Disaster Recovery Planning …….<br />Business Contingency Planning<br />A Business Model For Continuity Planning<br />David...
Introductions<br />David M. Crosby<br />Former VP of Information Security, Venture Bank<br />35 Years Experience in IT<br ...
Our World is Changing<br />
The Business Continuity Management Program<br />Institutional <br />Best Practices<br />Service To Our<br />Customers<br /...
The Business Continuity Management Program<br />The interruption of fundamental business processes for any extended period...
The Business Continuity Management Program<br />ERP<br />CMP<br />BCP<br />DRP<br />ERP– Emergency Response Plan: Steps Ta...
ERP<br />CMP<br />BCP<br />DRP<br />The Business Continuity Management Program<br />Working Components<br />Response - Not...
Components Of The Emergency Response Plan<br />Notification<br />Assessment <br />and <br />Status<br />Escalations<br />F...
Components Of The Disaster Recovery Plan<br />Disaster Recovery Planning<br />Steps taken to restore specified infrastruct...
Components Of The Disaster Recovery Plan<br />Disaster Recovery Is……<br />The successful recovery of mission-critical I.T....
Components Of The Disaster Recovery Plan<br />Applications <br />Analysis<br />Network<br />Infrastructure<br />Opens Syst...
Components Of The Disaster Recovery Plan<br />I.T. Requirements<br />RECOVERY TIME OBJECTIVE: (RTO)<br />The period of tim...
Components Of The Business Contingency Plan<br />DRP<br />BCP<br />DRP – Disaster Recovery Plan: Steps taken to restore sp...
Components Of The Business Contingency Plan<br />Business Contingency Planning<br />Steps taken to restore alternate busin...
Components Of The Business Contingency Plan<br />Business Contingency Planning Is……<br />The successful response to an int...
Components Of The Business Contingency Plan<br />Alternate <br />Resources<br />Documentation<br />Business <br />Resumpti...
Components Of The Business Contingency Plan<br />Business Continuity Planning Scenarios<br /><ul><li>Loss of I.T Services ...
   Loss of Functional Support Personnel
   Loss of Facility
   Loss of Network Connectivity
   Loss of Voice Communications
   Loss of 3rd Party Suppliers
   Loss of Business Partners</li></li></ul><li>Components Of The Business Contingency Plan<br />Build Contingency Plans<br...
Define the alternate process requirements for each component
Ensure interdependent business processes are identified and can be synched up
Define minimal processing requirements for each component</li></ul>TEST     -     TEST     -     TEST     -     TEST<br />
Components Of The Business Contingency Plan<br />Business Recovery Requirements<br />RECOVERY TIME OBJECTIVE: (RTO)<br />W...
Components Of The Business Contingency Plan<br />Centralized Administration and Coordination Decentralized Development, Ma...
Upcoming SlideShare
Loading in …5
×

Faith Community Disaster Preparedness Workshop Business Continuity

1,960 views

Published on

Sharing business continuity best practices for Pacific Northwest Community Churches.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,960
On SlideShare
0
From Embeds
0
Number of Embeds
14
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Faith Community Disaster Preparedness Workshop Business Continuity

  1. 1. Disaster Recovery Planning …….<br />Business Contingency Planning<br />A Business Model For Continuity Planning<br />David M. Crosby<br />Information Assurance and Business Sustainability<br />
  2. 2. Introductions<br />David M. Crosby<br />Former VP of Information Security, Venture Bank<br />35 Years Experience in IT<br />15 Years Experience in Information Security and Business Sustainability<br />Finance, Aerospace, Insurance and Energy Industry; and Technology and Services Company Principal<br />
  3. 3. Our World is Changing<br />
  4. 4. The Business Continuity Management Program<br />Institutional <br />Best Practices<br />Service To Our<br />Customers<br />County Regs.<br />HIPAA<br />GLB Notice<br />Disaster Recovery and Contingency Operations Protect Information and Processes<br />Int. Audit<br />Federal Regs.<br />Ext Audit<br />SB 1386<br />State Regs.<br />
  5. 5. The Business Continuity Management Program<br />The interruption of fundamental business processes for any extended period of time could have a debilitating affect on our basic infrastructure…….and our way of life<br />E-Commerce<br />Private and Business Online Trading<br />Cash Advances At ATM Machines<br />Personal and Commercial Online Banking<br />Purchases By Credit Cards<br />Just In Time Inventories<br />Communications<br />Student Services<br />Grants and Endowments<br />General Administration & Finance<br />
