Business Continuity Overview

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Business Continuity Overview"

Transcription

1 Business Continuity Overview Beverley A. Retjos Senior Manager WW SWG Security & Controls 03/12/07

2 Business Continuity Management (BCM) Process of ensuring that a business is prepared to survive any disruption that threatens its ability to provide products and services Plans minimize the effect of any disruption to those critical services resulting in a significant loss (temporary or permanent) of human resource and/or critical skill base caused by Threat Physical site incident Natural or manmade disaster Human-based incident Bottom line: Protect IBM s Employees, visitors and others working at IBM sites Revenue stream Brand image Page 2

3 How did SWG approach Business Continuity? SWG approached Business Continuity by answering the following questions: 1. What is the scope (what to protect ourselves from)? 2. What do we need to protect (which are our critical processes)? 3. What are our tolerable losses? 4. How long could our critical processes stay unavailable? 5. What applications and services support the critical processes (Information Technology, Voice Services, etc)? 6. How long can we operate manually before we need access to the applications and services? 7. What is our current capability to meet our business recovery requirements (Information Technology and business processes)? 8. What strategies do we need to establish to meet our business recovery requirements (must balance costs with losses)? 9. What procedures must we have to provide a viable recovery capability? 10. How are we going to maintain our recovery capability? Page 3

4 IBM BRCS approach to Business Continuity Planning Phase 1 Phase 2 Phase 3 Identify Critical Business Process TRP Technology Recovery Procedures - define scope of the emergency event - identify business recovery objectives - determine IT recovery requirements - define process linkages - identify process recovery timeframes - identify data loss threshold Assess Current IT Capabilities - data backup & recovery - telecommunication network - hardware configuration & linkages - forward recovery capability - operational procedures Develop strategies to bridge gaps Management Response BCP - recovery scripts for IT systems - local area network - wide area network - voice & fax - evaluation / declaration procedures - incident management tasks Business Contingency Procedures - initial manual procedures - recovering lost transactions - enter collected data - process business as usual Capability / Maintain / Test Page 4

5 SWG Business Continuity Common Process Page 5

6 Business Continuity Plan for a Pandemic Avian Flu 1. What is the business criteria for determining which processes are critical and need to be recovered and which processes can be deferred Must continue to meet our legal and regulatory requirements Must continue to pay employees Will defer all management reporting for xx period of time 2. Identification of assumptions on which the BCP will be based Plan for 50% staff absences for periods of about 12 week period Overall, a pandemic wave will last about 12 weeks followed by a 12 week recovery with another 12 week wave Page 6

7 Business Continuity Plan for a Pandemic Avian Flu 3. Identification of the critical business processes 4. Identification of business and IT requirements, e.g. staff, vital records, voice services, IT systems 5. Recovery time objectives for business processes and technology 6. Identification of approach to be used to resume critical business processes 7. Identification of interdependencies with other IBM departments 8. Identification of interdependencies with other external business partners 9. Location for alternate processes site for critical technology In case a building is quarantined, can IT be managed remotely? If so, for how long? 10. Location of alternate work areas 11. Documentation of contingency procedures Are there existing plans that can be leveraged? 12. Identification of critical information such as External Emergency Number, External Contact List (Vendors, Business Partners) Emergency Operation Center locations, Business Unit Contingency Teams, Vital Records Crisis Management Team Page 7

8 Business Continuity Plan for a Pandemic Avian Flu 13. Linkages to other Business Continuity Plans 14. What policies and procedures do we need to create to keep the pandemic from affecting our employees and/or facilities once it arrives? 15. What policies and procedures do we need to create to contain the illness once it affects an IBM employee and/or facility? How will we track the occurrence? What reporting will be required outside of IBM? 16. What criteria will we use for agreeing to return to business as normal including internal communications with staff and externally with related agencies? 17. What are the procedures for managing the return to business as normal? Page 8

9 Business Continuity Plan for a Pandemic Avian Flu 18. How do we handle HR issues? Health and safety of IBM employees (e.g. employees may not want to go to particular locations due to safety concerns) Employees looking after people who become sick Employees who need to look after children because schools have been closed Employees who cannot work from home 19. How do we handle Facilities? Restriction of access for both customer, business partners and employees How do we secure a building that has been closed by RESO/CMT? What is IBM s criteria for closing a facility? 20. How will we communicate to employees, customers and business partners Page 9

10 SWG Pandemic Planning Team Structure AIM AIM SWG WW Tivoli Tivoli Business Infrastructure Beverley Retjos Valerie Westphal IM IM Rational PLM PLM WPLC WPLC Page 10

11 Business Continuity Plan Template Review TABLE OF CONTENTS 1.0 Plan Overview 1.1 Objectives 1.2 Secondary Objectives 1.3 Organization Charts 1.0 Plan Overview Business Continuity/Pandemic Planning at [site] is designed to provide for the continuity or rapid restoration of our critical business processes. While this program prepares the organization for the unexpected, it also provides an opportunity to document the relevant information that is required to respond to a single point or magnitude of failure. [This plan must contain, (or point to) all critical information related to keeping the business up and operational during the crisis. It must comply with all Data privacy laws both in the US and Outside the US.] 1.1 Objectives The intent at the <site> is to focus on continuation of IBM s critical business processes, or in the case of a pandemic, support for IBM s customers where the critical resources are located at <addresses of sites covered>. The goal of the plan is to identify needed teams, systems, applications and communication plans in the event of a severe outage or pandemic emergency. 1.2 Secondary Objectives Reduce confusion during any chaotic period by having a defined course of action Identify those systems that require priority scheduling Establish the personnel responsible for critical system recovery 1.3 Organization Charts All organization charts will be generated using IBM Bluepages Organization Chart Builder Page 11

