Service Design – Section 4.5 Service Continuity Management.

Slides:



Advertisements
Similar presentations
IT Service Continuity Management
Advertisements

Planning: Processes and Techniques
Reliability of the electrical service Business Continuity Management Business Impact Analysis (BIA) Critical ITC Services Minimum Business Continuity Objective.
Business Continuity and Disaster Recovery Planning.
Disaster Preparedness I Lessons Learned Don Hall Thomson Prometric 2006 Annual ConferenceAlexandria, Virginia Council on Licensure, Enforcement and Regulation.
1 The process of analyzing all core business functions and establishing an optimized timetable for recovery. Provides baseline for:  Justification for.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Chapter 13 Managing Computer and Data Resources. Introduction A disciplined, systematic approach is needed for management success Problem Management,
Service Design – Section 4.5 Service Continuity Management.
Introduction to Business Continuity Planning An Introduction to the Business Continuity Planning Process Including Developing your Process and the Plans.
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
Service Design – Section 4.5 Service Continuity Management.
McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved. 8-1 BUSINESS DRIVEN TECHNOLOGY Chapter Eight: Viewing and Protecting Organizational.
Chapter 12: Planning for Electronic Commerce
ISS IT Assessment Framework
Planning and Strategic Management
Shared Learning Services : Key Learnings Session 102 November 9, 2009.
Chapter 12: Planning for Electronic Commerce Electronic Commerce, Seventh Annual Edition.
The Australian/New Zealand Standard on Risk Management
WM Software Process & Quality Generic Processes - Slide #1  P. Sorenson SPiCE Reference Model - how to read Chapter 5 Capability Levels (process.
Disaster Prevention and Recovery Presented By: Sean Snodgrass and Theodore Smith.
Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
FOR INTERRUPTIONS IN THE SUPPLY CHAIN Anthony Vatterott.
Planning and Strategic Management
Implementing an effective risk management strategy based upon knowledge Peter Scott.
Disaster Recovery Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.
1 Business Continuity and Compliance Working Together Kristy Justice, AVP WaMu Card Services 08/19/2008.
Company Program. Disaster Recovery A Disaster Recovery Plan is a plan for business continuity in the event of a disaster that destroys part or all of.
© 2010 Plexent – All rights reserved. 1 Change –The addition, modification or removal of approved, supported or baselined CIs Request for Change –Record.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Developing an IS/IT Strategy
ISA 562 Internet Security Theory & Practice
Rich Archer Partner, Risk Advisory Services KPMG LLP Auditing Business Continuity Plans.
Business Continuity & Disaster recovery
CSI - Introduction General Understanding. What is ITSM and what is its Value? ITSM is a set of specialized organizational capabilities for providing value.
Business Continuity and Disaster Recovery Planning.
An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.
Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.
1 The Use of Institutional Controls Under the RCRA Corrective Action Program.
DRP World Class Operations - Impact Workshop Info-Tech Research Group, Inc. Is a global leader in providing IT research and advice. Info-Tech’s products.
INFORMATION SECURITY MANAGEMENT L ECTURE 3: P LANNING FOR C ONTINGENCIES You got to be careful if you don’t know where you’re going, because you might.
INFORMATION SECURITY MANAGEMENT L ECTURE 3: P LANNING FOR C ONTINGENCIES You got to be careful if you don’t know where you’re going, because you might.
Business Analysis. Business Analysis Concepts Enterprise Analysis ► Identify business opportunities ► Understand the business strategy ► Identify Business.
Disaster Recovery and Business Continuity Planning IBK3IBV01 College 7 Paul J. Cornelisse.
Key Terms Business Continuity Plan (BCP) – A comprehensive written plan to maintain or resume business in the event of a disruption Critical Process –
McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Auditing Internal Control over Financial Reporting Chapter Seven.
9 juni 2009 Alex van Os de Man BCI Forum 2009 Business Impact Analysis Process.
Enhance Business Profitability Through “Cost and Profitability Analytics” Interval Analytics Helping companies achieve rapid profit improvement.
Erman Taşkın. Information security aspects of business continuity management Objective: To counteract interruptions to business activities and to protect.
Chapter 3: Business Continuity Planning. Planning for Business Continuity Assess risks to business processes Minimize impact from disruptions Maintain.
Business Continuity Disaster Planning
GRC: Aligning Policy, Risk and Compliance
A Lightweight Business Continuity & Disaster Recovery Plan Motahareh Moravej Issuers’ Affairs Director at CSDI PHD. Student of Computer Engineering, UT.
Disaster Recovery Management By: Chris Rozic COSC 481.
Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-VI)
Business Continuity Planning 101
Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-I)
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
THINK DIFFERENT. THINK SUCCESS.
Utilizing Your Business Continuity Plan.
Chapter 12: Planning for Electronic Commerce
WEBINAR The Total Economic Impact Of Software-As-A-Service
BUSINESS CONTINUITY BY HUI ZHENG.
Recognization and management of RISK in educational projects
Personal Introduction
EC Strategy, Globalization, and SMEs
Business Continuity Program Overview
INTERNATIONAL COMPETITIVE STRATEGY
Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.
Presentation transcript:

Service Design – Section 4.5 Service Continuity Management

Business Impact Analysis provides basic input for continuity and recovery strategies, plans and responses. CMMI Level 5 Continuity Mgmt Integrated continuous service processes are proactive, self-adjusting, automated and self-analytical and take into account benchmarking and best external practices. Continuous service plans and business continuity plans are integrated, aligned and routinely maintained. Buy-in for continuous service needs is secured from vendors and major suppliers. Global testing occurs and test results are fed back as part of the maintenance process. Continuous service cost effectiveness is optimized through innovation and integration. Gathering and analysis of data is used to identify opportunities for improvement. Redundancy practices and continuous service planning are fully aligned. Management does not allow single points of failure and provides support for their remedy. Escalation practices are understood and thoroughly enforced.