  6. 6. The Business Continuity Management Program<br />ERP<br />CMP<br />BCP<br />DRP<br />ERP– Emergency Response Plan: Steps Taken To Immediately Respond To An Event, Ensure Personnel Safety, Minimize Further Impact To Assets, And Make Proper Notifications.<br />DRP – Disaster Recovery Plan: Steps Taken To Restore Specified Infrastructure Requirements Such As Information Systems, Clinical Equipment Environments, Internal And External Network Connections, And Data Structures Utilizing Alternate Resources For Hardware, Software, Data, and Networks. <br />BCP – Business Contingency Plan: Steps Taken To Restore Alternate Business Processes In The Event That Automated Processes Or Business Infrastructures Are Unavailable, Employing Documented Workaround And/Or Manual Procedures And Alternate Resources.<br />CMP – Crisis Management Plan: Steps Taken To Manage The Event To Ensure That Order Is Maintained, Employee Assistance Is Being Provided, Proper Information Is Being Disseminated By Appropriate Representatives, Action Items Are Effectively Escalated, And Ongoing Internal And External Notifications Are Consistent.<br />
  7. 7. ERP<br />CMP<br />BCP<br />DRP<br />The Business Continuity Management Program<br />Working Components<br />Response - Notifications, assessments, escalations, declarations, etc. (established procedures)<br />Recovery/Relocation - Mobilization, Quick-ship, Infrastructure, Network and Data recovery, etc.. Movement of staff, patients, and business units to alternate facilities (flexibility and adaptability)<br />Resumption - of Business Operations and I.T. functionality (business units must synch up processes and resume operations at an alternate site)<br />Re-assessment - of situation, strategies, planning, reactions (input from all involved parties)<br />Restoration - Movement back to home site and/or normal operations (reconstituted at restored site by I.T. and/or Business Units<br />
  8. 8. Components Of The Emergency Response Plan<br />Notification<br />Assessment <br />and <br />Status<br />Escalations<br />First Response<br />Declarations<br />Initial Notifications Telephone Trees Command Center Assembly<br />Organizational Committees Local Authorities Vendors Customers Media<br />Personnel Safety Damage Mitigation Local Authorities Evacuations<br /> Damage Assessment<br />Initial Status Reporting<br />Secondary Notifications<br />Checklists<br />Scripts<br />Procedures<br />Contact Lists <br />Vendors<br />Mobilization<br />
  9. 9. Components Of The Disaster Recovery Plan<br />Disaster Recovery Planning<br />Steps taken to restore specified infrastructure requirements such as Information Systems, business equipment environments, internal and external network connections, and data structures utilizing alternate resources for hardware, software, data, and networks. <br />What To Do When The Computer Goes Down<br />
  10. 10. Components Of The Disaster Recovery Plan<br />Disaster Recovery Is……<br />The successful recovery of mission-critical I.T. services to the customer community in response to a crisis<br />Flexible Response To A Crisis<br />Place to Recover (Location/Equipment/Network)<br />Defined “Recovery Set” (Critical Components)<br />Reliable Backups<br />Test – Maintain – Test<br />Service Continuation<br />Disaster Recovery is NOT…..<br />Recovery of full environment<br />A business continuity plan<br />A replacement for conventional service plans<br />A trivial decision<br />
  11. 11. Components Of The Disaster Recovery Plan<br />Applications <br />Analysis<br />Network<br />Infrastructure<br />Opens Systems<br />I.S.<br />Infrastructure<br />Documentation<br />Hardware<br />Systems<br />Databases<br />TSO/CICS<br />Test Criteria/Objectives<br />Questionnaires Interviews Analysis Documented Profiles Test Criteria/Objectives Recovery Plans<br />LDAP<br />DNS<br />Email <br />Intranet/Internet <br />Gateway Servers<br />Test Criteria/Objectives<br />Owned Equipment<br /> DR Vendor Equipment<br />Connectivity Requirements <br />Test Criteria/Objectives <br />Remote Access Parameters <br />Define ‘rogue’ FTPs <br />Identified Network Services<br />Checklists<br />Scripts<br />Procedures<br />Contact Lists<br />Test <br />Criteria/Objectives<br />
