Bank of Canada. IT Operations and Infrastructure Services

Size: px
Start display at page:

Download "Bank of Canada. IT Operations and Infrastructure Services"

Transcription

1 Bank of Canada IT Operations and Infrastructure Services Bank of Canada (BoC) White Paper Business Continuity Plan (BCP) versus Disaster Recovery Plan (DRP) for presentation to XXXIV MEETING ON CENTRAL BANK SYSTEMATIZATION Sept 7-9, 2011, SANTIAGO, CHILE Date of Issue: August 17, 2011 Bank of Canada, Information Technology Services (ITS) Daniel Schaffler, Victor Baez with Daniel Lamoureux

2 TABLE OF CONTENTS 1. WHO WE ARE COMPLEXITY OF ENVIRONMENT ADAPTING TO EMERGING TECHNOLOGIES INCREASED RISK SPECTRUM HISTORY 1.2. OUR CHANGING WORLD 2. OVERVIEW OF RISK MANAGEMENT FRAMEWORK, CONTINUITY OF OPERATIONS PROGRAM, AND IT SERVICE CONTINUITY MANAGEMENT RISK MANAGEMENT FRAMEWORK CONTINUITY OF OPERATIONS (COOP) MANDATE PRINCIPLES AND FRAMEWORK RELATION BETWEEN COOP AND THE RISK MANAGEMENT FRAMEWORK BUSINESS IMPACT ANALYSIS (BIA) IT SERVICE CONTINUITY MANAGEMENT (ITSCM) MANDATE PRINCIPLES AND FRAMEWORK RELATION BETWEEN ITSCM AND COOP INPUT FROM THE BIA ITSCM PROCESS RELATION WITH ITIL AND OPERATIONAL PROCESSES CURRENT RECOVERY POSTURE SPLIT OPERATIONS THE FUTURE POSTURE, A MORE RESILIENT ENVIRONMENT HUMAN CAPITAL AWARENESS TESTING AND EXERCISES ITSCM DRIVEN EXERCISES DISASTER RECOVERY EXERCISES TABLE TOP EXERCISES COOP DRIVEN EXERCISES BANK-WIDE CONTINUITY TESTS CALL TREE EXERCISES SIMULATIONS EVALUATING OUR PREPAREDNESS AND RESPONSE LESSONS LEARNED FROM THE OCCURRENCE OF REAL CONTINGENCIES CONTINUOUS IMPROVEMENT... 21

3 1. Who we are The Bank of Canada is the nation s central bank, with four main areas of responsibility: Monetary policy - The Bank contributes to solid economic performance and rising living standards for Canadians by keeping inflation low, stable and predictable. Since 1991, the Bank s monetary policy actions toward this goal have been guided by a clearly defined inflation target Currency - The Bank designs, produces and distributes Canada s bank notes and replaces worn notes. It deters counterfeiting through leading-edge bank note design, public education and collaboration with law-enforcement agencies Financial System - The Bank promotes a stable and efficient financial system in Canada and internationally. To this end, the Bank oversees Canada s key payment, clearing and settlement systems; acts as lender of last resort; assesses risks to financial stability; and contributes to the development of financial system policies Funds Management - The Bank provides effective and efficient funds-management services for the Government of Canada, as well as on its own behalf and for other clients. For the government, the Bank provides treasury-management services and administers and advises on the public debt and foreign exchange reserves. In addition, the Bank provides banking services to critical payment, clearing and settlement systems Our principal role, as defined in the Bank of Canada Act, is to promote the economic and financial welfare of Canada. The Bank was founded in 1934 as a privately owned corporation. In 1938, it became a Crown corporation belonging to the federal government. Since that time, the Minister of Finance has held the entire share capital issued by the Bank. Ultimately, the Bank is owned by the people of Canada. Page 1

