Bank of Canada. IT Operations and Infrastructure Services

Size: px
Start display at page:

Download "Bank of Canada. IT Operations and Infrastructure Services"

Transcription

1 Bank of Canada IT Operations and Infrastructure Services Bank of Canada (BoC) White Paper Business Continuity Plan (BCP) versus Disaster Recovery Plan (DRP) for presentation to XXXIV MEETING ON CENTRAL BANK SYSTEMATIZATION Sept 7-9, 2011, SANTIAGO, CHILE Date of Issue: August 17, 2011 Bank of Canada, Information Technology Services (ITS) Daniel Schaffler, Victor Baez with Daniel Lamoureux

2 TABLE OF CONTENTS 1. WHO WE ARE COMPLEXITY OF ENVIRONMENT ADAPTING TO EMERGING TECHNOLOGIES INCREASED RISK SPECTRUM HISTORY 1.2. OUR CHANGING WORLD 2. OVERVIEW OF RISK MANAGEMENT FRAMEWORK, CONTINUITY OF OPERATIONS PROGRAM, AND IT SERVICE CONTINUITY MANAGEMENT RISK MANAGEMENT FRAMEWORK CONTINUITY OF OPERATIONS (COOP) MANDATE PRINCIPLES AND FRAMEWORK RELATION BETWEEN COOP AND THE RISK MANAGEMENT FRAMEWORK BUSINESS IMPACT ANALYSIS (BIA) IT SERVICE CONTINUITY MANAGEMENT (ITSCM) MANDATE PRINCIPLES AND FRAMEWORK RELATION BETWEEN ITSCM AND COOP INPUT FROM THE BIA ITSCM PROCESS RELATION WITH ITIL AND OPERATIONAL PROCESSES CURRENT RECOVERY POSTURE SPLIT OPERATIONS THE FUTURE POSTURE, A MORE RESILIENT ENVIRONMENT HUMAN CAPITAL AWARENESS TESTING AND EXERCISES ITSCM DRIVEN EXERCISES DISASTER RECOVERY EXERCISES TABLE TOP EXERCISES COOP DRIVEN EXERCISES BANK-WIDE CONTINUITY TESTS CALL TREE EXERCISES SIMULATIONS EVALUATING OUR PREPAREDNESS AND RESPONSE LESSONS LEARNED FROM THE OCCURRENCE OF REAL CONTINGENCIES CONTINUOUS IMPROVEMENT... 21

3 1. Who we are The Bank of Canada is the nation s central bank, with four main areas of responsibility: Monetary policy - The Bank contributes to solid economic performance and rising living standards for Canadians by keeping inflation low, stable and predictable. Since 1991, the Bank s monetary policy actions toward this goal have been guided by a clearly defined inflation target Currency - The Bank designs, produces and distributes Canada s bank notes and replaces worn notes. It deters counterfeiting through leading-edge bank note design, public education and collaboration with law-enforcement agencies Financial System - The Bank promotes a stable and efficient financial system in Canada and internationally. To this end, the Bank oversees Canada s key payment, clearing and settlement systems; acts as lender of last resort; assesses risks to financial stability; and contributes to the development of financial system policies Funds Management - The Bank provides effective and efficient funds-management services for the Government of Canada, as well as on its own behalf and for other clients. For the government, the Bank provides treasury-management services and administers and advises on the public debt and foreign exchange reserves. In addition, the Bank provides banking services to critical payment, clearing and settlement systems Our principal role, as defined in the Bank of Canada Act, is to promote the economic and financial welfare of Canada. The Bank was founded in 1934 as a privately owned corporation. In 1938, it became a Crown corporation belonging to the federal government. Since that time, the Minister of Finance has held the entire share capital issued by the Bank. Ultimately, the Bank is owned by the people of Canada. Page 1

4 The Bank is not a government department and conducts its activities with considerable independence compared with most other federal institutions. For example: The Governor and Senior Deputy Governor are appointed by the Bank's Board of Directors (with the approval of Cabinet), not by the federal government The Deputy Minister of Finance sits on the Board of Directors but has no vote The Bank submits its expenditures to its Board of Directors. Federal government departments submit theirs to the Treasury Board Bank employees are regulated by the Bank itself, not by federal public service agencies The Bank's books are audited by external auditors appointed by Cabinet on the recommendation of the Minister of Finance, not by the Auditor General of Canada 1.1. History Canadians have always been firm believers in the value of insurance, and the institution of the Bank of Canada is no exception. Making the business case for Business Continuity Management (BCM) and Disaster Recovery Planning (DRP) has never been at issue for the Bank. The necessity of fulfilling our legislated mandate, practicing good governance, and preparedness for provision of uninterrupted, essential services vital to the national and global financial community have all been well understood and accepted, and indeed have been a integral part of the Bank s culture from the early days of the mainframe to the more recent distributed computing environment. The IT computing environment running the Banks core applications in the latter part of the 20th century consisted of a mainframe computer dedicated to the production environment, and another mainframe computer in a separate, geographically disparate location dedicated to the testing and development environments. The production environment was very tightly controlled and restricted, Page 2

5 with a high degree of policy and procedure in place to manage access to, and migration of changes from the development to the production environment. Disaster recovery plans were in place to facilitate complete recovery of the production mainframe computing and network environment, and included off-site vaulting of what were deemed as vital records (eg. tape backups of the system, software, applications and data). A dedicated Disaster Recovery Coordinator position was staffed, with responsibility for over-seeing the creation and management of disaster recovery plans and procedures to ensure business continuity. Disaster recovery plans were exercised and tested twice yearly and entailed full recovery of the production mainframe environment onto the development mainframe. Additional exercises, limited to the IT Services department (at the time known as Automation Services Department (ASD)) were also undertaken periodically to ensure that ASD was well positioned to provide IT services to meet the business continuity requirements of the larger Bank. Those exercises also provided a means by which ASD could ensure that changes enacted into the production environment had been factored into business continuity plans. With the advent and adoption of the distributed computing environment, the complexity of business continuity management increased significantly, but through it all, the Bank has, and always will, continue to place high importance on the need to have proven strategies and plans in place. Page 3

6 1.2. Our Changing World Everything flows and nothing stays. Heraclitus, Greek Philosopher (c.535-c.475 BC) In keeping with the long-term trend in the history of computing hardware described by Moore s law (exponentially increasing capacity), so too has the complexity of both the business and computing environments evolved, along with the spectrum of risks to be dealt with. In today s world, business and IT organizations are: Striving to leverage lessons learned and apply best practices Increasingly required to demonstrate their value (profitability, cost-effectiveness) Re-defining relationships between internal and external business units Dealing with changing business models Addressing rapidly changing technologies, standards and practices The Bank of Canada, like every other organization, has been subject to the technological, natural and environmental forces that shape the nature of our business and delivery of our services, and the changes that need to be undertaken to stay current and sustainable Complexity of environment adapting to emerging technologies Most, if not all, IT organizations are additionally trying to manage IT as business, amidst a dramatically changing technology landscape that is both much more complex and challenging than previous computing environments. Computing platform changes (mainframe vs. distributed vs. cloud; centralized vs. decentralized), networking advances (multimedia; VOIP; data and voice convergence; fiber), server and storage evolution (clusters; virtualization; NAS; SAN; backup and recovery technology), applications development (SaaS; multi-threading) and Page 4

