Business Continuity Planning

3,677 views

Published on

Published in: Business, Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,677
On SlideShare
0
From Embeds
0
Number of Embeds
1,969
Actions
Shares
0
Downloads
99
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide
  • You have a server room fire on a Friday afternoon.Thursday night’s tape is in the drive; Wednesday night’s tape is off-site.You’ve already lost two days’ data.It’s 5pm on Friday; where are you going to get:-a tape drive, a server, a SCSI card and cable, an OS, application software, backup software and an internet connection?You buy a PC on Monday and start downloading software.The tape drive, card and cable arrive on Tuesday afternoon.By Tuesday midnight you have a working OS and tape drivers, and your backup software is installed.By close of business Wednesday your data has restored.By midnight on Wednesday you have your email back up and your database running.Business can restart on Thursday morning.5 days off-line; a week’s work lost or missed. Can you survive?
  • You have a server room fire on a Friday afternoon.Thursday night’s tape is in the drive; Wednesday night’s tape is off-site.You’ve already lost two days’ data.It’s 5pm on Friday; where are you going to get:-a tape drive, a server, a SCSI card and cable, an OS, application software, backup software and an internet connection?You buy a PC on Monday and start downloading software.The tape drive, card and cable arrive on Tuesday afternoon.By Tuesday midnight you have a working OS and tape drivers, and your backup software is installed.By close of business Wednesday your data has restored.By midnight on Wednesday you have your email back up and your database running.Business can restart on Thursday morning.5 days off-line; a week’s work lost or missed. Can you survive?
  • You have a server room fire on a Friday afternoon.Thursday night’s tape is in the drive; Wednesday night’s tape is off-site.You’ve already lost two days’ data.It’s 5pm on Friday; where are you going to get:-a tape drive, a server, a SCSI card and cable, an OS, application software, backup software and an internet connection?You buy a PC on Monday and start downloading software.The tape drive, card and cable arrive on Tuesday afternoon.By Tuesday midnight you have a working OS and tape drivers, and your backup software is installed.By close of business Wednesday your data has restored.By midnight on Wednesday you have your email back up and your database running.Business can restart on Thursday morning.5 days off-line; a week’s work lost or missed. Can you survive?
  • Business Continuity Planning

