SlideShare a Scribd company logo

Disaster Recovery Planning

Download as PPTX, PDF
K
Kathy Pelletier

This document discusses disaster recovery planning for healthcare organizations. It provides an overview of key disaster recovery planning concepts and terms. It also outlines considerations for developing a disaster recovery plan, including evaluating risks, defining risk tolerance, developing roles and responsibilities, scenario planning, data backup and recovery, and documentation. The document discusses how disaster recovery planning fits within broader business continuity planning and presents a methodology for a full business continuity program that incorporates disaster recovery. It also covers current trends and standards related to disaster recovery planning.

Technology
1 of 27
DISASTER RECOVERY PLANNING FOR HEALTHCARE Ron Pelletier, CISSP, CBCP, CISA, QSA VP and Executive Manager FOR HEALTHCARE ORGANIZATIONS DISASTER RECOVERY PLANNING INMGA – August 11, 2015
DISASTER RECOVERY PLANNING FOR HEALTHCARE AGENDA • Disaster Recovery Planning Overview • General DRP Considerations • A BCM Methodology (encompasses DRP) • Trends and Standards • Questions PONDURANCE 2
DISASTER RECOVERY PLANNING FOR HEALTHCAREPONDURANCE 3 DISASTER RECOVERY PLANNING OVERVIEW
DISASTER RECOVERY PLANNING FOR HEALTHCARE SIMPLIFIED DRP TERMS PONDURANCE 4 Disaster Recovery – Planning to sustain supporting technology & data. Crisis Management – Preserving life safety and business image. Business Impact Analysis – Establish the organization’s critical path. Recovery Time Objective – When do the systems/processes need to be restored? Recovery Point Objective – How much data can you stand to lose? Maximum Tolerable Downtime – What is the point of unacceptable risk? Risk Tolerance – Collective picture of risk management and BCM. High Availability – When downtime of systems/data is not an option. Minimum Operating Requirements – What do you need, and when, to get by.
DISASTER RECOVERY PLANNING FOR HEALTHCARE WHERE DOES DRP FIT IN THE BCM LIFECYCLE? PONDURANCE 5 BCM Business Continuity Planning Disaster Recovery Planning High Availability Risk Management Incident Response Crisis Management (general, not all inclusive)
DISASTER RECOVERY PLANNING FOR HEALTHCARE TRADITIONAL THINKING ON DISASTER RECOVERY PONDURANCE 6 Disaster Recovery vs. Business Continuity PEOPLE BUSINESS PROCESSES PROCESS CONTINUITY BUSINESS PROCESSES DRPDRPDRP Disaster Recovery Business Continuity TECH/DATA RESTORE B U S I N E S S C O N T I N U I T Y B U S I E N S S C O N T I N U I T Y
DISASTER RECOVERY PLANNING FOR HEALTHCARE THE INTEGRATED PERSPECTIVE PONDURANCE 7 Defined Tolerance for Risk Program Exercising, Change Management, Maintenance (BCP) Business Continuity Planning (DRP) Disaster Recovery Planning DRP Strategies BCP Strategies DRP Documentation BCP Documentation The Risk Analysis Phase Current State Assessment Threat and Risk Assessment Business Impact Analysis CRISIS MANAGEMENT • Owns Initial and Ongoing Response • Allocates Emergency Resources • MAKES DECISIONS AS REQUIRED • Functions as Steering Committee
DISASTER RECOVERY PLANNING FOR HEALTHCAREPONDURANCE 8 GENERAL DRP CONSIDERATIONS
DISASTER RECOVERY PLANNING FOR HEALTHCARE EVALUATE YOUR OPERATING RISK PONDURANCE 9 • PREPARE TO AVOID BUT PLAN TO RESPOND!! • Human, technical, operational and strategic threats MUST be considered to formulate a viable avoidance and/or response posture • Look for single points of failure that might not have been considered (control systems, joined power junctions, shared data closets, shared passwords, single communication gateway) • Consider your level of reliance on other entities (parent organizations, shared services, external service providers, etc.) • Integrate your risk assessment process with Cyber Security efforts. According to KPMG’s BCM Survey Only 41% of Companies integrate BCM with Cyber Security • Do you have specific technologies at your site that are not typically supported by a shared services organization? • Do you have a defined owner or custodian for your Disaster Recovery Planning efforts?
DISASTER RECOVERY PLANNING FOR HEALTHCARE DEFINING RISK TOLERANCE FOR DRP PONDURANCE 10 $ and Operational Impacts Manual Processing Application ‘X’ in 72 Hours Application ‘X’ in24 Hours Management Negotiation Based on Risk Tolerance Recovery Time Objectives (RTO’s) Recovery Point Objectives (RPOs) Current Recovery Capabilities (CRC’s) Information Technology Group Current State Assessment Maximum Tolerable Downtimes (MTD’s) Business Unit Personnel Business Impact Analysis
DISASTER RECOVERY PLANNING FOR HEALTHCARE RISK TOLERANCE AND HEALTHCARE PONDURANCE 11 • Two schools of thought can muddy the water when considering technology downtime in healthcare: o “We have been treating patients for centuries without technology…we can live without it indefinitely” o “We have grown so dependent on technology that we cannot be inconvenienced by its loss for even a single hour” • How do you appropriately consider the risk to your organization, without trying to “over-engineer” a solution? • What happens if technology platforms are down for extended periods of time?
DISASTER RECOVERY PLANNING FOR HEALTHCARE RISK TOLERANCE AND HEALTHCARE PONDURANCE 12 • Consider looking at 2 key criteria to arrive at true business impact: 1. Degradation of Care (Life Safety): The degradation of care considers specific risks of patient-safety, if care professionals do not have access to all patient records that may provide insight into patient profiles (e.g., pharmaceuticals, allergies, past procedures, etc). 2. Patient Throughput (Financial and Operational): “Throughput” represents the number of patients that can be reasonably and safely treated over a given period of time. Without a level of automation and record accessibility, it’s logical to assume that hospitals will not be able to attend to, admit, or discharge the “normal” volume of patients with the same level of efficiency. This can lead to direct financial impacts, as it would likely lead to a reduced and untimely level of billing for patient care. • Use qualitative measures where they make sense, but attempt to arrive at a Recovery Time Objective for each key system (HIPAA denotes this as “addressable”)
DISASTER RECOVERY PLANNING FOR HEALTHCARE DEVELOPING DRP ROLES/RESPONSIBILITIES PONDURANCE 13 • Consider a 360 degree approach to ensure appropriate organizational coverage • Look outside the organization to determine if there are groups/entities with whom you need to coordinate your strategies and plans • If you are part of a hospital system, have you integrated with their Hospital Command? • If you have personal that you contract to facilities, do you know what their plans are if their facilities are impacted? • Break down the roles and corresponding plans to facilitate action and accountability • How do you define an incident commander? • What about facilities? Specific technologies?
DISASTER RECOVERY PLANNING FOR HEALTHCARE DEVELOPING DRP ROLES/RESPONSIBILITIES (SAMPLE ORG CHART FOR DRP) PONDURANCE 14 IT Incident Commander TBD at Time of Incident IT Customer Support Center Lead IT Hospital Command Liaison IT Safety/Security/Privacy Officer IT Command Group IT Operations Support Group Infrastructure Team Leader Applications Team Leader Facilities Director Logistics & Vendor Support Finance/Administration Hospital Command IT Facility and Technical Teams IT Facility Coordinators Applications Teams Infrastructure Teams Data Recovery Teams IT Security IT Executive(s)
