Business Continuity A matter of survival Session 2 Continuity planning : background and life-cycle
Why important? Heavy reliance on IT Pressure to deliver IT services Increasing range of threats
Continuity planning - objective “The objective of business continuity planning is to ensure that key business activities are restored and maintained as quickly as possible following any major disaster or failure that affects essential services or facilities”. A code of practice for Information Security Management, British Standards Institution
Causes of business continuity failures include :- What can go wrong? Causes of business continuity failures include :- hardware failure (22%) flood (19%) power outage (15%) hurricane (11%) fire/explosion (8%) earthquake (6%) bomb blast (5%) COMDISCO
For government sector computer systems :- Who might be affected? For government sector computer systems :- the general public the government businesses law and order/air traffic control/hospitals/etc
Top managements’ reaction? Too expensive Disaster unlikely to happen More important things to do We will ‘muddle through’ Unaware of the business risks
The ingredients of continuity planning? People Time Money Business Systems The Environment Corporate Information
The economics Continuity planing costs :- risk assessment developing the plan additional countermeasures recovery support contracts training and publicity testing the plan maintaining the plan The plan must relate to business needs
Continuity planning life-cycle Preliminary work Business Impact Review Recovery Options Review Develop the plan Awareness and testing Analyse test results Update the plan
Summary Importance - reliance on IT; pressures; threats Objective - restore key business systems within an acceptable timeframe Contingency versus Continuity Ingredients - resources; systems; environment; information Economics - must relate to business needs Development and maintenance life cycle