General Membership Meeting April 15, 2004 St. Louis County Emergency Operations Center.

Slides:



Advertisements
Similar presentations
The Why, What and How of Disaster Recovery Plan Testing Presented By: Ed Deveau.
Advertisements

Chapter 7 Managing Risk.
Business Continuity Planning DavisLogicDavisLogic & All Hands ConsultingAll Hands Consulting.
Program Management Office (PMO) Design
PROJECT RISK MANAGEMENT
CIP Cyber Security – Security Management Controls
CIOassist Technologies Your CIO on Demand… Business Continuity Planning Our Offering CIOassist Technologies (
Chapter 13 Managing Computer and Data Resources. Introduction A disciplined, systematic approach is needed for management success Problem Management,
1 Disaster Recovery “Protecting City Data” Ron Bergman First Deputy Commissioner Gregory Neuhaus Assistant Commissioner THE CITY OF NEW YORK.
Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP)
Business Continuity Planning and Disaster Recovery Planning
DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.
Chapter 5 IT Processes Presented by Dr. Mohamed Sammouda.
Managing the Information Technology Resource Jerry N. Luftman
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.
Disaster Recovery and Business Continuity Ensuring Member Service in Times of Crisis.
Network security policy: best practices
John Graham – STRATEGIC Information Group Steve Lamb - QAD Disaster Recovery Planning MMUG Spring 2013 March 19, 2013 Cleveland, OH 03/19/2013MMUG Cleveland.
Business Continuity and You! The Ohio State University Business & Finance Enterprise Continuity Program Quarterly Update October 2008Business and Finance.
EASTERN MICHIGAN UNIVERSITY Continuity of Operations Planning (COOP)
Unit Introduction and Overview
Discovery Planning steps (1)
1 of 39 DQO Implementation Process: Flow Chart and Wall Charts 30 minutes DQO Training Course Day 2 Module 8 Presenter: Sebastian Tindall.
Project Management Process Overview
RBTC: Business Continuity 101 July 18, What is Business Continuity? Scenario Part 1 Why is BC important? What types of plans are needed? How do.
Module 3 Develop the Plan Planning for Emergencies – For Small Business –
Presented by Joan Kossow Data Compliance Manager The Changing Face of Claims Processing &
Commissioning of Fire Protection and Life Safety Systems Presented by: Charles Kilfoil Bechtel National Waste Treatment Plant Richland WA.
Unit 8:COOP Plan and Procedures  Explain purpose of a COOP plan  Propose an outline for a COOP plan  Identify procedures that can effectively support.
HBCU National Workshop June 24, 2011 Disaster Recovery Reggie Brinson Assoc. VP/Chief Information Officer Clark Atlanta University.
Industrial Engineering Roles In Industry
ISA 562 Internet Security Theory & Practice
EARTO – working group on quality issues – 2 nd session Anneli Karttunen, Quality Manager VTT Technical Research Centre of Finland This presentation.
GBA IT Project Management Final Project - Establishment of a Project Management Management Office 10 July, 2003.
Service Transition & Planning Service Validation & Testing
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
Texas Nodal Program ERCOT Readiness Update TPTF March 31, 2008.
Paul Hardiman and Rob Brown SMMT IF Planning and organising an audit.
PLANNING ENGINEERING AND PROJECT MANAGEMENT By Lec. Junaid Arshad 1 Lecture#03 DEPARTMENT OF ENGINEERING MANAGEMENT.
Service Level Agreements Service Level Statements NO YES The process of negotiating and defining the levels of user service (service levels) required.
Phases of BCP The BCP process can be divided into the following life cycle phases: Creation of a business continuity and disaster recovery policy. Business.
SOFTWARE PROJECT MANAGEMENT
Key Terms Business Continuity Plan (BCP) – A comprehensive written plan to maintain or resume business in the event of a disruption Critical Process –
SOLUTION What kind of plan do we need? How will we know if the work is on track to be done? How quickly can we get this done? How long will this work take.
Unit 4: Operational Phases and Implementation. Unit 4 Objectives  Explain the four phases of continuity and relate their application to the continuity.
Request for Service (RFS) Process and Metrics Update June 24, 2008.
Evaluate Phase Pertemuan Matakuliah: A0774/Information Technology Capital Budgeting Tahun: 2009.
Implementing Multiagency Coordination IS-701.A – February 2010 Visual 4.1 Unit 4: Implementing Multiagency Coordination.
FIRMA 2010 Larry J. Kallembach April 1, MB Financial Headquarters - September 2008 Chicago is a Lakefront city…….
State of Georgia Release Management Training
Chapter 3: Business Continuity Planning. Planning for Business Continuity Assess risks to business processes Minimize impact from disruptions Maintain.
Business Continuity Disaster Planning
BSBPMG501A Manage Project Integrative Processes Manage Project Integrative Processes Project Integration Processes – Part 2 Diploma of Project Management.
CBIZ RISK & ADVISORY SERVICES BUSINESS CONTINUITY PLANNING Developing a Readiness Strategy that Mitigates Risk and is Actionable and Easy to Implement.
NHS England Emergency Preparedness, Resilience and Response (EPRR) Business Continuity exercise Services and suppliers
Disaster Recovery Planning (DRP) DRP: The definition of business processes, their infrastructure supports and tolerances to interruptions, and formulation.
AUDITING BUSINESS CONTINUITY PROGRAMS AND PLANS What to Look For Presented by: Tommye White, CBCP, DRP Chuck Walts, CBCP, CRP.
Information Security Crisis Management Daryl Goodwin.
Business Continuity Planning 101
Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-I)
Changing IT Managing Networks in a New Reality Alex Bakman Founder and CEO Ecora Software.
MANAGEMENT of INFORMATION SECURITY, Fifth Edition
Software and Systems Integration
Implementation Strategy July 2002
Description of Revision
Fundamentals of a Business Impact Analysis
Audit Planning Presentation - Disaster Recovery Plan
Disaster Recovery at UNC
Project Management Group
{Project Name} Organizational Chart, Roles and Responsibilities
Presentation transcript:

