Business Continuity and Disaster Recovery Planning.

Slides:



Advertisements
Similar presentations
The Why, What and How of Disaster Recovery Plan Testing Presented By: Ed Deveau.
Advertisements

1 The Basics of Business Continuity Presented by Mary F. Sandy, CBCP Business Continuity/Disaster Recovery Class DePaul University ©Mary F. Sandy, 2006.
Session No. 4 Implementing the State’s Safety Programme Implementing Service Providers SMS
DISASTER PLANNING: Do it Before Disaster Strikes Community Issues Satellite Workshops Department of Commerce & Economic Opportunity.
Environmental Management System Implementation
[Organisation’s Title] Environmental Management System
A Brief Overview of Emergency Management Office of Emergency Management April 2006 Prepared By: The Spartanburg County Office of Emergency Management.
Environmental Management System (EMS)
EPA EMS General Awareness Training Presented by David Guest, Esq. U.S. EPA Washington, D.C.
Business Continuity Disaster Recovery Risk Management How do these fit into a Framework?
1 Continuity Planning for transportation agencies.
Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP)
Business Continuity Planning and Disaster Recovery Planning
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Implementing SMS in Civil Aviation: the Canadian Perspective.
Contractor Management and ISO 14001:2004
Security Controls – What Works
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
TEL382 Greene Chapter /27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.
Disaster Recovery and Business Continuity Gretchen Grey.
Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Disaster Recovery and Business Continuity Ensuring Member Service in Times of Crisis.
Disaster Recovery Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.
Controlling Risk by Managing Change Jessica Blaydes & Gary Fobare Honeywell Aerospace 2013 Region IX Workshop.
Gulf Coast Energy International Business Continuity / Disaster Recovery Planning and Design Proposal Prepared by Andrew Rolf, Felipe Torres, Pranay Jaiswal.
Network security policy: best practices
Business Continuity and You! The Ohio State University Business & Finance Enterprise Continuity Program Quarterly Update October 2008Business and Finance.
1 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Reducing your Risk Profile MIDWEST DATA RECOVERY INC.
EASTERN MICHIGAN UNIVERSITY Continuity of Operations Planning (COOP)
Unit Introduction and Overview
 A project is “a unique endeavor to produce a set of deliverables within clearly specified time, cost and quality constraints”
Module 3 Develop the Plan Planning for Emergencies – For Small Business –
FORESEC Academy FORESEC Academy Security Essentials (II)
Unit 8:COOP Plan and Procedures  Explain purpose of a COOP plan  Propose an outline for a COOP plan  Identify procedures that can effectively support.
ISA 562 Internet Security Theory & Practice
Alachua County Continuity of Government (COG) Alachua County Emergency Operations Center (EOC) 19 February hrs.
© 2013 Cengage Learning. All Rights Reserved. 1 Part Four: Implementing Business Ethics in a Global Economy Chapter 9: Managing and Controlling Ethics.
Rich Archer Partner, Risk Advisory Services KPMG LLP Auditing Business Continuity Plans.
Roles and Responsibilities
Anne Arundel County COOP Kick-Off Office of Emergency Management Jim Weed, Director
Privacy Project Framework & Structure HIPAA Summit Brent Saunders
Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.
Business Continuity Program Orientation (insert presentation date) (This presentation is a template that requires adjustments to meet your needs)
SMS Planning.  Safety management addresses all of the operational activities of the entire organization.  The four (4) components of an SMS are: 1)
“Integrating Property Management with Emergency Recovery” Ivonne Bachar, CPPM CF Director, Property Management Office Stanford University
Workshop on Implementing Audit Quality Practices Working Group on Audit Manuals and Methods March 2006 Vilnius (Lithuania) Hungarian Experiences.
Unit 3: Identifying and Safeguarding Vital Records Unit Introduction and Overview Unit objective:  Describe the elements of an effective vital records.
NFPA 1600 Disaster/Emergency Management and Business Continuity Programs.
This course, Essential Records Seminar, is part of
FIRMA 2010 Larry J. Kallembach April 1, MB Financial Headquarters - September 2008 Chicago is a Lakefront city…….
Erman Taşkın. Information security aspects of business continuity management Objective: To counteract interruptions to business activities and to protect.
Chapter 3: Business Continuity Planning. Planning for Business Continuity Assess risks to business processes Minimize impact from disruptions Maintain.
Revision N° 11ICAO Safety Management Systems (SMS) Course01/01/08 Module N° 9 – SMS operation.
Business Continuity Disaster Planning
CBIZ RISK & ADVISORY SERVICES BUSINESS CONTINUITY PLANNING Developing a Readiness Strategy that Mitigates Risk and is Actionable and Easy to Implement.
A Lightweight Business Continuity & Disaster Recovery Plan Motahareh Moravej Issuers’ Affairs Director at CSDI PHD. Student of Computer Engineering, UT.
AUDITING BUSINESS CONTINUITY PROGRAMS AND PLANS What to Look For Presented by: Tommye White, CBCP, DRP Chuck Walts, CBCP, CRP.
Business Continuity Planning 101
MANAGEMENT of INFORMATION SECURITY, Fifth Edition.
Pipeline Safety Management Systems
THINK DIFFERENT. THINK SUCCESS.
Implementing SMS in Civil Aviation: the Canadian Perspective
Disaster Recovery Policy & Procedures
Berry College Disaster Recovery Soft Exit
Fundamentals of a Business Impact Analysis
Privacy Project Framework & Structure
BUSINESS CONTINUITY PLAN
Developing and testing the Plan
BUSINESS CONTINUITY PROGRAM
BUSINESS CONTINUITY PLAN
Presentation transcript:

