CIOassist Technologies Your CIO on Demand… Business Continuity Planning Our Offering CIOassist Technologies (

Why Business Continuity? REVENUE  Direct Loss  Deferred Losses  Compensatory Payments  Lost Future Revenue  Billing Losses  Investment Losses FINANCIAL PERFORMANCE  Lost Market Share  Revenue Recognition  Cash Flow  Lost Discounts  Payment Guarantees  Stock Price  Credit Rating OTHER EXPENSES  Temporary employees,  Equipment Rental,  Overtime,  Extra Shipping Costs,  Travel Expenses,  Etc. REPUTATION  Customers  Suppliers  Financial Markets  Banks  Business Partners  Etc. PRODUCTIVITY  Loss Of Productivity  Employees X Burdened Hourly Rate LEGAL/REGULATORY  Contractual Requirements  SLAs  Regulatory Requirements The Cost of Downtime

BCP Phases Project Management and Intonation Conduct Business Impact Analysis Develop Recovery Strategies Plan, Design and Development Testing, maintenance, awareness and training BCP Is an on-going process, not a project with a beginning and an end

Testing Maintenance Awareness Training 5 Plan, Design and Development 4 1 Project Initiation: Understand Your Business 3 Develop Strategies for Supply & Technology Recovery Data Recovery 2 Conduct Business Impact Analysis to identify Recovery Point (RPO) Service Delivery (SDO) Recover Time (RTO) Maximum Tolerable Outage (MTO) BCP BCP Phases

Developing and approval of BCP policy Define BCP committee – operational units representatives – senior management – IT security – IT specialized experts, and optionally support units like (technical affairs) Define BCP project scope and objectives Provide the necessary project funds and resourses Project Initiation

Business Impact Analysis Collect data through interviews, survey, documenting business functions, transactions, activities Develop hierarchy of business functions and apply a classification scheme to indicate each individual function’s criticality level. Identify the resources that these functions depend upon Calculate Maximum Tolerable Outage (MTO) for these functions Identify vulnerabilities and threats to these functions Calculate risk for each different business function Document findings and report them to management

Business Impact Analysis Recovery Time Objective (RTO): Time duration organization can wait between point of failure and service resumption Service Delivery Objective (SDO): Level of service in Alternate Mode Maximum Tolerable Outage: Max time in Alternate Mode Regular Service Alternate Mode Regular Service RTO Maximum Tolerable Outage SDO Interruption Time… Disaster Recovery Plan Implemented Restoration Plan Implemented

Business Impact Analysis How far back can you fail to? How long can you operate without a system? One week’s worth of data? Which services can last how long? Interruption Hour Day Week Recovery Point ObjectiveRecovery Time Objective Interruption Week Day Hour

Business Impact Analysis Move to Alternate Site Return Home Resume Business Data Synchronization Restore Technology Capability Restore Communications Restore Business Functions Notifications Vital Records Lost Data Data Recovery Objective Recovery Time Objective (If necessary) High Level Look at a Recovery Effort

Recovery strategies Supply and technology recovery Network and computer equipment Voice and data communications resources Human resources Transportation of equipment and personnel Environment issues (HVAC) Data and personnel security issues Supplies (paper, forms, cabling, and so on) Documentation Data recovery Restoring Backed-up data

Recovery Strategies Cost Time Service Downtime Alternative Recovery Strategies Optimum Cost * Hot Site * Warm Site * Cold Site Identifying the Optimum Strategy

Recovery strategies Business process recovery Facility recovery SiteCostHardware EquipmentTelecommunicationsSetup TimeLocation Cold SiteLowNone LongFixed Warm SiteMediumPartialPartial/FullMediumFixed Hot SiteMedium/HighFull ShortFixed Mobile SiteHighDependent Not Fixed Mirrored SiteHighFull NoneFixed

Plan Design and Development All finding and decisions to be developed and documented. Submission of document for approval Define execution procedure(s) for the plan.

Testing, maintenance, awareness and training Validating that decisions are suitable and correct by performing – Checklist Test – Structured Walk-Through Test – Simulation Test – Parallel Test – Full-Interruption Test Maintaining the plan – Make business continuity a part of every business decision – Insert the maintenance responsibilities into job descriptions – Perform internal audits that include disaster recovery and continuity – documentation and procedures to update the plan. – Integrate the BCP into the change management process Training and awareness programs are an integral part of the BCP process BCP Is an on-going process, not a project with a beginning and an end