Impact on profession and preparation for tomorrow cs ca nirc_22_nov[1]
Business Continuity Planning
1. Business Continuity Planning Project “Kick-off Meeting” September 15, 2010 Robert T. Warren, Technical Risk Services, Inc. Paul Cleary, Horn IT Solutions, Inc.
2. Objectives of Today’s Meeting Discuss the importance of business continuity planning Provide an overview of the business continuity planning process Discuss project plan including composition of working groups
3. Business Continuity Planning Definitions: Emergency Plan – what to do when it hits the fan Disaster Recovery Plan – what to do to get it back to normal Crisis Management Plan – what to tell people Business Continuity Plan – what to do in the meantime
5. Business Continuity Planning “A business continuity plan should be an essential element of any business strategy… I cannot think of any reason not to be prepared, but 60 billion reasons why we should.” Perrin Beatty, President & CEO, CME
19. Understanding YOUR Risks Consider: The location of your operations. Nature of your business activities. Likelihood of an event occurring. Severity of the consequences.
20. Business Impact Analysis Identify Business Processes: If you lose this process… What is the impact to the organization? What is the tolerable downtime?
21.
22. Identify Critical Business Processes Business Impact Analysis Criteria: Customer Service Legal Obligations Revenue Expenses Stakeholders Reputation
23. Identify Resources Required to Maintain Critical Processes Documentation Human resources Equipment Facilities Supplies IT and communications infrastructure Applications Transportation
24. Strategies for Business Recovery How do wetemporarily replace the necessary resources… In the most efficient manner, and Within the tolerable recovery timeframe
25. Disaster Avoidance Strategies Some examples… Backup and recovery strategies Off-site storage Fire suppression Physical security Network security Information life-cycle management – know what information is important and where it is Equipment life-cycle management – service contracts, warranties, service level agreements Redundancy - elimination of single points of failure
26. Notification Strategies Establish BCP Team and emergency communications such as… Public broadcasters/Emergency broadcasters Phone trees Emails Blackberry PIN messages Text messages Web site postings Employee polling/roll call Notification Services (e.g. Message One)
27. Communication and Collaboration Strategies Contact lists Cell phones VoIP – voice over IP Telecommuting/VPN remote access Laptop policy – home every night On-line collaborative tools (e.g. Sharepoint) Instant Messenger Video conferencing
28. Human Capital Continuity Strategies Cross training Mutual aid Contractors Temp agencies Outsourcing Employment policies – sick leave, on-call
29. Equipment Continuity Strategies Inventory lists – know what you need Warranties, service guarantees, and service level agreements Equipment sparing/caching Clustering Virtualization
31. Application Continuity Strategies Backup and recovery Off-site storage Co-location Data synchronization Redundancy – clustering Virtualization Monitoring Geographic diversity Outsourcing
32. Records Continuity Strategies Life-cycle management Off-site storage Electronic storage On-line access Version control
33. Writing the Plan Have a Program not a Plan Use a collaboration tool Make it accessible in times of emergency Consider using BCP software
34. Maintaining and Testing the Plan Bake the maintenance of the plan into your other business processes Set up a routine testing cycle Vary the types of testing you do – desktop reviews to full scenario simulations Use resources from outside your organization
35. Next Steps: Develop Project Plan Select participants for each stage of the project. Establish project timelines. Schedule the working group sessions.