Presentation is loading. Please wait.

Presentation is loading. Please wait.

C ONNECTING FOR A R ESILIENT A MERICA Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP) Skip Breeden.

Published byCassandra Carter Modified over 9 years ago

Similar presentations

Presentation on theme: "C ONNECTING FOR A R ESILIENT A MERICA Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP) Skip Breeden."— Presentation transcript:

1 C ONNECTING FOR A R ESILIENT A MERICA Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP) Skip Breeden

2 C ONNECTING FOR A R ESILIENT A MERICA How to preserve critical business functions in the face of a disaster.

3 C ONNECTING FOR A R ESILIENT A MERICA Why?  Up to 40% of businesses affected by a natural or human-caused disaster never reopen. (Source: Insurance Information Institute)  Customers expect delivery of products or services on time. If there is a significant delay, customers may go to a competitor.  Failure to implement a preparedness program risks losing business to competitors who can demonstrate they have a BCP.

4 C ONNECTING FOR A R ESILIENT A MERICA Why?  According to the Small Business Administration, small businesses:  Represent 99.7% of all employer firms  Employ about half of all private sector employees  Have generated 65% of net new jobs over the past 17 years  Made up 97.5% of all identified exporters.

5 C ONNECTING FOR A R ESILIENT A MERICA The BCP Addresses  Continuation of critical business processes when a disaster destroys data processing capabilities  Preparation, testing and maintenance of specific actions to recover normal operations (the BCP)

6 C ONNECTING FOR A R ESILIENT A MERICA Disasters – Natural, Man-made  Fire, flood, hurricane, tornado, earthquake, volcanoes  Plane crashes, vandalism, terrorism, riots, sabotage, loss of personnel, etc.  Anything that diminishes or destroys normal data processing capabilities

7 C ONNECTING FOR A R ESILIENT A MERICA Disasters are Defined in Terms of the Business  If it harms critical business processes, it may be a disaster  Time-based definition – how long can the business stand the pain?  Probability of occurrence

8 C ONNECTING FOR A R ESILIENT A MERICA Broad BCP Objectives - CIA  Confidentiality – important  Integrity – important  Availability – the main focus

9 C ONNECTING FOR A R ESILIENT A MERICA BCP Objective  Create, document, test, and update a plan that will: Allow timely recovery of critical business operations Minimize loss Meet legal and regulatory requirements

10 C ONNECTING FOR A R ESILIENT A MERICA Scope of BCP  Was just the data center  Now includes: Distributed operations Personnel Networks power All aspects of the IT environment

11 C ONNECTING FOR A R ESILIENT A MERICA Creating a BCP  Is an on-going process, not a project with a beginning and an end Creating, testing, maintaining, and updating “Critical” business functions may evolve  The BCP team must include:  Business personnel  IT personnel  Requires the support of senior management

12 C ONNECTING FOR A R ESILIENT A MERICA The Five BCP Phases 1.Project management & initiation 2.Business Impact Analysis (BIA) 3.Recovery strategies 4.Plan design & development 5.Testing, maintenance, awareness, training

13 C ONNECTING FOR A R ESILIENT A MERICA 1. - Project Management & Initiation  Establish need (risk analysis)  Get management support  Establish team (functional, technical, BCC – Business Continuity Coordinator)  Create work plan (scope, goals, methods, timeline)  Initial report to management  Obtain management approval to proceed

14 C ONNECTING FOR A R ESILIENT A MERICA 2. - Business Impact Analysis (BIA)  MTD – Maximum Tolerable Downtime, also known as MAO (Maximum Allowable Outage)  Goal: obtain formal agreement with senior management on the MTD for each time-critical business resource

15 C ONNECTING FOR A R ESILIENT A MERICA 2. - Business Impact Analysis (BIA) (continued)  Quantifies loss due to business outage (financial, extra cost of recovery, embarrassment)  Does not estimate the probability of kinds of incidents, only quantifies the consequences

16 C ONNECTING FOR A R ESILIENT A MERICA 2. - BIA Phases (continued)  Choose information gathering methods (surveys, interviews, software tools)  Select interviewees  Customize questionnaire  Analyze information  Identify time-critical business functions

