Download presentation
Presentation is loading. Please wait.
1
March 17, 2005© Gerald Isaacson 2005 Emergency Management Planning Business Continuity IT Partners
2
April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning A few definitions to get started: … a “disaster” The cake I was baking to bring to Xmas dinner He lost a laptop with the only copy of his thesis She lost her research and papers in the lab fire Payroll system failed the day before payday Asbestos released in a dorm renovation The death of a student The Northeast blackout The recent tsunami
3
April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning … a “disaster” is an event, often unexpected, that seriously disrupts your usual operations or processes and can have long term impact on your normal way of life or that of your organization.
4
April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning A few definitions to get started: … RTO [Recovery Time Objective] the point in time when you must have at least the critical aspects of your business operational again.
![April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning A few definitions to get started: … RTO [Recovery Time Objective] the point in time when you must have at least the critical aspects of your business operational again.](http://images.slideplayer.com./16/5127316/slides/slide_4.jpg "April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning A few definitions to get started: … RTO [Recovery Time Objective] the point in time when you must have at least the critical aspects of your business operational again.")
5
April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning A few definitions to get started: …RPO [Recovery Point Objective] The last copy of your data that is out of harm’s way – hopefully it is recently current.
![April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning A few definitions to get started: …RPO [Recovery Point Objective] The last copy of your data that is out of harm’s way – hopefully it is recently current.](http://images.slideplayer.com./16/5127316/slides/slide_5.jpg "April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning A few definitions to get started: …RPO [Recovery Point Objective] The last copy of your data that is out of harm’s way – hopefully it is recently current.")
6
April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning A few definitions to get started: … Business Continuity Planning
7
April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning … it’s not rocket science
8
April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning … it is: a process to minimize the impact of a major disruption to normal operations a process to enable restoration of critical assets a process to restore normalcy to MIT as soon as possible after a crisis. … it is not just: recovery of information technology resources
9
April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning … and it is the phase of crisis management that follows the immediate actions taken to protect life and property and contain the event … it begins when the situation has been stabilized.
10
April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning … and it is now a national standard for both the public and private sectors
11
April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning An ECAR report in March of this year, from Baylor Medical Center and the University of Houston, in the aftermath of hurricane Allison, posed the following list of questions to ask to determine your resilience to a disaster.
12
April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning ECAR Research Bulletin Mar 1 2005
13
April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning An ECAR report in March of this year, from Baylor Medical Center and the University of Houston, in the aftermath of hurricane Allison, posed the following list of questions to ask to determine your resilience to a disaster. The answers constitute your Business Continuity Plan
14
April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning The Risk Matrix CHANGE SOMETHING IGNORE NORMAL PROCEDURES PLAN IMPACT HIGH LOW PROBABILITY LOWHIGH
15
April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning Source: Gartner Group and Comdisco Network Operations Disruptions Power Hardware
16
April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning
17
April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning
18
April 19, 2005© Gerald Isaacson 2005 Mt. St. Helens – May 1980 – new threats arise Business Continuity Planning
19
April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning It’s different now….
20
April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning © ECAR Research Bulletin Mar 1 2005 …but we still have the usual concerns
21
April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning When is it a Crisis? Continuity Continuum Minutes Hours Days Weeks
22
April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning When is it a Crisis? Continuity Continuum Minutes Hours Days Weeks
23
April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning When is it a Crisis? Continuity Continuum Minutes Hours Days Weeks
24
April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning When is it a Crisis? Continuity Continuum Minutes Hours Days Weeks
25
April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning A crisis timeline --
26
April 19, 2005© Gerald Isaacson 2005 Restoration of Critical Processing Business Continuity Planning Alarm Notification to First Responders Data center fire
27
April 19, 2005© Gerald Isaacson 2005 Restoration of Critical Processing Business Continuity Planning Activate the Emergency Operations Center
28
April 19, 2005© Gerald Isaacson 2005 Restoration of Critical Processing Business Continuity Planning IT decision to move to a backup facility
29
April 19, 2005© Gerald Isaacson 2005 Restoration of Critical Processing Business Continuity Planning Assemble IT recovery team at appropriate sites
30
April 19, 2005© Gerald Isaacson 2005 Restoration of Critical Processing Business Continuity Planning Obtain backup tapes from off-premises storage
31
April 19, 2005© Gerald Isaacson 2005 Restoration of Critical Processing Business Continuity Planning Acquire and install backup hardware and network connections
32
April 19, 2005© Gerald Isaacson 2005 Restoration of Critical Processing Business Continuity Planning Restore Operating System and Network
33
April 19, 2005© Gerald Isaacson 2005 Restoration of Critical Processing Business Continuity Planning Reload database and other data
34
April 19, 2005© Gerald Isaacson 2005 Restoration of Critical Processing Business Continuity Planning Restore Critical Applications
35
April 19, 2005© Gerald Isaacson 2005 Restoration of Critical Processing Business Continuity Planning Begin Critical Processing - This is your Recovery Time Objective (RTO)
36
April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning Recovery Time Objective (RTO) Do you measure it in hours or weeks?