Service Design – Section 4.5 Service Continuity Management BIAs identify the potential operational and financial impact of uncontrolled, non-specific events on a company’s essential business processes. They provides the basis for formulating Disaster Recovery (DR) strategies. An organization-wide operational impact assessment is required to develop and implement an appropriate Disaster Recovery program. BIAs serve to provide critical information about the organization both to the DR program and to the Business Continuity Management Program. BIAs identify the potential operational and financial impact of uncontrolled, non-specific events on a company’s essential business processes. They provides the basis for formulating Disaster Recovery (DR) strategies. strategies. An organization-wide operational impact assessment is required to develop and implement an appropriate Disaster Recovery program. BIAs BIAs serve to provide critical information about the organization both to the DR program and to the Business Continuity Management Program.

Service Design – Section 4.5 Service Continuity Management Each Business Unit identifies those services that are required to continue business operations Management review the submitted listing and assesses their relative importance to the Business Each Business Unit identifies those services that are required to continue business operations Management review the submitted listing and assesses their relative importance to the Business

Service Design – Section 4.5 Service Continuity Management 1.Critical Dates and Impact Timeline - critical dates when the business process must be functional and how long it would take to feel the impact of a failure 2. Operational and Financial Impacts - any financial costs associated with this function not being performed 3. Dependencies - the components the process relies on Upstream Dependencies - external processes that the process relies upon Downstream Dependencies - external processes that rely on the process and will be affected by its failure 4.Recovery Time Objectives - a goal you set for the amount of time it should take to restore the service 5.Work-around Procedures – Techniques for temporarily by- passing the service 1.Critical Dates and Impact Timeline - critical dates when the business process must be functional and how long it would take to feel the impact of a failure 2. Operational and Financial Impacts - any financial costs associated with this function not being performed 3. Dependencies - the components the process relies on Upstream Dependencies - external processes that the process relies upon Downstream Dependencies - external processes that rely on the process and will be affected by its failure 4.Recovery Time Objectives - a goal you set for the amount of time it should take to restore the service 5.Work-around Procedures – Techniques for temporarily by- passing the service

Service Design – Section 4.5 Service Continuity Management 1.Determine Business Units (BUs) for review For each BU 2.Identify essential business processes (EBPs) For each EBP 3.Estimate the costs of failure 4.Determine attributes (HR, facilities, equipment, support) 5.Establish the minimum resources required to operate 6.Prioritize EBPs 7.Evaluate alternative backup/recovery solutions (ROI) 8.Establish Backup and Business Recovery Strategies 1.Determine Business Units (BUs) for review For each BU 2.Identify essential business processes (EBPs) For each EBP 3.Estimate the costs of failure 4.Determine attributes (HR, facilities, equipment, support) 5.Establish the minimum resources required to operate 6.Prioritize EBPs 7.Evaluate alternative backup/recovery solutions (ROI) 8.Establish Backup and Business Recovery Strategies The BIA Report typically contains:

Service Design – Section 4.5 Service Continuity Management Scale of Business Operations Scale of Business Operations Business Functions and their Value Business Functions and their Value Impact of Unavailability Impact of Unavailability Scale of Business Operations Business Functions and their Value Impact of Unavailability The BIA Report is organized by sections:

Service Design – Section 4.5 Service Continuity Management The number and diversity of Business Units in the organization The number and diversity of Business Units in the organization The complexity of the application infrastructure The complexity of the application infrastructure The appropriate level(s) of approval for the BIA results The appropriate level(s) of approval for the BIA results Formal indication that the appropriate level(s) have reviewed and approved the BIA results. Formal indication that the appropriate level(s) have reviewed and approved the BIA results. The The number and diversity of Business Units in the organization complexity of the application infrastructure appropriate level(s) of approval for the BIA results Formal Formal indication that the appropriate level(s) have reviewed and approved the BIA results. Scale of Business Operations:

Service Design – Section 4.5 Service Continuity Management The impact analysis should concentrate on those scenarios where the impact on critical business processes is likely to be greatest. It will include: 'Hard' impacts - financial loss, breach of law, regulations, or standards, failure to achieve agreed service levels, increased costs of working 'Hard' impacts - financial loss, breach of law, regulations, or standards, failure to achieve agreed service levels, increased costs of working 'Soft' impacts - political, corporate or personal embarrassment, loss of competitive advantage, loss of credibility. 'Soft' impacts - political, corporate or personal embarrassment, loss of competitive advantage, loss of credibility. The impact analysis should concentrate on those scenarios where the impact on critical business processes is likely to be greatest. It will include: 'Hard' 'Hard' impacts - financial loss, breach of law, regulations, or standards, failure to achieve agreed service levels, increased costs of working 'Soft' 'Soft' impacts - political, corporate or personal embarrassment, loss of competitive advantage, loss of credibility. Business Functions and their Value

Service Design – Section 4.5 Service Continuity Management A scale for quantifying the operational impacts should be established in order to ensure all process/functions are measured the same. For example, a scale of 1 – 4 could be used with the following definitions: 1 = no impact, 2 = moderate impact, 3 = serious impact and 4 = severe impact. A scale for quantifying the operational impacts should be established in order to ensure all process/functions are measured the same. For example, a scale of 1 – 4 could be used with the following definitions: 1 = no impact, 2 = moderate impact, 3 = serious impact and 4 = severe impact. Impact of Unavailability

Service Design – Section 4.5 Service Continuity Management