DISASTER RECOVERY PLANNING FOR HEALTHCARE DRP SCENARIO PLANNING PONDURANCE 15 • Ensure your response procedures have adequate flexibility to respond to both common and unique situations • Do not get too specific or box your plans to a certain scenario, use situations that may prompt a certain response • Align your response planning with the applicable Hospital Command (if that is applicable) • Remember that disasters related to technology could take on physical form, logical form, or a combination of the 2 • While area-wide disasters are less likely to occur, they need to be at least considered (think Hurricanes Sandy, Katrina; Northeast power outage; ice storms, etc.)
DISASTER RECOVERY PLANNING FOR HEALTHCARE DRP SCENARIO PLANNING - EXAMPLE PONDURANCE 16
DISASTER RECOVERY PLANNING FOR HEALTHCARE REVIEW YOUR DATA BACKUP AND RECOVERY PONDURANCE 17 • Ensure the data backup scheme complements the Recovery Time and Recovery Point Objectives (RTOs & RPOs) • Tapes are fine, but often they are either not removed from the site or are taken offsite 1x per week • If the backups (tape or disk) are not tested periodically to verify full restoration, the capability to restore is questionable • If the backup tapes are not encrypted when removed offsite, you are introducing a whole new set of risk • Don’t blindly jump to a high availability strategy if it is not justified. It is entirely possible that even a replication strategy is not necessary, and a high availability strategy may completely over-engineer the program • BUT…only proper analysis can provide that answer
DISASTER RECOVERY PLANNING FOR HEALTHCARE DRP DOCUMENTATION CONSIDERATIONS PONDURANCE 18 • Consider segmented action plan documents that are managed by accountable person(s), but provide seamless integration and consistency in format • Have a Central Plan to drive communications and Emergency Response • Have “extracts” or job action sheets that represent specific technical procedures for rebuild, restore, recover, etc. • Assign accountability as appropriate, and add depth to preserve continuity • Ensure the procedures are fairly thorough, but do not drive inflexibility or box the responders into a single set of actions • Store the plans where they are accessible, particularly if your internal systems fail • Ensure the plan appendices have adequate reference information (key vendors and contacts, location of stored equipment, etc.)
DISASTER RECOVERY PLANNING FOR HEALTHCARE DRP DOCUMENTATION CONSIDERATIONS PONDURANCE 19
DISASTER RECOVERY PLANNING FOR HEALTHCAREPONDURANCE 20 A FULL BCM METHODOLOGY (WITH DRP CONSIDERATIONS)
DISASTER RECOVERY PLANNING FOR HEALTHCARE 6 DOMAINS TO CONSIDER FOR BUILDING BCM PONDURANCE 21 Assess the entity controls that integrate, manage, and sustain a viable BCM throughout the enterprise 1. Program Management •Program Definition – Establish the program is formally developed and integrated •Support and Accountability – Establish the program is supported at the highest level of the org •Budget Planning and Program Evaluation – The org is committed to sustaining program viability The organization has defined its recovery, restoration, and high availability requirements related to business processes, applications, infrastructure & data 2. Requirements Definition •Risk Analysis and Treatment – Establish the org has analyzed its risk posture, reasonably reduce risk •The BIA Methodology – Establish the org maintains formal method to define impacts, prioritize criticality •Data Flows and Dependencies – Establish that dependencies (internal/external) are documented •Analysis and Reporting – Establish that BIA results are aggregated, prioritized, and approved Assess the organization’s method for developing continuity and availability strategies, within its maximum tolerable downtime. 3. Strategy Selection •Staff and Support Requirements – Establish that strategies are developed based on defined requirements •Course of Action Analysis – Establish that the cost to maintain strategies in line with risk tolerance •Monitor, Evaluate for Change – Establish that strategies are periodically evaluated for change
DISASTER RECOVERY PLANNING FOR HEALTHCARE 6 DOMAINS TO CONSIDER FOR AUDIT PONDURANCE 22 Assess the sufficiency, completeness, applicability, and implementation of the organization’s documented BCP/DRP plans.4. Plan Development •Plan Components & Framework – Establish plans are documented, align with requirements •Supporting, Storing Plans – Establish plans are accessible, assigned to process owners •Plan Updates – Establish plans change as processes, technologies, people change Assess the organization’s method for vendor selection and oversight relevant to the BCM program.5. Vendor Management •Vendor Contracting – Establish vendors are screened, will meet contractual requirements •Critical Vendor Dependencies – Establish critical dependencies are known, accounted for •Vendor Integration, Testing – Establish vendors occasionally participate in tests/exercises Assess the organization’s capability to test and maintain the viability of its BCM program. 6. Implementation, Maintenance •Testing and Validation – Establish plans are valid through scheduled, ongoing testing •Change Management – Establish changes required to BCM are formalized •Workforce Awareness – Establish workforce members are aware of the BCM program
DISASTER RECOVERY PLANNING FOR HEALTHCARE CONSIDER A MATURITY MODEL APPROACH PONDURANCE 23 As of: SEPTEMBER 2012 Client: Affiliate: Maturity Rating Not Addressed Minimally Addressed Emerging Managed 1 41% 0 0 5 7 1.1 25% 0 0 1 2 1.2 45% 0 0 2 3 1.3 54% 0 0 2 2 2 46% 0 2 10 4 2.1 25% 0 1 3 0 2.2 59% 0 0 0 4 2.3 25% 0 1 3 0 2.4 75% 0 0 4 0 3 61% 0 1 6 4 3.1 56% 0 0 3 3 3.2 47% 0 1 2 0 3.3 80% 0 0 1 1 4 38% 0 0 6 5 4.1 50% 0 0 4 2 4.2 40% 0 0 0 2 4.3 25% 0 0 2 1 5 30% 0 4 2 3 5.1 25% 0 0 1 2 5.2 40% 0 3 0 1 5.3 25% 0 1 1 0 6 67% 0 0 4 7 6.1 75% 0 0 1 3 6.2 50% 0 0 3 0 6.3 75% 0 0 0 4 47% 0 7 33 30 CLIENT NAME SUB ORGANIZATION QUANTIFIED BCM FINDINGS (# of findings per maturity level) Vendor Contracting Data Flows and Dependencies Plan Updates Supporting and Storing the Plans Program Definition REQUIREMENTS DEFINITION The BIA Methodology Support and Accountability Budget Planning and Program Evaluation Risk Analysis and Treatment Analysis and Reporting STRATEGY SELECTION Change Management Workforce Awareness Enterprise BCM Principles Critical Vendor Dependencies Vendor Integration and Testing PLAN IMPLEMENTATION & MAINTENANCE Testing and Validation Scoring PROGRAM MANAGEMENT Staff and Support Requirements VENDOR MANAGEMENT Course of Action Analysis Monitor and Evaluate for Change PLAN DEVELOPMENT Plan Components and Framework • Facilitates Scalable Program • Isolates Highest Risk Areas • Accounts for areas to sustain • Incorporates All Findings from the Audit
DISASTER RECOVERY PLANNING FOR HEALTHCAREPONDURANCE 24 DRP TRENDS & STANDARDS
DISASTER RECOVERY PLANNING FOR HEALTHCARE EMERGING TRENDS IN DRP PONDURANCE 25 • Virtualization helps reduce number of overall IT assets, improves system uptime…but beware of single points of failure! • Cloud computing provides a viable outsourcing option for production technologies…but be sure your cloud vendor is capable of meeting your RTOs, RPOs! • Mobile devices provide a means of portability for documented plans, communications, and rapid response…but be sure phones are secure, encrypt if possible! • Social networking provides an effective way to broadcast incidents, particularly for crisis management…but be sure that the messages are controlled!
DISASTER RECOVERY PLANNING FOR HEALTHCARE CURRENT AND EMERGING STANDARDS PONDURANCE 26 • Business Continuity Institute - Good Practice Guideline (2010) • BS 25999 Business Continuity – BSI’s practices guideline • Disaster Recovery Institute (DRI) – Professional Practices for BCM • ISO/IEC 22301:2012 – One of the newest, aligned with the ISO27k set of standards
DISASTER RECOVERY PLANNING FOR HEALTHCARE Ron Pelletier, CISSP, CBCP, CISA, QSA VP and Executive Manager QUESTIONS ron.pelletier@pondurance.com www.pondurance.com Pondurance 3105 East 98th Street Suite 120 Indianapolis, IN 46280