4 The Bank is not a government department and conducts its activities with considerable independence compared with most other federal institutions. For example: The Governor and Senior Deputy Governor are appointed by the Bank's Board of Directors (with the approval of Cabinet), not by the federal government The Deputy Minister of Finance sits on the Board of Directors but has no vote The Bank submits its expenditures to its Board of Directors. Federal government departments submit theirs to the Treasury Board Bank employees are regulated by the Bank itself, not by federal public service agencies The Bank's books are audited by external auditors appointed by Cabinet on the recommendation of the Minister of Finance, not by the Auditor General of Canada 1.1. History Canadians have always been firm believers in the value of insurance, and the institution of the Bank of Canada is no exception. Making the business case for Business Continuity Management (BCM) and Disaster Recovery Planning (DRP) has never been at issue for the Bank. The necessity of fulfilling our legislated mandate, practicing good governance, and preparedness for provision of uninterrupted, essential services vital to the national and global financial community have all been well understood and accepted, and indeed have been a integral part of the Bank s culture from the early days of the mainframe to the more recent distributed computing environment. The IT computing environment running the Banks core applications in the latter part of the 20th century consisted of a mainframe computer dedicated to the production environment, and another mainframe computer in a separate, geographically disparate location dedicated to the testing and development environments. The production environment was very tightly controlled and restricted, Page 2

5 with a high degree of policy and procedure in place to manage access to, and migration of changes from the development to the production environment. Disaster recovery plans were in place to facilitate complete recovery of the production mainframe computing and network environment, and included off-site vaulting of what were deemed as vital records (eg. tape backups of the system, software, applications and data). A dedicated Disaster Recovery Coordinator position was staffed, with responsibility for over-seeing the creation and management of disaster recovery plans and procedures to ensure business continuity. Disaster recovery plans were exercised and tested twice yearly and entailed full recovery of the production mainframe environment onto the development mainframe. Additional exercises, limited to the IT Services department (at the time known as Automation Services Department (ASD)) were also undertaken periodically to ensure that ASD was well positioned to provide IT services to meet the business continuity requirements of the larger Bank. Those exercises also provided a means by which ASD could ensure that changes enacted into the production environment had been factored into business continuity plans. With the advent and adoption of the distributed computing environment, the complexity of business continuity management increased significantly, but through it all, the Bank has, and always will, continue to place high importance on the need to have proven strategies and plans in place. Page 3

6 1.2. Our Changing World Everything flows and nothing stays. Heraclitus, Greek Philosopher (c.535-c.475 BC) In keeping with the long-term trend in the history of computing hardware described by Moore s law (exponentially increasing capacity), so too has the complexity of both the business and computing environments evolved, along with the spectrum of risks to be dealt with. In today s world, business and IT organizations are: Striving to leverage lessons learned and apply best practices Increasingly required to demonstrate their value (profitability, cost-effectiveness) Re-defining relationships between internal and external business units Dealing with changing business models Addressing rapidly changing technologies, standards and practices The Bank of Canada, like every other organization, has been subject to the technological, natural and environmental forces that shape the nature of our business and delivery of our services, and the changes that need to be undertaken to stay current and sustainable Complexity of environment adapting to emerging technologies Most, if not all, IT organizations are additionally trying to manage IT as business, amidst a dramatically changing technology landscape that is both much more complex and challenging than previous computing environments. Computing platform changes (mainframe vs. distributed vs. cloud; centralized vs. decentralized), networking advances (multimedia; VOIP; data and voice convergence; fiber), server and storage evolution (clusters; virtualization; NAS; SAN; backup and recovery technology), applications development (SaaS; multi-threading) and Page 4

7 services all come with various benefits and risks, and can dramatically alter the business continuity posture of an IT organization. Vigilance with respect to availability, reliability and sustainability, along with the imperative need to ensure alignment between business requirements, service level expectations and the cost of doing business, is required and continuously on-going Increased risk spectrum The spectrum of risks facing an organization from natural and environmental forces has changed significantly over the course of the last two decades. Thinking back from 1998 to the present, the Bank has rapidly responded to, and successfully dealt with, the following naturally occurring events, with marginal disruption to the conduct of business and the delivery of services: ice storm, affecting power distribution lines across central Canada a magnitude 5.0 earthquake occurs in central Canada On the environmental front, the same can be said for the following actual and on-going events: the new millennium (Y2K) heightened terrorism treat after September Severe Acute Respiratory Syndrome (SARS) outbreak day "Take the Capital" protest in Ottawa against G8 meeting being held in Alberta The largest power outage in North American history Suspicious package deposited outside the Bank s head office Potential influenza pandemic Page 5