12 Business Continuity Plan Template Review TABLE OF CONTENTS 2.0 Plan Scope 2.1 In Scope 2.2 Out of Scope 2.0 Plan Scope 2.1 In Scope The Plan document is limited to specified aspects of recovery and continuity of business operations pertaining to this site, and for those products and applications residing at this site. This Plan is classified as a Business Continuity Plan and not a plan for Disaster Recovery. It is a best effort to establish communications among Key Personnel and to ensure Mission Critical Applications and systems are available during an extended period of business disruption due to a severe outage or pandemic emergency. 2.2 Out of Scope This Plan does not address Vital Business Processes (VBPs). <Brand> and/or SWG Executive Management may choose the option to test the contents of this Plan. A designated Alternative Recovery Site that is remote from <site> has not been identified for this Plan. If an Alternative Recovery Site is needed during an extended period of business interruption, IBM RESO and/or SWG executives will be responsible for locating and arranging suitable facilities. Page 12

13 Business Continuity Plan Template Review TABLE OF CONTENTS 3.0 Dependencies 3.1 Corporate or SWG Dependencies 3.2 Local Dependencies (site) 3.3 External Dependencies 3.4 Dependencies on other Business Continuity or Disaster Plans 3.0 Dependencies 3.1 Corporate or SWG Dependencies <Insert dependencies of this plan for services, hardware, personnel, plans, etc. from IBM Corporate teams or Software Group> 3.2 Local Dependencies (site) <Insert dependencies of this plan for services, hardware, personnel, plans, etc. from the local site> 3.3 External Dependencies <Document all third party dependencies both in the US and outside the US. This includes working with the appropriate contact to make sure the contract with the 3rd Party includes provisions for support during the severe outage or pandemic emergency. If no provisions are documented in the contract this needs to be addressed with the BU executive> 3.4 Dependencies on other Business Continuity or Disaster Plans <List all other plans with which this plans interlocks by name and where the plans are located> Name of Plan Owning Group or Contact Location of Plan Page 13

14 Business Continuity Plan Template Review TABLE OF CONTENTS 4.0 Risks and Gaps 4.0 Risks and Gaps <List all risks and any gaps that currently exist for meeting dependencies, and include mitigation plan location(s) for gaps, risks, etc. Include full filename for documents referenced.> Risk Owner Mitigation Plan Target Closure Page 14

15 Business Continuity Plan Template Review TABLE OF CONTENTS 5.0 Triggers for Plan Activation 5.1 Bravo Level 5.2 Charlie Level 5.3 Delta Level 5.0 Triggers for Plan Activation This Business Continuity Plan may be activated in either an Alert or Crisis/Emergency situation and is activated in Declared severe outage or pandemic situation. This activation process may be initiated internally by IBM-< > personnel and coordinated with various business process teams or the notification may come directly from the Crisis & Emergency Response Program. The <name of this document> Business Continuity Plan executive <list name of executive> then activates the appropriate < > personnel. 5.1 Bravo Level Triggers: Level 4; News of external businesses beginning to alter operations Response: Daily monitoring for degrading services Infrastructure communications with respect to Infrastructure via WWCC alerts Validation of currency of critical personnel systems, and applications lists. Corresponds to Monitor level: There is sufficient information or the severity of the circumstances does not merit moving to an Alert or Crisis/Emergency status or to a formal declaration of an emergency situation. This may require some modification to daily scheduled workloads, but no mobilization of the business continuity team will be required. 5.2 Charlie Level Trigger: Impacts being seen on the delivery of operations to IBM Response: Put a Change Freeze on the infrastructure and applications to ensure greatest stability to existing apps Corresponds to Alert level. The situation is severe but the scope of the incident does not merit moving to Crisis/Emergency Status or the formal declaration of an emergency situation. The situation has the potential to escalate into a crisis/emergency or disaster situation. The < > Business Continuity team will be activated for monitoring and response activities. Page 15

16 Business Continuity Plan Template Review TABLE OF CONTENTS 5.0 Triggers for Plan Activation 5.1 Bravo Level 5.2 Charlie Level 5.3 Delta Level 5.3 Delta Level Trigger: Sustained impacts on the delivery of operations or large employee absenteeism Response: Activation of the Business Continuity Plan Focus on critical business processes ONLY. All non-critical business processes will be suspended Continue running services with non-critical business services disabled Corresponds to Crisis/Emergency level. Situation is severe and most likely will require formal declaration. The full IBM Crisis Management Team and appropriate members of the < > Management team and Site Executive will be activated to execute response/recovery activities. Contingency plans will be executed and technical and business continuity teams will be mobilized. Additional Levels: Business Continuity The severity of the situation requires formal business continuity declaration. The full IBM CMT and appropriate members of the < > Management team and Site Executives will be activated to execute response/recovery activities. Formal declarations will be made at recovery locations, contingency plans will be executed and technical and support recovery teams will be mobilized to recovery sites. Systems will be recovered at an alternate site if necessary. Full mobilization of the business continuity team is declared. IBM SWG and IGS Management declare supporting functions to be in RECOVERY MODE of operation. The scenario for this type of response is the loss of a building on the <site> site or loss of personnel. Restoration Following the incident, the appropriate teams and IBM CMT will execute relocation or restoration activities at a recovery site to be determined. Page 16