7 services all come with various benefits and risks, and can dramatically alter the business continuity posture of an IT organization. Vigilance with respect to availability, reliability and sustainability, along with the imperative need to ensure alignment between business requirements, service level expectations and the cost of doing business, is required and continuously on-going Increased risk spectrum The spectrum of risks facing an organization from natural and environmental forces has changed significantly over the course of the last two decades. Thinking back from 1998 to the present, the Bank has rapidly responded to, and successfully dealt with, the following naturally occurring events, with marginal disruption to the conduct of business and the delivery of services: ice storm, affecting power distribution lines across central Canada a magnitude 5.0 earthquake occurs in central Canada On the environmental front, the same can be said for the following actual and on-going events: the new millennium (Y2K) heightened terrorism treat after September Severe Acute Respiratory Syndrome (SARS) outbreak day "Take the Capital" protest in Ottawa against G8 meeting being held in Alberta The largest power outage in North American history Suspicious package deposited outside the Bank s head office Potential influenza pandemic Page 5

8 2010 Major equipment failure affecting the Bank s telephony system heightened occurrence of cyber attacks On-going succession planning and the loss of corporate knowledge On-going supply chain (including outsourcing) and vendor induced disruptions The above mentioned events and threats, as well as the potential for future ones, have all contributed directly to the constant re-assessment, strengthening and evolution of the Bank of Canada s risk management, business continuity and IT service continuity management plans and posture. 2. Overview of Risk Management Framework, Continuity of Operations Program, and IT Service Continuity Management 2.1. Risk Management Framework The Bank developed its risk management framework in 1971 in consultation with the Board of Directors. Risk management is viewed by the Bank as particularly important to sound governance, decision making and accountability. The framework supports informed decision making by ensuring that the appropriate competencies, analytic tools, consultation and communication form the foundation for innovation and responsible risk taking. The risk management framework is fully integrated with the Bank s corporate management processes. It is incorporated into the annual planning, priority-setting, budget process, and quarterly/yearly stewardship processes. It is supported by an in-house tool that allows tracking and classification of operational risk events which gives it insight into the nature of problems that arise with its processes and systems. Page 6

9 The Bank has had a long-standing, well-established security and administrative framework for safeguarding its personnel and assets (physical, information and financial). The safeguards include: policies and standards; personnel screening; physical and logical security equipment and processes; business continuity planning; and security awareness programs Continuity of Operations (COOP) Mandate The Bank of Canada delivers services that are essential to the economic well-being of the nation. To ensure that those services, and the Bank s role in the global financial community, continue to be delivered during a disruptive event, the Bank has created a Continuity of Operations (COOP) program. The COOP program encompasses all disciplines necessary to enable recovery of essential Bank services subsequent to a disruptive event, with emphasis on the protection of Bank employees and property Principles and framework The Bank of Canada Continuity of Operations program has been explicitly designed to meet the standards set by applicable sections of the Bank Security Policy (BSP) and the National Fire Protection Association (NFPA) 1600 Standard on Disaster/Emergency Management and Continuity of Operations Programs. Compliance with the BSP is mandatory, but compliance with NFPA 1600 is voluntary. The Continuity of Operations program is an ongoing management and governance process mandated and supported by senior management, and resourced to ensure that the necessary steps are taken to identify the impact of potential losses, maintain viable recovery strategies Page 7

10 and plans, and help ensure continuity of key functions and processes through exercising, rehearsal, testing, training and maintenance Relation between COOP and the Risk Management Framework The COOP program is a key part of the Bank s risk framework for safeguarding its personnel and assets (physical, information and financial), as the COOP program guides, supports, and promotes the Bank s plans to: Help ensure the safe evacuation of all persons on Bank property in an emergency Continue its critical business in the event of a disaster or crisis Business Impact Analysis (BIA) The fundamental goal of the Continuity of Operations discipline is to identify mission-critical processes that support key Bank activities, the maximum recovery timeframes for those processes after a disruptive event, and the processes and procedures used to restore the process subsequent to a business interruption. To maintain an inventory of Bank-wide business processes and functions (not all of which are IT related or have an IT connotation), the COOP program conducts a Business Impact Analysis (BIA), as the mechanism for the identification and prioritization of the Bank s critical business processes based on impact, injury and loss that would result if a process were to become unavailable for any reason. The Business Impact Analysis is necessarily a point in time snapshot that reflects the functions of the Bank and the recovery priorities and timeframes as they exist when the BIA is created. However, the Bank is an evolving organization, and the COOP program recognizes the fact that functions and priorities may shift over time. Therefore, the COOP Program Office is charged with Page 8

11 responsibility for facilitating a review of the BIA every two years, to ensure that each Department s inputs accurately represent the Bank's current operational state IT Service Continuity Management (ITSCM) Mandate Information Technology Service Continuity Management (ITSCM) is concerned with managing the organization s ability to continue to provide a pre-determined and pre-approved level of IT service to support the minimum business requirements following an interruption to the business. This may range from an application or system failure, to a complete loss of the business premises Principles and framework ITSCM is based on the IT Infrastructure Library (ITIL). ITIL is a publicly available framework, and it is used by organizations word-wide to establish and improve capabilities in IT Service Management, to provide value to customers in the form of services (a service being something that provides value to customers.) The main benefits of ITIL include: Alignment with business needs Negotiated achievable service levels Predictable, consistent processes Efficiency in service delivery, with well-defined processes Measurable, improvable services and processes Common language and terms Page 9

12 ITSCM is a mature process within the IT Service Management group of the IT Services (ITS) department. It is supported by IT senior management, and resourced to ensure that the necessary steps are taken to identify the impact of potential losses, maintain viable IT recovery strategies and plans, and help ensure IT continuity of key functions and processes through exercising, rehearsal, testing, training and maintenance Relation between ITSCM and COOP ITSCM is a key part of the overall Continuity of Operations process and is dependent upon information derived through this process. ITSCM is focused on the continuity of IT services to the business, and the COOP program is concerned with the Business Continuity management process that incorporates all services upon which the business depends, one of which is IT. ITSCM supports the overall COOP process by ensuring the required IT infrastructure, applications, and services identified as critical by the business, can be recovered within the required, and agreed upon, business timescales. To accomplish this goal, ITSCM ensures that proactive measures are: in place to minimize or avoid business disruptions caused by IT outages, supported as part of normal IT service deliverables, and factored into all IT projects and initiatives ITSCM provides a framework that minimizes risk for the management and provision of IT services (for either actual or potential disruptions) to defined service levels. Accordingly, ITSCM not only focuses on reactive contingency measures, but also on proactive measures to avoid serious business disruptions. Page 10