    1. 1. Business Continuity Planning What it is Why you need it How to do it Last updated 18/09/2012 Slide 1©2012 Managed Networks. The MN logo, circles device and DesktopLive logo are registered trademarks.
    2. 2. Agenda • View from 30,000 feet • Scary facts • This is not a technology problem • How to go about it • Why backup isn’t enough • Technologies and approaches Last updated 18/09/2012 Slide 2©2012 Managed Networks. The MN logo, circles device and DesktopLive logo are registered trademarks.
    3. 3. The view from 30,000 feet Business Continuity Planning ...is about keeping your business running ...by anticipating and preventing problems ...by having planned responses to the incidents you can’t avoid ...is not just about technology ...is an ongoing process, not a one-off exercise ...needn’t be onerous, or expensive ...is required by FSA regulation ...features on public sector PQQs ...is increasingly part of your customers’ due-diligence Last updated 18/09/2012 Slide 3©2012 Managed Networks. The MN logo, circles device and DesktopLive logo are registered trademarks.
    4. 4. Scary facts 90% of business that lose data from a disaster are forced to shut within 2 years 80% of business without a well structured recovery plan are forced to shut within 12 months of a flood or fire 43% of companies experiencing disasters never recover a company experiencing a computer outage lasting longer than 10 days will never recover its full financial capacity less than 50% of all organisations in the UK have a business continuity plan 43% of companies who have a business continuity plan do not test it annually to ensure that it works one out of 500 data centres experience a severe disaster every year 58% of UK organisations were disrupted by September 11th with one in eight severely affected 83% of [London] SMEs have no written contingency plan (sources: LCC, Gartner, BIS) Last updated 18/09/2012 Slide 4©2012 Managed Networks. The MN logo, circles device and DesktopLive logo are registered trademarks.
    5. 5. This is not just an IT issue This is a management problem – get board support first! BCP is about protecting your business Most businesses are about people: staff, customers, suppliers IT is an enabling technology; for most businesses, no staff = no business, even if the technology is working You must consider the business as a whole, and integrate IT continuity as part of a larger plan Think about travel restrictions, pandemics, strike risks… Think about physical accommodation, paper records, contact info… Think about private knowledge and skills dependencies… Last updated 18/09/2012 Slide 5©2012 Managed Networks. The MN logo, circles device and DesktopLive logo are registered trademarks.
    6. 6. BCP lifecycle Policy Business Maintain impact analysis Select Test prevention measures Select Plan and recovery implement strategies Last updated 18/09/2012 Slide 6©2012 Managed Networks. The MN logo, circles device and DesktopLive logo are registered trademarks.
    7. 7. Policy • Get management support • Define roles, responsibilities, scope and goals • Understand the business context: • Regulation • Market • Scale • Priorities • Write a continuity policy • Integrate continuity into every business decision, don’t retrofit • Communicate the policy Last updated 18/09/2012 Slide 7©2012 Managed Networks. The MN logo, circles device and DesktopLive logo are registered trademarks.
    8. 8. Business impact analysis StoryManager internal and admin PSTN telephony Understand what you are protecting Shared whiteboard SQL Server Newsdesk Automated testing Monitoring tools Salesforce.com Subversion – Analyse business areas and prioritise them IM (Skype) Cloud financial mgmt Customer service telephony Cloud filestore DBManager internet browsing – Work out the MTD – do this collaboratively intranet MS Office (data processing) Card payment system remote access email file storage the CMS Critical 2h + 15m – Work through RTO and RPO with the business Client FAQ tool TaskManager Sage accounting Delphi Interoffice comms Compatibility Important 4h + 4h testing VOIP (Skype) Blackberry OnTime Visual Studio Correlate people, activities and resources Knowledgebase ( Google Sites) Marketo Newswire feed MS Office (general use) Material 8wh + 8wh YouManage (HR) – Map your processes Desirable 3wd + 8wh – Understand interdependencies Look for single points of failure what’s your weakest link? Last updated 18/09/2012 Slide 8©2012 Managed Networks. The MN logo, circles device and DesktopLive logo are registered trademarks.
    9. 9. Business impact analysis Analyse the risks and threats Specific (IT, staff, supply chain...) What if Bob is run over? What if the accounts system is unavailable? What if our main supplier goes bust? Organisational (fire, flood, burglary, loss of access...) What if the pipes burst in the office ceiling? What if our computers are stolen? What if they find asbestos in the building? General (terrorism, pandemic, weather...) What if the transport network is shut down by a bomb or a threat of one? What if half our staff are off sick? What if the M62 is impassable for a week? Try to quantify risks where possible AV x EF = SLE; SLE x ARO = ALE should exceed annual cost of BCP Last updated 18/09/2012 Slide 9©2012 Managed Networks. The MN logo, circles device and DesktopLive logo are registered trademarks.
    10. 10. Prevention measures Prevention is better than cure – It’s usually cheaper to avoid disaster than cope with it Build in resilience where it’s cost-effective – IT – multiple servers, RAID, redundant connections – staff – have an understudy programme, document procedures – data – keep key operational information on paper as well – facilities – enable home working, trade-off with neighbours Look for synergies and business gains to justify cost – multiple servers improve performance – understudying drives career growth and develops staff – well-designed operational reports provide KPI measurement – home working saves office costs and improves morale Physical Outsource risk – service providers will spend more than you can on resilience – their contract will give you financial compensation in the event of failure – they aren’t tied to your location Administrative Technical – you can have more than one, if it’s affordable and makes sense Last updated 18/09/2012 Slide 10©2012 Managed Networks. The MN logo, circles device and DesktopLive logo are registered trademarks.