17 Business Continuity Plan Template Review TABLE OF CONTENTS 6.0 Business Continuity Steps and Process Flow 6.1 Define Timeframe 6.2 Process Implementation Decision 6.3 Business Continuity Communications Plan 6.4 Additional Assumptions 6.5 Overall BCP Process Steps 6.6 BCP Process Exit Note: Business Continuity Plans could be superseded by government or local authority directives 6.0 Business Continuity Steps and Process Flow General Assumptions 6.1 Define Timeframe Upon initial report of a severe outage or pandemic emergency, the Crisis Management Team (CMT) is convened to define the timeframe and need for full plan execution (Delta or Crisis/Emergency level). 6.2 Process Implementation Decision The CMT assesses the safety of current environmental conditions and advises the Site executive, who will make the decision to invoke the business continuity process. <Insert business continuity plan process criteria> 6.3 Business Continuity Communications Plan <Define high level communications plan for your site. Communications plan should contain the steps to be executed to contact key personnel, and key personnel should be identified, with contact information reference external flowchart for guidance> 6.4 Additional Assumptions At applicable buildings in <site>, access is restricted to essential personnel. People resources are limited due to safety/environmental conditions. <Insert additional assumptions as necessary> 6.5 Overall Business Continuity Plan Process Steps <List the high level process steps which are executed upon process implementation. For each task, describe the task, the responsible role, and the steps to be taken. Detailed steps for specific teams are located in Appendix A.> 6.6 Business Continuity Plan Process Exit Definition of steps for returning to business as usual. <Insert steps for returning control of business operations to normal owners, including who is responsible for each step, triggers, and timeframes for the events> Page 17

18 Business Continuity Plan Template Review TABLE OF CONTENTS 7.0 Critical Resources 7.1 Systems and Applications 7.2 Key Personnel 7.3 How to Get Infrastructure Help 7.0 Critical Resources 7.1 Systems and Applications <List all critical business applications. Include server name, building and room number. If IGA owned/supported application, replace building and room number with IGA.> List of Critical Applications Application Name Server Name Location Building/Room Number Mitigation Plans <Define Mitigation or Backup plans for each of the critical applications or processes if the systems become unreachable or unusable for any reason or unavailability of key personnel. Include steps and/or location of information> Procedures for Identifying Configuration, Backup and Restore of Critical Applications <Identify all hardware configuration of critical hardware and software (including 3rd party software). Define procedures for backing up and restarting critical applications.> Page 18

19 Business Continuity Plan Template Review TABLE OF CONTENTS 7.0 Critical Resources 7.1 Systems and Applications 7.2 Key Personnel 7.3 How to Get Infrastructure Help 7.2 Key Personnel BCT (Business Continuity Team) Team designated as accountable for conducting contingency plan(s) walkthroughs. This team may be comprised of (or a combination of): IGA Business Resiliency and Continuity Services (BRCS) representatives IGA Delivery Service representatives BC Coordinator Application interface Asset owner Network operations Technical support Administrative support Disaster assessment/equipment and facilities Management team 7.3 How to Get Infrastructure Help Getting Telephone Support Getting Technical Assistance Retrieving Critical Records from Storage <Insert or point to procedures for each> Page 19

20 Business Continuity Plan Template Review TABLE OF CONTENTS 8.0 Process for New Acquisitions 9.0 Test Plan 8.0 Process for New Acquisitions Upon the acquisition of a company, a decision will be made on inclusion of the acquired company in an existing or individual site plan. 9.0 Test Plan <Document walkthrough, technical reviews, etc.> Page 20

21 Business Continuity Plan Template Review TABLE OF CONTENTS Appendix A. Detailed Tasks - Teams Identified in Section 7.2 A.1 Tasks for Crisis Response Team A.2 Tasks for Pandemic Plan Team A.3 Tasks for Site Business Management Team A.4 <site> Administrative Management Team A.5 <site> Back-up Plans Team A.6 <site> Level 3 Teams Task # Description Complete (Y/N) <For each appendix item, a table such as the one above is suggested> Page 21

22 Questions SWG Global e-business Transformation Page 22

Why Should Companies Take a Closer Look at Business Continuity Planning?

Why Should Companies Take a Closer Look at Business Continuity Planning? whitepaper Why Should Companies Take a Closer Look at Business Continuity Planning? How Datalink s business continuity and disaster recovery solutions can help organizations lessen the impact of disasters

More information

Technology Recovery Plan Instructions

Technology Recovery Plan Instructions State of California California Information Security Office Technology Recovery Plan Instructions SIMM 5325-A (Formerly SIMM 65A) September 2013 REVISION HISTORY REVISION DATE OF RELEASE OWNER SUMMARY OF

More information

Business Continuity Planning for Risk Reduction

Business Continuity Planning for Risk Reduction Business Continuity Planning for Risk Reduction Ion PLUMB ionplumb@yahoo.com Andreea ZAMFIR zamfir_andreea_ileana@yahoo.com Delia TUDOR tudordelia@yahoo.com Faculty of Management Academy of Economic Studies

More information

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA 1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

Ohio Supercomputer Center

Ohio Supercomputer Center Ohio Supercomputer Center IT Business Continuity Planning No: Effective: OSC-13 06/02/2009 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original

More information

State of South Carolina Policy Guidance and Training

State of South Carolina Policy Guidance and Training State of South Carolina Policy Guidance and Training Policy Workshop All Agencies Business Continuity Management Policy June 2014 Agenda Questions & Follow-Up Policy Workshop Overview & Timeline Policy

More information

IT Disaster Recovery Plan Template

IT Disaster Recovery Plan Template HOPONE INTERNET CORP IT Disaster Recovery Plan Template Compliments of: Tim Sexton 1/1/2015 An information technology (IT) disaster recovery (DR) plan provides a structured approach for responding to unplanned

More information

Interagency Statement on Pandemic Planning

Interagency Statement on Pandemic Planning Interagency Statement on Pandemic Planning PURPOSE The FFIEC agencies 1 are jointly issuing guidance to remind financial institutions that business continuity plans should address the threat of a pandemic

More information

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

Prudential Practice Guide

Prudential Practice Guide Prudential Practice Guide LPG 232 Business Continuity Management March 2007 www.apra.gov.au Australian Prudential Regulation Authority Disclaimer and copyright This prudential practice guide is not legal

More information

B U S I N E S S C O N T I N U I T Y P L A N

B U S I N E S S C O N T I N U I T Y P L A N B U S I N E S S C O N T I N U I T Y P L A N 1 Last Review / Update: December 9, 2015 Table of Contents Purpose...3 Background...3 Books and Records Back-up and Recovery...4 Mission Critical Systems...