13 Input from the BIA Information technology is often a critical resource that is required to restore operations of many Bank processes and functions; it is a critical enabling resource. Therefore, ITSCM is responsible for review the BIA and ensure that the Bank's information technology recovery plan accurately reflects the business priorities and timeframes as they are represented in the BIA. Also the BIA provides the means to categorize the business processes in Tiers based on the maximum allowable downtime. These Tiers allow IT to define: Service levels for applications and infrastructure defined by tier, instead of defining service levels for each application or service Identify the Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) for the applications and IT infrastructure depending on the business process that supports. The benefits of the categorization by Tiers from the BIA: Covers all business line applications and foundational, enterprise-wide services (eg. network connectivity; application hosting; storage management; ; backup/recovery; remote access; etc) Provides clarity on services provided by ITS, and links them to the costs incurred Provides clarity on Disaster Recovery posture, since Disaster Recovery solutions can be offered to the business in Tiers (eg. Critical, Standard, etc.) Applies criteria of critical vs. non-critical services, providing guidelines for initial prioritization and cost saving opportunities (where to focus attention and resources) ITSCM Process relation with ITIL and operational processes Page 11

14 Ensuring the continuity of IT services in the event of a disruption requires a thorough understanding of IT services provided and how they operate under normal circumstances. The ITSCM process must be aware of and take account of any factors that affect the operation of IT services - ITSCM is a process that is engaged in all activities in ITS. Consequently it receives feeds from various operational processes and entities such as: Configuration Management: IT components and relationships Change Management: Ensuring the currency and accuracy of the Continuity Plans through the identification of changes affecting, or modifying the IT continuity posture Problem Management: Impact analysis of problems that are affecting or may affect the continuity solutions and ITSCM plans Incident Management: Early notification of incidents that can potentially interrupt IT services and could require the activation of ITSCM plans Service Level Management: Service Levels based on BIA criticality, detailing what service levels must be maintained under normal circumstances and in a disaster situation IT Project Management and Delivery Process: Assessment of ITSCM requirements and proposed continuity solutions, based on ITSCM policy IT Enterprise Architecture: Assessment of long-term architecture vision and design compliance to approved continuity solutions and plans Current Recovery Posture The Bank s main data center is located at Head Office with an alternate center located 20 km away, which serves as the recovery site in the event of a business disruption. The alternate site is equipped with computer systems, data links, and staff work areas that enable the Bank to continue critical operations if the Head Office location is inaccessible or unavailable. Page 12

15 The current alternate posture provides: On-site support for a number of users based on BIA requirements Support for remote access connectivity Local workstations configured with business line applications A flexible recovery workspace (since corporate applications and business line tools can be provided via workspace virtualization, when users start their personal workspace, they view their own familiar and personalized work space where they can access files, applications, settings and entire desktop. IT is not dependant on a pre-defined workstation.) Split operations The Bank conducts pre-defined critical business functions from two sites simultaneously, so that should an event affect either site, the remaining site will settle the day s work. The implementation of split operations strengthened and deepened the Bank s operational resiliency. Page 13

16 The future posture, a more resilient environment Page 14

17 The Bank recently launched a project to increase the environment resilience, by relocating the main data centre. The strategy was developed through a review of the threats with potential to impact the Bank s operations, the extent to which those threats can be mitigated by increasing geographic separation between sites and the associated operational risks, as well as what other central banks and similar organizations are doing in this area. The strategy is to: implement split operations for pre-defined critical operations locate the Bank s main data centre and business recovery 6 to 20 km from Head Office, and locate the Bank s alternate data centre 20 to 50 km from the main data centre 2.4. Human capital A fundamental best practice for all COOP planning is to plan to the worst-case scenario, to ensure that the Bank is prepared for a variety of situations, even though we do not necessarily know to what degree we may be challenged. In this instance, one of the worst cases would be coping with severely reduced workforce. To mitigate this scenario, Managers from across the Bank worked with the COOP Office to develop a categorization matrix identifying those functions in their areas that were time-critical and determined whether or not those functions could be performed remotely. They then identified those individuals who currently fulfill those functions (referred to as the core group), as well as a pool of individuals with the skill sets who could do the necessary work if people in the core group were unable to. This category matrix also provides the guidelines for: Identifying areas of vulnerability Page 15

18 Establishing remote access priority, ensuring that the pre-determined staff can continue to conduct business-critical operations 2.5. Awareness The success of ITSCM depends on a continuing commitment at all levels in the organization and on people's awareness of their respective responsibilities. IT service continuity requirements are factored alongside operational activities. Each department has a Departmental Emergency Response Coordinator, which is responsible for the coordination and logistics of the departments Continuity of Operations plan, and also is responsible for the dissemination of information provided by the COOP program office Testing and exercises ITSCM driven exercises ITSCM policies mandate that IT continuity solutions and plans must be tested on a regular basis to evaluate recovery capability effectiveness, and to identify and address any deficiencies. The purpose of this policy is to validate that the applications and infrastructure at the alternate site can operate isolated from the primary site and meet the required Recovery Time and Recovery Point Objectives. It also serves to identify and resolve problems in the IT infrastructure that could impact the recovery capabilities of critical bank processes, and ensures compliance to the Audit Department s requirements for regular ITSCM assessments and reviews of tests and events for operational readiness Disaster Recovery exercises Page 16

19 The objective the Disaster Recovery (DR) exercises is to demonstrate the ability to activate the production applications and IT environment at the alternate site, within the prescribed Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO). These tests validate ITS s preparedness to recover operations. The DR exercises are conducted twice yearly, during a weekend, with the participation of all IT groups and Bank business lines to validate critical systems. The DR exercise has predefined conditions, control points, success criteria, and a strict command and control structure. A report on the test results is distributed to the COOP program, IT Management, and the Audit Department. This report measures compliance to Recovery Time and Recovery Point Objectives, quality of the individual test results and reports, and highlights updates required to IT plans and IT infrastructure. Results are analyzed to determinate if there are variations with the pre-determined level of services for the business, and to implement the necessary measures to mend deficiencies Table top exercises Table top exercises are paper base exercises and are conducted in ITS by ITSCM in preparation for the DR exercises. The objective is to identify gaps in the Disaster Recovery plans COOP driven exercises Bank-wide continuity tests Every two years the COOP Program Office conducts full-scale tests during business hours, while the business is conducting real business transactions at the alternate site. These tests utilize close-to-life scenarios and situational injects during the exercise, presenting a realistic and Page 17

20 challenging operating environment. The objective is to stress-test the continuity of operation plans (business continuity plans) for the departments; including ITS, and identify gaps in those plans. These exercises are designed with focus on specific situations, and objectives, and normally include exercise press releases, in paper and video, as part of the injects during the exercise Call tree exercises As part of the ongoing business of individual departments for Bank-wide readiness, all departments and business lines must ensure that they maintain up-to-date contact information for all of their employees. As such, a Bank-wide Call Tree exercise is conducted once a year. In order to represent a realistic scenario, staff are requested not to alter their regular routine to accommodate this exercise Simulations These are paper base exercises and are conducted by COOP Program Office. The objective of these one day exercises, utilizing close-to-life scenarios, is to train personnel and also to identify gaps in the continuity of operations plans Evaluating our preparedness and response Test result reports are reviewed by the Audit Department, and if required, observations are presented to the Bank Senior management. A review of results is conducted with the departments, and tasks are assigned to areas to follow-up on gaps found during the tests. Page 18