General Membership Meeting April 15, 2004 St. Louis County Emergency Operations Center

PLANNING AND EXECUTING CONTINGENCY EXERCISES WORKAREA, SYSTEMS, AREA-WIDE, REGIONAL Anna M. Bathon, CBCP Bank of America 1

 Why test recovery plans?  Recovery Strategy Considerations  Types of Exercises  Establish A Testing Strategy  Exercise Phases  Planning the Exercise  Preparing for the Exercise  Executing/Conducting the Exercise  Follow-up / Issues Resolution  Closure / Next Exercise Date  Questions Agenda 2

Why Test Recovery Plans? 1.The confluence of five major trends are driving acceptance and adoption of more aggressive recovery solutions:  Businesses’ increased reliance on IT and data  Availability of solutions  Economics – impact of downtime and declining cost of solutions  IT data management challenge 2.Gartner Group comments: “… Enterprises that today tolerate two-day recovery time objectives will see that horizon diminish to one day or less.” 3.Key disaster-related statistics:  43% of companies having a disaster never reopen. An additional 29% close within two years.  68% of businesses that lose their computers for more than 7 days never reopen.  Within 2 weeks of the loss of computer support, 75% of those organizations affected reach critical or total loss of business functions.  Average hourly revenue lost from downtime is $78, Businesses’ availability requirements being measured in hours. 3

5.Demonstrates to Management ability of critical business processes to continue functionality within required timeframes following a disruption. 6.Recognizing a workable plan and making a plan work are two different things. 7.Regular testing and maintaining the plan accordingly will ensure optimum performance. 8.Exercising a plan is not a PASS or FAIL situation, but an opportunity to identify plan deficiencies and improve the recovery processes. 9.Testing is a dynamic process. 10.Provides an opportunity to stress test plans already reviewed as good; exercise strenuously to identify flaws. 11.Environments – workarea, systems – change and should be monitored continuously to assess the impact of changes to recovery strategies. 12.Major revisions to recovery plans require testing and appropriate documentation updated. Why Test Recovery Plans? 4

Recovery Strategy Considerations  Workarea – physical workspace of business units, including critical components, to ensure functionality can be resumed appropriately:  Equipment / hardware  Software  Telecom  Vital records  Compliance  Associate support / Intellectual Capital – What if most or all associates or lost in a disaster situation?  Support partners  Regional impacts  Applications – systems, infrastructure:  File-and-print servers  Application components / locations:  Simple configurations  Complex configurations  Infrastructure dependencies (firewalls, shared components)  External dependencies 5

Recovery Strategy Considerations  Third-Party Service Providers – Dependencies on vendors increasing, thus creating a greater impact when vendors encounter disruptions.  Who are the major strategic suppliers?  What is the product flow throughout your company?  Contingency plan options if vendor suffers a disruption?  Specialized equipment or processes?  Maximum potential for lost income if disruption encountered?  Does an interdependency chart exist?  Regional scenarios :  Natural  Weather (hurricane, earthquake, tornado, ice/snow)  Man-made  Fire  Terrorism  Disgruntled associate reactions  Accidental construction disruptions 6