8 2010 Major equipment failure affecting the Bank s telephony system heightened occurrence of cyber attacks On-going succession planning and the loss of corporate knowledge On-going supply chain (including outsourcing) and vendor induced disruptions The above mentioned events and threats, as well as the potential for future ones, have all contributed directly to the constant re-assessment, strengthening and evolution of the Bank of Canada s risk management, business continuity and IT service continuity management plans and posture. 2. Overview of Risk Management Framework, Continuity of Operations Program, and IT Service Continuity Management 2.1. Risk Management Framework The Bank developed its risk management framework in 1971 in consultation with the Board of Directors. Risk management is viewed by the Bank as particularly important to sound governance, decision making and accountability. The framework supports informed decision making by ensuring that the appropriate competencies, analytic tools, consultation and communication form the foundation for innovation and responsible risk taking. The risk management framework is fully integrated with the Bank s corporate management processes. It is incorporated into the annual planning, priority-setting, budget process, and quarterly/yearly stewardship processes. It is supported by an in-house tool that allows tracking and classification of operational risk events which gives it insight into the nature of problems that arise with its processes and systems. Page 6

9 The Bank has had a long-standing, well-established security and administrative framework for safeguarding its personnel and assets (physical, information and financial). The safeguards include: policies and standards; personnel screening; physical and logical security equipment and processes; business continuity planning; and security awareness programs Continuity of Operations (COOP) Mandate The Bank of Canada delivers services that are essential to the economic well-being of the nation. To ensure that those services, and the Bank s role in the global financial community, continue to be delivered during a disruptive event, the Bank has created a Continuity of Operations (COOP) program. The COOP program encompasses all disciplines necessary to enable recovery of essential Bank services subsequent to a disruptive event, with emphasis on the protection of Bank employees and property Principles and framework The Bank of Canada Continuity of Operations program has been explicitly designed to meet the standards set by applicable sections of the Bank Security Policy (BSP) and the National Fire Protection Association (NFPA) 1600 Standard on Disaster/Emergency Management and Continuity of Operations Programs. Compliance with the BSP is mandatory, but compliance with NFPA 1600 is voluntary. The Continuity of Operations program is an ongoing management and governance process mandated and supported by senior management, and resourced to ensure that the necessary steps are taken to identify the impact of potential losses, maintain viable recovery strategies Page 7

10 and plans, and help ensure continuity of key functions and processes through exercising, rehearsal, testing, training and maintenance Relation between COOP and the Risk Management Framework The COOP program is a key part of the Bank s risk framework for safeguarding its personnel and assets (physical, information and financial), as the COOP program guides, supports, and promotes the Bank s plans to: Help ensure the safe evacuation of all persons on Bank property in an emergency Continue its critical business in the event of a disaster or crisis Business Impact Analysis (BIA) The fundamental goal of the Continuity of Operations discipline is to identify mission-critical processes that support key Bank activities, the maximum recovery timeframes for those processes after a disruptive event, and the processes and procedures used to restore the process subsequent to a business interruption. To maintain an inventory of Bank-wide business processes and functions (not all of which are IT related or have an IT connotation), the COOP program conducts a Business Impact Analysis (BIA), as the mechanism for the identification and prioritization of the Bank s critical business processes based on impact, injury and loss that would result if a process were to become unavailable for any reason. The Business Impact Analysis is necessarily a point in time snapshot that reflects the functions of the Bank and the recovery priorities and timeframes as they exist when the BIA is created. However, the Bank is an evolving organization, and the COOP program recognizes the fact that functions and priorities may shift over time. Therefore, the COOP Program Office is charged with Page 8

11 responsibility for facilitating a review of the BIA every two years, to ensure that each Department s inputs accurately represent the Bank's current operational state IT Service Continuity Management (ITSCM) Mandate Information Technology Service Continuity Management (ITSCM) is concerned with managing the organization s ability to continue to provide a pre-determined and pre-approved level of IT service to support the minimum business requirements following an interruption to the business. This may range from an application or system failure, to a complete loss of the business premises Principles and framework ITSCM is based on the IT Infrastructure Library (ITIL). ITIL is a publicly available framework, and it is used by organizations word-wide to establish and improve capabilities in IT Service Management, to provide value to customers in the form of services (a service being something that provides value to customers.) The main benefits of ITIL include: Alignment with business needs Negotiated achievable service levels Predictable, consistent processes Efficiency in service delivery, with well-defined processes Measurable, improvable services and processes Common language and terms Page 9