37
April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning Recovery Time Objective (RTO) Do you measure it in hours or weeks? When do you need to start to reach it on time?
38
April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning Windows are Closing
39
April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning Increasing dependencies on electronic capabilities to do your job have shortened the recovery timeframe.
40
April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning Increasing dependencies on electronic capabilities to do your job have shortened the recovery timeframe. This often leads to a disconnect between user’s expectations and the organization’s ability to meet them.
41
April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning © Lucent technologies Move to Alternate Site Return Home Resume Business Data Synchronization Restore Technology Capability Restore Communications Restore Business Functions Notifications Vital Records Lost Data Data Recovery Objective Recovery Time Objective (If necessary) High Level Look at a Recovery Effort
42
April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning Continuity Plan Development Phases Understand the need
43
April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning Continuity Plan Development Phases Understand the need Define the risk to the DLC and define the level of criticality
44
April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning Criticality Levels Category I Must be up in hours Category II Must be up in days Category III Must be up in weeks Category IV Can wait till operations are normal
45
April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning Continuity Plan Development Phases Understand the need Define the risk to the DLC and define the level of criticality Give an individual responsibility and authority for overall planning
46
April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning Continuity Plan Development Phases Understand the need Define the risk to the DLC and define the level of criticality Give an individual responsibility and authority for overall planning Ensure that organizational units – accounting, facilities, residential life, laboratories, etc. understand their individual responsibility for recovery of their operations.
47
April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning Continuity Plan Development Phases DLC’s develop their FARM (Functional Area Recovery Management) teams The Business Continuity Planning Team – (BCMT) consists of FARM Team Coordinators The BCMT is represented at the MIT Emergency Operations Center (EOC)
48
April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning Continuity Plan Development Phases Put together the recovery team Document the Plan
49
April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning The Table of Contents from the TLO FARM Team Plan
50
April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning Key Plan Components –Contact list – up to date
51
April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning Key Plan Components –Contact list – up to date –Resources needed – not just computing
52
April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning Key Plan Components –Contact list – up to date –Resources needed – not just computing –Emergency procedures
53
April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning Continuity Plan Development Phases Document the plans for each department, lab or center Use a common template or framework Plan review by Business Continuity Management Team (BCMT) and Information Systems & Technology
54
April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning Continuity Plan Development Phases Test, test, test
55
April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning Simulation Testing – MIT’s Central Utility Plant On an August afternoon, a fuel line rupture in the Central Utility Plant results in a fire. When the sprinkler system operates, the ensuing flood creates a hazardous waste issue due to the oil and ACM. The sprinkler operation also operates protective disconnects and the power is shut down. There have been 5 injuries of CUP workers because of this incident. After about 4 hours it is determined that the CUP’s clean up and return to service will take at least 24 hours, and the 80% of the campus that the CUP serves will remain without power.
56
April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning Continuity Plan Development Phases Test, test, test Maintain the plans – a very difficult process but critical to the long term viability of any plan
57
April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning What’s next? Who should we be talking to in your area? Who should we be talking to who is not here? Any overall concerns about the project? Any specific concerns that we should be addressing?
58
April 19, 2005© Gerald Isaacson 2005 Business Continuity Planning Gerald Isaacson, CISSPWilliam McShea, CFPS gii@mit.eduwmcshea@mit.edu 617 253-1440617 253-9491 32-013 web.mit.edu/bcmthttp://web.mit.edu/environ ment/ehs/
Similar presentations