  12. 12. Components Of The Disaster Recovery Plan<br />I.T. Requirements<br />RECOVERY TIME OBJECTIVE: (RTO)<br />The period of time in which systems, applications, or I.T. functions must be recovered after an outage. RTO&apos;s are often used as the basis for the development of recovery strategies, and as a determinant as to whether or not to implement the recovery strategies during a disaster situation. <br />RECOVERY POINT OBJECTIVE: (RPO) <br />The point in time to which systems and data must be restored after an outage. RPO&apos;s are often used as the basis for the development of backup strategies, and as a determinant of the amount of data that may need to be recreated after the systems or functions have been recovered.<br />
  13. 13. Components Of The Business Contingency Plan<br />DRP<br />BCP<br />DRP – Disaster Recovery Plan: Steps taken to restore specified infrastructure requirements such as Information Systems, business equipment environments, internal and external network connections, and data structures utilizing alternate resources for hardware, software, data, and networks. <br /> - Hardware - System Software<br /> - Data and Data Structures - Applications<br /> - Networks - Desktop Services<br /> - Production Support <br />BCP – Business Contingency Plan: Steps taken to restore alternate business processes in the event that automated processes or business infrastructures are unavailable, employing documented workaround and/or manual procedures and alternate resources.<br />- Relocation of Personnel<br /> - Availability of remote support services and network connections <br /> - Contingency office space<br />
  14. 14. Components Of The Business Contingency Plan<br />Business Contingency Planning<br />Steps taken to restore alternate business processes in the event that automated processes or business infrastructures are unavailable, employing documented workaround and/or manual procedures and alternate resources.<br />What To Do While The Computer Is Down<br />
  15. 15. Components Of The Business Contingency Plan<br />Business Contingency Planning Is……<br />The successful response to an interruption in normal operating procedures and thus services to the customer community<br />Flexible Response To A Crisis<br />Place to Initiate Contingency Operations (Systems/Network/Location/Personnel/Equipment)<br />Documented Systems Workaround Procedures<br />Alternate Resources<br />Business Continuity is NOT…..<br />Disaster Recovery, Emergency Preparedness, or Crisis Management<br />A Permanent Solution<br />An I.T. Issue<br />
  16. 16. Components Of The Business Contingency Plan<br />Alternate <br />Resources<br />Documentation<br />Business <br />Resumption<br />Personnel & Skill Sets<br />Facilities<br />Vendors<br />Hardware/Software<br />Communications<br />Procedures<br />Logistical Support<br />Forms<br />Contact Lists<br />Logistics<br />Transition Back To I.T.<br />Validation/Audit<br />Normal Operations<br />Business Cycles<br />Mobilization<br />Alternate<br />Processes<br />I.T. Workarounds<br />Manual Business Processes<br />Alternate Data Capture <br />Logistics<br />Location(s)<br />Transportation<br />Personnel<br />
  17. 17. Components Of The Business Contingency Plan<br />Business Continuity Planning Scenarios<br /><ul><li>Loss of I.T Services or Resources
  18. 18. Loss of Functional Support Personnel
  19. 19. Loss of Facility
  20. 20. Loss of Network Connectivity
  21. 21. Loss of Voice Communications
  22. 22. Loss of 3rd Party Suppliers
  23. 23. Loss of Business Partners</li></li></ul><li>Components Of The Business Contingency Plan<br />Build Contingency Plans<br /><ul><li>Identify key functional components to establish the business environment
  24. 24. Define the alternate process requirements for each component
  25. 25. Ensure interdependent business processes are identified and can be synched up
  26. 26. Define minimal processing requirements for each component</li></ul>TEST - TEST - TEST - TEST<br />
  27. 27. Components Of The Business Contingency Plan<br />Business Recovery Requirements<br />RECOVERY TIME OBJECTIVE: (RTO)<br />When do I have to have an alternate process in place to address loss of primary functions (I.T. and otherwise) ?<br />RECOVERY POINT OBJECTIVE: (RPO) <br />How current does my information have to be when normal processes are resumed ?<br />
