Presentation is loading. Please wait.

Presentation is loading. Please wait.

Business Continuity and Disaster Recovery Planning

Published byPriscilla Lucy Norris Modified over 9 years ago

Similar presentations

Presentation on theme: "Business Continuity and Disaster Recovery Planning"— Presentation transcript:

1 Business Continuity and Disaster Recovery Planning
Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2015 Business Continuity and Disaster Recovery Planning

2 Domain Agenda Project Scope Development and Planning
Business Impact Analysis (BIA) and Functional Requirements Business Continuity and Recovery Strategy Plan Design and Development Implementation Restoration / Disaster Recovery Feedback and Plan Management

3 Domain Objectives Understand the planning process
Integrating BCP into the organization Defining inputs and outputs of process Understand the difference between BCP and DRP

4 Sources of Information
Disaster Recovery Institute International Business Continuity Institute ISO 25999 ISO 27001, Section 10 NIST SP

5 ISO 25999: Business Continuity Management
Risk management Disaster recovery Facilities management Supply chain management Quality management Health and safety Knowledge management Emergency management Security Crisis communications and PR

6 Overview of BCP Direct benefits Indirect benefits
Overlap with Risk Management BCM vs. BCP vs. COOP

7 The Enterprise BCP DRP BIA Incident response planning
Backup strategies Emergency procedures Contracts and provisioning BIA Reciprocal agreements Alternate sites Incident response planning Succession Plan Incidence Response Team

8 The Enterprise BCP (cont.)
Risk analysis Safeguards / countermeasures Insurance plan Corporate communication plan User awareness training Media/stakeholder relations plan

9 The Business Continuity Life Cycle
Analyze the business Assess the risks Develop the BC strategy Develop the BC plan Rehearse the plan

10 BC Project Phases Project Scope Development and Planning
Business Impact Analysis (BIA) and Functional Requirements Business Continuity and Recovery Strategy Plan Design and Development Implementation Restoration / Disaster Recovery Feedback and Plan Management

11 Reflecting Organizational Context
Policy is the driver Aligned with requirements Provides direction and focus Use Business Impact Analysis Identify inputs Outcomes and deliverables Reviewed annually

12 Policy Organizational authority Policy document Program scope
Resources Outsourcing

13 Policy contents Framework Tools and techniques Policy contents
Change is infrequent

14 Outsourced Activities
You are still responsible Resilience in outsourcing Supplier continuity

15 Scope and Choices Limit scope Ensure clarity of scope
Strategy, Return on Investment (ROI), and SWOT (Strengths, Weaknesses, Opportunities, Threats) Review yearly

16 Program Management Assigning responsibilities
Initiating BCP in the organization Project management Ongoing management Documentation Incident readiness and response

17 Documentation Review current BCP if available
Documentation may not equal capability Staff must be trained to use any necessary software Types of documentation Review as directed by policy

18 Initiating BCP Awareness, data, implementation Staff and budget
Result must be a long-term, sustainable program Review progress monthly

19 Incident Readiness & Response
Planners become leaders Be prepared Triage Incident management Success = Return to Operations Immediate lessons learned

20 Key Indicators of Success
Senior management commitment Policy content BCP Resources Project management Documentation

21 BCP Project Phases Project Scope Development and Planning
Business Impact Analysis (BIA) and Functional Requirements Business Continuity and Recovery Strategy Plan Design and Development Implementation Restoration / Disaster Recovery Feedback and Plan Management

22 Understanding the Organization
Business Impact Analysis (BIA) Benefits Objectives Evaluating Threats (Risk Assessment) Emergency Assessment Indicators of Critical Business Functions

23 Business Impact Analysis
Identifies, quantifies and qualifies loss Scope and support required Documents impact and dependencies MTD, RPO Business impact analysis process Workshops, questionnaires, interviews Business justifications for budget

24 Maximum Tolerable Period of Disruption
Item Required recovery time following a disaster Non-essential 30 days Normal 7 days Important 72 hours Urgent 24 hours Critical/Essential Minutes to hours

25 Estimating Continuity Requirements
Total budget for disaster recovery Identification of necessary resources Outcomes feed BCP strategy selection Reviewed with BIA