    11. 11. Sidenote: cost curve Cost increases exponentially as RTO and RPO get shorter BCP is a cost centre – expenditure must be cost-justified ∞/∞ 3d/1d 1d/1d 4wh/4h 2wh/15m 0/0 Cost £ Last updated 18/09/2012 Slide 11©2012 Managed Networks. The MN logo, circles device and DesktopLive logo are registered trademarks.
    12. 12. Recovery strategies • Work out what you’ll do if prevention fails • Have different plans for different incidents • Break recovery down into discrete areas Understand priorities within areas (e.g. RTO vs RPO) Stay focused on cost/benefit • Separate interim, recovery and normal operations • Work outwards from the people, not inwards from the systems Look for workarounds Be prepared to compromise Be clear on responsibilities Last updated 18/09/2012 Slide 12©2012 Managed Networks. The MN logo, circles device and DesktopLive logo are registered trademarks.
    13. 13. Plan and implement Start with the basics no money, no business no logistics, no business no staff, no business Paper, paper, paper paper is instant-on, needs no power, works without installation and configuration, costs pretty well nothing per Mb, can be edited with a pencil – don’t underestimate it Don’t be daunted 90% of BCP is common-sense keep it simple stick to your identified priorities Delegate responsibility spreading responsibility for planning improves execution planners and leaders aren’t always the same people Communicate and train a plan no-one has seen before can’t be executed Last updated 18/09/2012 Slide 13©2012 Managed Networks. The MN logo, circles device and DesktopLive logo are registered trademarks.
    14. 14. Test Checklist test easily achieved What did we forget? Structured walk-through test Check and test your assumptions “We changed the tape every day” “But only Bob knows the password” Representative workshop “Where can I get one of these...NOW?” Surprise people Simulation test Anticipated tests only test the plan, not the people Change the scenario Let’s pretend What if it’s you that’s unavailable? Document everything you learn Parallel test If your results aren’t written back into the plan, they will be forgotten Next time you might not be there Now do it for real If you can afford a full test, there is no substitute Real-world test = better data Full-interruption test Publicise your test – involve customers and suppliers If you dare… assured But don’t create a disaster in trying to avoid one Last updated 18/09/2012 Slide 14©2012 Managed Networks. The MN logo, circles device and DesktopLive logo are registered trademarks.
    15. 15. Maintain Now do it all again Don’t take your plan for granted Your business will change Build updating of the BCP into your change control process Review the whole thing once a year Reinforce the training Last updated 18/09/2012 Slide 15©2012 Managed Networks. The MN logo, circles device and DesktopLive logo are registered trademarks.
    16. 16. Backup is not enough BCP depends on data backup, but data backup is not BCP. BCP is about preventing interruption; since not all interruption can be prevented, it also requires disaster recovery. DR also depends on data backup, but data backup is not DR either. …why? Last updated 18/09/2012 Slide 16©2012 Managed Networks. The MN logo, circles device and DesktopLive logo are registered trademarks.
    17. 17. DR scenario: tape • Fire at 5pm Friday • How much data loss? 6 days to recover 2 days of data lost • No Ultrium drives in PC World Saturday • Download software at home Is the tape drive available? Will the tape restore? Sunday • No progress Will the applications work? • Order tape drive Can you survive the downtime and Monday • Buy PC, install OS data loss? • Install tape drive Use removable disk? Tuesday • Install software • Have you got the hardware? • Restore completes • Will the apps restart? Wednesday • Restart applications Use on-line backup? • How long will it take to download? • Business back on-line Thursday • At 2Mb/s, 100Gb of data takes 142 hours to download • Will it be usable? Last updated 18/09/2012 Slide 17©2012 Managed Networks. The MN logo, circles device and DesktopLive logo are registered trademarks.
    18. 18. Where backup fits in Operations BCP Time travel / Item restore storage Prevention Recovery management Off-site Off-site Local Backup Archiving Resilience Security Local backup Backup Replication Last updated 18/09/2012 Slide 18©2012 Managed Networks. The MN logo, circles device and DesktopLive logo are registered trademarks.
    19. 19. Technologies Operational backup Archiving Resilience • Local live device • HSM • Clustering (physical, virtual) • Continuous or overnight • Archive tools • Redundancy • Snapshots / VSS • Media management (physical, logical) Security Recovery • Physical and logical • Local backup – single • Layered defence system • Off-site backup (media, stream) • Replication / geo-clustering Last updated 18/09/2012 Slide 19©2012 Managed Networks. The MN logo, circles device and DesktopLive logo are registered trademarks.
    20. 20. Recovery approaches Cold standby Warm standby •Tested kit with •Remote data replication appropriate drives •Ready to go, but offline •Wasted resource/low •How will users connect? operating cost •Test and reversion •What RTO can you achieve? Hot standby “Cloud” •Live replication, running •Delegates the IT loads challenge •Expensive •BCP is people and •Close to zero RTO/RPO processes first •Blended functioning to •Audit the provider reduce resource waste •How do you test their BCP? Last updated 18/09/2012 Slide 20©2012 Managed Networks. The MN logo, circles device and DesktopLive logo are registered trademarks.
    21. 21. Managed Networks 0800 783 6170 info@mn.co.uk www.mn.co.uk Call, email or visit our website for a free, no-obligation consultation. Last updated 18/09/2012 Slide 21©2012 Managed Networks. The MN logo, circles device and DesktopLive logo are registered trademarks.

    ×