17 C ONNECTING FOR A R ESILIENT A MERICA 2. - BIA Phases (continued)  Assign MTDs  Rank critical business functions by MTDs  Report recovery options  Obtain management approval

18 C ONNECTING FOR A R ESILIENT A MERICA

19 3. – Recovery Strategies  Recovery strategies are based on MTDs  Predefined  Management-approved

20 C ONNECTING FOR A R ESILIENT A MERICA 3. – Recovery Strategies (continued)  Different technical strategies  Different costs and benefits  How to choose?  Careful cost-benefit analysis  Driven by business requirements

21 C ONNECTING FOR A R ESILIENT A MERICA 3. – Recovery Strategies (continued)  Strategies should address recovery of: Business operations Facilities & supplies Users (workers and end-users) Network, data center (technical) Data (off-site backups of data and applications)

22 C ONNECTING FOR A R ESILIENT A MERICA 3. – Recovery Strategies (continued)  Technical recovery strategies - scope Data center Networks Telecommunications

23 C ONNECTING FOR A R ESILIENT A MERICA 3. – Recovery Strategies (continued)  Technical recovery strategies – methods Subscription services Mutual aid agreements Redundant data centers Service bureaus

24 C ONNECTING FOR A R ESILIENT A MERICA 3. – Recovery Strategies (continued)  Technical recovery strategies – subscription service sites Hot – fully equipped Warm – missing key components Cold – empty data center Mirror – full redundancy Mobile – trailer full of computers

25 C ONNECTING FOR A R ESILIENT A MERICA 3. – Recovery Strategies (continued)  Technical recovery strategies – mutual aid agreements I’ll help you if you’ll help me! Inexpensive Usually not practical

26 C ONNECTING FOR A R ESILIENT A MERICA 3. – Recovery Strategies (continued)  Technical recovery strategies – redundant processing centers Expensive Maybe not enough spare capacity for critical operations

27 C ONNECTING FOR A R ESILIENT A MERICA 3. – Recovery Strategies (continued)  Technical recovery strategies –service bureaus Many clients share facilities Almost as expensive as a hot site Must negotiate agreements with other clients

28 C ONNECTING FOR A R ESILIENT A MERICA 3. – Recovery Strategies (continued)  Technical recovery strategies –data Backups of data and applications Off-site vs. on-site storage of media How fast can data be recovered? How much data can you lose? Security of off-site backup media Types of backups (full, incremental, differential, etc.)

29 C ONNECTING FOR A R ESILIENT A MERICA 4. – BCP Development/Implementation  Detailed plan for recovery Business & service recovery plans Maintenance Awareness & training Testing

30 C ONNECTING FOR A R ESILIENT A MERICA 4. – BCP Development/Implementation (continued)  Sample plan phases Initial disaster response Resume critical business ops Resume non-critical business ops Restoration (return to primary site) Interacting with external groups (customers, media, emergency responders)

31 C ONNECTING FOR A R ESILIENT A MERICA 5. – BCP Final Phase  Testing  Maintenance  Awareness  Training

32 C ONNECTING FOR A R ESILIENT A MERICA 5. – BCP Final Phase - TESTING  Until it’s tested, you don’t have a plan  Kinds of testing Structured walk-through Checklist Simulation Parallel Full interruption

33 C ONNECTING FOR A R ESILIENT A MERICA 5. – BCP Final Phase - MAINTENANCE  Fix problems found in testing  Implement change management  Audit and address audit findings  Annual review of plan  Build plan into organization

34 C ONNECTING FOR A R ESILIENT A MERICA 5. – BCP Final Phase - AWARENESS  Internal  Staff  Families  External  Customers  Associations  Investigate changes in the sector  Listen to the market

35 C ONNECTING FOR A R ESILIENT A MERICA 5. – BCP Final Phase - TRAINING  BCP team is probably the DR team  BCP training must be on-going  BCP training needs to be part of the standard on- boarding and part of the corporate culture

36 C ONNECTING FOR A R ESILIENT A MERICA Final Comments  Seek advise/help  Charge forward  Plans don’t serve a purpose sitting on a shelf – use them – revise them  Don’t forget your supply chain

37 C ONNECTING FOR A R ESILIENT A MERICA Questions?

Download ppt "C ONNECTING FOR A R ESILIENT A MERICA Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP) Skip Breeden."