Recommended

Disaster Recovery Plan
Disaster Recovery PlanDisaster Recovery Plan
Disaster Recovery PlanDavid Donovan
 
Disaster Recovery Plan
Disaster Recovery PlanDisaster Recovery Plan
Disaster Recovery Planmhdpaknejad
 
Disaster Recovery Plan / Enterprise Continuity Plan
Disaster Recovery Plan / Enterprise Continuity PlanDisaster Recovery Plan / Enterprise Continuity Plan
Disaster Recovery Plan / Enterprise Continuity PlanMarcelo Silva
 
Disaster recovery
Disaster recoveryDisaster recovery
Disaster recoverySameeu Imad
 
IT-Centric Disaster Recovery & Business Continuity
IT-Centric Disaster Recovery & Business ContinuityIT-Centric Disaster Recovery & Business Continuity
IT-Centric Disaster Recovery & Business ContinuitySteve Susina
 
Bcp
BcpBcp
Bcpmadunix
 
Disaster Recovery Plan for IT
Disaster Recovery Plan for ITDisaster Recovery Plan for IT
Disaster Recovery Plan for IThhuihhui
 
Business continuity & Disaster recovery planing
Business continuity & Disaster recovery planingBusiness continuity & Disaster recovery planing
Business continuity & Disaster recovery planingHanaysha
 

Recommended

Disaster Recovery Plan
Disaster Recovery PlanDisaster Recovery Plan
Disaster Recovery PlanDavid Donovan
 
Disaster Recovery Plan
Disaster Recovery PlanDisaster Recovery Plan
Disaster Recovery Planmhdpaknejad
 
Disaster Recovery Plan / Enterprise Continuity Plan
Disaster Recovery Plan / Enterprise Continuity PlanDisaster Recovery Plan / Enterprise Continuity Plan
Disaster Recovery Plan / Enterprise Continuity PlanMarcelo Silva
 
Disaster recovery
Disaster recoveryDisaster recovery
Disaster recoverySameeu Imad
 
IT-Centric Disaster Recovery & Business Continuity
IT-Centric Disaster Recovery & Business ContinuityIT-Centric Disaster Recovery & Business Continuity
IT-Centric Disaster Recovery & Business ContinuitySteve Susina
 
Bcp
BcpBcp
Bcpmadunix
 
Disaster Recovery Plan for IT
Disaster Recovery Plan for ITDisaster Recovery Plan for IT
Disaster Recovery Plan for IThhuihhui
 
Business continuity & Disaster recovery planing
Business continuity & Disaster recovery planingBusiness continuity & Disaster recovery planing
Business continuity & Disaster recovery planingHanaysha
 
An Introduction to Disaster Recovery Planning
An Introduction to Disaster Recovery PlanningAn Introduction to Disaster Recovery Planning
An Introduction to Disaster Recovery PlanningNEBizRecovery
 
Disaster Recovery Planning
Disaster Recovery PlanningDisaster Recovery Planning
Disaster Recovery PlanningJohn Wilson
 
Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)Narudom Roongsiriwong, CISSP
 
Contingency Planning And Disaster Recovery Planning
Contingency Planning And Disaster Recovery PlanningContingency Planning And Disaster Recovery Planning
Contingency Planning And Disaster Recovery Planningmmohamme1124
 
Business Continuity & Disaster Recovery
Business Continuity & Disaster RecoveryBusiness Continuity & Disaster Recovery
Business Continuity & Disaster RecoveryEC-Council
 
Disaster Recovery Planning PowerPoint Presentation Slides
Disaster Recovery Planning PowerPoint Presentation SlidesDisaster Recovery Planning PowerPoint Presentation Slides
Disaster Recovery Planning PowerPoint Presentation SlidesSlideTeam
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planninggcleary
 
Effective Business Continuity Plan Powerpoint Presentation Slides
Effective Business Continuity Plan Powerpoint Presentation SlidesEffective Business Continuity Plan Powerpoint Presentation Slides
Effective Business Continuity Plan Powerpoint Presentation SlidesSlideTeam
 
Building a Business Continuity Capability
Building a Business Continuity CapabilityBuilding a Business Continuity Capability
Building a Business Continuity CapabilityRod Davis
 
Business Continuity Planning Presentation
Business Continuity Planning PresentationBusiness Continuity Planning Presentation
Business Continuity Planning PresentationThe Chamber For a Greater Chapel Hill-Carrboro
 
Developing and Managing Business Continuity Plan (BCP)
Developing and Managing Business Continuity Plan (BCP)Developing and Managing Business Continuity Plan (BCP)
Developing and Managing Business Continuity Plan (BCP)Goutama Bachtiar
 
Business Continuity Planning Presentation Overview
Business Continuity Planning Presentation OverviewBusiness Continuity Planning Presentation Overview
Business Continuity Planning Presentation OverviewBob Winkler
 
Disaster Recovery Plan
Disaster Recovery PlanDisaster Recovery Plan
Disaster Recovery PlanIndeevari Ramanayake
 