More information

Disaster Recovery Plan Documentation for Agencies Instructions

Disaster Recovery Plan Documentation for Agencies Instructions California Office of Information Security Disaster Recovery Plan Documentation for Agencies Instructions () November 2009 SCOPE AND PURPOSE The requirements included in this document are applicable to

More information

Clinic Business Continuity Plan Guidelines

Clinic Business Continuity Plan Guidelines Clinic Business Continuity Plan Guidelines Published: January 2015 Table of Contents Emergency Notification Contacts Primary... 2 Emergency Notification Contacts Backups (in case primary is unavailable)...

More information

Continuity of Operations Planning. A step by step guide for business

Continuity of Operations Planning. A step by step guide for business What is a COOP? Continuity of Operations Planning A step by step guide for business A Continuity Of Operations Plan (COOP) is a MANAGEMENT APPROVED set of agreed-to preparations and sufficient procedures

More information

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four Data Handling in University Business Impact Analysis ( BIA ) Agenda Overview Terminologies Performing

More information

The PNC Financial Services Group, Inc. Business Continuity Program

The PNC Financial Services Group, Inc. Business Continuity Program The PNC Financial Services Group, Inc. Business Continuity Program subsidiaries) 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis

More information

2014 NABRICO Conference

2014 NABRICO Conference Business Continuity Planning 2014 NABRICO Conference September 19, 2014 6 CityPlace Drive, Suite 900 St. Louis, Missouri 63141 314.983.1200 1520 S. Fifth Street, Suite 309 St. Charles, Missouri 63303 636.255.3000

More information

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP IT Disaster Recovery Plan Template By Paul Kirvan, CISA, CISSP, FBCI, CBCP Revision History REVISION DATE NAME DESCRIPTION Original 1.0 2 Table of Contents Information Technology Statement

More information

www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014

www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 Agenda Key Definitions Risks Business Continuity Management Program BCM Capability Assessment Process BCM Value Proposition

More information

Offsite Disaster Recovery Plan

Offsite Disaster Recovery Plan 1 Offsite Disaster Recovery Plan Offsite Disaster Recovery Plan Presented By: Natan Verkhovsky President Disty Portal Inc. 2 Offsite Disaster Recovery Plan Introduction This document is a comprehensive

More information

Desktop Scenario Self Assessment Exercise Page 1

Desktop Scenario Self Assessment Exercise Page 1 Page 1 Neil Jarvis Head of IT Security & IT Risk DHL Page 2 From reputation to data loss - how important is business continuity? Neil Jarvis Head of IT Security (EMEA) DHL Logistics IT Security Taking

More information

CISM Certified Information Security Manager

CISM Certified Information Security Manager CISM Certified Information Security Manager Firebrand Custom Designed Courseware Chapter 4 Information Security Incident Management Exam Relevance Ensure that the CISM candidate Establish an effective

More information

Unit Guide to Business Continuity/Resumption Planning

Unit Guide to Business Continuity/Resumption Planning Unit Guide to Business Continuity/Resumption Planning (February 2009) Revised June 2011 Executive Summary... 3 Purpose and Scope for a Unit Business Continuity Plan(BCP)... 3 Resumption Planning... 4 Assumptions

More information

Business Continuity & Recovery Plan Summary

Business Continuity & Recovery Plan Summary Introduction An organization s ability to survive a significant business interruption is determined by the company s ability to develop, implement, and maintain viable recovery and business continuity

More information

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK Federal Financial Institutions Examination Council FFIEC Business Continuity Planning BCP FEBRUARY 2015 IT EXAMINATION H ANDBOOK Table of Contents Introduction 1 Board and Senior Management Responsibilities

More information

Clinic Business Continuity Plan Guidelines

Clinic Business Continuity Plan Guidelines Clinic Business Continuity Plan Guidelines Emergency notification contacts: Primary Role Name Address Home phone Mobile/Cell phone Business Continuity Plan Coordinator QSP Business Continuity Plan Coordinator

More information

DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY

DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY This document outlines a set of policies and procedures for formalising a Business Continuity programme, and provides guidelines for developing, maintaining

More information

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION Federal Financial Institutions Examination Council FFIEC Business Continuity Planning MARCH 2003 MARCH 2008 BCP IT EXAMINATION H ANDBOOK TABLE OF CONTENTS INTRODUCTION... 1 BOARD AND SENIOR MANAGEMENT

More information

Business Continuity & Recovery Plan Summary

Business Continuity & Recovery Plan Summary Introduction An organization s ability to survive a significant business interruption is determined by the company s ability to develop, implement, and maintain viable recovery and business continuity

More information

Business Continuity and Disaster Recovery Policy

Business Continuity and Disaster Recovery Policy Maine State Government Dept. of Administrative & Financial Services Office of Information Technology (OIT) Business Continuity and Disaster Recovery Policy I. Statement The Office of Information Technology

More information

Business Continuity Plan

Business Continuity Plan Business Continuity Plan October 2007 Agenda Business continuity plan definition Evolution of the business continuity plan Business continuity plan life cycle FFIEC & Business continuity plan Questions

More information

Business Continuity Planning 101. +1 610 768-4120 (800) 634-2016 www.strohlsystems.com info@strohlsystems.com

Business Continuity Planning 101. +1 610 768-4120 (800) 634-2016 www.strohlsystems.com info@strohlsystems.com Business Continuity Planning 101 Presentation Overview What is business continuity planning Plan Development Plan Testing Plan Maintenance Future advancements in BCP Question & Answer What is a Disaster?