26 Evaluating Threats (Risk Assessment)
Risk equation + time element Risk = Threat impact * probability Prioritize key processes and assets Outcomes

27 Key Indicators or Success
Corporate governance BIA practice Risk assessment practice

28 BCP Project Phases Project Scope Development and Planning
Business Impact Analysis (BIA) and Functional Requirements Business Continuity and Recovery Strategy Plan Design and Development Implementation Restoration / Disaster Recovery Feedback and Plan Management

29 Determining Business Continuity Strategy
High-level strategies RTO < MTPD Separation distance Resilience Address specific business types

30 Determining Strategy Determining BC strategies Strategy options
Activity continuity options Resource-level consolidation

31 Activity Continuity Options
Selecting recovery tactics Reliability Extent of planning Cost/benefit analysis Outcome

32 Recovery Alternatives
Description Readiness Cost Multiple processing/ mirrored site Fully redundant identical equipment and data Highest level of availability and readiness Highest Mobile site/trailer Designed, self-contained IT and communications Variable drive time; load data and test systems High Hot site Fully provisioned IT and office, HVAC, infrastructure and communications Short time to load data, test systems. May be yours or vendor staff Warm site Partially IT equipped, some office, data and voice, infrastructure Days of weeks. Need equipment, data communications Moderate Cold site Minimal infrastructure, HVAC Weeks or more. Need all IT, office equipment and communications Lowest

33 Processing Agreements
Description Consideration Reciprocal or Mutual Aid Two or more organizations agree to recover critical operations for each other. Technology upgrades/ obsolescence or business growth. Security and access by partner users Contingency Alternate arrangements if primary provider is interrupted, i.e. voice or data communications Providers may share paths or lease from each other. Question them. Service Bureau Agreement with application service provider to process critical business functions. Evaluate their loading geography and ask about backup mode.

34 BCP Project Phases Project Scope Development and Planning
Business Impact Analysis (BIA) and Functional Requirements Business Continuity and Recovery Strategy Plan Design and Development Implementation Restoration / Disaster Recovery Feedback and Plan Management

35 Resource Level Consolidation
Consolidation plan Availability of solutions Consolidate, approve, implement Methods and techniques Outcomes and deliverables

36 Business Continuity Plan
Master plan Modular in design Executive endorsement Review quarterly

37 Business Continuity Plan Contents
When team will be activated Means by which the team will be activated Places to meet Action plans/task list created

38 Business Continuity Plan Contents
Responsibilities of the team or of specific individuals Liaising with Emergency Services (fire, police ambulance) Receiving or seeking information from response teams Reporting information to the Incident Management Team Mobilizing third party suppliers of salvage and recovery services Allocating available resources to recovery teams Invocation / mobilization instructions

39 Developing and Implementing Response
Incident response structure Emergency response procedures Personnel notification Communications Restoration

40 BCP Project Phases Project Scope Development and Planning
Business Impact Analysis (BIA) and Functional Requirements Business Continuity and Recovery Strategy Plan Design and Development Implementation Restoration / Disaster Recovery Feedback and Plan Management

41 Implementing Incident Management Plan
Rapid response is critical Crisis management Steps to develop an Incident Management Plan Action plans

42 Incident Response Structure
Strategic Tactical Operational

43 Key Indicators of Success
Development and acceptance of Recovery Strategies and Business Continuity Plans

44 BCP Project Phases Project Scope Development and Planning
Business Impact Analysis (BIA) and Functional Requirements Business Continuity and Recovery Strategy Plan Design and Development Implementation Restoration / Disaster Recovery Feedback and Plan Management

45 Disaster Recovery Salvage Separate function and team
Facility restoration System recovery

46 BCP Project Phases Project Scope Development and Planning
Business Impact Analysis (BIA) and Functional Requirements Business Continuity and Recovery Strategy Plan Design and Development Implementation Restoration / Disaster Recovery Feedback and Plan Management

