards bronackt@dcag.com / (917) 673-6992 Reporting on Recovery Certification Company Operations Technical Services Executive Management Compliance Reporting Chief Executive Officer (CEO) Application Certification Operations Recovery Manager Operations Recovery Manager - Extract Information, - Risk Assessment (RA), - Business Impact Analysis (BIA), - Define HA / CA Services, - Identify Gaps and Exceptions, - Define Obstacles that impede recovery, - Generate a Loss / Prevention Report, - Submit Report to Management. Technical Recovery Manager - Review / Combine Information, - Review Operations Reports, - Data Security & Vital Records, - Access Controls, - Library Management, - Production Acceptance, - Version and Release Management, - Define HA / CA Services, - Application Recovery Certification, - Business Continuity, - Disaster Recovery, - Emergency Management, - Awareness, Training, and Testing, - Create all required documentation, - Standards and Procedures. Chief Financial Officer (CFO) - Validate Information, - Establish Reporting Criteria, - Gather data and report, - Review Reports, - Attest to their accuracy, - Submit Reports. Business Recovery Plans Disaster Recovery Plans - Report Information, - Submitted Quarterly, - Attested to Annually, - Reviewed by SEC and other agencies to insure compliance. The Recovery Management and Corporate Certification process includes office Recovery Managers and Technical Recovery Managers to gather information, compile global data into Recovery Plans, and then generate Management Report that can be used to “Attest” to compliance to recovery and regulations needed for the company to be certified. Created by: Thomas Bronack © Page: 16 Date: 1/15/2014
  • 17. Optimizing the IT and Business Environment through Dashboards bronackt@dcag.com / (917) 673-6992 Personnel Productivity and Training (Responsible for assigning work tasks to the right person at every project phase, while ensuring that skill requirements are met and the highest possible quality is achieved) Created by: Thomas Bronack © Page: 17 Date: 1/15/2014
  • 18. Optimizing the IT and Business Environment through Dashboards bronackt@dcag.com / (917) 673-6992 Personnel and Work Flow Management Created by: Thomas Bronack © Page: 18 Date: 1/15/2014
  • 19. Optimizing the IT and Business Environment through Dashboards bronackt@dcag.com / (917) 673-6992 Data Synchronization and Recovery Operations using Cloud Based Hosting Real Time Data Replication Synchronized Recovery Data Router Local Users Recovery Site Hosting Cloud Internet Firewall Primary Servers Firewall Remote Users Replicated Servers Users are normally connected to the Primary Site, while data is synchronized in real-time with Cloud Hosting site. When disaster event occurs, users can access the replication site without interruption or loss of data. Created by: Thomas Bronack © Page: 19 Date: 1/15/2014
  • 20. Optimizing the IT and Business Environment through Dashboards bronackt@dcag.com / (917) 673-6992 Overview of the Enterprise Information Technology Environment Physically Transported Using Tape Only Encryption · · · · Customers; Credit Bureaus; Feed-Files; and, Other Locations. Physical / Cloud Remote Tape / Data Vault · · · Physical / Virtual Remote Locations Electronic Vaulting; Incremental Vaulting; and, Electronic transmission to Disaster Recovery Site Disaster Recovery Site Encrypting Data-InMovement will protect data being transmitted to remote sites Electronic Transmission Local Tape / Data Vault Local Tape / Data Vault Electronic Transmission Open Network With Multiple Access Points Local Sites Encryption of “Data at Rest” to Provide Total Protection Local Sites Production Site #2 Production Site #1 IT Locations End User “Work Order” to create a new Product or Service Cloud Computing Company Data Systems Development Life Cycle (SDLC) New Applications Business Locations Created by: Thomas Bronack © Development Send Approved Applications To Production Acceptance Testing and Quality Assurance Problem Resolution And Enhancements Maintenance Development And Maintenance Environments Page: 20 Date: 1/15/2014
  • 21. Optimizing the IT and Business Environment through Dashboards bronackt@dcag.com / (917) 673-6992 Migration Pathway and Goals (Can apply to Site Consolidations or Recovery Site migrations) Applications are identified, evaluated, rated, scheduled, and moved from originating site to target site Migration Path Originating Site • Originating data center(s) Decommission Originating Site Applications Migration Schedule Applications Tier 1 – Tier n • Rate Applications for Movement by Tier / Group • RTO Support Artifacts • Infrastructure Needs • Resource Needs • Gap & Exceptions • Obstacles • Mitigate / Mediate • Validate Ability to Move • Validate Target Site Ability to Accept / Support Y Created by: Thomas Bronack © Page: 21 N • • • • • • • • • • Movement Target Site Movement Testing Quality Assurance Production Acceptance Production Vital Records Access Controls Recovery Planning Acceptance Turnover • Target data center(s) Complete ? Date: 1/15/2014
