Pecha Kucha is a presentation style in which 20 slides are shown for 20 seconds each (six minutes and 40 seconds in total). Compassites held Pecha Kucha session as team activity. This session talks of Business Continuity Plan and Disaster Recovery Plan. *All company names, product names, logos, images included in this presentation may be registered trademarks or service marks of their respective owners. No copyright violation intended on images sourced from Google searches.
3. 01
I n t r o d u c t i o n t o B C P & D R P
b y B alas u b raman ian . P
4. 02
Outline
1. Why discuss this topic now?
2. What BCP & DR addresses?
3. Broad BCP objectives
4. Availability & Downtime chart
5. Phases of Continuity Planning
6. Need for BCP “Governance”
5. 03
BCP addresses
Defines a process to preserve
critical business functions in the
face of a disaster
Continuation of critical business
processes when a disaster destroys
data processing capabilities
Preparation, testing and
maintenance of specific actions to
recover normal processing (the
BCP)
6. 03
DRP addresses
Disasters are defined in terms of…
If it harms critical business
processes, it may be a
disaster
how long can the business
stand the pain?
Probability of occurrence
7. 03
Disasters Classifications
Disasters – natural, man-made
Natural: Fire, flood, hurricane,
tornado, earthquake, volcanoes
Man-made: Plane crashes,
vandalism, terrorism, riots,
sabotage, loss of personnel,
etc.
Anything that diminishes or
destroys normal data processing
capabilities
9. 03
High Level BCP objectives
High Availability
Confidentiality
Integrity
10. 03
Low Level BCP objectives
Create, document, test, and update a plan
that will address:
• Timely recovery
• Minimize loss
• Meet legal and
regulatory
requirements
13. 03
Phase I - Project management & initiation
Establish need (risk analysis)
Get management support
Establish team (functional,
technical, BCC – Business
Continuity Coordinator)
Create work plan (scope, goals,
methods, timeline)
Initial report to management
Obtain management approval
to proceed
14. 03
Phase 2 - Business Impact Analysis (BIA)
Obtaining formal agreement with senior management on the
MTD (Maximum Tolerable Downtime) for each time-critical
business resource
Analyze information
Identify time-critical business functions
Assign MTDs
Rank critical business functions by MTDs
Report recovery options (effort & price)
Obtain management approval
15. 03
Phase 3 - Recovery strategies
Recovery strategies are based on MTDs, Predefined and
Management-approved
Technical recovery strategies based on subscription service sites
• Hot – fully equipped
• Warm – missing key components
• Cold – empty data center
• Mirror – full redundancy
• Mobile – trailer full of computers
Technical recovery strategies based on Data
• Backups of data and applications
• Off-site vs. on-site storage of media
• How fast can data be recovered?
• How much data can you lose?
• Security of off-site backup media
• Types of backups (full, incremental, differential, etc.)
16. 03
Phase 4 - BCP development / implementation
Sample plan phases
• Initial disaster response
• Resume critical business ops
• Resume non-critical business ops
• Restoration (return to primary site)
• Interacting with external groups (customers,
media, emergency responders)
17. 03
Phase 5 - BCP final phase
Testing
Maintenance
Awareness
Training
18. 03
Phase 5 - BCP final phase - Testing
Until it’s tested, you don’t have
a plan
Kinds of testing
• Structured walk-through
• Checklist
• Simulation
• Parallel
• Full interruption
19. 03
Phase 5 - BCP final phase - Maintenance
Fix problems found in testing
Implement change management
Audit and address audit findings
Annual review of plan
Build plan into organization
20. 03
Phase 5 - BCP final phase - Training
BCP team is probably the DR team
BCP training must be on-going
BCP training needs to be part of
the standard on-boarding and part
of the corporate culture
21. 03
To RECAP why BCP “Governance”?
Establishing policy by determining how the institution will manage and
control identified risks;
Allocating knowledgeable personnel to implement BCP
Sufficient financial resources to properly implement the BCP;
Ensuring that the BCP is reviewed and approved at least annually;
Ensuring employees are trained and aware of their roles in the
implementation of the BCP;
Reviewing the BCP testing program and test results on a regular basis;
and
Ensuring the BCP is continually updated to reflect the current operating
environment.
The organization’s senior management team is responsible
for overseeing the BCP process, which includes:
22. THANK YOU
30
“We all have ability. The difference is how we use it.”
- Grammy Award winner Stevie Wonder
(An American singer/songwriter/multi-instrumentalist but BLIND SINCE BIRTH)