Disaster Recovery
Disaster RecoveryDisaster Recovery
Disaster RecoverySteven Cahill
 
Best Practices in Disaster Recovery Planning and Testing
Best Practices in Disaster Recovery Planning and TestingBest Practices in Disaster Recovery Planning and Testing
Best Practices in Disaster Recovery Planning and TestingAxcient
 
Information Technology Disaster Planning
Information Technology Disaster PlanningInformation Technology Disaster Planning
Information Technology Disaster Planningguest340570
 
The Surprising Truth About Your Disaster Recovery Maturity Level
The Surprising Truth About Your Disaster Recovery Maturity LevelThe Surprising Truth About Your Disaster Recovery Maturity Level
The Surprising Truth About Your Disaster Recovery Maturity LevelAxcient
 
Assess Your Business Continuity Management Process
Assess Your Business Continuity Management ProcessAssess Your Business Continuity Management Process
Assess Your Business Continuity Management ProcessAnand Subramaniam
 
Disaster recovery solution
Disaster recovery solutionDisaster recovery solution
Disaster recovery solutionAnton An
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planningalanlund
 
King Tirana Disaster Risk final - Introduction to Risk Management: Concepts, ...
King Tirana Disaster Risk final - Introduction to Risk Management: Concepts, ...King Tirana Disaster Risk final - Introduction to Risk Management: Concepts, ...
King Tirana Disaster Risk final - Introduction to Risk Management: Concepts, ...UNESCO Venice Office
 
Disaster Recovery Planning
Disaster Recovery PlanningDisaster Recovery Planning
Disaster Recovery PlanningSoetam Rizky
 

More Related Content

What's hot

An Introduction to Disaster Recovery Planning
An Introduction to Disaster Recovery PlanningAn Introduction to Disaster Recovery Planning
An Introduction to Disaster Recovery PlanningNEBizRecovery
 
Disaster Recovery Planning
Disaster Recovery PlanningDisaster Recovery Planning
Disaster Recovery PlanningJohn Wilson
 
Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)Narudom Roongsiriwong, CISSP
 
Contingency Planning And Disaster Recovery Planning
Contingency Planning And Disaster Recovery PlanningContingency Planning And Disaster Recovery Planning
Contingency Planning And Disaster Recovery Planningmmohamme1124
 
Business Continuity & Disaster Recovery
Business Continuity & Disaster RecoveryBusiness Continuity & Disaster Recovery
Business Continuity & Disaster RecoveryEC-Council
 
Disaster Recovery Planning PowerPoint Presentation Slides
Disaster Recovery Planning PowerPoint Presentation SlidesDisaster Recovery Planning PowerPoint Presentation Slides
Disaster Recovery Planning PowerPoint Presentation SlidesSlideTeam
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planninggcleary
 
Effective Business Continuity Plan Powerpoint Presentation Slides
Effective Business Continuity Plan Powerpoint Presentation SlidesEffective Business Continuity Plan Powerpoint Presentation Slides
Effective Business Continuity Plan Powerpoint Presentation SlidesSlideTeam
 
Building a Business Continuity Capability
Building a Business Continuity CapabilityBuilding a Business Continuity Capability
Building a Business Continuity CapabilityRod Davis
 
Developing and Managing Business Continuity Plan (BCP)
Developing and Managing Business Continuity Plan (BCP)Developing and Managing Business Continuity Plan (BCP)
Developing and Managing Business Continuity Plan (BCP)Goutama Bachtiar
 
Business Continuity Planning Presentation Overview
Business Continuity Planning Presentation OverviewBusiness Continuity Planning Presentation Overview
Business Continuity Planning Presentation OverviewBob Winkler
 
Best Practices in Disaster Recovery Planning and Testing
Best Practices in Disaster Recovery Planning and TestingBest Practices in Disaster Recovery Planning and Testing
Best Practices in Disaster Recovery Planning and TestingAxcient
 
Information Technology Disaster Planning
Information Technology Disaster PlanningInformation Technology Disaster Planning
Information Technology Disaster Planningguest340570
 
The Surprising Truth About Your Disaster Recovery Maturity Level
The Surprising Truth About Your Disaster Recovery Maturity LevelThe Surprising Truth About Your Disaster Recovery Maturity Level
The Surprising Truth About Your Disaster Recovery Maturity LevelAxcient
 
Assess Your Business Continuity Management Process
Assess Your Business Continuity Management ProcessAssess Your Business Continuity Management Process
Assess Your Business Continuity Management ProcessAnand Subramaniam
 
Disaster recovery solution
Disaster recovery solutionDisaster recovery solution
Disaster recovery solutionAnton An
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planningalanlund
 

What's hot (20)

An Introduction to Disaster Recovery Planning
An Introduction to Disaster Recovery PlanningAn Introduction to Disaster Recovery Planning
An Introduction to Disaster Recovery Planning
 
Disaster Recovery Planning
Disaster Recovery PlanningDisaster Recovery Planning
Disaster Recovery Planning
 
Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)
 
Contingency Planning And Disaster Recovery Planning
Contingency Planning And Disaster Recovery PlanningContingency Planning And Disaster Recovery Planning
Contingency Planning And Disaster Recovery Planning
 
Business Continuity & Disaster Recovery
Business Continuity & Disaster RecoveryBusiness Continuity & Disaster Recovery
Business Continuity & Disaster Recovery
 
Disaster Recovery Planning PowerPoint Presentation Slides
Disaster Recovery Planning PowerPoint Presentation SlidesDisaster Recovery Planning PowerPoint Presentation Slides
Disaster Recovery Planning PowerPoint Presentation Slides
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planning
 
Effective Business Continuity Plan Powerpoint Presentation Slides
Effective Business Continuity Plan Powerpoint Presentation SlidesEffective Business Continuity Plan Powerpoint Presentation Slides
Effective Business Continuity Plan Powerpoint Presentation Slides
 
Building a Business Continuity Capability
Building a Business Continuity CapabilityBuilding a Business Continuity Capability
Building a Business Continuity Capability
 
Business Continuity Planning Presentation
Business Continuity Planning PresentationBusiness Continuity Planning Presentation
Business Continuity Planning Presentation
 
Developing and Managing Business Continuity Plan (BCP)
Developing and Managing Business Continuity Plan (BCP)Developing and Managing Business Continuity Plan (BCP)
Developing and Managing Business Continuity Plan (BCP)
 
Business Continuity Planning Presentation Overview
Business Continuity Planning Presentation OverviewBusiness Continuity Planning Presentation Overview
Business Continuity Planning Presentation Overview
 
Disaster Recovery Plan
Disaster Recovery PlanDisaster Recovery Plan
Disaster Recovery Plan
 
Disaster Recovery
Disaster RecoveryDisaster Recovery
Disaster Recovery
 
Best Practices in Disaster Recovery Planning and Testing
Best Practices in Disaster Recovery Planning and TestingBest Practices in Disaster Recovery Planning and Testing
Best Practices in Disaster Recovery Planning and Testing
 