  • 22. Optimizing the IT and Business Environment through Dashboards bronackt@dcag.com / (917) 673-6992 Can be sorted by: Equipment Type, Disposition, Date, or Location Asset Management Disciplines “Dispose of Surplus equipment after Migration to Target Data Center(s) to reap profit from sales, return of equipment storage space, and personnel.” Start Pick-Up List Equip. Type: PC PC PC Disp: A R T Location: Bldg 3, Rm 203 Bldg 1, Rm 405 Bldg 2, Rm 501 Disposition = ‘A’ Acquire Equipment Purchase Order Install Equipment Add to Master Inventory Master Inventory Equipment is being Actively used N, Exceptions List Generated Disposition = ‘R’ Re-deploy Equipment Work Order Equipment is moved to new location Disposition = ‘T’ Terminate Equipment Work Order Compare to Master Inventory Pick-Up Inventory Service Order Perform Services Ready-to-Sell Inventory Equipment is Sold or Disposed of End Created by: Thomas Bronack © Y Warehouse Inventory Service Order Purchase Release Order Form Marketing & Sales Finance Form Complete Asset Life Cycle from Acquisition through Re-Deployment and Termination Archive Page: 22 Date: 1/15/2014
  • 23. Optimizing the IT and Business Environment through Dashboards bronackt@dcag.com / (917) 673-6992 Inventory Management Environment Client Request Purchase Order Acquire Asset (*1) Add to Inventory Inventory Data Base All Assets Client Invoice Work Order Install Asset (*2) Add to Configuration Work Order Redeploy Asset (*3) Update Configuration Work Order Terminate Asset (*4) Update Asset & Configuration Assets, by Site Configuration Data Base *1 – Purchased Equipment as per guidelines (Leased, Owned, Rented, Type, and Vendor). *2 – Infrastructure Group schedules and installed Asset. *3 – Assets are moved from one location to another or reassigned to staff with work performed by the Infrastructure Group. *4 – Asset are terminated and data erased in accordance to DoD data erasure standards, then equipment is disposed or or donated in accordance to EPA guidelines and requirements. Created by: Thomas Bronack © Page: 23 Date: 1/15/2014
  • 24. Optimizing the IT and Business Environment through Dashboards bronackt@dcag.com / (917) 673-6992 Incident / Emergency Management Operations Environment Relationship between EMG and EOG during an emergency Emergency Management Group (EMG) Emergency Operations Group (EOG) Facility Manager Emergency Director Human Resources Coordinator Security Coordinator Environmental Coordinator Safety and Health Coordinator Public Relations Coordinator · · · Affected Area / Unit Manager / Supervisor Planning & Logistics Coordinator Incident Manager Maintenance Coordinator Safety Officers Operations Officers Emergency Medical Technicians Team · · · · · · · Provide specific support activities for disaster events; Coordinate information with Personnel, Customers, and Suppliers; and Optimize Recovery Operations and Minimize Business Interruptions. Central / Corporate Incident Management Created by: Thomas Bronack © Fire / Hazmat Fire Brigade Evacuate site if necessary; Assess Damage and report to Emergency Director; Provide First Aid to personnel; Coordinate activities with First Responders and follow their lead; Initiate Salvage procedures; Perform site restoration and coordinate return to site; and Recommend improvements going forward. Local Incident Management Page: 24 Date: 1/15/2014
  • 25. Optimizing the IT and Business Environment through Dashboards bronackt@dcag.com / (917) 673-6992 Problem Management and Circumvention Techniques Created by: Thomas Bronack © Page: 25 Date: 1/15/2014
  • 26. Optimizing the IT and Business Environment through Dashboards bronackt@dcag.com / (917) 673-6992 Fully Integrated Recovery Operations and Disciplines (Physical End Goal) Private Sector Preparedness Act (Domestic Standard) CERT Resiliency Engineering Framework BS 25999 / ISO 22301 (International Standard) National Fire Prevention Association Standard 1600 OSHA, DHS, OEM, Workplace Safety Contingency Command Center Incident Command Center Corporate Certification Workplace Violence Prevention Lines of Business Locations Information Security Management System (ISMS) based on ISO 27000 Emergency Operations Center (EOC) Emergency Response Management State and Local Government First Responders (Fire, Police & EMT) Employees Suppliers Department of Homeland Security (DHS) Command Centers Help Desk Operations Command Center Network Command Center Business Continuity Management Risk Management Disaster and Business Recovery Business Integration Service Level Agreements and Reporting Systems Development Life Cycle COSO / CobIT / ITIL / FFIEC Workplace Violence Prevention ISO2700 Security Standards Customers Office of Emergency Management (OEM) Created by: Thomas Bronack © Crisis Management Six Sigma / Standards and Procedures Page: 26 A fully integrated recovery organization will include the components shown in this picture. Corporate Certification is achieved through the compliance laws and regulations used to provide domestic and international guidelines that enterprises must adhere to before they can do business in a country. Workplace Violence Prevention and Information Security is adhered to by implementing guidelines to protect personnel and data by following the latest guidelines related to these topics. Internal command centers responsible for monitoring operations, network, help desk, and the contingency command center will provide vital information to the Emergency Operations Center staff. Organizational departments, locations, and functions are identified and connections provided to the EOC so that communications and coordination can be achieved in the most accurate and speedy manner. Using this structure will help organizations better collect recovery information and develop recovery operations to lessen business interruptions and protect the company’s reputation. Date: 1/15/2014
  • 27. Optimizing the IT and Business Environment through Dashboards bronackt@dcag.com / (917) 673-6992 Responding to Disaster Events Security must be maintained at all times by cooperation with First Responders during disaster event Disaster Event Disaster Event First Responders Declare Disaster Site Salvage Site Restoration Activate Recovery Plan and go to secondary site Process at Secondary Site Return to Site Resume Operations Return to Site Coordinating recovery operations with the First Responders, Security, Salvage, and Restoration is a critical factor in recovery planning and should be included in all recovery planning procedures. Additional considerations include Insurance and Claim Processing, media communications, and coordination with government organizations and companies near your facility that may be affected by the disaster event. Being a good neighbor is important to protect your reputation and show good will. Created by: Thomas Bronack © Page: 27 Date: 1/15/2014
  • 28. Optimizing the IT and Business Environment through Dashboards bronackt@dcag.com / (917) 673-6992 Types of Recovery Plans and their Sections Recovery Plan Sections: Contingency Command Center Security Salvage Incident Recovery Plan • • • • • • • Disaster Recovery Plan • • • • • • Restoration • • Created by: Thomas Bronack © Coordinator Leads Operation; Validate & Accept Assignment; Declaration & Notification; Initiate Call Tree; Formulate Recovery Teams; Activate Recovery Plans; Monitor and Track Recovery Tasks and Status; Report; Complete Recovery Operations; Process at Secondary Site; Coordinate Primary Site Protection, Salvage, and Recovery; Return to Primary Site; Resume Processing at Primary Site; De-Activate Secondary Site; and Perform Post-Mortem and make needed corrections. Page: 28 Business Recovery Plan Application Recovery Plan Supplier Recovery Plan Primary Site Recovery Plan: • Protection, • Salvage and Restoration, • Process Resumption. Alternate Site Recovery Plan: • Travel and Activate Start-Up, • Assume Production, • Return to Primary Site, • De-Activate. Date: 1/15/2014
  • 29. Optimizing the IT and Business Environment through Dashboards bronackt@dcag.com / (917) 673-6992 Activating and Coordinating Disaster Recovery Plans Site Protection, Salvage, & Restoration Problems & Incidents Network Problems Production Operations Problems NCC Major Incidents & Problems Notified by Help Desk of Recovery Need: • • • • • Verify Problem and Match to Recovery Plan; Notify Contingency Plan Coordinator; Activate Plan and Perform Tasks; Operate at Contingency Site; Coordinate Production Site Protection, Salvage and Restoration; • Return to Production Site; and, • Continue Production Operations. ICC OCC Coordinate Recovery Teams Contingency Command Center Problem Library Help Desk Recovery Library Emergency Operations Center Level 1 Level 2 Level 3 Level “D” Local HD Repair Local SME Repair Vendor Repair Select Recovery Plan Created by: Thomas Bronack © Page: 29 Coordinate Company Operations Communicate Recovery Operations with: • Executive Management; • Lines of Business, Personnel, Clients, Vendors, Supply Chain, and Workplaces; • Command Centers; • First Responders and Community Agencies; • Companies close-by and the News. Date: 1/15/2014