More information

Business Continuity (Policy & Procedure)

Business Continuity (Policy & Procedure) Business Continuity (Policy & Procedure) Publication Scheme Y/N Can be published on Force Website Department of Origin Force Operations Policy Holder Ch Supt Head of Force Ops Author Business Continuity

More information

BCP and DR. P K Patel AGM, MoF

BCP and DR. P K Patel AGM, MoF BCP and DR P K Patel AGM, MoF Key difference between BS 25999 and ISO 22301 ISO 22301 puts a much greater emphasis on setting the objectives, monitoring performance and metrics aligning BC to top management

More information

ASX CLEAR (FUTURES) OPERATING RULES Guidance Note 10

ASX CLEAR (FUTURES) OPERATING RULES Guidance Note 10 BUSINESS CONTINUITY AND DISASTER RECOVERY The purpose of this Guidance Note The main points it covers To assist participants to understand the disaster recovery and business continuity arrangements they

More information

THORNBURG INVESTMENT MANAGEMENT THORNBURG INVESTMENT TRUST. Business Continuity Plan

THORNBURG INVESTMENT MANAGEMENT THORNBURG INVESTMENT TRUST. Business Continuity Plan THORNBURG INVESTMENT MANAGEMENT THORNBURG INVESTMENT TRUST Business Continuity Plan June 2012 Purpose The purpose of this Business Continuity Plan ( BCP ) is to define the strategies and the plans which

More information

AUSTRACLEAR REGULATIONS Guidance Note 10

AUSTRACLEAR REGULATIONS Guidance Note 10 BUSINESS CONTINUITY AND DISASTER RECOVERY The purpose of this Guidance Note The main points it covers To assist participants to understand the disaster recovery and business continuity arrangements they

More information

Virginia Commonwealth University School of Medicine Information Security Standard

Virginia Commonwealth University School of Medicine Information Security Standard Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Business Continuity Management Standard for IT Systems This standard is applicable to all VCU School of Medicine

More information

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY 14304-1745

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY 14304-1745 ECP - 601: Effective Business Continuity Management: ISO 22301 This 3-day course provides an intensive, hands-on workshop covering all major aspects for the design of an effective Business Continuity Plan

More information

Business Continuity Management

Business Continuity Management Business Continuity Management Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme. It should not

More information

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Unless otherwise stated, these Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies

More information

Disaster Recovery and Business Continuity Plan

Disaster Recovery and Business Continuity Plan Disaster Recovery and Business Continuity Plan Table of Contents 1. Introduction... 3 2. Objectives... 3 3. Risks... 3 4. Steps of Disaster Recovery Plan formulation... 3 5. Audit Procedure.... 5 Appendix

More information

Business Continuity Planning. Presentation and. Direction

Business Continuity Planning. Presentation and. Direction Business Continuity Planning Presentation and Direction Thomas Bronack, president Data Center Assistance Group, Inc. 15180 20 th Avenue Whitestone, NY 11357 Phone: (718) 591-5553 Email: bronackt@dcag.com

More information

ASX SETTLEMENT OPERATING RULES Guidance Note 10

ASX SETTLEMENT OPERATING RULES Guidance Note 10 BUSINESS CONTINUITY AND DISASTER RECOVERY The purpose of this Guidance Note The main points it covers To assist participants to understand the disaster recovery and business continuity arrangements they

More information

Business Continuity and Disaster Recovery Planning

Business Continuity and Disaster Recovery Planning Business Continuity and Disaster Recovery Planning Jennifer Brandt, CISA A p r i l 16, 2015 HISTORY OF STINNETT & ASSOCIATES Stinnett & Associates (Stinnett) is a professional advisory firm offering services

More information

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy Reference No: CG 01 Version: Version 1 Approval date 18 December 2013 Date ratified: 18 December 2013 Name of Author

More information

PPSADOPTED: OCT. 2012 BACKGROUND POLICY STATEMENT PHYSICAL FACILITIES. PROFESSIONAL PRACTICE STATEMENT Developing a Business Continuity Plan

PPSADOPTED: OCT. 2012 BACKGROUND POLICY STATEMENT PHYSICAL FACILITIES. PROFESSIONAL PRACTICE STATEMENT Developing a Business Continuity Plan PROFESSIONAL PRACTICE STATEMENT Developing a Business Continuity Plan OCT. 2012 PPSADOPTED: What is a professional practice statement? Professional Practice developed by the Association Forum of Chicagoland

More information

Table of Contents... 1

Table of Contents... 1 ... 1 Chapter 1 Introduction... 4 1.1 Executive Summary... 4 1.2 Goals and Objectives... 5 1.3 Senior Management and Board of Directors Responsibilities... 5 1.4 Business Continuity Planning Processes...

