JOELLE QUIAPO FOLA OYEDIRAN GREG SWENSON SUKHI BEDI CHENYU GONG Disaster Recovery and Business Continuity Planning: Testing an Organization’s Plans What.

Slides:

Advertisements

Similar presentations

Information Technology Disaster Recovery Awareness Program.

Advertisements

Creating a Data Disaster Recovery Plan. What is a DR Plan? Is your best solution to: Continuous business services Prompt and smooth recovery Prepare for.

CIOassist Technologies Your CIO on Demand… Business Continuity Planning Our Offering CIOassist Technologies (

DISASTER CENTER Study Case DEMIRBANK ROMANIA “Piata Financiara” ConferenceJanuary 29, 2002 C 2002.

1 Disaster Recovery “Protecting City Data” Ron Bergman First Deputy Commissioner Gregory Neuhaus Assistant Commissioner THE CITY OF NEW YORK.

Cloud Disaster Recovery. Typical Business Challenges How much does it cost me to have my IT environment off-line, and how quickly does my disaster recovery.

GLOBRIN Business Continuity Workshop TECHNOLOGY & INFORMATION 13 th November 2013 Graham Jack.

Building a Business Case for Disaster Recovery Planning - State and Local Government Chris Turnley

Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP)

Business Continuity Planning and Disaster Recovery Planning

Copyright 2004 Turning Point Solutions Establishing Lines Of Communication Before a Crisis.

Robert Schwarzwalder Assistant University Librarian University of Hawai‘i at Manoa 25 June 2007 Preparing for the Next Disaster: Learning the Lessons from.

Disaster Protection and Recovery By: Michael Morrell Ross Ashenfelter Teresa Furnish Karla Maddox.

Stephen S. Yau CSE , Fall Contingency and Disaster Recovery Planning.

Lesson 11 – NETWORK DISASTER RECOVERY Disaster recovery plans Network backup and restoration OVERVIEW.

Disaster Prevention and Recovery Presented By: Sean Snodgrass and Theodore Smith.

Preservasi Informasi Digital.  It will never happen here!  Common Causes of Loss of Data  Accidental Erasure (delete, power, backup)  Viruses and.

Disaster Recovery and Business Continuity Ensuring Member Service in Times of Crisis.

Saving Your Business from a Data Loss Randy Clark.

1 Lesson 3 Computer Protection Computer Literacy BASICS: A Comprehensive Guide to IC 3, 3 rd Edition Morrison / Wells.

Business Continuity & Disaster Recovery Planning at The Chicago Board of Trade Presented By: Bryan Durkin Sr. Vice President The Chicago Board of Trade.

1 Disaster Recovery Planning & Cross-Border Backup of Data among AMEDA Members Vipin Mahabirsingh Managing Director, CDS Mauritius For Workgroup on Cross-Border.

Gulf Coast Energy International Business Continuity / Disaster Recovery Planning and Design Proposal Prepared by Andrew Rolf, Felipe Torres, Pranay Jaiswal.

Disaster Recovery Plan: Do you have one? Neal Cross, Assistant Director of Instructional Technology Shelly Brown, Director of Web Services Southwest Baptist.

John Graham – STRATEGIC Information Group Steve Lamb - QAD Disaster Recovery Planning MMUG Spring 2013 March 19, 2013 Cleveland, OH 03/19/2013MMUG Cleveland.

Copyright © 2015 Pearson Education, Inc. Processing Integrity and Availability Controls Chapter

Services Tailored Around You® Business Contingency Planning Overview July 2013.

November 2009 Network Disaster Recovery October 2014.

CISA REVIEW The material provided in this slide show came directly from Certified Information Systems Auditor (CISA) Review Material 2010 by ISACA.

Continuity Planning & Disaster Recovery ( BRPASW Workshop)

Business Continuity and Disaster Recovery Chapter 8 Part 2 Pages 914 to 945.

IS 380.  Provides detailed procedures to keep the business running and minimize loss of life and money  Identifies emergency response procedures  Identifies.

Disaster Recovery Strategies & criteria for evaluation of information management strategies.

ISA 562 Internet Security Theory & Practice

Developing a Disaster Recovery Plan Bb World ’06 San Diego, Calif. Poster Session Presented by Crystal Nielsen, M.A. Instructional Technologist Northwest.

David N. Wozei Systems Administrator, IT Auditor.

1 Lesson 3 Computer Protection Computer Literacy BASICS: A Comprehensive Guide to IC 3, 3 rd Edition Morrison / Wells.

Business Continuity & Disaster recovery

C ONNECTING FOR A R ESILIENT A MERICA Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP) Skip Breeden.

Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.

 FFC backs up all of its data each day. It stores its most recent daily backup once a week at a company owned offsite location. FFC also stores the most.

1 Availability Policy (slides from Clement Chen and Craig Lewis)

Co-location Sites for Business Continuity and Disaster Recovery Peter Lesser (212) Peter Lesser (212) Kraft.

Important points and activities.  The objective is to secure life, property, information in the event of a disaster and to facilitate business continuity.

By Srosh Abdali.  Disaster recovery is the process, policies and procedures related to preparing for recovery or continuation of technology infrastructure.

©2006 Merge eMed. All Rights Reserved. Energize Your Workflow 2006 User Group Meeting May 7-9, 2006 Disaster Recovery Michael Leonard.

Preventing Common Causes of loss. Common Causes of Loss of Data Accidental Erasure – close a file and don’t save it, – write over the original file when.

Disaster Recovery and Business Continuity Planning.

Disaster Planning The Ten Commandments of Success June 2014.