Information Technology Disaster Planning
Information Technology Disaster PlanningInformation Technology Disaster Planning
Information Technology Disaster Planning
 
The Surprising Truth About Your Disaster Recovery Maturity Level
The Surprising Truth About Your Disaster Recovery Maturity LevelThe Surprising Truth About Your Disaster Recovery Maturity Level
The Surprising Truth About Your Disaster Recovery Maturity Level
 
Assess Your Business Continuity Management Process
Assess Your Business Continuity Management ProcessAssess Your Business Continuity Management Process
Assess Your Business Continuity Management Process
 
Disaster recovery solution
Disaster recovery solutionDisaster recovery solution
Disaster recovery solution
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planning
 

Viewers also liked

King Tirana Disaster Risk final - Introduction to Risk Management: Concepts, ...
King Tirana Disaster Risk final - Introduction to Risk Management: Concepts, ...King Tirana Disaster Risk final - Introduction to Risk Management: Concepts, ...
King Tirana Disaster Risk final - Introduction to Risk Management: Concepts, ...UNESCO Venice Office
 
Disaster Recovery Planning
Disaster Recovery PlanningDisaster Recovery Planning
Disaster Recovery PlanningSoetam Rizky
 
Disaster Recovery Planning - Anthology 2009
Disaster Recovery Planning - Anthology 2009 Disaster Recovery Planning - Anthology 2009
Disaster Recovery Planning - Anthology 2009 Soetam Rizky
 
Disaster recovery on demand on the cloud
Disaster recovery on demand on the cloudDisaster recovery on demand on the cloud
Disaster recovery on demand on the cloudNati Shalom
 
Symantec Endpoint Protection
Symantec Endpoint ProtectionSymantec Endpoint Protection
Symantec Endpoint ProtectionSymantec
 
Why Software-Defined Storage Matters
Why Software-Defined Storage MattersWhy Software-Defined Storage Matters
Why Software-Defined Storage MattersRed_Hat_Storage
 
Symantec Endpoint Protection Enterprise Edition Best Practices Guidelines
Symantec Endpoint Protection Enterprise Edition Best Practices GuidelinesSymantec Endpoint Protection Enterprise Edition Best Practices Guidelines
Symantec Endpoint Protection Enterprise Edition Best Practices GuidelinesSree Harsha Boyapati
 
Dell EMC Spanning
Dell EMC SpanningDell EMC Spanning
Dell EMC SpanningNovosco
 
Pecha Kuch - BCP & DRP - By Balasubramanian P
Pecha Kuch - BCP & DRP - By Balasubramanian P Pecha Kuch - BCP & DRP - By Balasubramanian P
Pecha Kuch - BCP & DRP - By Balasubramanian P Compassites Navigator
 
ISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best PracticeISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best PracticeMissionMode
 

Viewers also liked (11)

King Tirana Disaster Risk final - Introduction to Risk Management: Concepts, ...
King Tirana Disaster Risk final - Introduction to Risk Management: Concepts, ...King Tirana Disaster Risk final - Introduction to Risk Management: Concepts, ...
King Tirana Disaster Risk final - Introduction to Risk Management: Concepts, ...
 
Disaster Recovery Planning
Disaster Recovery PlanningDisaster Recovery Planning
Disaster Recovery Planning
 
Disaster Recovery Planning - Anthology 2009
Disaster Recovery Planning - Anthology 2009 Disaster Recovery Planning - Anthology 2009
Disaster Recovery Planning - Anthology 2009
 
Qatar Proposal
Qatar ProposalQatar Proposal
Qatar Proposal
 
Disaster recovery on demand on the cloud
Disaster recovery on demand on the cloudDisaster recovery on demand on the cloud
Disaster recovery on demand on the cloud
 
Symantec Endpoint Protection
Symantec Endpoint ProtectionSymantec Endpoint Protection
Symantec Endpoint Protection
 
Why Software-Defined Storage Matters
Why Software-Defined Storage MattersWhy Software-Defined Storage Matters
Why Software-Defined Storage Matters
 
Symantec Endpoint Protection Enterprise Edition Best Practices Guidelines
Symantec Endpoint Protection Enterprise Edition Best Practices GuidelinesSymantec Endpoint Protection Enterprise Edition Best Practices Guidelines
Symantec Endpoint Protection Enterprise Edition Best Practices Guidelines
 
Dell EMC Spanning
Dell EMC SpanningDell EMC Spanning
Dell EMC Spanning
 
Pecha Kuch - BCP & DRP - By Balasubramanian P
Pecha Kuch - BCP & DRP - By Balasubramanian P Pecha Kuch - BCP & DRP - By Balasubramanian P
Pecha Kuch - BCP & DRP - By Balasubramanian P
 
ISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best PracticeISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best Practice
 

Similar to Disaster Recovery Planning

contingency planning in health care delivery
contingency planning in health care deliverycontingency planning in health care delivery
contingency planning in health care deliveryRuby Med Plus
 
Business continuity planning and disaster recovery
Business continuity planning and disaster recoveryBusiness continuity planning and disaster recovery
Business continuity planning and disaster recoveryKrutiShah114
 
Practical_Guide_for_Disaster_Avoidance
Practical_Guide_for_Disaster_AvoidancePractical_Guide_for_Disaster_Avoidance
Practical_Guide_for_Disaster_AvoidanceJoe Soroka
 
Module 9 - External Crisis – What to do!.pptx
Module 9 - External Crisis – What to do!.pptxModule 9 - External Crisis – What to do!.pptx
Module 9 - External Crisis – What to do!.pptxcaniceconsulting
 
Continuity Planning 101
Continuity Planning 101Continuity Planning 101
Continuity Planning 101tjrettig
 
During week 6 we develop the theory and application of capital bud.docx
During week 6 we develop the theory and application of capital bud.docxDuring week 6 we develop the theory and application of capital bud.docx
During week 6 we develop the theory and application of capital bud.docxjacksnathalie
 
Business Continuity Plan
Business Continuity PlanBusiness Continuity Plan
Business Continuity PlanBizPlanss
 
Microsoft Navigating Incident Response [EN].pdf
Microsoft Navigating Incident Response [EN].pdfMicrosoft Navigating Incident Response [EN].pdf
Microsoft Navigating Incident Response [EN].pdfSnarky Security
 
Running head Residency DRP Research Paper OutlineResidency DR.docx
Running head Residency DRP Research Paper OutlineResidency DR.docxRunning head Residency DRP Research Paper OutlineResidency DR.docx
Running head Residency DRP Research Paper OutlineResidency DR.docxtodd521
 
Topic Describe each of the elements of a Business Continuity Plan .docx
Topic Describe each of the elements of a Business Continuity Plan .docxTopic Describe each of the elements of a Business Continuity Plan .docx
Topic Describe each of the elements of a Business Continuity Plan .docxjuliennehar
 