More information

Disaster Recovery Policy

Disaster Recovery Policy Disaster Recovery Policy INTRODUCTION This policy provides a framework for the ongoing process of planning, developing and implementing disaster recovery management for IT Services at UCD. A disaster is

More information

SCOPE; ENFORCEMENT; AUTHORITY; EXCEPTIONS

SCOPE; ENFORCEMENT; AUTHORITY; EXCEPTIONS Title: DRAFT USG Continuity of Operation Plan Policy Policy Number: 2009-Julian Date Topical Security Area: Document Type: Standard Pages: Words: Lines: 5 1,387 182 Issue Date: May-09 Effective Date: Immediately

More information

Success or Failure? Your Keys to Business Continuity Planning. An Ingenuity Whitepaper

Success or Failure? Your Keys to Business Continuity Planning. An Ingenuity Whitepaper Success or Failure? Your Keys to Business Continuity Planning An Ingenuity Whitepaper May 2006 Overview With the level of uncertainty in our world regarding events that can disrupt the operation of an

More information

SAMPLE IT CONTINGENCY PLAN FORMAT

SAMPLE IT CONTINGENCY PLAN FORMAT SAMPLE IT CONTINGENCY PLAN FORMAT This sample format provides a template for preparing an information technology (IT) contingency plan. The template is intended to be used as a guide, and the Contingency

More information

The PNC Financial Services Group, Inc. Business Continuity Program

The PNC Financial Services Group, Inc. Business Continuity Program The PNC Financial Services Group, Inc. Business Continuity Program 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis (BIA) Page

More information

External Supplier Control Requirements BCM

External Supplier Control Requirements BCM External Supplier Control Requirements BCM BCM Requirement Description BCM Tiers Recovery Time Objective Why this is important 1. Business Continuity Policy Supplier will have a documented Business Continuity

More information

Information Security Management: Business Continuity Planning. Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt.

Information Security Management: Business Continuity Planning. Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt. Information Security Management: Business Continuity Planning Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt. Overview BCP: Definition BCP: Need for (Why?) BCP: When BCP: Who

More information

Emergency Response and Business Continuity Management Policy

Emergency Response and Business Continuity Management Policy Emergency Response and Business Continuity Management Policy Owner: John Duffy, Registrar & Secretary Last updated: September 2012 Version: 04 Document control Date Version Author Changes To be populated

More information

CITY UNIVERSITY OF HONG KONG Business Continuity Management Standard

CITY UNIVERSITY OF HONG KONG Business Continuity Management Standard PUBLIC Version: 1.0 CITY UNIVERSITY OF HONG KONG Business Continuity Management Standard (Approved by the Information Strategy and Governance Committee in December 2013; revision 1.1 approved by Chief

More information

Prudential Practice Guide

Prudential Practice Guide Prudential Practice Guide SPG 232 Business Continuity Management July 2013 www.apra.gov.au Australian Prudential Regulation Authority Disclaimer and copyright This prudential practice guide is not legal

More information

IT Disaster Recovery and Business Resumption Planning Standards

IT Disaster Recovery and Business Resumption Planning Standards Information Technology Disaster Recovery and Business IT Disaster Recovery and Business Adopted by the Information Services Board (ISB) on May 28, 1992 Policy No: Also see: 500-P1, 502-G1 Supersedes No:

More information

CITY OF RICHMOND CONTINUITY OF OPERATIONS (COOP) DEPARTMENT PLAN TEMPLATE

CITY OF RICHMOND CONTINUITY OF OPERATIONS (COOP) DEPARTMENT PLAN TEMPLATE CITY OF RICHMOND CONTINUITY OF OPERATIONS (COOP) DEPARTMENT PLAN TEMPLATE Version 2 February 2010 This template is derived from the Virginia Department of Emergency Management (VDEM) Local Government COOP

More information

85-01-55 Overview of Business Continuity Planning Sally Meglathery Payoff

85-01-55 Overview of Business Continuity Planning Sally Meglathery Payoff 85-01-55 Overview of Business Continuity Planning Sally Meglathery Payoff Because a business continuity plan affects all functional units within the organization, each functional unit must participate

More information

The University of Iowa. Enterprise Information Technology Disaster Plan. Version 3.1

The University of Iowa. Enterprise Information Technology Disaster Plan. Version 3.1 Version 3.1 November 22, 2004 TABLE OF CONTENTS PART 1: DISASTER RECOVERY EXPECTATIONS... 3 OVERVIEW...3 EXPECTATIONS PRIOR TO AN INCIDENT OCCURRENCE...3 EXPECTATIONS PRIOR TO A DISASTER OCCURRENCE...4

More information

Ohio Conference for Payroll Professionals Disaster Recovery

Ohio Conference for Payroll Professionals Disaster Recovery Ohio Conference for Payroll Professionals Disaster Recovery Speaker Bruce E. Phipps CPP 2011 APA Payroll Man of the Year Principal Product Manager US Legislative Analyst ORACLE Corporation bruce.phipps@oracle.com

More information

Business continuity management policy

Business continuity management policy Business continuity management policy health.wa.gov.au Effective: XXX Title: Business continuity management policy 1. Purpose All public sector bodies are required to establish, maintain and review business

More information

Appendix 3 Disaster Recovery Plan

Appendix 3 Disaster Recovery Plan Appendix 3 Disaster Recovery Plan December 13, 2006 Revision XXQwest Government Services, Inc. 4250 North Fairfax DriveArlington, VA 22203(Delete this page)revision history Revision Number Revision Date

More information

Supervisory Policy Manual

Supervisory Policy Manual This module should be read in conjunction with the Introduction and with the Glossary, which contains an explanation of abbreviations and other terms used in this Manual. If reading on-line, click on blue