Similar presentations

Business Plug-In B4 MIS Infrastructures.

Business Plug-In B4 MIS Infrastructures.
Reliability of the electrical service Business Continuity Management Business Impact Analysis (BIA) Critical ITC Services Minimum Business Continuity Objective.

Reliability of the electrical service Business Continuity Management Business Impact Analysis (BIA) Critical ITC Services Minimum Business Continuity Objective.
CIOassist Technologies Your CIO on Demand… Business Continuity Planning Our Offering CIOassist Technologies (www.cioassist.in)www.cioassist.in

CIOassist Technologies Your CIO on Demand… Business Continuity Planning Our Offering CIOassist Technologies (
DISASTER CENTER Study Case DEMIRBANK ROMANIA “Piata Financiara” ConferenceJanuary 29, 2002 C 2002.

DISASTER CENTER Study Case DEMIRBANK ROMANIA “Piata Financiara” ConferenceJanuary 29, 2002 C 2002.
1 Disaster Recovery “Protecting City Data” Ron Bergman First Deputy Commissioner Gregory Neuhaus Assistant Commissioner THE CITY OF NEW YORK.

1 Disaster Recovery “Protecting City Data” Ron Bergman First Deputy Commissioner Gregory Neuhaus Assistant Commissioner THE CITY OF NEW YORK.
JOELLE QUIAPO FOLA OYEDIRAN GREG SWENSON SUKHI BEDI CHENYU GONG Disaster Recovery and Business Continuity Planning: Testing an Organization’s Plans What.

JOELLE QUIAPO FOLA OYEDIRAN GREG SWENSON SUKHI BEDI CHENYU GONG Disaster Recovery and Business Continuity Planning: Testing an Organization’s Plans What.
Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP)

Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP)
Business Continuity & Disaster Recovery

Business Continuity & Disaster Recovery
Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning
Copyright 2004 Turning Point Solutions Establishing Lines Of Communication Before a Crisis.

Copyright 2004 Turning Point Solutions Establishing Lines Of Communication Before a Crisis.
Chapter 1 Information Security Management

Chapter 1 Information Security Management
Stephen S. Yau CSE465-591, Fall 2006 1 Contingency and Disaster Recovery Planning.

Stephen S. Yau CSE , Fall Contingency and Disaster Recovery Planning.
Disaster Prevention and Recovery Presented By: Sean Snodgrass and Theodore Smith.

Disaster Prevention and Recovery Presented By: Sean Snodgrass and Theodore Smith.
TEL382 Greene Chapter 11. 10/27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.

TEL382 Greene Chapter /27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.
Planning for Contingencies

Planning for Contingencies
Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FIVE INFRASTRUCTURES: SUSTAINABLE TECHNOLOGIES CHAPTER.

Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FIVE INFRASTRUCTURES: SUSTAINABLE TECHNOLOGIES CHAPTER.
Disaster Recovery and Business Continuity Ensuring Member Service in Times of Crisis.

Disaster Recovery and Business Continuity Ensuring Member Service in Times of Crisis.
Business Continuity & Disaster Recovery Planning at The Chicago Board of Trade Presented By: Bryan Durkin Sr. Vice President The Chicago Board of Trade.

Business Continuity & Disaster Recovery Planning at The Chicago Board of Trade Presented By: Bryan Durkin Sr. Vice President The Chicago Board of Trade.
1 Disaster Recovery Planning & Cross-Border Backup of Data among AMEDA Members Vipin Mahabirsingh Managing Director, CDS Mauritius For Workgroup on Cross-Border.

1 Disaster Recovery Planning & Cross-Border Backup of Data among AMEDA Members Vipin Mahabirsingh Managing Director, CDS Mauritius For Workgroup on Cross-Border.
Disaster Recovery Chao-Hsien Chu, Ph.D.

Disaster Recovery Chao-Hsien Chu, Ph.D.

Similar presentations

Ads by Google