Presentation is loading. Please wait.

Presentation is loading. Please wait.

Business Continuity and Disaster Recovery

Published byDulcie Harrington Modified over 7 years ago

Similar presentations

Presentation on theme: "Business Continuity and Disaster Recovery"— Presentation transcript:

1 Business Continuity and Disaster Recovery
How does it apply to me? Presented to ARMA Arizona March 2017

2 MHA CONSULTING, INC. 17 15 CAPABLE Global SAAS
Key facts A 17-year proven track record of applying industry standards and best practices across a diverse pedigree of clients. A simple mission: Ensure the continuous operations of our client’s critical processes. Services include Business Continuity, Crisis Management, Disaster Recovery, IT Best Practices and Physical Security. SaaS tools include BCM Compliance and Residual Risk. 17 15 CAPABLE Global SAAS Years in operation. Average years industry experience. Comprehensive suite of services. Diverse, global client base. Compliance and risk tools. SENIOR LEADER Richard Long Practice Leader Phoenix, Arizona

3 DIVERSE, GLOBAL CLIENT BASE
services HEALTHCARE EDUCATION FINANCIAL INSTITUTIONS CONSUMER PRODUCTS INSURANCE TRAVEL & ENTERTAINMENT GOVERNMENT/UTILITY

4 COMPREHENSIVE Solutions PRACTICES
ASSESS THE CURRENT ENVIRONMENT RECOVERY STRATEGIES/ SOLUTIONS RESPONSE & RECOVERY PLANS MAINTAIN & IMPROVE EXERCISES Current State Assessment Business Impact Analysis Threat & Risk Assessment BCMMETRICSTM Compliance Confidence (C2) BCMMETRICSTM Residual Risk (R2) Business Recovery Strategies Data Center Recovery Strategies Crisis Management Business Recovery IT Disaster Recovery Training & Awareness Mock Disaster Exercises Plan Functional Walkthroughs Alternate Worksite Exercises Update Recovery Plans Update Current State Assessment Update Business Impact Analysis & Threat Assessment

5 Business Continuity & Disaster Recovery
THE Presentation What is Business Continuity & Disaster Recovery Why is it Important To me BC/DR Basics Myths Integration between BC/DR and Other Departments How do records fit in to BC/DR

6 BUSINESS CONTINUITY Management (BCM)
Business Resumption Planning: The process initiated to resume business operations to a level consistent with the business requirements. IT Disaster Recovery Planning: The recovery of information technology processes, systems, applications, databases, and network assets used to support critical business processes. Crisis Management: A series of actions taken to gain control of the event quickly to minimize the affects of an interruption and prepare for recovery.

7 CRISIS SPECTRUM Institute Crisis Management 2015

8 THE BIG PICTURE Risk Maturity Compliance Readiness Resilience

9 MEASURE COMPLIANCE IN THESE
BCM COMPLIANCE STANDARDS STANDARDS IN BUSINESS CONTINUITY MEASURE COMPLIANCE IN THESE BCM DIMENSIONS ISO 22301 FFIEC NIST 800 NFPA 1600 SEC FISMA FINRA Supply Chain Resiliency Leadership Council Program Administration Crisis Management Business Recovery IT Disaster Recovery Fire & Life Safety Supply Chain Risk Management Third Party Management

10 Availability & Resiliency
DEFINITIONS Business Continuity & Disaster Recovery Process Availability & Resiliency Application Business Continuity Overall continuation of business functions during an emergency event Disaster Recovery Recovery of the systems, applications and processing capabilities Process A business process is functional, available, and remains available even during potential impacting events Application Available for use by the organization based on requirements Remains available even during potential outage events

11 basic components OVERALL PROGRAM BASIC COMPONENTS IN
Business Impact Assessment: Determination of the recovery time for each business process. This is not based on applications, but process. Threat and Risk Assessment: Identifying those potential risks and the impact they have on the organization. Documentation update schedule: Without regular updates to the documentation, they will become out of date quickly. Training: This include both exercises, policy review, and plan reviews. Action Items. : Overall management and status of issues and needs.