Business Continuity and Disaster Recovery Planning

Agenda Introductions Definitions Common Mistakes Basic Concepts Proper Framework Q&A

Introductions Steve Akers –VP of Consulting, TruArx Inc. –12 Years Experience in IT –10 Years Experience in Information Security –Military Police, Energy Industry, and Security Technology and Services Companies

Definitions Disaster Recovery (DR) –Part of Business Continuity –Objective: Restore Critical Business Processes –Focus: Data Recovery –Timeframe: First 30 Days –Solution: Hot Site Recovery Business Continuity (BC) –Objective: Restore Business back to prior state –Focus: Return to Normal –Timeframe: 30+ Days –Solution: New Equipment, New Building

Definitions What is a DR/BC Plan..? –The methods, processes, and procedures needed to minimize the impact of a disaster upon information and data required for critical business processes. –The guidelines and activities required to restore systems, operations, and the business to the conditions that prevailed prior to the disaster. –A well-written and properly tested plan that allows recovery personnel to administer recovery efforts that result in a timely restoration of services.

Common Mistakes No Business Impact Analysis Technology Focus Don’t Involve the Business Operations Personnel Responsible Document too Complex No Plan for Maintenance and Updates No Training Use of Templates

Common Mistakes Lack of understanding of need –Compliancy –Due Diligence –“Never Happen to Me” Never Getting Started

Basic Concepts Readiness Assessment Flow is Critical Identification of Critical Paths Must unite Technology with Business Minimize Decision Making Training, Training, Training Part of Change Management

Proper Framework Structured Approach of Twelve phases 1.Management Commitment 2.Planning/Steering Committee 3.Risk Evaluation 4.Business Impact Analysis 5.Determine Recovery Strategy 6.Data Collection 7.Develop Emergency Operations Center 8.Organize and Write Plan 9.Develop Test Criteria and Procedures 10.Awareness and Training 11.Exercise and Maintenance 12.Approval

Proper Framework Phase I- Management Commitment –Demonstrates Top Down Support –Improves follow-through of process –Assists with Communicating Importance Phase II- Planning/Steering Committee –Decision Making Body –Project Guidance –Cross-Departmental –Clears any Road Blocks Phase III- Risk Evaluation –Determine current deficiencies Systems, Processes, Policies, Procedures, Guidelines and Standards –Mitigate or Accept current risks

Proper Framework Phase IV- Business Impact Analysis –Cataloging of critical systems and processes (services disruption) –Quantify financial loss related to outages –Establish Recovery Time Objectives and Recovery Point Objectives (Pain Thresholds) –Illustrate system inter-dependencies and “domino effect” or critical path

Critical Path Diagram

Proper Framework Phase V- Determine Recovery Strategy –Previous Phases should define high-level strategy –Determine what types of continuance are needed Personnel Technology Process Procedural –Hot-Site, Cold-Site, Second Office

Proper Framework Phase VI- Data Collection –Gather data to complete plan Inventory and repository of all: –Resources (Systems, Telco, Others) –Documents –Procedures –Vendors –Personnel –Contracts –Records Phase VII- Emergency Operations Center –Establish the EOC Central Point of authority in disaster situations –Define –Assemble –Document all functions of the EOC –Establish locations for the EOC

Proper Framework Phase VIII- Organize and Write Plan –Organize all data from previous phases Establish Framework (Skeleton) –Sets Flow Formal Documentation (Meat on the bones) –Includes Work Flow Diagram –Impact Matrix (Business to Technology) Committee Approval along the way

Work Flow Diagrams

Disaster Impact Matrix

Proper Framework Phase IX- Develop Materials –Need Material for both Training and Testing –Establish Scope, Criteria, and Type (Full, Tabletop) –Creation of all procedures –Should Educate and Prove the credibility of the plan Phase X- Awareness and Training –Familiarize People with their roles –Repetitive Learning –Not a one time event

Proper Framework Phase XI- Testing and Maintenance –Perform actual testing of the plan –Capture Failures, Recommendations –Improve Flow, Update Plan –Establish Maintenance Process Phase XII- Approval –Present Testing Results –Final approval of plan –Documentation –Present to steering committee

Ending Note If the billions of dollars spent on technology annually to maintain a competitive edge is an indication of how reliant our society is on technology, then failing to implement a disaster recovery plan is an indication of organizational negligence. Standards of care and due diligence are required of all organizations, public or private. Not having a disaster recovery plan violates that fiduciary standard of care. –Tari Schreider, Contigency Planning and Research, Inc. –Legal Issues of Disaster Recovery Planning

Q & A If you would like a copy of this presentation please me at or provide me with your business

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.