  • 30. Optimizing the IT and Business Environment through Dashboards bronackt@dcag.com / (917) 673-6992 How to get started Implementing this Project • Presentation to your management and technical staffs. • Agree that you want to achieve Enterprise Resiliency and Corporate Certification. • Perform a Risk Assessment that will define your needs. • Obtain management approval to initiate the project with their strong support. • Identify Stakeholders and Participants. • Formulate teams and train them on the goals and objectives of this project. • Create a detailed Project Plan and start teams working. • Develop, Test, Implement “Proof of Concept”, and gain approval to go forward. • “Rollout” Enterprise Resiliency and Corporate Certification to all locations. • Fully document and Integrate within the everyday staff functions performed. • Deliver Awareness and Training services. • Provide Support and Maintenance services going forward. Created by: Thomas Bronack © Page: 30 Date: 1/15/2014
  • 31. Optimizing the IT and Business Environment through Dashboards bronackt@dcag.com / (917) 673-6992 Fully Integrated Resiliency Operations and Disciplines (Logical End Goal) Contingency Command Center (CCC) Incident Command Center (IC) Command Centers Workplace Violence Prevention Help Desk (HD) Emergency Operations Center (EOC) OSHA, OEM, DHS Emergency Response Management Lines of Business Locations, Employees, Infrastructure, Equipment, Systems, Applications, Services, Supplies, Customers, RTO, RPO, and RTC. Office of the Controller of the Currency National Fire Prevention Association 1600 Standard Information Security Management System (ISMS) based on ISO27000 Corporate Certification • • • • • • • • • • ISO22313 and ISO22318 (International Standard) CERT Resiliency Engineering Framework, ITIL and COSO Private Sector Preparedness Act (Domestic Standard) • • • • • State and Local Government, First Responders (Fire, Police, & EMT), Department of Homeland Security (DHS), Office of Emergency Management (OEM), Local Community. Created by: Thomas Bronack © Operations Command Center (OCC) Business Continuity Management • • • • • • • • Risk Management (COSO), Disaster Recovery, Business Continuity, Crisis Management, Emergency Management, Workplace Violence Prevention, Failover / Failback, Protection, Salvage & Restoration. Page: 31 Business Integration • • • • • • Network Command Center (NCC) Service Level Agreements (SLA) & Reporting (SLR), Systems Development Life Cycle (SDLC), CobIT, ITIL, and FFIEC, ISO Guidelines, Audit and Human Resources, Six Sigma or Equivalent for Performance and Workflow Management Date: 1/15/2014
  • 32. Optimizing the IT and Business Environment through Dashboards bronackt@dcag.com / (917) 673-6992 How Dashboards Help • Improved efficiency by providing instant access to current and accurate information from any authorized terminal or personal computer; • Less time spent reviewing out-of-date or inaccurate information; • Improved time frame for completing projects; • Reduced costs associated with implementing projects; • Better protection to the company reputation; • More highly trained staff with an improved morale; • Easier to retain and recruit clients; • Adherence to the laws and regulations where the company conducts business; and, • Less stress and better performance helps everyone do their job better. Created by: Thomas Bronack © Page: 32 Date: 1/15/2014
  • 33. Optimizing the IT and Business Environment through Dashboards bronackt@dcag.com / (917) 673-6992 Conclusions • Enterprise Resiliency and Corporate Certification will build an efficient, safeguarded, and compliant environment that best supports continued business operations and the company reputation. • Many people are involved with planning, implementation, support, and maintenance, so awareness is high and training can be easily achieved. • A well trained and loyal staff will best support retention and recruitment of personnel and clients, while supporting future growth and an industry reputation as an excellent company. • SLA / SLR and Client Contract management will be more easily achieved, thereby producing a happier client and support for future growth through accomplishments and references. • Use of “Best Practices” will better guaranty success, while protecting management’s decision to implement a state-of-the-art production, compliant, and recoverable environment. • Use of the latest Data Management technology will support recovery time requirements, while allowing for off-line testing of maintenance and recovery operations. • Integration of Systems Management, Workflow Management, and a Charge-Back System will provide monitoring and control over costs, while developing a repository of accomplished work that can be referenced when planning similar projects. • Integration of the Emergency Operations Center (EOC) with Command Centers, Lines of Business, and Recovery Operations will enhance the information provided to Executive Management and allow them to better communicate with clients and assist with expediting resumption of business operations. Created by: Thomas Bronack © Page: 33 Date: 1/15/2014