21 3. Lessons learned from the occurrence of real contingencies The occurrence of events has provided the occasion for the Bank to update and fine tune its contingency plans, policies, processes, communications, and decision-making in a real-time atmosphere, and allowed the Bank to test the effect of our response measures to support the critical processes of the Bank. A success factor for the Bank to deal with emerging risks has been the rapid reaction to, and implementation of, improvements to contingency plans. The use of information gathered in the BIA has provided an excellent tool to minimize the time to adapt plans to new risks as the Bank does not need to do the data gathering exercise when situations arise. In situations when the staff cannot access the Bank premises, either as a risk reduction measure or as a consequence (ie ice storm, Severe Acute Respiratory Syndrome (SARS) outbreak, Power outage, Potential influenza pandemic), the Bank has adapted the continuity plans to deal with the reduction of staff and with the increase of remote access by taking the following actions: Identify key functions that would be affected by a shortage of staff Identify the minimum necessary number of staff for critical processes during peak periods Identification of pool of staff, from which to draw in case of staff shortage Identify processes that can be done by remote access (users at home), and processes that must be conducted on site. Implement response in stages for a shortage of staff or the need for social distancing Provide training in the use of personal protective equipment for staff that are identified as required to be on site to perform time critical processes Review dependencies on key suppliers Page 19

22 Revise policies and procedures for remote access, and strengthen processes to assure priority access for critical processes in case of remote access bandwidth limitations Provide mobile devices to staff performing critical processes/services Implementation of flexible recovery workspace, that can be accessed from any Bank issued PC or from a user owned PC, providing a personalized work space that is not dependant on a pre-defined workstation In events that require staff to continue operations at the alternate site (ie Power outage, Suspicious package deposited outside the Bank s headquarters, 2010 Earthquake) the Bank has taken the following actions: Implemented split operations, to conduct pre-defined critical business functions from two sites simultaneously Increased the capacity and redundancy for emergency power distribution (redundant diesels generators); and sign agreements with vendors to guarantee fuel supply at primary and alternate sites Increased the capacity and redundancy for the Data Centers cooling Assured a minimum number of seats at the recovery site per department and also provide flexibility by increasing the number of workstations available for the departments by deploying a virtual workspace, which is a work space that is not dependant on a pre-defined workstation Strengthened the Incident Management Team structure and will be undertaking the following: Relocating the main data center away from Head Office Implementing lights-out Data Centers (all Data Center management will be done remotely) Page 20

Data Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com Fax: (718) 380-7322

Data Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com Fax: (718) 380-7322 Business Continuity and Disaster Recovery Job Descriptions Table of Contents Business Continuity Services Organization Chart... 2 Director Business Continuity Services Group... 3 Manager of Business Recovery

More information

Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning 4 Business Continuity Planning and Disaster Recovery Planning Basic Concepts 1. Business Continuity Management: Business Continuity means maintaining the uninterrupted availability of all key business

More information

Business Continuity and Disaster Recovery Planning from an Information Technology Perspective

Business Continuity and Disaster Recovery Planning from an Information Technology Perspective Business Continuity and Disaster Recovery Planning from an Information Technology Perspective Presenter: David Bird, Director of Sales, Business Technology Consultant phone: 215-672-7100 email: dbird@quatro.com

More information

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning MARCH 2003 IT EXAMINATION H ANDBOOK

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning MARCH 2003 IT EXAMINATION H ANDBOOK Federal Financial Institutions Examination Council FFIEC Business Continuity Planning MARCH 2003 BCP IT EXAMINATION H ANDBOOK TABLE OF CONTENTS INTRODUCTION... 1 BOARD AND SENIOR MANAGEMENT RESPONSIBILITIES...

More information

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS DIRECTORATE OF BANKING SUPERVISION AUGUST 2009 TABLE OF CONTENTS PAGE 1.0 INTRODUCTION..3 1.1 Background...3 1.2 Citation...3

More information

Preparing for the Worst: Disaster Recovery and Business Continuity Planning for Investment Firms An Eze Castle Integration ebook

Preparing for the Worst: Disaster Recovery and Business Continuity Planning for Investment Firms An Eze Castle Integration ebook Preparing for the Worst: Disaster Recovery and Business Continuity Planning for Investment Firms An Eze Castle Integration ebook Table of Contents 1. Introduction to Business Continuity Planning and Disaster

More information

DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES

DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES APPENDIX 1 DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES March 2008 Auditor General s Office Jeffrey Griffiths, C.A., C.F.E. Auditor General City of Toronto TABLE OF CONTENTS EXECUTIVE SUMMARY...1

More information

Disaster Recovery Plan The Business Imperatives

Disaster Recovery Plan The Business Imperatives Disaster Recovery Plan The Business Imperatives Table of Contents Disaster Recovery Plan The Business Imperatives... 3 Introduction... 3 A Disaster Recovery Program The Need of the Hour... 3 Approach to

More information

The Weill Cornell Medical College and Graduate School of Medical Sciences. Responsible Department: Information Technologies and Services (ITS)

The Weill Cornell Medical College and Graduate School of Medical Sciences. Responsible Department: Information Technologies and Services (ITS) Information Technology Disaster Recovery Policy Policy Statement This policy defines acceptable methods for disaster recovery planning, preparedness, management and mitigation of IT systems and services

More information

Cisco Security Services

Cisco Security Services Cisco Security Services Cisco Security Services help you defend your business from evolving security threats, enhance the efficiency of your internal staff and processes, and increase the return on your

More information

E x E c u t i v E B r i E f IT Innovation. Business Value. 4 Stages of IT Disaster Recovery Planning Are You Resilient?

E x E c u t i v E B r i E f IT Innovation. Business Value. 4 Stages of IT Disaster Recovery Planning Are You Resilient? IT Innovation. Business Value. 4 Stages of IT Disaster Recovery Planning Are You Resilient? As the enterprise IT landscape becomes more complex, customers more demanding, and computing devices more abundant

More information

Interactive-Network Disaster Recovery

Interactive-Network Disaster Recovery Interactive-Network Disaster Recovery BACKGROUND IT systems are vulnerable to a variety of disruptions, ranging from mild (e.g., short-term power outage, disk drive failure) to severe (e.g., terrorism,

More information

AUSTRACLEAR REGULATIONS Guidance Note 10

AUSTRACLEAR REGULATIONS Guidance Note 10 BUSINESS CONTINUITY AND DISASTER RECOVERY The purpose of this Guidance Note The main points it covers To assist participants to understand the disaster recovery and business continuity arrangements they

More information

IT Disaster Recovery and Business Resumption Planning Standards

IT Disaster Recovery and Business Resumption Planning Standards Information Technology Disaster Recovery and Business IT Disaster Recovery and Business Adopted by the Information Services Board (ISB) on May 28, 1992 Policy No: Also see: 500-P1, 502-G1 Supersedes No:

