business continuity
TRANSCRIPT
AD ConsultingKnowledge, Performance, innovation, Improvement…
Business Continuity PlanningOur Offering
Why Business Continuity?
REVENUE Direct Loss Deferred Losses Compensatory Payments Lost Future Revenue Billing Losses Investment Losses
FINANCIAL PERFORMANCE Lost Market Share Revenue Recognition Cash Flow Lost Discounts Payment Guarantees Stock Price Credit Rating
OTHER EXPENSES Temporary employees, Equipment Rental, Overtime, Extra Shipping Costs, Travel Expenses, Etc.
REPUTATION Customers Suppliers Financial Markets Banks Business Partners Etc.
PRODUCTIVITY Loss Of Productivity Employees Impacted @ X
Burdened Hourly Rate
LEGAL/REGULATORY Contractual Requirements SLAs Regulatory Requirements
The Cost of Downtime
BCP Phases
• Project Management and Intonation• Conduct Business Impact Analysis• Develop Recovery Strategies• Plan, Design and Development• Testing, maintenance, awareness and training
BCP Is an on-going process, not a project with a beginning and an end
TestingMaintenanceAwarenessTraining 5
Plan, Design and Development 4
1
Project Initiation:Understand Your Business
3 Develop Strategies forSupply & Technology RecoveryData Recovery
2Conduct Business ImpactAnalysis to identifyRecovery Point (RPO)Service Delivery (SDO) Recover Time (RTO) Maximum Tolerable Outage (MTO)
BCP
BCP Phases
• Developing and approval of BCP policy• Define BCP committee
– operational units representatives– senior management– IT security– IT specialized experts, and optionally support units like
(technical affairs)• Define BCP project scope and objectives• Provide the necessary project funds and resourses
Project Initiation
Business Impact Analysis
• Collect data through interviews, survey, documenting business functions, transactions, activities
• Develop hierarchy of business functions and apply a classification scheme to indicate each individual function’s criticality level.
• Identify the resources that these functions depend upon
• Calculate Maximum Tolerable Outage (MTO) for these functions
• Identify vulnerabilities and threats to these functions• Calculate risk for each different business function• Document findings and report them to management
Business Impact Analysis
Recovery Time Objective (RTO): Time duration organization can wait between point of failure and service resumptionService Delivery Objective (SDO): Level of service in Alternate ModeMaximum Tolerable Outage: Max time in Alternate Mode
Regular Service
Alternate Mode
RegularService
RTO
Maximum Tolerable Outage
SDO
Interruption
Time…
Disaster Recovery Plan Implemented
RestorationPlan Implemented
Business Impact Analysis
How far back can you fail to? How long can you operate without a system?One week’s worth of data? Which services can last how long?
Inte
rrup
tion
1 1 1Hour Day Week
Recovery Point Objective Recovery Time Objective
Inte
rrup
tion
1 1 1Week Day Hour
Business Impact Analysis
Move toAlternate Site
ReturnHome
ResumeBusiness
Data Synchronization
Restore Technology Capability
Restore Communications
Restore Business Functions
NotificationsVital Records
Lost Data
Data Recovery Objective
Recovery Time Objective
(If necessary)
High Level Look at a Recovery Effort
Recovery strategies
• Supply and technology recovery• Network and computer equipment• Voice and data communications resources• Human resources• Transportation of equipment and personnel• Environment issues (HVAC)• Data and personnel security issues• Supplies (paper, forms, cabling, and so on)• Documentation
• Data recovery• Restoring Backed-up data
Recovery Strategies
Cost
Time
Service Downtime
Alternative Recovery StrategiesOptimum Cost
* Hot Site
* Warm Site
* Cold Site
Identifying the Optimum Strategy
Recovery strategies
• Business process recovery• Facility recovery
Site Cost Hardware Equipment
Telecommunications
Setup Time Location
Cold Site Low None None Long Fixed Warm Site Medium Partial Partial/Full Medium Fixed Hot Site Medium/
High Full Full Short Fixed
Mobile Site High Dependent Dependent Dependent Not Fixed
Mirrored Site
High Full Full None Fixed
Plan Design and Development
• All finding and decisions to be developed and documented.
• Submission of document for approval• Define execution procedure(s) for the
plan.
Testing, maintenance, awarenessand training
• Validating that decisions are suitable and correct by performing
– Checklist Test– Structured Walk-Through Test– Simulation Test– Parallel Test– Full-Interruption Test
• Maintaining the plan– Make business continuity a part of every business decision– Insert the maintenance responsibilities into job descriptions– Perform internal audits that include disaster recovery and continuity– documentation and procedures to update the plan.– Integrate the BCP into the change management process
• Training and awareness programs are an integral part of the BCP process
BCP Is an on-going process, not a project with a beginning and an end