More information

Business Continuity Planning Preparing Your Organization

Business Continuity Planning Preparing Your Organization Business Continuity Planning Preparing Your Organization Nicholas De Laurentis, CRM, IGP nick.delaurentis.gmkj@statefarm.com 1 Objectives Understand the importance of Business Continuity Planning Know

More information

Broadridge Business Process Outsourcing, LLC Business Continuity Plan Disclosure

Broadridge Business Process Outsourcing, LLC Business Continuity Plan Disclosure Broadridge Business Process Outsourcing, LLC Business Continuity Plan Disclosure I. Summary In accordance with FINRA Rule 4370, Broadridge Business Process Outsourcing, LLC (the Firm ) is providing you

More information

SUPERVISORY AND REGULATORY GUIDELINES: PU19-0406 BUSINESS CONTINUITY GUIDELINES

SUPERVISORY AND REGULATORY GUIDELINES: PU19-0406 BUSINESS CONTINUITY GUIDELINES SUPERVISORY AND REGULATORY GUIDELINES: PU19-0406 Business Continuity Issued: 1 st May, 2007 Revised: 14 th October 2008 BUSINESS CONTINUITY GUIDELINES I. INTRODUCTION The Central Bank of The Bahamas (

More information

Business Continuity Planning FAQ

Business Continuity Planning FAQ Case Western Reserve University s mission is to improve and enrich people s lives through research that capitalizes on the power of collaboration, and education that dramatically engages our students.

More information

BUSINESS CONTINUITY PLANNING GUIDELINES

BUSINESS CONTINUITY PLANNING GUIDELINES BUSINESS CONTINUITY PLANNING GUIDELINES Washington University in St. Louis The purpose of this guide is to serve as a tool to all departments, divisions, and labs across the University in building a Business

More information

Temple university. Auditing a business continuity management BCM. November, 2015

Temple university. Auditing a business continuity management BCM. November, 2015 Temple university Auditing a business continuity management BCM November, 2015 Auditing BCM Agenda 1. Introduction 2. Definitions 3. Standards 4. BCM key elements IT Governance class - IT audit program

More information

DUSTING OFF YOUR CREDIT UNION PANDEMIC PLAN

DUSTING OFF YOUR CREDIT UNION PANDEMIC PLAN Moving production and disaster recovery securely into the cloud. DUSTING OFF YOUR CREDIT UNION PANDEMIC PLAN HISTORY Ongoing Operations was formed in 2005 by a group of credit unions in the Washington,

More information

BUSINESS CONTINUITY MANAGEMENT REQUIREMENTS FOR SGX MEMBERS NEW RULES FOR INCLUSION IN SGX-ST RULES

BUSINESS CONTINUITY MANAGEMENT REQUIREMENTS FOR SGX MEMBERS NEW RULES FOR INCLUSION IN SGX-ST RULES BUSINESS CONTINUITY MANAGEMENT REQUIREMENTS FOR SGX MEMBERS NEW RULES FOR INCLUSION IN SGX-ST RULES New rule Current Rule Proposed Rule 4.6.21 Business Continuity Requirements The following requirements

More information

Business Continuity Business Continuity Management Policy

Business Continuity Business Continuity Management Policy Business Continuity Business Continuity Management Policy : Date of Issue: 28 January 2009 Version no: 1.1 Review Date: January 2010 Document Owner: Patricia Hughes Document Authoriser: Tony Curtis 1 Version

More information

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14

More information

Domain 3 Business Continuity and Disaster Recovery Planning

Domain 3 Business Continuity and Disaster Recovery Planning Domain 3 Business Continuity and Disaster Recovery Planning Steps (ISC) 2 steps [Har10] Project initiation Business Impact Analysis (BIA) Recovery strategy Plan design and development Implementation Testing

More information

PBSi Business Continuity Planning

PBSi Business Continuity Planning Business Continuity Planning Definition Business Continuity planning is a planning process designed to reduce the risk that disruptive failures or events could seriously harm your business. It is designed

More information

PARKES SHIRE COUNCIL BUSINESS CONTINUITY POLICY

PARKES SHIRE COUNCIL BUSINESS CONTINUITY POLICY PARKES SHIRE COUNCIL BUSINESS CONTINUITY POLICY PARKES SHIRE COUNCIL BUSINESS CONTINUITY POLICY CONTENTS INTRODUCTION... 1 PURPOSE... 1 POLICY... 1 DEFINITIONS... 1 RESPONSIBILITY... 1 RELATED DOCUMENTATION...

More information

IT Service Continuity Management PinkVERIFY

IT Service Continuity Management PinkVERIFY -11-G-001 General Criteria Does the tool use ITIL 2011 Edition process terms and align to ITIL 2011 Edition workflows and process integrations? -11-G-002 Does the tool have security controls in place to

More information

How to measure your business resiliency

How to measure your business resiliency How to measure your business resiliency Define the KPI s/kri s and scorecards to control your security and business continuity capabilities Krzysztof Pulkiewicz BCMLogic krzysztof.pulkiewicz@bcmlogic.com

More information

Business Continuity Planning

Business Continuity Planning University of Illinois Springfield Business Continuity Planning 0 Description of Continuity Planning We want to be able to do tomorrow what we were doing yesterday no matter what happens today. 1 Key Terms

More information

Ready for Anything BUSINESS CONTINUITY GUIDE FOR BUSINESS OWNERS. Plan to Stay in Business

Ready for Anything BUSINESS CONTINUITY GUIDE FOR BUSINESS OWNERS. Plan to Stay in Business BUSINESS CONTINUITY GUIDE FOR BUSINESS OWNERS Administration, Louisiana Economic Development and participating universities. All opinions, conclusions or recommendations expressed are those of the author(s)