More information

Planning and Implementing Disaster Recovery for DICOM Medical Images

Planning and Implementing Disaster Recovery for DICOM Medical Images Planning and Implementing Disaster Recovery for DICOM Medical Images A White Paper for Healthcare Imaging and IT Professionals I. Introduction It s a given - disaster will strike your medical imaging data

More information

Security Architecture. Title Disaster Planning Procedures for Information Technology

Security Architecture. Title Disaster Planning Procedures for Information Technology Category Applicability Title Disaster Planning Procedures for Information Technology All Public Entities (See the Applicability section below.) Standard - A degree or level of requirement that all jurisdictions

More information

IT Disaster Recovery Plan Template

IT Disaster Recovery Plan Template HOPONE INTERNET CORP IT Disaster Recovery Plan Template Compliments of: Tim Sexton 1/1/2015 An information technology (IT) disaster recovery (DR) plan provides a structured approach for responding to unplanned

More information

The case for cloud-based disaster recovery

The case for cloud-based disaster recovery IBM Global Technology Services IBM SmartCloud IBM SmartCloud Virtualized Server Recovery i The case for cloud-based disaster recovery Cloud technologies help meet the need for quicker restoration of service

More information

Principles for BCM requirements for the Dutch financial sector and its providers.

Principles for BCM requirements for the Dutch financial sector and its providers. Principles for BCM requirements for the Dutch financial sector and its providers. Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) Werkgroep BCM requirements 21 September 2011

More information

Enterprise Risk Management taking on new dimensions

Enterprise Risk Management taking on new dimensions Enterprise Risk Management taking on new dimensions October 2006 The practice of Enterprise Risk Management (ERM) is becoming more critical and complex every day. There is a growing need for organizations

More information

Business Continuity in Healthcare

Business Continuity in Healthcare Business Continuity in Healthcare Cynthia Simeone, CBCP, PMP Director Business Resilience Catholic Health Initiatives Scott Ream President Virtual Corporation 1 Session Speakers Cynthia Simeone, CBCP,

More information

Business Continuity & Recovery Plan Summary

Business Continuity & Recovery Plan Summary Introduction An organization s ability to survive a significant business interruption is determined by the company s ability to develop, implement, and maintain viable recovery and business continuity

More information

What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility

What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility Your Guide to Cost, Security, and Flexibility What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility 10 common questions answered Over the last decade, cloud backup, recovery

More information

Protecting Your Business

Protecting Your Business Protecting Your Business Business Continuity/Disaster Recovery Planning Robert Haberman Senior Product Manager BCP/DRP TELUS BUSINESS SOLUTIONS Business Continuity/Disaster Recovery Planning 1 Agenda:

More information

Audit of Business Continuity Planning

Audit of Business Continuity Planning INDIAN AFFAIRS AND NORTHERN DEVELOPMENT CANADA Audit of Business Continuity Planning Prepared by: Audit and Assurance Services Branch Project #10-12 June 2011 Table of Contents INITIALISMS AND ABBREVIATIONS...

More information

GETTING STARTED WITH DISASTER RECOVERY PLANNING

GETTING STARTED WITH DISASTER RECOVERY PLANNING GETTING STARTED WITH DISASTER RECOVERY PLANNING Ten misperceptions, Five best practices EMC PERSPECTIVE Natural and man-made events plus the technology innovations of the 21st century have heightened awareness

More information

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain 1. What is the most common planned performance duration for a continuity of operations plan (COOP)? A. 30 days B. 60 days C. 90 days D. It depends on the severity of a disaster. 2. What is the business

More information

How to Design and Implement a Successful Disaster Recovery Plan

How to Design and Implement a Successful Disaster Recovery Plan How to Design and Implement a Successful Disaster Recovery Plan Feb. 21 ASA Office-Administrative Section is Sponsored by Today s ASAPro Webinar is Brought to You by the How to Ask a Question Questions

More information

Simplify Your Data Protection Strategies: Best Practices for Online Backup & Recovery

Simplify Your Data Protection Strategies: Best Practices for Online Backup & Recovery Simplify Your Data Protection Strategies: Best Practices for Online Backup & Recovery Souvik Choudhury, Senior Director, Product Management SunGard Availability Services DRAFT www.sungardas.com Agenda

More information

Audit of the Disaster Recovery Plan

Audit of the Disaster Recovery Plan Audit of the Disaster Recovery Plan Report # 11-05 Prepared by Office of Inspector General J. Timothy Beirnes, CPA, Inspector General Kit Robbins, CISA, CISM, CRISC, Lead Information Systems Auditor TABLE

More information

Disaster Recovery Plan

Disaster Recovery Plan Disaster Recovery Plan Date: Revision: 8.0 EXTERNAL BCP PLAN PAGE 1 OF 12 Federal regulation states, and internal corporate policies require, that Penson Financial Services, Inc. (Penson) develop Business

More information

Assessing Your Disaster. Andrews Hooper Pavlik PLC. Andrews Hooper Pavlik PLC

Assessing Your Disaster. Andrews Hooper Pavlik PLC. Andrews Hooper Pavlik PLC Assessing Your Disaster Recovery Plans Gregory H. Soule, CPA, CISA, CISSP, CFE Andrews Hooper Pavlik PLC Andrews Hooper Pavlik PLC Agenda Business Continuity Concepts Impact Analysis Risk Assessment Risk

More information

DEPARTMENT FOR TRANSPORT BUSINESS CONTINUITY MANAGEMENT POLICY

DEPARTMENT FOR TRANSPORT BUSINESS CONTINUITY MANAGEMENT POLICY DEPARTMENT FOR TRANSPORT BUSINESS CONTINUITY MANAGEMENT POLICY Introduction 1. This policy is a key part of the Department for Transport s internal control framework and specifically covers the Department

More information

Leveraging the IT Service Continuity Management framework Gord Novoselnik Business Continuity Office Enterprise Solutions Division

Leveraging the IT Service Continuity Management framework Gord Novoselnik Business Continuity Office Enterprise Solutions Division Leveraging the IT Service Continuity Management framework Gord Novoselnik Business Continuity Office Enterprise Solutions Division 1 MTS Allstream Inc. proprietary. Use pursuant to company instructions./

More information

MANAGEMENT AUDIT REPORT DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION

MANAGEMENT AUDIT REPORT DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION MANAGEMENT AUDIT REPORT OF DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION REPORT NO. 13-101 City of Albuquerque Office of Internal Audit

More information

Planning a Backup Strategy

Planning a Backup Strategy Planning a Backup Strategy White Paper Backups, restores, and data recovery operations are some of the most important tasks that an IT organization performs. Businesses cannot risk losing access to data

More information

IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP IT Disaster Recovery Plan Template By Paul Kirvan, CISA, CISSP, FBCI, CBCP Revision History REVISION DATE NAME DESCRIPTION Original 1.0 2 Table of Contents Information Technology Statement