12 ITSCM is a mature process within the IT Service Management group of the IT Services (ITS) department. It is supported by IT senior management, and resourced to ensure that the necessary steps are taken to identify the impact of potential losses, maintain viable IT recovery strategies and plans, and help ensure IT continuity of key functions and processes through exercising, rehearsal, testing, training and maintenance Relation between ITSCM and COOP ITSCM is a key part of the overall Continuity of Operations process and is dependent upon information derived through this process. ITSCM is focused on the continuity of IT services to the business, and the COOP program is concerned with the Business Continuity management process that incorporates all services upon which the business depends, one of which is IT. ITSCM supports the overall COOP process by ensuring the required IT infrastructure, applications, and services identified as critical by the business, can be recovered within the required, and agreed upon, business timescales. To accomplish this goal, ITSCM ensures that proactive measures are: in place to minimize or avoid business disruptions caused by IT outages, supported as part of normal IT service deliverables, and factored into all IT projects and initiatives ITSCM provides a framework that minimizes risk for the management and provision of IT services (for either actual or potential disruptions) to defined service levels. Accordingly, ITSCM not only focuses on reactive contingency measures, but also on proactive measures to avoid serious business disruptions. Page 10

13 Input from the BIA Information technology is often a critical resource that is required to restore operations of many Bank processes and functions; it is a critical enabling resource. Therefore, ITSCM is responsible for review the BIA and ensure that the Bank's information technology recovery plan accurately reflects the business priorities and timeframes as they are represented in the BIA. Also the BIA provides the means to categorize the business processes in Tiers based on the maximum allowable downtime. These Tiers allow IT to define: Service levels for applications and infrastructure defined by tier, instead of defining service levels for each application or service Identify the Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) for the applications and IT infrastructure depending on the business process that supports. The benefits of the categorization by Tiers from the BIA: Covers all business line applications and foundational, enterprise-wide services (eg. network connectivity; application hosting; storage management; ; backup/recovery; remote access; etc) Provides clarity on services provided by ITS, and links them to the costs incurred Provides clarity on Disaster Recovery posture, since Disaster Recovery solutions can be offered to the business in Tiers (eg. Critical, Standard, etc.) Applies criteria of critical vs. non-critical services, providing guidelines for initial prioritization and cost saving opportunities (where to focus attention and resources) ITSCM Process relation with ITIL and operational processes Page 11

14 Ensuring the continuity of IT services in the event of a disruption requires a thorough understanding of IT services provided and how they operate under normal circumstances. The ITSCM process must be aware of and take account of any factors that affect the operation of IT services - ITSCM is a process that is engaged in all activities in ITS. Consequently it receives feeds from various operational processes and entities such as: Configuration Management: IT components and relationships Change Management: Ensuring the currency and accuracy of the Continuity Plans through the identification of changes affecting, or modifying the IT continuity posture Problem Management: Impact analysis of problems that are affecting or may affect the continuity solutions and ITSCM plans Incident Management: Early notification of incidents that can potentially interrupt IT services and could require the activation of ITSCM plans Service Level Management: Service Levels based on BIA criticality, detailing what service levels must be maintained under normal circumstances and in a disaster situation IT Project Management and Delivery Process: Assessment of ITSCM requirements and proposed continuity solutions, based on ITSCM policy IT Enterprise Architecture: Assessment of long-term architecture vision and design compliance to approved continuity solutions and plans Current Recovery Posture The Bank s main data center is located at Head Office with an alternate center located 20 km away, which serves as the recovery site in the event of a business disruption. The alternate site is equipped with computer systems, data links, and staff work areas that enable the Bank to continue critical operations if the Head Office location is inaccessible or unavailable. Page 12

15 The current alternate posture provides: On-site support for a number of users based on BIA requirements Support for remote access connectivity Local workstations configured with business line applications A flexible recovery workspace (since corporate applications and business line tools can be provided via workspace virtualization, when users start their personal workspace, they view their own familiar and personalized work space where they can access files, applications, settings and entire desktop. IT is not dependant on a pre-defined workstation.) Split operations The Bank conducts pre-defined critical business functions from two sites simultaneously, so that should an event affect either site, the remaining site will settle the day s work. The implementation of split operations strengthened and deepened the Bank s operational resiliency. Page 13