  28. 28. Components Of The Business Contingency Plan<br />Centralized Administration and Coordination Decentralized Development, Maintenance and Execution<br />Web-Enabled – 24 x 7 x 365 access from anywhere with VPN connection<br />Automated progress reporting during Plans development, maintenance, and execution<br />Define relationship between BCPs and DRPs (RTO and RPO)<br />Capable of expanding to include ERP and CMP<br />Real-time updating to a single database, not multiple Plans<br />Version Control on all Plans<br />Concurrent Plan development<br /> Issue Templates<br /> Import Templates<br /> Develop BCPs<br />Flexibility when producing BCPs…………..or executing BCPs<br /> “Show me all Plans by Department….”<br /> “Show me all Plans by Building…..”<br /> “Show me all Plans by Building, by Floor…..”<br /> “Show me all Plans by Building, by Floor, by Department<br />
  29. 29. Components Of The Business Contingency Plan<br />Negotiate The Service Level Agreement Between I.T. And Business Operations<br />Use Both The I.T. And Business RTO & RPO As The Basis<br /> Disaster Recovery Plan Test Results Quantify Timelines<br /> Business Contingency Plan Exercises Qualify Impact<br /> I.T. Capabilities Improve Timelines – But At A Cost<br /> Business Contingencies Reduce Impact - But Require I.T. Capabilities<br /><ul><li> Criticality Rankings
  30. 30. Systems Recovery Sequencing
  31. 31. Business Process Prioritization
  32. 32. I.T. and Business Process Timelines
  33. 33. Negotiated RTO and RPO</li></li></ul><li>Components Of The Business Contingency Plan<br />Results<br />I.T. Better Understands The Customers’ Issues and Requirements<br />I.T. Obtains A Clearly Documented Set Of Customer Expectations For DRP’s<br /> - Clarify and Justify Budget Forecasts<br /> - Establishes Specific Test Objectives<br /> - Ensure Active Customer Involvement In Testing & Recovery Processes<br />Business Units Better Understand The Role Of I.T. In The Contingency Process<br />Business Units Obtain A Set Of Parameters From Which To Develop their BCP’s<br /> - Workaround Procedures During Downtime<br /> - Procedures For Capturing Lost Transactions From Downtime and During Recovery<br /> - Restoration Of Normal Environments<br />
  34. 34. Components Of The Crisis Management Plan<br />Event<br />Analysis<br />Reaction <br />Planning<br />Communications<br />Documentation<br />Catastrophic Events<br />Criminal Events<br />Disease/Epidemics<br />Technological or Safety<br />Utility or Structural<br />Weather<br />Personal vs. Professional<br />Local Media<br />Employees<br />Local Authorities<br />Openness<br />Accuracy<br />Balance<br />Designate a point person<br />Continuous Flow<br />Emotional Assistance<br />Addressing Traumatic Stress<br />Family Assistance Pgms<br />Professional Assistance<br />Provide Information & Counseling<br />Post Incident Follow-up<br />Employee Checklists<br />And Action Plans<br />Press Release Data<br />Employee Notification Mechanisms<br />
  35. 35. Components Of The Crisis Management Plan<br />Crisis Management PreparednessKey Elements<br />Identification of vulnerabilities<br />Performance of regional threat assessment <br />Assessment of system resources<br />Communications infrastructure<br />Standardization of plans<br />Dissemination of information<br />Analysis of system Surge Capacity<br />Collaboration with federal, state, local agencies<br />
  36. 36. Components Of The Crisis Management Plan<br />Regional Collaboration<br />Who does what?? Who calls whom??<br /><ul><li>Local</li></ul>Fire/EMS/OES<br />Law Enforcement<br />Health Dept./Hazmat<br />Hospitals<br /><ul><li>State</li></ul>State Health Dept.<br />State OES/DHS<br />Hospitals<br /><ul><li>Federal</li></ul>Federal Emergency Mgmt Agency<br />CDC<br />Military<br /><ul><li>Private Sector</li></ul>Collaboration<br />Individual Plans Supplement/Complement Broader Plans<br />Clinical Care Response<br />Public Health Response<br />
  37. 37. The Business Continuity Management Program<br />When the issues surrounding both I.T. Disaster Recovery Plans and Business Unit Business Contingency Plans come together what is at stake becomes much clearer, and each can understand the others objectives and expectations. Only then can a total Business Continuation Program be effective.<br />And if the organization has an effective Business Continuation Program, not only can it assure that its goals and objectives will be met…..but will also become a valued partner in the protection of the larger infrastructure.….<br />
  38. 38. Questions.....Comments ????<br />
  39. 39. Helping Others<br />

×