More information

Unit Guide to Business Continuity/Resumption Planning

Unit Guide to Business Continuity/Resumption Planning Unit Guide to Business Continuity/Resumption Planning (February 2009) Revised June 2011 Executive Summary... 3 Purpose and Scope for a Unit Business Continuity Plan(BCP)... 3 Resumption Planning... 4 Assumptions

More information

Building and Maintaining a Business Continuity Program

Building and Maintaining a Business Continuity Program Building and Maintaining a Business Continuity Program Successful strategies for financial institutions for effective preparation and recovery Table of Contents Introduction...3 This white paper was written

More information

eet Business continuity and disaster recovery Enhancing enterprise resiliency for the power and utilities industry Power and Utilities Fact Sheet

eet Business continuity and disaster recovery Enhancing enterprise resiliency for the power and utilities industry Power and Utilities Fact Sheet Power and Utilities Fact Sh Business continuity and disaster recovery Enhancing enterprise resiliency for the power and utilities industry A holistic approach to business resiliency and disaster recovery

More information

Top 7. Best Practices for Business Continuity

Top 7. Best Practices for Business Continuity Business continuity undoubtedly is at or near the very top of every IT organization s list of strategic initiatives, considering the dramatic costs and implications of downtime. Here are some best practices

More information

How to Plan for Disaster Recovery and Business Continuity

How to Plan for Disaster Recovery and Business Continuity A TAMP Systems White Paper TAMP Systems 1-516-623-2038 www.drsbytamp.com How to Plan for Disaster Recovery and Business Continuity By Tom Abruzzo, President and CEO Contents Introduction 1 Definitions

More information

Disaster recovery: Resilient cloud-based disaster recovery

Disaster recovery: Resilient cloud-based disaster recovery Disaster recovery: Resilient cloud-based disaster recovery Disaster recovery and business continuity applications in the cloud offer the benefits of speed, cost efficiency and availability, eliminating

More information

NEEDS BASED PLANNING FOR IT DISASTER RECOVERY

NEEDS BASED PLANNING FOR IT DISASTER RECOVERY The Define/Align/Approve Reference Series NEEDS BASED PLANNING FOR IT DISASTER RECOVERY Disaster recovery planning is essential it s also expensive. That s why every step taken and dollar spent must be

More information

All Clouds Are Not Created Equal THE NEED FOR HIGH AVAILABILITY AND UPTIME

All Clouds Are Not Created Equal THE NEED FOR HIGH AVAILABILITY AND UPTIME THE NEED FOR HIGH AVAILABILITY AND UPTIME 1 THE NEED FOR HIGH AVAILABILITY AND UPTIME All Clouds Are Not Created Equal INTRODUCTION Companies increasingly are looking to the cloud to help deliver IT services.

More information

Boston Financial Data Services Business Continuity Executive Summary. November 2009

Boston Financial Data Services Business Continuity Executive Summary. November 2009 Boston Financial Data Services Business Continuity Executive Summary Boston Financial continues to maintain an active business continuity program that effectively supports the ability to survive a disruption

More information

White Paper AN INTRODUCTION TO BUSINESS CONTINUITY PLANNING AND SOLUTIONS FOR IT AND TELECOM DECISION MAKERS. Executive Summary

White Paper AN INTRODUCTION TO BUSINESS CONTINUITY PLANNING AND SOLUTIONS FOR IT AND TELECOM DECISION MAKERS. Executive Summary AN INTRODUCTION TO BUSINESS CONTINUITY PLANNING AND SOLUTIONS FOR IT AND TELECOM DECISION MAKERS Executive Summary Today s businesses rely heavily on voice communication systems and data networks to such

More information

SCADA Business Continuity and Disaster Recovery. Presented By: William Biehl, P.E. 913-601-0104 (mobile) Bill.Biehl@we-inc.com

SCADA Business Continuity and Disaster Recovery. Presented By: William Biehl, P.E. 913-601-0104 (mobile) Bill.Biehl@we-inc.com SCADA Business Continuity and Disaster Recovery Presented By: William Biehl, P.E. 913-601-0104 (mobile) Bill.Biehl@we-inc.com Business Continuity Planning, a Sound Process A Business Continuity Plan: "A

More information

MEMORANDUM. Date: October 28, 2013. Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance

MEMORANDUM. Date: October 28, 2013. Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance MEMORANDUM Date: October 28, 2013 To: Federally Regulated Financial Institutions Subject: Guidance The increasing frequency and sophistication of recent cyber-attacks has resulted in an elevated risk profile

More information

Top 10 Disaster Recovery Pitfalls

Top 10 Disaster Recovery Pitfalls Top 10 Disaster Recovery Pitfalls The key to successful disaster recovery is good planning. But with so much at stake for your business, how do you plan with confidence and ensure all stakeholders know

More information

THE NEXT GENERATION OF DATA INSURANCE

THE NEXT GENERATION OF DATA INSURANCE THE NEXT GENERATION OF DATA INSURANCE High Indemnity and Broad Coverage Against Permanent Loss A Data Insurance Licensing Ltd. White Paper Version 2013.4.4 Data Insurance Licensing Ltd. THE NEXT GENERATION

More information

IBM Global Technology Services March 2008. Virtualization for disaster recovery: areas of focus and consideration.

IBM Global Technology Services March 2008. Virtualization for disaster recovery: areas of focus and consideration. IBM Global Technology Services March 2008 Virtualization for disaster recovery: Page 2 Contents 2 Introduction 3 Understanding the virtualization approach 4 A properly constructed virtualization strategy

More information

Continuity Plan Testing Flowchart

Continuity Plan Testing Flowchart Building an effective Tabletop Exercise Presented by: Ken M. Shaurette, CISSP, CISA, CISM, CRISC FIPCO Director IT Services 3/26/2013 #1 Continuity Plan Testing Flowchart 3/26/2013 #2 1 Ongoing Multi-Year

More information

What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered

What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered Over the last decade, cloud backup, recovery and restore (BURR) options have emerged

More information

Audit, Finance and Legislative Committee Mayor Craig Lowe, Chair Mayor-Commissioner Pro Tem Thomas Hawkins, Member

Audit, Finance and Legislative Committee Mayor Craig Lowe, Chair Mayor-Commissioner Pro Tem Thomas Hawkins, Member City of Gainesville Inter-Office Communication April 3, 2012 TO: FROM: SUBJECT: Audit, Finance and Legislative Committee Mayor Craig Lowe, Chair Mayor-Commissioner Pro Tem Thomas Hawkins, Member Brent

More information

case study The Bank of New York Summary Introductory Overview ORGANIZATION: PROJECT NAME:

case study The Bank of New York Summary Introductory Overview ORGANIZATION: PROJECT NAME: The Computerworld Honors Program Summary Founded in 1784, Company, Inc. (NYSE: BK) is the oldest bank in the. It is a global leader with operations in 33 countries and one of the largest U.S. securities

More information

Hong Kong Baptist University

Hong Kong Baptist University Hong Kong Baptist University Disaster Recovery Standard FOR INTERNAL USE ONLY Date of Issue: JULY 2012 Revision History Version Author Date Revision 1.0 Information Security Subcommittee (ISSC) July 2012

More information

Disaster recovery strategic planning: How achievable will it be?