12 BUSINESS RESUMPTION PLANNING
basic components BASIC COMPONENTS IN BUSINESS RESUMPTION PLANNING BRP Plans: The most important part. These are the tasks and actions taken when an emergency or outage event occurs Contact Lists: Employee, Vendor, Thrid Party contacts, numbers, , etc. Mock Exercises: Verifying the plan usability. This often is scenario based. Alternate Site contracts: If there will be a need to relocated, having a contract or agreement in place. Technology: Ensure IT has the appropriate technology requirements documented and plans for implementation. Loaner Laptops, network access, etc.

13 basic components IT DISASTER RECOVERY BASIC COMPONENTS IN
IT Recovery Plans: These are the tasks and actions taken to restore applications and processing when an emergency or outage event occurs Contact Lists: Employee, Vendor, Third Party contacts, numbers, , etc. DR Strategy and Implementation: Technical implementation DR Tests: Verifying the recovery is functional.

14 basic components CRISIS MANAGEMENT BASIC COMPONENTS IN
Crisis Management Team: Senior management responsible for direction and overall management of an emergency event. Roles and responsibilities include business functions, communication, logistics, security, risk , etc. Crisis Management Plan: These are the tasks and actions taken to manage over all emergency events at a corporate level. Including communication both internal and external. Contact Lists: Employee, Vendor, Third Party contacts, numbers, , etc. Mock Exercises: Verifying the plan and team are functional.

15 Myth – BC & DR are Dead BC/DR ARE DEAD
Most events are self-inflicted (recent airline outages). Unanticipated events – not natural disasters. Customers will NOT understand.

16 THE TEAM WILL KNOW HOW TO EXECUTE
Myth – Documentation is not needed – we have it THE TEAM WILL KNOW HOW TO EXECUTE People are good at what they do every day. You don’t recover every day. They will be tired or trying to perform multiple recoveries. You may be using secondary resources or contractors. Information is always readily available

17 OUR PEOPLE WILL FIGURE IT OUT
Myth – We will Figure it out OUR PEOPLE WILL FIGURE IT OUT True, but that will take time. Your strategy to meet RTO/RPO is mostly likely based on best case. There will be unexpected issues even in best case. Secondary people will be participating and may be primarily responsible Often the recovery environment is not completely in sync with production.

18 RECOMMENDATION CONTENT WHAT SHOULD BE INCLUDED?
Put the usable information at the beginning of the plan Put the audit information in appendices Checklist based Think airlines or surgeries Functional/proprietary What will people do not know or remember? Identify risks and impacts in the plan Don’t have the team figure it out during an event. Reference/use information already available Contact lists (make copies as backup) BIA/TRA Functional exercises/training

19 INTEGRATION BETWEEN Business continuity AND OTHER DEPARTMENTS

20 INTEGRATION BETWEEN Business continuity AND OTHER DEPARTMENTS
BUSINESS FIRST Everything should be about how it helps our organization Increase revenue Decrease costs Regulatory/Audit requirement Safety Every department is part of the “business” Everyone (you) are part of BC/DR

21 How do records management help
ELECTRONIC DATA Records Retention Impact of what is recovered and when Potential work arounds Ensure destruction Security and ownership Data synchronization state.

22 How do records management help
HARDCOPY DATA Records Retention Where Stored Criticality Access Actual Need

23 How do records management help
PLAN DOCUMENTS Document update schedule and Management Security and ownership Document Storage and Management

24 HOW DO WE START OR CONTINUE?
SO, what are the next steps? WHAT DO WE DO NOW? HOW DO WE START OR CONTINUE? AREAS TO REVIEW WHERE TO PRIORITIZE If you don’t know your BC leader, go say Hi. Do you know what your BCP says related to your department? Do you know how you fit in and what role you play? Base infrastructure (server, VM, network, authentication). Integrations. Technology gaps. Resource constrained areas. SaaS/IaaS environments. Validate recovery strategy.

