AD ConsultingKnowledge, Performance, innovation, Improvement…

Business Continuity PlanningOur Offering

Why Business Continuity?

REVENUE Direct Loss Deferred Losses Compensatory Payments Lost Future Revenue Billing Losses Investment Losses

FINANCIAL PERFORMANCE Lost Market Share Revenue Recognition Cash Flow Lost Discounts Payment Guarantees Stock Price Credit Rating

OTHER EXPENSES Temporary employees, Equipment Rental, Overtime, Extra Shipping Costs, Travel Expenses, Etc.

REPUTATION Customers Suppliers Financial Markets Banks Business Partners Etc.

PRODUCTIVITY Loss Of Productivity Employees Impacted @ X

Burdened Hourly Rate

LEGAL/REGULATORY Contractual Requirements SLAs Regulatory Requirements

The Cost of Downtime

BCP Phases

• Project Management and Intonation• Conduct Business Impact Analysis• Develop Recovery Strategies• Plan, Design and Development• Testing, maintenance, awareness and training

BCP Is an on-going process, not a project with a beginning and an end

TestingMaintenanceAwarenessTraining 5

Plan, Design and Development 4

1

Project Initiation:Understand Your Business

3 Develop Strategies forSupply & Technology RecoveryData Recovery

2Conduct Business ImpactAnalysis to identifyRecovery Point (RPO)Service Delivery (SDO) Recover Time (RTO) Maximum Tolerable Outage (MTO)

BCP

BCP Phases

• Developing and approval of BCP policy• Define BCP committee

– operational units representatives– senior management– IT security– IT specialized experts, and optionally support units like

(technical affairs)• Define BCP project scope and objectives• Provide the necessary project funds and resourses

Project Initiation

Business Impact Analysis

• Collect data through interviews, survey, documenting business functions, transactions, activities

• Develop hierarchy of business functions and apply a classification scheme to indicate each individual function’s criticality level.

• Identify the resources that these functions depend upon

• Calculate Maximum Tolerable Outage (MTO) for these functions

• Identify vulnerabilities and threats to these functions• Calculate risk for each different business function• Document findings and report them to management

Business Impact Analysis

Recovery Time Objective (RTO): Time duration organization can wait between point of failure and service resumptionService Delivery Objective (SDO): Level of service in Alternate ModeMaximum Tolerable Outage: Max time in Alternate Mode

Regular Service

Alternate Mode

RegularService

RTO

Maximum Tolerable Outage

SDO

Interruption

Time…

Disaster Recovery Plan Implemented

RestorationPlan Implemented

Business Impact Analysis

How far back can you fail to? How long can you operate without a system?One week’s worth of data? Which services can last how long?

Inte

rrup

tion

1 1 1Hour Day Week

Recovery Point Objective Recovery Time Objective

Inte

rrup

tion

1 1 1Week Day Hour

Business Impact Analysis

Move toAlternate Site

ReturnHome

ResumeBusiness

Data Synchronization

Restore Technology Capability

Restore Communications

Restore Business Functions

NotificationsVital Records

Lost Data

Data Recovery Objective

Recovery Time Objective

(If necessary)

High Level Look at a Recovery Effort

Recovery strategies

• Supply and technology recovery• Network and computer equipment• Voice and data communications resources• Human resources• Transportation of equipment and personnel• Environment issues (HVAC)• Data and personnel security issues• Supplies (paper, forms, cabling, and so on)• Documentation

• Data recovery• Restoring Backed-up data

Recovery Strategies

Cost

Time

Service Downtime

Alternative Recovery StrategiesOptimum Cost

* Hot Site

* Warm Site

* Cold Site

Identifying the Optimum Strategy

Recovery strategies

• Business process recovery• Facility recovery

Site Cost Hardware Equipment

Telecommunications

Setup Time Location

Cold Site Low None None Long Fixed Warm Site Medium Partial Partial/Full Medium Fixed Hot Site Medium/

High Full Full Short Fixed

Mobile Site High Dependent Dependent Dependent Not Fixed

Mirrored Site

High Full Full None Fixed

Plan Design and Development

• All finding and decisions to be developed and documented.

• Submission of document for approval• Define execution procedure(s) for the

plan.

Testing, maintenance, awarenessand training

• Validating that decisions are suitable and correct by performing

– Checklist Test– Structured Walk-Through Test– Simulation Test– Parallel Test– Full-Interruption Test

• Maintaining the plan– Make business continuity a part of every business decision– Insert the maintenance responsibilities into job descriptions– Perform internal audits that include disaster recovery and continuity– documentation and procedures to update the plan.– Integrate the BCP into the change management process

• Training and awareness programs are an integral part of the BCP process

BCP Is an on-going process, not a project with a beginning and an end