Disaster recovery strategic planning: How achievable will it be? Disaster recovery strategic planning: How achievable will it be? Amr Ahmed Ernst & Young Advisory Services, Executive Director amr.ahmed@ey.com Christopher Rivera Ernst & Young Advisory Services, Manager

More information

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES POINT OF VIEW CYBERSECURITY IN FINANCIAL SERVICES Financial services institutions are globally challenged to keep pace with changing and covert cybersecurity threats while relying on traditional response

More information

Building a Disaster Recovery Program By: Stieven Weidner, Senior Manager

Building a Disaster Recovery Program By: Stieven Weidner, Senior Manager Building a Disaster Recovery Program By: Stieven Weidner, Senior Manager Part two of a two-part series. If you read my first article in this series, Building a Business Continuity Program, you know that

More information

Implementing Disaster Recovery? At What Cost?

Implementing Disaster Recovery? At What Cost? Implementing Disaster Recovery? At What Cost? Whitepaper Viktor Babkov Technical Director Business Continuity Copyright Business Continuity May 2010 In today s environment, minimizing IT downtime has become

More information

Documentation. Disclaimer

Documentation. Disclaimer HOME UTORprotect DOCUMENTATION AMS/ROSI SERVICES CONTACT Documentation Disaster Recovery Planning Disaster Recovery Planning Disclaimer The following project outline is provided solely as a guide. It is

More information

Business Continuity and Disaster Recovery Planning

Business Continuity and Disaster Recovery Planning Business Continuity and Disaster Recovery Planning Jeffrey P. Back 2009 Oncore Associates, LLC Business Continuity Planning Business continuity planning is the way an organization can prepare for and aid

More information

Statement of Business Continuity Management

Statement of Business Continuity Management Statement of Business Continuity Management National Financial, a Fidelity Investments Company, National Financial Services LLC Revision Date: December 1, 2009 At National Financial and National Financial

More information

Datacenter Migration Think, Plan, Execute

Datacenter Migration Think, Plan, Execute Datacenter Migration Think, Plan, Execute Datacenter migration is often regarded as a purely technical, almost trivial side-project, to be delivered by existing IT staff alongside their day jobs. With

More information

Identify and Protect Your Vital Records

Identify and Protect Your Vital Records Identify and Protect Your Vital Records INTRODUCTION The Federal Emergency Management Agency s Federal Preparedness Circular 65 states The protection and ready availability of electronic and hardcopy documents,

More information

Managed Backup A Strategic Network Consulting white paper

Managed Backup A Strategic Network Consulting white paper Managed Backup A Strategic Network Consulting white paper 2 Managed Backup Executive Summary Businesses survive disasters only if their data survives. But many business owners are so busy running day-to-day

More information

Disaster Recovery Planning Process

Disaster Recovery Planning Process Disaster Recovery Planning Process By Geoffrey H. Wold Part I of III This is the first of a three-part series that describes the planning process related to disaster recovery. Based on the various considerations

More information

Enterprise Risk Services. Aware vs. committed where do you stand? Business continuity management

Enterprise Risk Services. Aware vs. committed where do you stand? Business continuity management Enterprise Risk Services vs. committed where do you stand? Business continuity management Business continuity management 1 Contents here Initial findings from the Deloitte 1 Global Business Continuity

More information

London Borough of Bromley. Executive & Resources PDS Committee. Disaster Recovery Plans for London Borough of Bromley

London Borough of Bromley. Executive & Resources PDS Committee. Disaster Recovery Plans for London Borough of Bromley Report No. DRR12/041 London Borough of Bromley PART 1 - PUBLIC Decision Maker: Executive & Resources PDS Committee Date: 4 th April 2012 Decision Type: Non-Urgent Non-Executive Non-Key Title: Disaster

More information

A Modern Guide to Optimizing Data Backup and Recovery

A Modern Guide to Optimizing Data Backup and Recovery Structured: Cloud Backup A Modern Guide to Optimizing Data Backup and Recovery What to Consider in an Enterprise IT Environment A Modern Guide to Optimizing Data Backup and Recovery Data is the lifeblood

More information

Department of Information Technology Data Center Disaster Recovery Audit Report Final Report. September 2006

Department of Information Technology Data Center Disaster Recovery Audit Report Final Report. September 2006 Department of Information Technology Data Center Disaster Recovery Audit Report Final Report September 2006 promoting efficient & effective local government Executive Summary Our audit found that a comprehensive

More information

Version 8.0 2014 Copyright Janco Associates, Inc. - http://www.e-janco.com Page 1

Version 8.0 2014 Copyright Janco Associates, Inc. - http://www.e-janco.com Page 1 Version 8.0 2014 Copyright Janco Associates, Inc. - http://www.e-janco.com Page 1 Table of Contents 1 1.0 Plan Introduction... 4 1.1 Mission and Objectives... 5 Compliance... 5 ISO Compliance Process...

More information

INFORMATION TECHNOLOGY SERVICES TECHNICAL SERVICES June 2012

INFORMATION TECHNOLOGY SERVICES TECHNICAL SERVICES June 2012 INFORMATION TECHNOLOGY SERVICES TECHNICAL SERVICES June 2012 Program Description Network Services is a service unit in Information Technology Services responsible for designing, acquiring, deploying, operating,

More information

EVALUATING YOUR DISASTER READINESS?

EVALUATING YOUR DISASTER READINESS? EVALUATING YOUR DISASTER READINESS? START WITH YOUR RESPONSE MANAGEMENT VENDOR Business Continuity and Disaster Recovery: Best Practices for Successful Planning What would happen to your organization if

More information

Disaster Management and Business Continuity Plan for Bankers

Disaster Management and Business Continuity Plan for Bankers Introduction Business interruptions can occur anywhere, anytime. Massive hurricanes, tsunamis, power outages, terrorist bombings and more have made recent headlines. It is impossible to predict what may

More information

Clarity in the Cloud. Defining cloud services and the strategic impact on businesses.

Clarity in the Cloud. Defining cloud services and the strategic impact on businesses. Clarity in the Cloud Defining cloud services and the strategic impact on businesses. Table of Contents Executive Summary... 3 Cloud Services... 4 Clarity within the Cloud... 4 Public Cloud Solution...

More information

w w w. s t r a t u s. c o m

w w w. s t r a t u s. c o m Managed Services Buying Guide Eight ways to sustain 99.999% SLAs for vital business processes. In the real world. w w w. s t r a t u s. c o m Mission-critical SLAs demand mission-critical managed services.