JC EM Conference 2013 -Paturas
JC EM Conference 2013 -PaturasJC EM Conference 2013 -Paturas
JC EM Conference 2013 -Paturasjpaturas
 
Business continuity & disaster recovery
Business continuity & disaster recoveryBusiness continuity & disaster recovery
Business continuity & disaster recoveryGeorge Coutsoumbidis
 
Pandemic planning and implementation for business resiliency
Pandemic planning and implementation for business resiliencyPandemic planning and implementation for business resiliency
Pandemic planning and implementation for business resiliencyLauraToplis
 
Key Features of Effective Business Continuity Plan
Key Features of Effective Business Continuity PlanKey Features of Effective Business Continuity Plan
Key Features of Effective Business Continuity PlanContinuSys
 
IT Business Continuity Planning 2004
IT Business Continuity Planning 2004IT Business Continuity Planning 2004
IT Business Continuity Planning 2004Donald E. Hester
 
Irs intro unit 2 irs overview usfs ip (1)
Irs intro unit 2 irs overview usfs ip (1)Irs intro unit 2 irs overview usfs ip (1)
Irs intro unit 2 irs overview usfs ip (1)neeraj verma
 

Similar to Disaster Recovery Planning (20)

contingency planning in health care delivery
contingency planning in health care deliverycontingency planning in health care delivery
contingency planning in health care delivery
 
A Guide to Disaster Preparedness for Businesses
A Guide to Disaster Preparedness for BusinessesA Guide to Disaster Preparedness for Businesses
A Guide to Disaster Preparedness for Businesses
 
Business continuity planning and disaster recovery
Business continuity planning and disaster recoveryBusiness continuity planning and disaster recovery
Business continuity planning and disaster recovery
 
Practical_Guide_for_Disaster_Avoidance
Practical_Guide_for_Disaster_AvoidancePractical_Guide_for_Disaster_Avoidance
Practical_Guide_for_Disaster_Avoidance
 
Module 9 - External Crisis – What to do!.pptx
Module 9 - External Crisis – What to do!.pptxModule 9 - External Crisis – What to do!.pptx
Module 9 - External Crisis – What to do!.pptx
 
SQMS_5.pptx
SQMS_5.pptxSQMS_5.pptx
SQMS_5.pptx
 
Continuity Planning 101
Continuity Planning 101Continuity Planning 101
Continuity Planning 101
 
During week 6 we develop the theory and application of capital bud.docx
During week 6 we develop the theory and application of capital bud.docxDuring week 6 we develop the theory and application of capital bud.docx
During week 6 we develop the theory and application of capital bud.docx
 
Business Continuity Plan
Business Continuity PlanBusiness Continuity Plan
Business Continuity Plan
 
Microsoft Navigating Incident Response [EN].pdf
Microsoft Navigating Incident Response [EN].pdfMicrosoft Navigating Incident Response [EN].pdf
Microsoft Navigating Incident Response [EN].pdf
 
Running head Residency DRP Research Paper OutlineResidency DR.docx
Running head Residency DRP Research Paper OutlineResidency DR.docxRunning head Residency DRP Research Paper OutlineResidency DR.docx
Running head Residency DRP Research Paper OutlineResidency DR.docx
 
Topic Describe each of the elements of a Business Continuity Plan .docx
Topic Describe each of the elements of a Business Continuity Plan .docxTopic Describe each of the elements of a Business Continuity Plan .docx
Topic Describe each of the elements of a Business Continuity Plan .docx
 
JC EM Conference 2013 -Paturas
JC EM Conference 2013 -PaturasJC EM Conference 2013 -Paturas
JC EM Conference 2013 -Paturas
 
Disaster Recovery Policy
Disaster Recovery PolicyDisaster Recovery Policy
Disaster Recovery Policy
 
Business continuity & disaster recovery
Business continuity & disaster recoveryBusiness continuity & disaster recovery
Business continuity & disaster recovery
 
Pandemic planning and implementation for business resiliency
Pandemic planning and implementation for business resiliencyPandemic planning and implementation for business resiliency
Pandemic planning and implementation for business resiliency
 
Key Features of Effective Business Continuity Plan
Key Features of Effective Business Continuity PlanKey Features of Effective Business Continuity Plan
Key Features of Effective Business Continuity Plan
 
IT Business Continuity Planning 2004
IT Business Continuity Planning 2004IT Business Continuity Planning 2004
IT Business Continuity Planning 2004
 
Irs intro unit 2 irs overview usfs ip (1)
Irs intro unit 2 irs overview usfs ip (1)Irs intro unit 2 irs overview usfs ip (1)
Irs intro unit 2 irs overview usfs ip (1)
 
Risk crisis nad management
Risk crisis nad managementRisk crisis nad management
Risk crisis nad management
 

Recently uploaded

Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Alison B. Lowndes
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsExpeed Software
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomCzechDreamin
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Product School
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoTAnalytics
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024Stephanie Beckett
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxDavid Michel
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsStefano
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCzechDreamin
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyJohn Staveley
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Product School
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupCatarinaPereira64715
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...CzechDreamin
 
Agentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdfAgentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdfChristopherTHyatt
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2DianaGray10
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
 

Recently uploaded (20)

Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. Startups
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John Staveley
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
 
Agentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdfAgentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 