More information

Business continuity strategy

Business continuity strategy Business continuity strategy 2009 2012 Table of contents 1 Why this strategy is needed 3 2 Aim of the strategy 4 3 Our approach to business continuity 4 PROCESS 4 STRUCTURE 5 DOCUMENTATION 6 DISRUPTION

More information

Disaster Recovery Planning Process

Disaster Recovery Planning Process Disaster Recovery Planning Process By Geoffrey H. Wold Part I of III This is the first of a three-part series that describes the planning process related to disaster recovery. Based on the various considerations

More information

Overview of how to test a. Business Continuity Plan

Overview of how to test a. Business Continuity Plan Overview of how to test a Business Continuity Plan Prepared by: Thomas Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com BRP/DRP Test Plan Creation and Exercise Page: 1 Table of Contents BCP/DRP Test

More information

Tips and techniques a typical audit programme

Tips and techniques a typical audit programme Auditing Business Continuity Planning Tips and techniques a typical audit programme Karen Wills, Senior Internal Auditor St James s Place Wealth Management February 2014 Contents Background Roles and Responsibilities

More information

MHA Consulting. Business Continuity Management 101

MHA Consulting. Business Continuity Management 101 0 MHA Consulting Business Continuity Management 101 Presented by: Michael Herrera Brandon Magestro MHA Consulting Agenda MHA Consulting Introduction Business Continuity Management (BCM) Defined 2013 Trends

More information

Business Unit CONTINGENCY PLAN

Business Unit CONTINGENCY PLAN Contingency Plan Template Business Unit CONTINGENCY PLAN Version 1.0 (Date submitted) Submitted By: Business Unit Date Version 1.0 Page 1 1 Plan Review and Updates... 3 2 Introduction... 3 2.1 Purpose...

More information

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS DIRECTORATE OF BANKING SUPERVISION AUGUST 2009 TABLE OF CONTENTS PAGE 1.0 INTRODUCTION..3 1.1 Background...3 1.2 Citation...3

More information

BUSINESS CONTINUITY PLAN

BUSINESS CONTINUITY PLAN How to Develop a BUSINESS CONTINUITY PLAN To print to A4, print at 75%. TABLE OF CONTENTS SUMMARY SUMMARY WHAT IS A BUSINESS CONTINUITY PLAN? CHAPTER PREPARING TO WRITE YOUR BUSINESS CONTINUITY PLAN CHAPTER

More information

Evaluation of the Railroad Retirement Board s Disaster Recovery Plan Report No. 06-08, August 14, 2006 INTRODUCTION

Evaluation of the Railroad Retirement Board s Disaster Recovery Plan Report No. 06-08, August 14, 2006 INTRODUCTION Evaluation of the Railroad Retirement Board s Disaster Recovery Plan Report No. 06-08, August 14, 2006 INTRODUCTION This report presents the results of the Office of Inspector General s evaluation of the

More information

ESCB definitions of major business continuity terms in relation to payment and securities settlement systems 1

ESCB definitions of major business continuity terms in relation to payment and securities settlement systems 1 ESCB definitions of major business continuity terms in relation to payment and securities settlement systems 1 June 2007 The ESCB has developed a glossary of major business continuity terms for market

More information

Clovis Municipal School District Information Technology (IT) Disaster Recovery Plan

Clovis Municipal School District Information Technology (IT) Disaster Recovery Plan Clovis Municipal School District Information Technology (IT) Disaster Recovery Plan Revision History REVISION DATE NAME DESCRIPTION Draft 1.0 Eric Wimbish IT Backup Disaster Table of Contents Information

More information

National Check Payments Certification. Fraud, Risk, and Risk Mitigation Part II. Copyright 2015 by the Electronic Check Clearing House Organization

National Check Payments Certification. Fraud, Risk, and Risk Mitigation Part II. Copyright 2015 by the Electronic Check Clearing House Organization NCP 2016 Exam Cycle Core Training Series Session 11 National Check Payments Certification Fraud, Risk, and Risk Mitigation Part II Copyright 2015 by the Electronic Check Clearing House Organization NOTICES

More information

BUSINESS CONTINUITY MANAGEMENT PLAN

BUSINESS CONTINUITY MANAGEMENT PLAN BUSINESS CONTINUITY MANAGEMENT PLAN For Thistley Hough Academy Detailing arrangements for Recovery and Resumption of Normal Academy Activity Table of Contents Section Content 1.0 About this Plan 1.1 Document

More information

Dacorum Borough Council Final Internal Audit Report. IT Business Continuity and Disaster Recovery

Dacorum Borough Council Final Internal Audit Report. IT Business Continuity and Disaster Recovery Dacorum Borough Council Final Internal Audit Report IT Business Continuity and Disaster Recovery Distribution list: Chris Gordon Group Manager Performance, Policy and Projects John Worts ICT Team Leader

More information

Principles for BCM requirements for the Dutch financial sector and its providers.

Principles for BCM requirements for the Dutch financial sector and its providers. Principles for BCM requirements for the Dutch financial sector and its providers. Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) Werkgroep BCM requirements 21 September 2011

More information

Security Architecture. Title Disaster Planning Procedures for Information Technology

Security Architecture. Title Disaster Planning Procedures for Information Technology Category Applicability Title Disaster Planning Procedures for Information Technology All Public Entities (See the Applicability section below.) Standard - A degree or level of requirement that all jurisdictions

More information

BUSINESS CONTINUITY PLAN

BUSINESS CONTINUITY PLAN BUSINESS CONTINUITY PLAN [Name of Team/Service/Organisation] [Insert Building Name and Address] [Insert date] Detailing arrangements for: Incident Management Business Continuity Recovery and Resumption

More information