More information

DEFINING THE RIGH DATA PROTECTION STRATEGY

DEFINING THE RIGH DATA PROTECTION STRATEGY DEFINING THE RIGH DATA PROTECTION STRATEGY The Nuances of Backup and Recovery Solutions By Cindy LaChapelle, Principal Consultant, ISG www.isg-one.com INTRODUCTION Most organizations have traditionally

More information

Disaster Recovery for Ingres. Abstract

Disaster Recovery for Ingres. Abstract Disaster Recovery for Ingres A general disaster recovery discussion followed by Ingres specific issues and recommendations 2002-2003 Comprehensive Consulting Solutions, Inc., All rights reserved. Abstract

More information

Whitepaper: 7 Steps to Developing a Cloud Security Plan

Whitepaper: 7 Steps to Developing a Cloud Security Plan Whitepaper: 7 Steps to Developing a Cloud Security Plan Executive Summary: 7 Steps to Developing a Cloud Security Plan Designing and implementing an enterprise security plan can be a daunting task for

More information

TECHNOLOGY AND INNOVATION DEPARTMENT BACKUP AND RECOVERY REVIEW AUDIT 14-08 SEPTEMBER 23, 2014

TECHNOLOGY AND INNOVATION DEPARTMENT BACKUP AND RECOVERY REVIEW AUDIT 14-08 SEPTEMBER 23, 2014 TECHNOLOGY AND INNOVATION DEPARTMENT BACKUP AND RECOVERY REVIEW AUDIT 14-08 SEPTEMBER 23, 2014 CITY OF TAMPA Bob Buckhorn, Mayor Internal Audit Department Christine Glover, Internal Audit Director September

More information

Resilience in the era of enterprise cloud computing

Resilience in the era of enterprise cloud computing IBM Global Technology Services Thought leadership white paper Business Continuity and Resiliency Services Resilience in the era of enterprise cloud computing Design considerations for forward-thinking

More information

Best Practices in Healthcare IT Disaster Recovery Planning

Best Practices in Healthcare IT Disaster Recovery Planning BUSINESS WHITE PAPER Best Practices in Healthcare IT Disaster Recovery Planning Assessing your options for leveraging the cloud to enhance compliance, improve recovery objectives, and reduce capital expenditures

More information

Disaster Recovery: Helping Non-Profits to Plan, Prepare & Recover. By: Lynn Do

Disaster Recovery: Helping Non-Profits to Plan, Prepare & Recover. By: Lynn Do Disaster Recovery: Helping Non-Profits to Plan, Prepare & Recover By: Lynn Do It is Prepare to Ensure Business Continuity A way of doing business and continuing to stay in business in the event of a disaster

More information

Technical Considerations in a Windows Server Environment

Technical Considerations in a Windows Server Environment Technical Considerations in a Windows Server Environment INTRODUCTION Cloud computing has changed the economics of disaster recovery and business continuity options. Accordingly, it is time many organizations

More information

Spyders Managed Security Services

Spyders Managed Security Services Spyders Managed Security Services To deliver world-class Managed Security Services, Spyders must maintain and invest in a strong Security Operations Centre (SOC) capability. Spyders SOC capability is built

More information

Review of Information Technology s Data System Backup and Disaster Recovery Process Page 2 of 10 September 30, 2013

Review of Information Technology s Data System Backup and Disaster Recovery Process Page 2 of 10 September 30, 2013 Page 2 of 10 Scope and Objectives We reviewed the backup and disaster recovery processes utilized by DOH for information applications/systems managed by IT over the last three years. This review included

More information

Disaster Recovery Planning. By Janet Coggins

Disaster Recovery Planning. By Janet Coggins Comp 5940 Project Disaster Recovery Planning By Janet Coggins Janet H. Coggins Page 1 11/21/2004 Table of Contents List of each Section....Page 2 Section 1 Executive Summary Overview of the scope of the

More information

Virtualizing disaster recovery using cloud computing

Virtualizing disaster recovery using cloud computing IBM Global Technology Services Thought Leadership White Paper January 2012 Virtualizing disaster recovery using cloud computing Transition your applications quickly to a resilient cloud 2 Virtualizing

More information

Disaster Recovery Policy

Disaster Recovery Policy Disaster Recovery Policy INTRODUCTION This policy provides a framework for the ongoing process of planning, developing and implementing disaster recovery management for IT Services at UCD. A disaster is

More information

U.S. Nuclear Regulatory Commission

U.S. Nuclear Regulatory Commission U.S. Nuclear Regulatory Commission 2011 Data Center Consolidation Plan and Progress Report Version 2.0 September 30, 2011 Enclosure Contents 1 Introduction... 2 2 Agency Goals for Data Center Consolidation...

More information

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION Disaster Recovery Testing Is Being Adequately Performed, but Problem Reporting and Tracking Can Be Improved May 3, 2012 Reference Number: 2012-20-041 This

More information

Disaster Recovery, Business Continuity, and Hosting Solutions for IFS Applications IFS CUSTOMER SUMMIT 2011, CHICAGO

Disaster Recovery, Business Continuity, and Hosting Solutions for IFS Applications IFS CUSTOMER SUMMIT 2011, CHICAGO Disaster Recovery, Business Continuity, and Hosting Solutions for IFS Applications IFS CUSTOMER SUMMIT 2011, CHICAGO Richard Francart DIRECTOR INFORMATION TECHNOLOGY SYSTEMS & SERVICES rfrancart@msa.com

More information

White Paper. Cloud vs. Colo: Colo Wins on 4 out of 5 Key Criteria TABLE OF CONTENTS

White Paper. Cloud vs. Colo: Colo Wins on 4 out of 5 Key Criteria TABLE OF CONTENTS White Paper Cloud vs. Colo: Colo Wins on 4 out of 5 Key Criteria of new security threats, hacking attacks and data breaches every week. Couple that with major service interruptions and outages experienced

More information

A risky business. Why you can t afford to gamble on the resilience of business-critical infrastructure

A risky business. Why you can t afford to gamble on the resilience of business-critical infrastructure A risky business Why you can t afford to gamble on the resilience of business-critical infrastructure Banking on a computer system that never fails? Recent failures in the retail banking system show how

More information

Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider

Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider Requirements Checklist for As the importance and value of corporate data grows, complex enterprise IT environments need

More information

Operational Risk Publication Date: May 2015. 1. Operational Risk... 3

Operational Risk Publication Date: May 2015. 1. Operational Risk... 3 OPERATIONAL RISK Contents 1. Operational Risk... 3 1.1 Legislation... 3 1.2 Guidance... 3 1.3 Risk management process... 4 1.4 Risk register... 7 1.5 EBA Guidelines on the Security of Internet Payments...

More information

Navigating Among the Clouds. Evaluating Public, Private and Hybrid Cloud Computing Approaches

Navigating Among the Clouds. Evaluating Public, Private and Hybrid Cloud Computing Approaches Navigating Among the Clouds Evaluating Public, Private and Hybrid Cloud Computing Approaches June 2012 Much like the winds of change that continue to alter the cloud landscape in the skies above, a powerful

More information

Moving to the Cloud? DIY VS. MANAGED HOSTING

Moving to the Cloud? DIY VS. MANAGED HOSTING Moving to the Cloud? DIY VS. MANAGED HOSTING 12 Factors To Consider And Why You Should Be Looking for a Managed Hosting Provider For Your Site or Application as You Move to the Cloud Your site or application

More information