The document discusses business continuity planning and how it differs from disaster recovery. Business continuity involves maintaining critical business functions through daily activities and ensuring recoverability, while disaster recovery is a subset that deals with functions after a disaster. An effective business continuity plan considers factors like policies, procedures, staffing changes, regulatory changes, and technology changes to ensure normal business operations. Both IT and business units need continuity plans that address issues beyond backup and recovery.

1. TN-Summit 2008 Tennessee Board
of Regents
Business Continuity:
More than disaster recovery…
Presented by:
Greg Turmel
Jeff Hinds
DBA Collaborative

2. TN-Summit 2008 Tennessee Board
of Regents
Tennessee Summit
October 13‐14, 2008
Seeing the New Horizon
Technical DBA 3.6 Business Continuity: More Than Disaster Recovery
Abstract:
A high level discussion about how business continuity is more than
disaster recovery. Your IT business continuity plan must involve issues
across a broad range of IT centric topics. This discussion will touch on
the type of topics that should be included in your plan. Some of these
topics can include issues of government regulation, hardware and
software contracts, staff roles and responsibilities, and many others.
Your business continuity plan should include how to deal with a
changing environment and how your business will respond.
Do you have a business continuity plan?
DBA Collaborative

3. TN-Summit 2008 Tennessee Board
of Regents
What is Business Continuity?
Business Continuity is the activity performed by an
organization to ensure that critical business
functions will be available to customers, suppliers,
regulators, and other entities that must have access
to those functions. These activities include many
daily chores such as project management, system
backups, change control, and help desk. Business
Continuity is not something implemented at the
time of a disaster; Business Continuity refers to
those activities performed daily to maintain service,
consistency, and recoverability.
DBA Collaborative

4. TN-Summit 2008 Tennessee Board
of Regents
What is Business Continuity?
The foundation of Business Continuity is the
policies, guidelines, standards, and procedures
implemented by an organization. All system design,
implementation, support, and maintenance must be
based on this foundation in order to have any hope
of achieving Business Continuity, Disaster Recovery,
or in some cases, system support. Business
continuity is sometimes confused with disaster
recovery, but they are separate entities. Disaster
recovery is a small subset of business continuity.
DBA Collaborative

5. TN-Summit 2008 Tennessee Board
of Regents
What is Business Continuity?
The term Business Continuity describes a mentality
or methodology of conducting day‐to‐day business,
whereas Business Continuity Planning is an activity
of determining what that methodology should be.
The Business Continuity Plan may be thought of as
the incarnation of a methodology that is followed by
everyone in an organization on a daily basis to
ensure normal operations.
DBA Collaborative

6. TN-Summit 2008 Tennessee Board
of Regents
What is Business Continuity?
The components of the Business Continuity methodology required
for manifestation into a documented plan include:
1. Policies
2. Guidelines
3. Standards
4. Procedures
5. Resource Planning and Deployment
6. Organizational Structure
7. Business Impact Analysis
8. Security Management
9. Document Management
10. Change Management
11. Audit Management
12. Service Level Agreements
13. Other Components
14. Planning
DBA Collaborative

7. TN-Summit 2008 Tennessee Board
of Regents
Considerations of Business
Continuity Planning
•Business Impact and Risk Analysis
•Service Level Agreements (Vendor support)
•Business Goals and Objectives
•Changes to Policies, Standards,
Procedures, Objectives, etc…
DBA Collaborative

8. TN-Summit 2008 Tennessee Board
of Regents
What shapes your Business
Continuity Plan?
•Policies and Procedures
•Local, State, and Federal Regulations
•Industry Best Practices
•Competition
•Local Resources
•Etc…..
DBA Collaborative

9. TN-Summit 2008 Tennessee Board
of Regents
Business Continuity Plan should
include (examples):
•Disaster and Recovery (Most though of)
•Changes in staffing (retirements, etc..)
•Hardware changes
•Business logic (where is it?)
•Changes in Production (Decreases and Increases)
•Changes in Government
•Training
•Etc….
DBA Collaborative

10. TN-Summit 2008 Tennessee Board
of Regents
Who should be included?
College Finance and
Deans Payroll
Bursars' Office
Security
Facilities IT Office
Services
Telecommunications
Library
Public Relations Services Financial Aid
Offices
HR Users
Many, Many Others
DBA Collaborative

11. TN-Summit 2008 Tennessee Board
of Regents
Is Business Continuity just for the
IT Office?
No!
While IT must “Ensure Continuity of
Operations”, other parts of the business
must also “Ensure Continuity of Operations”.
IT is not the primary user of the systems.
The End Users community must also have
plans should changes affect their business;
staffing, Regulations, etc.
DBA Collaborative

12. TN-Summit 2008 Tennessee Board
of Regents
So what about the IT Business
Continuity Plan.
We have disaster recovery…….
DBA Collaborative

13. TN-Summit 2008 Tennessee Board
of Regents
So what about the IT Business
Continuity Plan.
We have disaster recovery…….
What about Change Management?
•Hardware and software patches/configurations
•Version upgrades
•Reporting requirements
DBA Collaborative

14. TN-Summit 2008 Tennessee Board
of Regents
So what about the IT Business
Continuity Plan.
What about changes in
•Staffing
•Enrollment levels
•Management
•Service Level Agreements (Vendor support)
•User requirements
•etc…..
DBA Collaborative

15. TN-Summit 2008 Tennessee Board
of Regents
Product Mix.
`
DBA Collaborative

16. TN-Summit 2008 Tennessee Board
of Regents
Move to Production
DBA Collaborative

17. TN-Summit 2008 Tennessee Board
of Regents
Value of Strategic Capabilities
IT can provide
DBA Collaborative

18. TN-Summit 2008 Tennessee Board
of Regents
What is included in your
Business Continuity Plan?
•Backup and Recovery . . .
•Management and management philosophies
•Product Mix
•Personnel and Job Roles and Duties
•Policies, Procedures, Standards,
•User acceptance testing
•Security and Audit requirement
•Local, State, and Federal Regulations
•Institutional Environment changes
•etc.
DBA Collaborative

19. TN-Summit 2008 Tennessee Board
of Regents
Who should be included in the
planning?
Operations
Functional Users Manager/Staff
Networking
Business Analysts
Luminis Public Relations
Manager Data
Project DBA Security
Manager Manager
System And many,
Administrator many more
DBA Collaborative

20. TN-Summit 2008 Tennessee Board
of Regents
Recap: IT Business Continuity
document plan includes….
1. Policies
2. Guidelines
3. Standards
4. Procedures
5. Resource Planning and Deployment
6. Organizational Structure
7. Business Impact Analysis
8. Security Management
9. Document Management
10. Change Management
11. Audit Management
12. Service Level Agreements
13. Other Components
14. Planning
DBA Collaborative

21. TN-Summit 2008 Tennessee Board
of Regents
References:
•Ensuring continuity of operations: Are you ready?
http://blogs.techrepublic.com.com/itdojo/?p=177&tag=nl.e101
•The Business Continuity Institute
http://www.thebci.org/
•Contingency Planning World
http://www.business-continuity-world.com/
•Business Continuity Planning & Disaster Recovery Planning World
http://www.disasterrecoveryworld.com/
DBA Collaborative