Business Continuity A matter of survival Session 2 Continuity planning : background and life-cycle

Why important? Heavy reliance on IT Pressure to deliver IT services Increasing range of threats

Continuity planning - objective “The objective of business continuity planning is to ensure that key business activities are restored and maintained as quickly as possible following any major disaster or failure that affects essential services or facilities”. A code of practice for Information Security Management, British Standards Institution

Causes of business continuity failures include :- What can go wrong? Causes of business continuity failures include :- hardware failure (22%) flood (19%) power outage (15%) hurricane (11%) fire/explosion (8%) earthquake (6%) bomb blast (5%) COMDISCO

For government sector computer systems :- Who might be affected? For government sector computer systems :- the general public the government businesses law and order/air traffic control/hospitals/etc

Top managements’ reaction? Too expensive Disaster unlikely to happen More important things to do We will ‘muddle through’ Unaware of the business risks

The ingredients of continuity planning? People Time Money Business Systems The Environment Corporate Information

The economics Continuity planing costs :- risk assessment developing the plan additional countermeasures recovery support contracts training and publicity testing the plan maintaining the plan The plan must relate to business needs

Continuity planning life-cycle Preliminary work Business Impact Review Recovery Options Review Develop the plan Awareness and testing Analyse test results Update the plan

Summary Importance - reliance on IT; pressures; threats Objective - restore key business systems within an acceptable timeframe Contingency versus Continuity Ingredients - resources; systems; environment; information Economics - must relate to business needs Development and maintenance life cycle