16 The future posture, a more resilient environment Page 14

17 The Bank recently launched a project to increase the environment resilience, by relocating the main data centre. The strategy was developed through a review of the threats with potential to impact the Bank s operations, the extent to which those threats can be mitigated by increasing geographic separation between sites and the associated operational risks, as well as what other central banks and similar organizations are doing in this area. The strategy is to: implement split operations for pre-defined critical operations locate the Bank s main data centre and business recovery 6 to 20 km from Head Office, and locate the Bank s alternate data centre 20 to 50 km from the main data centre 2.4. Human capital A fundamental best practice for all COOP planning is to plan to the worst-case scenario, to ensure that the Bank is prepared for a variety of situations, even though we do not necessarily know to what degree we may be challenged. In this instance, one of the worst cases would be coping with severely reduced workforce. To mitigate this scenario, Managers from across the Bank worked with the COOP Office to develop a categorization matrix identifying those functions in their areas that were time-critical and determined whether or not those functions could be performed remotely. They then identified those individuals who currently fulfill those functions (referred to as the core group), as well as a pool of individuals with the skill sets who could do the necessary work if people in the core group were unable to. This category matrix also provides the guidelines for: Identifying areas of vulnerability Page 15

18 Establishing remote access priority, ensuring that the pre-determined staff can continue to conduct business-critical operations 2.5. Awareness The success of ITSCM depends on a continuing commitment at all levels in the organization and on people's awareness of their respective responsibilities. IT service continuity requirements are factored alongside operational activities. Each department has a Departmental Emergency Response Coordinator, which is responsible for the coordination and logistics of the departments Continuity of Operations plan, and also is responsible for the dissemination of information provided by the COOP program office Testing and exercises ITSCM driven exercises ITSCM policies mandate that IT continuity solutions and plans must be tested on a regular basis to evaluate recovery capability effectiveness, and to identify and address any deficiencies. The purpose of this policy is to validate that the applications and infrastructure at the alternate site can operate isolated from the primary site and meet the required Recovery Time and Recovery Point Objectives. It also serves to identify and resolve problems in the IT infrastructure that could impact the recovery capabilities of critical bank processes, and ensures compliance to the Audit Department s requirements for regular ITSCM assessments and reviews of tests and events for operational readiness Disaster Recovery exercises Page 16

19 The objective the Disaster Recovery (DR) exercises is to demonstrate the ability to activate the production applications and IT environment at the alternate site, within the prescribed Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO). These tests validate ITS s preparedness to recover operations. The DR exercises are conducted twice yearly, during a weekend, with the participation of all IT groups and Bank business lines to validate critical systems. The DR exercise has predefined conditions, control points, success criteria, and a strict command and control structure. A report on the test results is distributed to the COOP program, IT Management, and the Audit Department. This report measures compliance to Recovery Time and Recovery Point Objectives, quality of the individual test results and reports, and highlights updates required to IT plans and IT infrastructure. Results are analyzed to determinate if there are variations with the pre-determined level of services for the business, and to implement the necessary measures to mend deficiencies Table top exercises Table top exercises are paper base exercises and are conducted in ITS by ITSCM in preparation for the DR exercises. The objective is to identify gaps in the Disaster Recovery plans COOP driven exercises Bank-wide continuity tests Every two years the COOP Program Office conducts full-scale tests during business hours, while the business is conducting real business transactions at the alternate site. These tests utilize close-to-life scenarios and situational injects during the exercise, presenting a realistic and Page 17

20 challenging operating environment. The objective is to stress-test the continuity of operation plans (business continuity plans) for the departments; including ITS, and identify gaps in those plans. These exercises are designed with focus on specific situations, and objectives, and normally include exercise press releases, in paper and video, as part of the injects during the exercise Call tree exercises As part of the ongoing business of individual departments for Bank-wide readiness, all departments and business lines must ensure that they maintain up-to-date contact information for all of their employees. As such, a Bank-wide Call Tree exercise is conducted once a year. In order to represent a realistic scenario, staff are requested not to alter their regular routine to accommodate this exercise Simulations These are paper base exercises and are conducted by COOP Program Office. The objective of these one day exercises, utilizing close-to-life scenarios, is to train personnel and also to identify gaps in the continuity of operations plans Evaluating our preparedness and response Test result reports are reviewed by the Audit Department, and if required, observations are presented to the Bank Senior management. A review of results is conducted with the departments, and tasks are assigned to areas to follow-up on gaps found during the tests. Page 18