Disaster Recovery Planning

  • 1. DISASTER RECOVERY PLANNING FOR HEALTHCARE Ron Pelletier, CISSP, CBCP, CISA, QSA VP and Executive Manager FOR HEALTHCARE ORGANIZATIONS DISASTER RECOVERY PLANNING INMGA – August 11, 2015
  • 2. DISASTER RECOVERY PLANNING FOR HEALTHCARE AGENDA • Disaster Recovery Planning Overview • General DRP Considerations • A BCM Methodology (encompasses DRP) • Trends and Standards • Questions PONDURANCE 2
  • 3. DISASTER RECOVERY PLANNING FOR HEALTHCAREPONDURANCE 3 DISASTER RECOVERY PLANNING OVERVIEW
  • 4. DISASTER RECOVERY PLANNING FOR HEALTHCARE SIMPLIFIED DRP TERMS PONDURANCE 4 Disaster Recovery – Planning to sustain supporting technology & data. Crisis Management – Preserving life safety and business image. Business Impact Analysis – Establish the organization’s critical path. Recovery Time Objective – When do the systems/processes need to be restored? Recovery Point Objective – How much data can you stand to lose? Maximum Tolerable Downtime – What is the point of unacceptable risk? Risk Tolerance – Collective picture of risk management and BCM. High Availability – When downtime of systems/data is not an option. Minimum Operating Requirements – What do you need, and when, to get by.
  • 5. DISASTER RECOVERY PLANNING FOR HEALTHCARE WHERE DOES DRP FIT IN THE BCM LIFECYCLE? PONDURANCE 5 BCM Business Continuity Planning Disaster Recovery Planning High Availability Risk Management Incident Response Crisis Management (general, not all inclusive)
  • 6. DISASTER RECOVERY PLANNING FOR HEALTHCARE TRADITIONAL THINKING ON DISASTER RECOVERY PONDURANCE 6 Disaster Recovery vs. Business Continuity PEOPLE BUSINESS PROCESSES PROCESS CONTINUITY BUSINESS PROCESSES DRPDRPDRP Disaster Recovery Business Continuity TECH/DATA RESTORE B U S I N E S S C O N T I N U I T Y B U S I E N S S C O N T I N U I T Y
  • 7. DISASTER RECOVERY PLANNING FOR HEALTHCARE THE INTEGRATED PERSPECTIVE PONDURANCE 7 Defined Tolerance for Risk Program Exercising, Change Management, Maintenance (BCP) Business Continuity Planning (DRP) Disaster Recovery Planning DRP Strategies BCP Strategies DRP Documentation BCP Documentation The Risk Analysis Phase Current State Assessment Threat and Risk Assessment Business Impact Analysis CRISIS MANAGEMENT • Owns Initial and Ongoing Response • Allocates Emergency Resources • MAKES DECISIONS AS REQUIRED • Functions as Steering Committee
  • 8. DISASTER RECOVERY PLANNING FOR HEALTHCAREPONDURANCE 8 GENERAL DRP CONSIDERATIONS
  • 9. DISASTER RECOVERY PLANNING FOR HEALTHCARE EVALUATE YOUR OPERATING RISK PONDURANCE 9 • PREPARE TO AVOID BUT PLAN TO RESPOND!! • Human, technical, operational and strategic threats MUST be considered to formulate a viable avoidance and/or response posture • Look for single points of failure that might not have been considered (control systems, joined power junctions, shared data closets, shared passwords, single communication gateway) • Consider your level of reliance on other entities (parent organizations, shared services, external service providers, etc.) • Integrate your risk assessment process with Cyber Security efforts. According to KPMG’s BCM Survey Only 41% of Companies integrate BCM with Cyber Security • Do you have specific technologies at your site that are not typically supported by a shared services organization? • Do you have a defined owner or custodian for your Disaster Recovery Planning efforts?
  • 10. DISASTER RECOVERY PLANNING FOR HEALTHCARE DEFINING RISK TOLERANCE FOR DRP PONDURANCE 10 $ and Operational Impacts Manual Processing Application ‘X’ in 72 Hours Application ‘X’ in24 Hours Management Negotiation Based on Risk Tolerance Recovery Time Objectives (RTO’s) Recovery Point Objectives (RPOs) Current Recovery Capabilities (CRC’s) Information Technology Group Current State Assessment Maximum Tolerable Downtimes (MTD’s) Business Unit Personnel Business Impact Analysis
  • 11. DISASTER RECOVERY PLANNING FOR HEALTHCARE RISK TOLERANCE AND HEALTHCARE PONDURANCE 11 • Two schools of thought can muddy the water when considering technology downtime in healthcare: o “We have been treating patients for centuries without technology…we can live without it indefinitely” o “We have grown so dependent on technology that we cannot be inconvenienced by its loss for even a single hour” • How do you appropriately consider the risk to your organization, without trying to “over-engineer” a solution? • What happens if technology platforms are down for extended periods of time?
  • 12. DISASTER RECOVERY PLANNING FOR HEALTHCARE RISK TOLERANCE AND HEALTHCARE PONDURANCE 12 • Consider looking at 2 key criteria to arrive at true business impact: 1. Degradation of Care (Life Safety): The degradation of care considers specific risks of patient-safety, if care professionals do not have access to all patient records that may provide insight into patient profiles (e.g., pharmaceuticals, allergies, past procedures, etc). 2. Patient Throughput (Financial and Operational): “Throughput” represents the number of patients that can be reasonably and safely treated over a given period of time. Without a level of automation and record accessibility, it’s logical to assume that hospitals will not be able to attend to, admit, or discharge the “normal” volume of patients with the same level of efficiency. This can lead to direct financial impacts, as it would likely lead to a reduced and untimely level of billing for patient care. • Use qualitative measures where they make sense, but attempt to arrive at a Recovery Time Objective for each key system (HIPAA denotes this as “addressable”)
  • 13. DISASTER RECOVERY PLANNING FOR HEALTHCARE DEVELOPING DRP ROLES/RESPONSIBILITIES PONDURANCE 13 • Consider a 360 degree approach to ensure appropriate organizational coverage • Look outside the organization to determine if there are groups/entities with whom you need to coordinate your strategies and plans • If you are part of a hospital system, have you integrated with their Hospital Command? • If you have personal that you contract to facilities, do you know what their plans are if their facilities are impacted? • Break down the roles and corresponding plans to facilitate action and accountability • How do you define an incident commander? • What about facilities? Specific technologies?
  • 14. DISASTER RECOVERY PLANNING FOR HEALTHCARE DEVELOPING DRP ROLES/RESPONSIBILITIES (SAMPLE ORG CHART FOR DRP) PONDURANCE 14 IT Incident Commander TBD at Time of Incident IT Customer Support Center Lead IT Hospital Command Liaison IT Safety/Security/Privacy Officer IT Command Group IT Operations Support Group Infrastructure Team Leader Applications Team Leader Facilities Director Logistics & Vendor Support Finance/Administration Hospital Command IT Facility and Technical Teams IT Facility Coordinators Applications Teams Infrastructure Teams Data Recovery Teams IT Security IT Executive(s)
  • 15. DISASTER RECOVERY PLANNING FOR HEALTHCARE DRP SCENARIO PLANNING PONDURANCE 15 • Ensure your response procedures have adequate flexibility to respond to both common and unique situations • Do not get too specific or box your plans to a certain scenario, use situations that may prompt a certain response • Align your response planning with the applicable Hospital Command (if that is applicable) • Remember that disasters related to technology could take on physical form, logical form, or a combination of the 2 • While area-wide disasters are less likely to occur, they need to be at least considered (think Hurricanes Sandy, Katrina; Northeast power outage; ice storms, etc.)
