Pecha Kucha is a presentation style in which 20 slides are shown for 20 seconds each (six minutes and 40 seconds in total). Compassites held Pecha Kucha session as team activity. This session talks of Business Continuity Plan and Disaster Recovery Plan. *All company names, product names, logos, images included in this presentation may be registered trademarks or service marks of their respective owners. No copyright violation intended on images sourced from Google searches.

1. Copyright © 2012
Welcome to Compassites!
www.compassitesinc.com
Copyright © 2005 - 2013 Compassites

2. Copyright © 2012
Pecha Kucha Session
On
BCP and DRP
www.compassitesinc.com
Copyright © 2005 - 2013 Compassites

3. 01
I n t r o d u c t i o n t o B C P & D R P
b y B alas u b raman ian . P

4. 02
Outline
1. Why discuss this topic now?
2. What BCP & DR addresses?
3. Broad BCP objectives
4. Availability & Downtime chart
5. Phases of Continuity Planning
6. Need for BCP “Governance”

5. 03
BCP addresses
 Defines a process to preserve
critical business functions in the
face of a disaster
 Continuation of critical business
processes when a disaster destroys
data processing capabilities
 Preparation, testing and
maintenance of specific actions to
recover normal processing (the
BCP)

6. 03
DRP addresses
Disasters are defined in terms of…
 If it harms critical business
processes, it may be a
disaster
 how long can the business
stand the pain?
 Probability of occurrence

7. 03
Disasters Classifications
Disasters – natural, man-made
 Natural: Fire, flood, hurricane,
tornado, earthquake, volcanoes
 Man-made: Plane crashes,
vandalism, terrorism, riots,
sabotage, loss of personnel,
etc.
 Anything that diminishes or
destroys normal data processing
capabilities

8. 04

9. 03
High Level BCP objectives
 High Availability
 Confidentiality
 Integrity

10. 03
Low Level BCP objectives
 Create, document, test, and update a plan
that will address:
• Timely recovery
• Minimize loss
• Meet legal and
regulatory
requirements

11. 03
High Availability & Downtime chart
Availability % Downtime per year Downtime per month* Downtime per week
90% ("one nine") 36.5 days 72 hours 16.8 hours
95% 18.25 days 36 hours 8.4 hours
97% 10.96 days 21.6 hours 5.04 hours
98% 7.30 days 14.4 hours 3.36 hours
99% ("two nines") 3.65 days 7.20 hours 1.68 hours
99.5% 1.83 days 3.60 hours 50.4 minutes
99.8% 17.52 hours 86.23 minutes 20.16 minutes
99.9% ("three nines") 8.76 hours 43.8 minutes 10.1 minutes
99.95% 4.38 hours 21.56 minutes 5.04 minutes
99.99% ("four nines") 52.56 minutes 4.32 minutes 1.01 minutes
99.995% 26.28 minutes 2.16 minutes 30.24 seconds
99.999% ("five nines") 5.26 minutes 25.9 seconds 6.05 seconds
99.9999% ("six nines") 31.5 seconds 2.59 seconds 0.605 seconds
99.99999% ("seven nines") 3.15 seconds 0.259 seconds 0.0605 seconds

12. 03
Phases of Continuity Planning

13. 03
Phase I - Project management & initiation
 Establish need (risk analysis)
 Get management support
 Establish team (functional,
technical, BCC – Business
Continuity Coordinator)
 Create work plan (scope, goals,
methods, timeline)
 Initial report to management
 Obtain management approval
to proceed

14. 03
Phase 2 - Business Impact Analysis (BIA)
Obtaining formal agreement with senior management on the
MTD (Maximum Tolerable Downtime) for each time-critical
business resource
 Analyze information
 Identify time-critical business functions
 Assign MTDs
 Rank critical business functions by MTDs
 Report recovery options (effort & price)
 Obtain management approval

15. 03
Phase 3 - Recovery strategies
Recovery strategies are based on MTDs, Predefined and
Management-approved
Technical recovery strategies based on subscription service sites
• Hot – fully equipped
• Warm – missing key components
• Cold – empty data center
• Mirror – full redundancy
• Mobile – trailer full of computers
Technical recovery strategies based on Data
• Backups of data and applications
• Off-site vs. on-site storage of media
• How fast can data be recovered?
• How much data can you lose?
• Security of off-site backup media
• Types of backups (full, incremental, differential, etc.)

16. 03
Phase 4 - BCP development / implementation
Sample plan phases
• Initial disaster response
• Resume critical business ops
• Resume non-critical business ops
• Restoration (return to primary site)
• Interacting with external groups (customers,
media, emergency responders)

17. 03
Phase 5 - BCP final phase
 Testing
 Maintenance
 Awareness
 Training

18. 03
Phase 5 - BCP final phase - Testing
 Until it’s tested, you don’t have
a plan
 Kinds of testing
• Structured walk-through
• Checklist
• Simulation
• Parallel
• Full interruption

19. 03
Phase 5 - BCP final phase - Maintenance
 Fix problems found in testing
 Implement change management
 Audit and address audit findings
 Annual review of plan
 Build plan into organization

20. 03
Phase 5 - BCP final phase - Training
 BCP team is probably the DR team
 BCP training must be on-going
 BCP training needs to be part of
the standard on-boarding and part
of the corporate culture

21. 03
To RECAP why BCP “Governance”?
 Establishing policy by determining how the institution will manage and
control identified risks;
 Allocating knowledgeable personnel to implement BCP
 Sufficient financial resources to properly implement the BCP;
 Ensuring that the BCP is reviewed and approved at least annually;
 Ensuring employees are trained and aware of their roles in the
implementation of the BCP;
 Reviewing the BCP testing program and test results on a regular basis;
and
 Ensuring the BCP is continually updated to reflect the current operating
environment.
The organization’s senior management team is responsible
for overseeing the BCP process, which includes:

22. THANK YOU
30
“We all have ability. The difference is how we use it.”
- Grammy Award winner Stevie Wonder
(An American singer/songwriter/multi-instrumentalist but BLIND SINCE BIRTH)

23. Thank You
Offices
Bangalore
Dover
Online
Email : info@compassitesinc.com
Web : www.compassitesinc.com