21 3. Lessons learned from the occurrence of real contingencies The occurrence of events has provided the occasion for the Bank to update and fine tune its contingency plans, policies, processes, communications, and decision-making in a real-time atmosphere, and allowed the Bank to test the effect of our response measures to support the critical processes of the Bank. A success factor for the Bank to deal with emerging risks has been the rapid reaction to, and implementation of, improvements to contingency plans. The use of information gathered in the BIA has provided an excellent tool to minimize the time to adapt plans to new risks as the Bank does not need to do the data gathering exercise when situations arise. In situations when the staff cannot access the Bank premises, either as a risk reduction measure or as a consequence (ie ice storm, Severe Acute Respiratory Syndrome (SARS) outbreak, Power outage, Potential influenza pandemic), the Bank has adapted the continuity plans to deal with the reduction of staff and with the increase of remote access by taking the following actions: Identify key functions that would be affected by a shortage of staff Identify the minimum necessary number of staff for critical processes during peak periods Identification of pool of staff, from which to draw in case of staff shortage Identify processes that can be done by remote access (users at home), and processes that must be conducted on site. Implement response in stages for a shortage of staff or the need for social distancing Provide training in the use of personal protective equipment for staff that are identified as required to be on site to perform time critical processes Review dependencies on key suppliers Page 19

22 Revise policies and procedures for remote access, and strengthen processes to assure priority access for critical processes in case of remote access bandwidth limitations Provide mobile devices to staff performing critical processes/services Implementation of flexible recovery workspace, that can be accessed from any Bank issued PC or from a user owned PC, providing a personalized work space that is not dependant on a pre-defined workstation In events that require staff to continue operations at the alternate site (ie Power outage, Suspicious package deposited outside the Bank s headquarters, 2010 Earthquake) the Bank has taken the following actions: Implemented split operations, to conduct pre-defined critical business functions from two sites simultaneously Increased the capacity and redundancy for emergency power distribution (redundant diesels generators); and sign agreements with vendors to guarantee fuel supply at primary and alternate sites Increased the capacity and redundancy for the Data Centers cooling Assured a minimum number of seats at the recovery site per department and also provide flexibility by increasing the number of workstations available for the departments by deploying a virtual workspace, which is a work space that is not dependant on a pre-defined workstation Strengthened the Incident Management Team structure and will be undertaking the following: Relocating the main data center away from Head Office Implementing lights-out Data Centers (all Data Center management will be done remotely) Page 20

Why Should Companies Take a Closer Look at Business Continuity Planning?

Why Should Companies Take a Closer Look at Business Continuity Planning? whitepaper Why Should Companies Take a Closer Look at Business Continuity Planning? How Datalink s business continuity and disaster recovery solutions can help organizations lessen the impact of disasters

More information

Data Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com Fax: (718) 380-7322

Data Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com Fax: (718) 380-7322 Business Continuity and Disaster Recovery Job Descriptions Table of Contents Business Continuity Services Organization Chart... 2 Director Business Continuity Services Group... 3 Manager of Business Recovery

More information

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION Federal Financial Institutions Examination Council FFIEC Business Continuity Planning MARCH 2003 MARCH 2008 BCP IT EXAMINATION H ANDBOOK TABLE OF CONTENTS INTRODUCTION... 1 BOARD AND SENIOR MANAGEMENT

More information

Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning 4 Business Continuity Planning and Disaster Recovery Planning Basic Concepts 1. Business Continuity Management: Business Continuity means maintaining the uninterrupted availability of all key business

More information

The Government Cloud Protection Program: Disaster Recovery Services Transformed for the Perfect Storm

The Government Cloud Protection Program: Disaster Recovery Services Transformed for the Perfect Storm 2010 NASCIO RECOGNITION AWARD NOMINATION The Government Cloud Protection Program: Disaster Recovery Services Transformed for the Perfect Storm Nomination Category: Risk Management Initiatives Name of State

More information

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14

More information

Ohio Supercomputer Center

Ohio Supercomputer Center Ohio Supercomputer Center IT Business Continuity Planning No: Effective: OSC-13 06/02/2009 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original

More information

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA 1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK Federal Financial Institutions Examination Council FFIEC Business Continuity Planning BCP FEBRUARY 2015 IT EXAMINATION H ANDBOOK Table of Contents Introduction 1 Board and Senior Management Responsibilities

More information

Business Continuity and Disaster Recovery Planning from an Information Technology Perspective