47 Testing the Program Find the flaws Outsourcing Timetable for tests
Test design process

48 Testing Types Types Process Participants Frequency Complexity
Desk Check Check the contents of the plan, aid in maintenance. Author Often LOW Walk-through Check interaction and roles of participants. Author and main people Simulation Includes: business plans, buildings, communications Main people and auditors Parallel testing Moves work to another site. Recreates the existing work from the displaced site. Everyone at location Full Shuts down and relocates all work Everyone at both locations Rare HIGH

49 Embedding BCP Assessing level of awareness and training
Developing BCP within the Culture Monitoring cultural change

50 Test BCP Arrangements Test, rehearsal, exercise
Combine all plan activities Stringency, realism and minimal exposure Contents of a test Outcomes

51 Maintaining BCP Arrangements
Ready and embedded Triggered by change management Owners keep information current Documented Review as needed

52 Reviewing BCP Arrangements
Audit Independent BCP audit opinion As directed by audit policy

53 Factors for Success Supported by senior management Everyone is aware
Everyone is invested Consensus

54 Assessing the Level of Awareness and Training
Where are we now What does the policy state Current vs. desired levels Training framework in place

55 Developing a BCP Within the Organization’s Culture
Training, education, awareness Well-implemented policy Design Delivery planning Delivery Cost effective delivery Higher awareness

56 Domain Summary Project Scope Development and Planning
Business Impact Analysis (BIA) and Functional Requirements Business Continuity and Recovery Strategy Plan Design and Development Implementation Restoration / Disaster Recovery Feedback and Plan Management

Download ppt "Business Continuity and Disaster Recovery Planning"

Similar presentations

Business Continuity Planning DavisLogicDavisLogic & All Hands ConsultingAll Hands Consulting.

Business Continuity Planning DavisLogicDavisLogic & All Hands ConsultingAll Hands Consulting.
Making Business Continuity Childs Play Business Continuity Management Presentation to January 2006 Mick 087-2897687

Making Business Continuity Childs Play Business Continuity Management Presentation to January 2006 Mick
Business Continuity Training & Awareness by Sulia Toutai (ANZ)

Business Continuity Training & Awareness by Sulia Toutai (ANZ)
Disaster Preparedness I Lessons Learned Don Hall Thomson Prometric 2006 Annual ConferenceAlexandria, Virginia Council on Licensure, Enforcement and Regulation.

Disaster Preparedness I Lessons Learned Don Hall Thomson Prometric 2006 Annual ConferenceAlexandria, Virginia Council on Licensure, Enforcement and Regulation.
CIOassist Technologies Your CIO on Demand… Business Continuity Planning Our Offering CIOassist Technologies (www.cioassist.in)www.cioassist.in

CIOassist Technologies Your CIO on Demand… Business Continuity Planning Our Offering CIOassist Technologies (
Service Design – Section 4.5 Service Continuity Management.

Service Design – Section 4.5 Service Continuity Management.
@TxSchoolSafety Continuity of Operations Planning Workshop Devolution & Reconstitution.

@TxSchoolSafety Continuity of Operations Planning Workshop Devolution & Reconstitution.
Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP)

Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP)
BCP/DRP Consultancy Project- An approach

BCP/DRP Consultancy Project- An approach
Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning
Security Controls – What Works

Security Controls – What Works
Implementing BCM Lynda McMullan CBCI Business Continuity Manager.

Implementing BCM Lynda McMullan CBCI Business Continuity Manager.
Managing the Information Technology Resource Jerry N. Luftman

Managing the Information Technology Resource Jerry N. Luftman
The Australian/New Zealand Standard on Risk Management

The Australian/New Zealand Standard on Risk Management
TEL382 Greene Chapter 11. 10/27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.

TEL382 Greene Chapter /27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.
Disaster Recovery and Business Continuity Gretchen Grey.

Disaster Recovery and Business Continuity Gretchen Grey.
Pertemuan 11-12 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Planning for Contingencies

Planning for Contingencies
Managing Project Risk.

Managing Project Risk.
Business Continuation Plan / Program Overview State CIO Council Meeting June 24, 2008.

Business Continuation Plan / Program Overview State CIO Council Meeting June 24, 2008.

Similar presentations

Ads by Google