Copyright 2004 Turning Point Solutions Establishing Lines Of Communication Before a Crisis

Copyright 2004 Turning Point Solutions Organizing & Developing The Plan Establishing Lines Of Communication Before a Crisis

Copyright 2004 Turning Point Solutions Who Owns BCP In Your Organization? 43% - Information Technology 33% - Corporate/General Management 8% - Risk Management 6% - Facilities Management 5% - Information Security 5% - Other CPM/KPMG Study % - Information Technology 22% - BCP Department 15% - Other 12% - Risk Management 7% - Security 5% - Financial Strohl Systems Survey May 2003 Statistics to Ponder

Copyright 2004 Turning Point Solutions What Is Executive Sponsor’s Title? 28% - Vice President 23% - Other 16% - CIO 14% - CEO/President 8% - Manager 8% - CFO Strohl Systems Survey May 2003 Statistics to Ponder Who Defines Recovery Strategies? 76% - Information Technology 5% - CEO 4% - Non-IT Management Veritas Study 2003

Copyright 2004 Turning Point Solutions  Make Planning Part of an Organization-Wide Program  Obtain support at the highest levels of the organization  Develop a Organization-Wide approach to recovery planning & strategies Organizing & Developing The Plan  Identify and Include External Support Teams In The Plan Organization (Municipal Agencies, Vendors, Suppliers, Tech Support Orgs)

Copyright 2004 Turning Point Solutions  Recovery requirements and strategies must include the business perspective Organizing & Developing The Plan Faculty & Administrative Units Business Impact Business Partners, Students & Families Work-In- Progress Transaction Processing Application & Desktop Requirements Functional Impact Data Center Processing Platform Requirements Data Storage Backup & Requirements Applications Requirements Data Communication s Requirements User Desktop Requirements Recovery Time Objectives, Requirements, & Priorities

Copyright 2004 Turning Point Solutions Where is Your Plan Kept? 62% - The company's main data center 20% - Company building away from data center 15% - Off-site at a third party's secure location 5% - Don’t Know Veritas Study 2003 Statistics to Ponder What Does the Plan Cover? 23% - Do not cover all essential data center functions. 20% - Include recovery of the desktop environment 15% - include IT recovery for remote offices Veritas Study 2003

Copyright 2004 Turning Point Solutions  Ensure that Facultative and Administrative Requirements are Identified and Communicated  IT Platform & Data Backup Requirements  Review Data Backup and offsite Storage frequencies  Establish Battleboxes and send them offsite  Meet with IT to work recovery objectives and Requirements  Special Requirements/Protection for Research Programs Organizing & Developing The Plan  Student Requirements

Copyright 2004 Turning Point Solutions Organizing Communications Establishing Lines Of Communication Before a Crisis

Copyright 2004 Turning Point Solutions How Many Employees are involved in Plan Development & Maintenance? 48% - Less than 10 29% % - More than % Strohl Systems Survey May 2003 Statistics to Ponder Is the Employees DR/BCP Plan Awareness & Training Program Sufficient? 75% - No 26% - Yes CPM/KPMG Study 2002

Copyright 2004 Turning Point Solutions What Is the Extent of Your organization’s reliance on 3 rd party service providers? 39% - Moderate Use 35% - Minor Use 20% - Significant Use 6% - No use CPM/KPMG Study 2002 Statistics to Ponder During Call Tree Tests only 60% of the primary people on call lists are successfully contacted Composite of Actual Test Results TPS

Copyright 2004 Turning Point Solutions  Develop an Effective Internal & External Emergency Management Organization Organizing Communications Executive Emergency Management Team (Include: SVPs, etc) Operations Emergency Management Team (Include: Facilities, Security, Key IT Support & Key Faculty & Admin Owners) External Recovery Support Teams Incident Response Team (IRT) (Include: Facilities, Security, Key IT Support & Municipal Authorities) IT Support Recovery Teams Faculty & Administrative Support Teams Students & Families

Copyright 2004 Turning Point Solutions  Identify the roles and requirements of all internal and external Groups involved  Identify 3 rd party vendors supporting applications software and other critical IT components  Conduct recovery walkthroughs and tests with 3 rd party support vendors  Include 3 rd party vendor contact information in the emergency contact section of the plan  Examine SLAs for emergency response provisions Organizing Communications

Copyright 2004 Turning Point Solutions  Ensure that systems and networking infrastructure recovery requirements and strategies are included  Identify dial access requirements  Establish network recovery strategies for remote offices, branches, vendor and customer links Organizing Communications  Establish a conference bridge phone line to conduct assessment, decision making and status review meetings  Establish a Emergency Status Information line to publish recorded recovery status messages for staff and employees

Copyright 2004 Turning Point Solutions  Establish Connections with Emergency Management Agencies  NEDRIX Notify  MEMA ESF18 Organizing Communications  Establish Credentials to Identify Essential Employees  CEAS/BNET-NE (Boston Approved, State considering it, Cambridge just starting to organize)

Copyright 2004 Turning Point Solutions  Establish Connections with Local Media  Provide names of contact person to keep on file Organizing Communications  Establish 3 Emergency Operations Center locations  One in the building  One in building nearby  One at recovery site

Copyright 2004 Turning Point Solutions Maintaining & Testing The Plan Establishing Lines Of Communication Before a Crisis

Copyright 2004 Turning Point Solutions Maintaining & Testing The Plan  Establish policies and guidelines to foster a culture where recovery planning and plan maintenance are part of the standard process  Include DR planning review in the change control process and enforce it  Include DR planning/requirements expense in all project budgets  Include DR planning review in all business related projects (acquisitions, reorgs, new customers, etc.)  Include DR planning review in the systems development life cycle

Copyright 2004 Turning Point Solutions Maintaining & Testing The Plan  Fostering a DR Planning Culture (continued)  Train the Auditors  Add DR planning objectives and responsibilities to job descriptions and performance appraisals

Copyright 2004 Turning Point Solutions Maintaining & Testing The Plan  Promote awareness of the plan  Conduct annual internal seminars for business and IT teams to meet and learn facets of the plan  Make DR part of the standard ongoing tasks/projects review at all staff meetings and activity reports  Meet with marketing and public relations to relate selling points of the program  Include plan reviews in Staff meetings

Copyright 2004 Turning Point Solutions What About Testing? 24% - Companies that do not test 34% - US Companies the do not test 48% - Said they don’t have time Veritas Study 2003 Statistics to Ponder

Copyright 2004 Turning Point Solutions Maintaining & Testing The Plan  Make testing a continual program in all parts of the organization  Conduct integrated testing wherever possible  Include offsite storage inventory reviews as part of the testing program  Develop test schedules for all critical IT components  Include business units in testing  Make call tree tests part of the program

Copyright 2004 Turning Point Solutions Maintaining & Testing The Plan  Testing (continued)  Expand testing objectives beyond the data center  Use plan testing as a means for training, validating and updating plans  Test to validate recoverability. Test reporting should identify results, issues and next steps.

Copyright 2004 Turning Point Solutions Be Ready when opportunity comes. Luck is the time when preparation and opportunity meet. Roy D. Chapin Jr.

Copyright 2004 Turning Point Solutions Questions??????????????