Phases of BCP The BCP process can be divided into the following life cycle phases: Creation of a business continuity and disaster recovery policy. Business.

National Archives and Records Administration, Preparing for the Unexpected ESSENTIAL ELEMENTS: ANALYSIS.

Business Continuity. Business continuity... “Drive thy business or it will drive thee.” —Benjamin Franklin ( ), American entrepreneur, statesman,

Chapter 16 Presented By: Stephen Lambert Disaster Recovery and Business Continuity.

Disaster Recovery: Can Your Business Survive Data Loss? DR Strategies for Today and Tomorrow.

Erman Taşkın. Information security aspects of business continuity management Objective: To counteract interruptions to business activities and to protect.

Disaster Recovery 2015 Indiana Statewide Payroll Conference Michael Ievoli-Client Support Specialist IV, Major Accounts September 16, 2015 Copyright ©

Writing an Emergency Operations Plan Why do we need to plan? Spring 2008.

Business Continuity Disaster Planning

CBIZ RISK & ADVISORY SERVICES BUSINESS CONTINUITY PLANNING Developing a Readiness Strategy that Mitigates Risk and is Actionable and Easy to Implement.

Introduction to Business continuity Planning 6/9/2016 Business Continuity Planning 1.

Disaster Recovery Planning (DRP) DRP: The definition of business processes, their infrastructure supports and tolerances to interruptions, and formulation.

AUDITING BUSINESS CONTINUITY PROGRAMS AND PLANS What to Look For Presented by: Tommye White, CBCP, DRP Chuck Walts, CBCP, CRP.

Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-XI)

What is Continuity of Operations Planning?

Disaster Recovery and SQL for new and non-DBAs

Processing Integrity and Availability Controls

Disaster Recovery is everyone’s job!

Disaster Recovery at UNC

Presentation transcript:

JOELLE QUIAPO FOLA OYEDIRAN GREG SWENSON SUKHI BEDI CHENYU GONG Disaster Recovery and Business Continuity Planning: Testing an Organization’s Plans What Every IT Auditor Should Know About Backup and Recovery Auditing Business Continuity

“More difficult to calculate are the intangible damages a company can suffer.” “Disaster recovery efforts of the past were designed to provide backup options for centralized data centers. Disaster recovery efforts of the present multivendor, multiplatform environment require a plan designed for integrated business continuity.” Disaster Recovery and Business Continuity Planning: Testing an Organization’s Plans

 Complacency  Costly

“Serious business interruptions are now measured in minutes rather than hours. Because electronic transactions and communications take place so quickly, the amount of work and business lost in an hour far exceeds the toll of previous decades.” “A minor problem—a faulty hard drive or a software glitch—can cause the same level of loss as a power outage or a flooded data center if a critical business process is affected.” “The key to business continuity lies in understanding one’s business and determining which processes are critical to staying in that business and identifying all the elements crucial to those processes.”  Specialized skills and knowledge  Physical facilities  Training and employee satisfaction  Information Technology Disaster Recovery and Business Continuity Planning: Testing an Organization’s Plans

What is the goal for companies with NO business tolerance for downtime? Disaster Recovery and Business Continuity Planning: Testing an Organization’s Plans Achieve a state of business continuity where critical systems and networks are available no matter what happens. Think proactively:  Engineering availability  Security and Reliability into business processes from the onset  Not retrofitting a disaster recovery plan to accommodate ongoing business requirements

“Organizations must make an executive commitment to regularly test, validate and refresh their business continuity and disaster recovery programs to protect the organization against perhaps the greatest risk of all– complacency.”

 Complacency or unskilled personnel  Power Failure  IT System Crashes/ incompatible  New Equipment  No redundancy

EXAMPLESIMPACT Companies in New Orleans (Hurricane Katrina 2005) - Inability to retrieve off-site data and relocate to secondary site due to disaster impacts to both sites - Loss of data, equipment & money Cocoa Bakery: Jersey City, NJ (Hurricane Sandy 2012) - Has not reopened since - Loss of investment & equipment worth $250,000 (6 feet of water seeped in; destroyed everything) Active Sprinkler : Brooklyn, NY (Hurricane Sandy 2012) - Inoperable sprinklers - Loss of credibility - No business but Union workers still received wages ($200,000 per week) Interiors by Joann: Ocean City, NJ (Hurricane Sandy 2012) - 5,000 square foot showroom flooded - $150,000 worth destroyed (includes files and design books) - $61,000 flood insurance (insufficient to cover damages) Source: Emily Maltby, The Wall Street Journal, Nov 7, 2012.

A. The DRP has not been tested B. New team members have not read the DRP C. The manager responsible for the DRP recently resigned D. The DRP manual is not updated regularly

CONTROLPRIORITYDISASTER RECOVERY BUSINESS CONT. PLANNING Location of critical documents High ✖ ✔ Data Backups: (Frequency of backup / Storage of backup media / Testing of backups) High ✔✔ Hot / Cold site testing and readiness High ✔✔

DISASTER RECOVERYBUSINESS CONTINUITY PLANNING Do you have a disaster recovery plan?Does the business have a plan to continue operations in the event of an emergency? Does this include all business units, not just IT? When was the DR plan last tested?Where is the BCP stored? Are employees aware of the DR plan; do they know their individual roles? Does the BCP document identify the minimum equipment, resources, and service required, along with the timescales within which they must be available? Has an emergency coordinator been appointed? When the BCP is revised, are old copies destroyed? Has a review been conducted to determine potential risks of natural disaster and other building emergencies? How far away is the off-site location?