25 Final thoughts

26 Final thoughts

27 Richard Long MHA Consulting, Inc. long@mha-it.com www.mha-it.com
Office: (888) Mobile: (602)

Download ppt "Business Continuity and Disaster Recovery"

Similar presentations

Business Continuity Training & Awareness by Sulia Toutai (ANZ)

Business Continuity Training & Awareness by Sulia Toutai (ANZ)
BCM and Security ROGSI/DMS Präsentation ROGSI/DMS Suite for Corporate Survival ROGSI/Business Impact Analysis TOP 7 Best Practices for Business Continuity.

BCM and Security ROGSI/DMS Präsentation ROGSI/DMS Suite for Corporate Survival ROGSI/Business Impact Analysis TOP 7 Best Practices for Business Continuity.
Disaster Preparedness I Lessons Learned Don Hall Thomson Prometric 2006 Annual ConferenceAlexandria, Virginia Council on Licensure, Enforcement and Regulation.

Disaster Preparedness I Lessons Learned Don Hall Thomson Prometric 2006 Annual ConferenceAlexandria, Virginia Council on Licensure, Enforcement and Regulation.
1 Disaster Recovery “Protecting City Data” Ron Bergman First Deputy Commissioner Gregory Neuhaus Assistant Commissioner THE CITY OF NEW YORK.

1 Disaster Recovery “Protecting City Data” Ron Bergman First Deputy Commissioner Gregory Neuhaus Assistant Commissioner THE CITY OF NEW YORK.
1 Continuity Planning for transportation agencies.

1 Continuity Planning for transportation agencies.
1 Disk Based Disaster Recovery & Data Replication Solutions Gavin Cole Storage Consultant SEE.

1 Disk Based Disaster Recovery & Data Replication Solutions Gavin Cole Storage Consultant SEE.
Manage and Safeguard Your BC Career Cheyene Haase BC Management, Inc.

Manage and Safeguard Your BC Career Cheyene Haase BC Management, Inc.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Business Continuity Check List PageOne. - Why Does Your Business Need A Continuity Checklist? Should the unexpected occur, your business will be able.

Business Continuity Check List PageOne. - Why Does Your Business Need A Continuity Checklist? Should the unexpected occur, your business will be able.
Business Continuity and You! The Ohio State University Business & Finance Enterprise Continuity Program Quarterly Update October 2008Business and Finance.

Business Continuity and You! The Ohio State University Business & Finance Enterprise Continuity Program Quarterly Update October 2008Business and Finance.
Business Crisis and Continuity Management (BCCM) Class Session 15 15 - 1.

Business Crisis and Continuity Management (BCCM) Class Session
Services Tailored Around You® Business Contingency Planning Overview July 2013.

Services Tailored Around You® Business Contingency Planning Overview July 2013.
EASTERN MICHIGAN UNIVERSITY Continuity of Operations Planning (COOP)

EASTERN MICHIGAN UNIVERSITY Continuity of Operations Planning (COOP)
RBTC: Business Continuity 101 July 18, 2013. What is Business Continuity? Scenario Part 1 Why is BC important? What types of plans are needed? How do.

RBTC: Business Continuity 101 July 18, What is Business Continuity? Scenario Part 1 Why is BC important? What types of plans are needed? How do.
Module 3 Develop the Plan Planning for Emergencies – For Small Business –

Module 3 Develop the Plan Planning for Emergencies – For Small Business –
ISA 562 Internet Security Theory & Practice

ISA 562 Internet Security Theory & Practice
Rich Archer Partner, Risk Advisory Services KPMG LLP Auditing Business Continuity Plans.

Rich Archer Partner, Risk Advisory Services KPMG LLP Auditing Business Continuity Plans.
1 Availability Policy (slides from Clement Chen and Craig Lewis)

1 Availability Policy (slides from Clement Chen and Craig Lewis)
Business Continuity and Disaster Recovery Planning.

Business Continuity and Disaster Recovery Planning.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Similar presentations

Ads by Google