Recovery Strategy Considerations  Crisis Management :  Call tree notification processes  Associate impacts  Decision-making process to diminish roadblocks in recovery process 7

Types of Exercises 1.Talk-Through / Table Top 2.Simulation / Connectivity 3.Integrated 4.Live 8

Types of Exercises Talk-Through / Table Top  Generally considered first test of a plan  Cost-effective method of exercising plans  Minimal disruption to business  Raise level of awareness of the actual state of readiness  Identify major weaknesses or steps requiring further documentation 9

Types of Exercises Simulation / Connectivity  Validates the facility, supplies, and equipment at the alternate site.  Should include connectivity testing, including voice and/or data connectivity.  Alternate site testing must include network connectivity testing, as appropriate.  Technical support participation dependent on extent of testing as defined by exercise objectives. 10

Types of Exercises Integrated  Exercises multiple components of a plan, in conjunction with each other, typically under simulated operating conditions.  Workarea involves recovery of multiple critical business functions and related onsite systems that would be lost in the event of a site disaster.  Systems involves testing of recovery of multiple applications running on a single component or within a single site, i.e., data center environment.  Where appropriate, upstream/downstream interfaces should be exercised. 11

Types of Exercises Live  Senior Management approval should be required for this type of exercise.  Perform production work at alternate recovery site.  High level of risk involved.  Selected associates, clients, vendors, technical support personnel, business continuity support personnel, and other dependent business units should participate. 12

Establish A Testing Strategy 1.Identify critical components of the recovery plan. 2.Identify frequency of testing based on risk rating determined through completion of BIA, i.e. quarterly, annually, bi-annually. 3.Select test type to most adequately validate all critical components.  Several different test types may need to be conducted to address all critical components to remain compliant. 4.When possible, conduct fully integrated exercises, requiring testing of all critical components. 13

Exercise Phases  Planning  Preparing  Executing / Conducting  Follow-up / Resolution  Closure / Next Exercise Date 14

Planning the Exercise 1.Identify resources 2.Select a test coordinator 3.Select the type of test 4.Define the test scope 5.Develop test goals and objectives 6.Define the disaster scenario 7.Document test assumptions 8.Set test date and duration 9.Define test team and participants 10.Schedule meetings 15

Preparing for the Exercise 1.Conduct preparatory meetings with participants 2.Develop tasks and issues lists 3.Identify equipment and site requirements 4.Document high-level test scripts 5.Develop exercise packet 6.Obtain approvals 16

Executing / Conducting the Exercise 1.Facilitate communication among test teams/participants. 2.Ensure activities occur in order published in exercise packet / scripts. Document deviations. 3.Ensure appropriate participants in the command center or appropriate alternate sites. 4.Work with sequence of events to log timeframes, issues, and any pertinent notations regarding activities. 5.Ensure issues documented and turned into test coordinator. 6.Compile issues into Issues List Report for tracking/resolution purposes. 7.Issues resolved during the test should be noted so. 8.Unresolved issues documented, assigned and tracked to resolution following the exercise. 9.Conduct periodic executive and test team status meetings and issue status updates throughout the exercise. 10.Document all costs associated with conducting the exercise. 11.Update appropriate telephone status resources. 17

Follow-up / Resolution 1.Schedule and conduct post-test review meeting shortly after concluding exercise. 2.Assign appropriate associates to work on resolving outstanding issues. 3.Follow up on resolution status. 4.Distribute test results and outstanding issues list report to Management, appropriate personnel. 5.Obtain validation sign-off forms from participant groups. 6.Retain exercise packets and test results for audit and regulatory reviews. 7.Follow up with participant groups to ensure recovery plans are updated based on test results / observations. 18

Closure / Next Exercise Date 1.Draft Final Summary Report and review with team in preparation for submission to Management:  Final Report is a summary of actual date, time, and results of the exercise.  Include recent upgrades or changes to the workarea/units, systems, or equipment.  List exercise objectives  Briefly note outstanding issues with resolution status and target final resolution date. 2.Finalize Final Summary Report. 3.Submit Summary Report to Management. 4.Ensure all issues are resolved prior to next test. 5.Determine and communicate next exercise date. 19

Future Testing Considerations 1.End-to-end process testing. 2.Integration of different types of plans:  Regional with workarea implications  Regional impacting numerous systems, workareas, vendors 3.Inclusion of new associates in process. 4.Participation in vendor contingency testing. 5.New regulatory concerns impacting recovery strategies. 6.Cyber-threat scenarios. 7.Others??? 20

??????? Questions ??????? 21

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.