  • 16. DISASTER RECOVERY PLANNING FOR HEALTHCARE DRP SCENARIO PLANNING - EXAMPLE PONDURANCE 16
  • 17. DISASTER RECOVERY PLANNING FOR HEALTHCARE REVIEW YOUR DATA BACKUP AND RECOVERY PONDURANCE 17 • Ensure the data backup scheme complements the Recovery Time and Recovery Point Objectives (RTOs & RPOs) • Tapes are fine, but often they are either not removed from the site or are taken offsite 1x per week • If the backups (tape or disk) are not tested periodically to verify full restoration, the capability to restore is questionable • If the backup tapes are not encrypted when removed offsite, you are introducing a whole new set of risk • Don’t blindly jump to a high availability strategy if it is not justified. It is entirely possible that even a replication strategy is not necessary, and a high availability strategy may completely over-engineer the program • BUT…only proper analysis can provide that answer
  • 18. DISASTER RECOVERY PLANNING FOR HEALTHCARE DRP DOCUMENTATION CONSIDERATIONS PONDURANCE 18 • Consider segmented action plan documents that are managed by accountable person(s), but provide seamless integration and consistency in format • Have a Central Plan to drive communications and Emergency Response • Have “extracts” or job action sheets that represent specific technical procedures for rebuild, restore, recover, etc. • Assign accountability as appropriate, and add depth to preserve continuity • Ensure the procedures are fairly thorough, but do not drive inflexibility or box the responders into a single set of actions • Store the plans where they are accessible, particularly if your internal systems fail • Ensure the plan appendices have adequate reference information (key vendors and contacts, location of stored equipment, etc.)
  • 19. DISASTER RECOVERY PLANNING FOR HEALTHCARE DRP DOCUMENTATION CONSIDERATIONS PONDURANCE 19
  • 20. DISASTER RECOVERY PLANNING FOR HEALTHCAREPONDURANCE 20 A FULL BCM METHODOLOGY (WITH DRP CONSIDERATIONS)
  • 21. DISASTER RECOVERY PLANNING FOR HEALTHCARE 6 DOMAINS TO CONSIDER FOR BUILDING BCM PONDURANCE 21 Assess the entity controls that integrate, manage, and sustain a viable BCM throughout the enterprise 1. Program Management •Program Definition – Establish the program is formally developed and integrated •Support and Accountability – Establish the program is supported at the highest level of the org •Budget Planning and Program Evaluation – The org is committed to sustaining program viability The organization has defined its recovery, restoration, and high availability requirements related to business processes, applications, infrastructure & data 2. Requirements Definition •Risk Analysis and Treatment – Establish the org has analyzed its risk posture, reasonably reduce risk •The BIA Methodology – Establish the org maintains formal method to define impacts, prioritize criticality •Data Flows and Dependencies – Establish that dependencies (internal/external) are documented •Analysis and Reporting – Establish that BIA results are aggregated, prioritized, and approved Assess the organization’s method for developing continuity and availability strategies, within its maximum tolerable downtime. 3. Strategy Selection •Staff and Support Requirements – Establish that strategies are developed based on defined requirements •Course of Action Analysis – Establish that the cost to maintain strategies in line with risk tolerance •Monitor, Evaluate for Change – Establish that strategies are periodically evaluated for change
  • 22. DISASTER RECOVERY PLANNING FOR HEALTHCARE 6 DOMAINS TO CONSIDER FOR AUDIT PONDURANCE 22 Assess the sufficiency, completeness, applicability, and implementation of the organization’s documented BCP/DRP plans.4. Plan Development •Plan Components & Framework – Establish plans are documented, align with requirements •Supporting, Storing Plans – Establish plans are accessible, assigned to process owners •Plan Updates – Establish plans change as processes, technologies, people change Assess the organization’s method for vendor selection and oversight relevant to the BCM program.5. Vendor Management •Vendor Contracting – Establish vendors are screened, will meet contractual requirements •Critical Vendor Dependencies – Establish critical dependencies are known, accounted for •Vendor Integration, Testing – Establish vendors occasionally participate in tests/exercises Assess the organization’s capability to test and maintain the viability of its BCM program. 6. Implementation, Maintenance •Testing and Validation – Establish plans are valid through scheduled, ongoing testing •Change Management – Establish changes required to BCM are formalized •Workforce Awareness – Establish workforce members are aware of the BCM program
  • 23. DISASTER RECOVERY PLANNING FOR HEALTHCARE CONSIDER A MATURITY MODEL APPROACH PONDURANCE 23 As of: SEPTEMBER 2012 Client: Affiliate: Maturity Rating Not Addressed Minimally Addressed Emerging Managed 1 41% 0 0 5 7 1.1 25% 0 0 1 2 1.2 45% 0 0 2 3 1.3 54% 0 0 2 2 2 46% 0 2 10 4 2.1 25% 0 1 3 0 2.2 59% 0 0 0 4 2.3 25% 0 1 3 0 2.4 75% 0 0 4 0 3 61% 0 1 6 4 3.1 56% 0 0 3 3 3.2 47% 0 1 2 0 3.3 80% 0 0 1 1 4 38% 0 0 6 5 4.1 50% 0 0 4 2 4.2 40% 0 0 0 2 4.3 25% 0 0 2 1 5 30% 0 4 2 3 5.1 25% 0 0 1 2 5.2 40% 0 3 0 1 5.3 25% 0 1 1 0 6 67% 0 0 4 7 6.1 75% 0 0 1 3 6.2 50% 0 0 3 0 6.3 75% 0 0 0 4 47% 0 7 33 30 CLIENT NAME SUB ORGANIZATION QUANTIFIED BCM FINDINGS (# of findings per maturity level) Vendor Contracting Data Flows and Dependencies Plan Updates Supporting and Storing the Plans Program Definition REQUIREMENTS DEFINITION The BIA Methodology Support and Accountability Budget Planning and Program Evaluation Risk Analysis and Treatment Analysis and Reporting STRATEGY SELECTION Change Management Workforce Awareness Enterprise BCM Principles Critical Vendor Dependencies Vendor Integration and Testing PLAN IMPLEMENTATION & MAINTENANCE Testing and Validation Scoring PROGRAM MANAGEMENT Staff and Support Requirements VENDOR MANAGEMENT Course of Action Analysis Monitor and Evaluate for Change PLAN DEVELOPMENT Plan Components and Framework • Facilitates Scalable Program • Isolates Highest Risk Areas • Accounts for areas to sustain • Incorporates All Findings from the Audit
  • 24. DISASTER RECOVERY PLANNING FOR HEALTHCAREPONDURANCE 24 DRP TRENDS & STANDARDS
  • 25. DISASTER RECOVERY PLANNING FOR HEALTHCARE EMERGING TRENDS IN DRP PONDURANCE 25 • Virtualization helps reduce number of overall IT assets, improves system uptime…but beware of single points of failure! • Cloud computing provides a viable outsourcing option for production technologies…but be sure your cloud vendor is capable of meeting your RTOs, RPOs! • Mobile devices provide a means of portability for documented plans, communications, and rapid response…but be sure phones are secure, encrypt if possible! • Social networking provides an effective way to broadcast incidents, particularly for crisis management…but be sure that the messages are controlled!
  • 26. DISASTER RECOVERY PLANNING FOR HEALTHCARE CURRENT AND EMERGING STANDARDS PONDURANCE 26 • Business Continuity Institute - Good Practice Guideline (2010) • BS 25999 Business Continuity – BSI’s practices guideline • Disaster Recovery Institute (DRI) – Professional Practices for BCM • ISO/IEC 22301:2012 – One of the newest, aligned with the ISO27k set of standards
  • 27. DISASTER RECOVERY PLANNING FOR HEALTHCARE Ron Pelletier, CISSP, CBCP, CISA, QSA VP and Executive Manager QUESTIONS ron.pelletier@pondurance.com www.pondurance.com Pondurance 3105 East 98th Street Suite 120 Indianapolis, IN 46280