Business Continuity and Disaster Recovery Planning from an Information Technology Perspective Business Continuity and Disaster Recovery Planning from an Information Technology Perspective Presenter: David Bird, Director of Sales, Business Technology Consultant phone: 215-672-7100 email: dbird@quatro.com

More information

Business Continuity Plan

Business Continuity Plan Business Continuity Plan October 2007 Agenda Business continuity plan definition Evolution of the business continuity plan Business continuity plan life cycle FFIEC & Business continuity plan Questions

More information

Temple university. Auditing a business continuity management BCM. November, 2015

Temple university. Auditing a business continuity management BCM. November, 2015 Temple university Auditing a business continuity management BCM November, 2015 Auditing BCM Agenda 1. Introduction 2. Definitions 3. Standards 4. BCM key elements IT Governance class - IT audit program

More information

Managing business risk

Managing business risk Managing business risk What senior managers need to know about business continuity bell.ca/businesscontinuity Information and Communications Technology (ICT) has become more vital than ever to the success

More information

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the

More information

ASX SETTLEMENT OPERATING RULES Guidance Note 10

ASX SETTLEMENT OPERATING RULES Guidance Note 10 BUSINESS CONTINUITY AND DISASTER RECOVERY The purpose of this Guidance Note The main points it covers To assist participants to understand the disaster recovery and business continuity arrangements they

More information

Overview. Emergency Response. Crisis Management

Overview. Emergency Response. Crisis Management Prudential Financial s Preparedness Strategy Overview Emergency Response, Crisis Management, Business Continuation, Technology Disaster Recovery & Health Crisis Preparedness Prudential is committed to

More information

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY 14304-1745

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY 14304-1745 ECP - 601: Effective Business Continuity Management: ISO 22301 This 3-day course provides an intensive, hands-on workshop covering all major aspects for the design of an effective Business Continuity Plan

More information

Business Continuity Management

Business Continuity Management Business Continuity Management cliftonlarsonallen.com Introductions Brian Pye CliftonLarsonAllen Senior Manager Business Risk Services group 15 years of experience with Business Continuity Megan Moore

More information

ASX CLEAR (FUTURES) OPERATING RULES Guidance Note 10

ASX CLEAR (FUTURES) OPERATING RULES Guidance Note 10 BUSINESS CONTINUITY AND DISASTER RECOVERY The purpose of this Guidance Note The main points it covers To assist participants to understand the disaster recovery and business continuity arrangements they

More information

www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014

www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 Agenda Key Definitions Risks Business Continuity Management Program BCM Capability Assessment Process BCM Value Proposition

More information

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00) NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00) Subject and version number of document: Serial Number: Business Continuity Management Policy

More information

SAFETY FIRST. Emerging Trends in IT Disaster Recovery. By Cindy LaChapelle, Principal Consultant. www.isg-one.com

SAFETY FIRST. Emerging Trends in IT Disaster Recovery. By Cindy LaChapelle, Principal Consultant. www.isg-one.com SAFETY FIRST Emerging Trends in IT Disaster Recovery By Cindy LaChapelle, Principal Consultant www.isg-one.com INTRODUCTION Against a backdrop of increasingly integrated and interdependent global service

More information

Business continuity strategy

Business continuity strategy Business continuity strategy 2009 2012 Table of contents 1 Why this strategy is needed 3 2 Aim of the strategy 4 3 Our approach to business continuity 4 PROCESS 4 STRUCTURE 5 DOCUMENTATION 6 DISRUPTION

More information

Technology Infrastructure Services

Technology Infrastructure Services LOB #303: DISASTER RECOVERY Technology Infrastructure Services Purpose Disaster Recovery (DR) for IT is a capability to restore enterprise-wide technology infrastructure, applications and data that are

More information

By: Tracy Hall. Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level. June 9, 2015

By: Tracy Hall. Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level. June 9, 2015 Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level June 9, 2015 By: Tracy Hall MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company,

More information

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning MARCH 2003 IT EXAMINATION H ANDBOOK

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning MARCH 2003 IT EXAMINATION H ANDBOOK Federal Financial Institutions Examination Council FFIEC Business Continuity Planning MARCH 2003 BCP IT EXAMINATION H ANDBOOK TABLE OF CONTENTS INTRODUCTION... 1 BOARD AND SENIOR MANAGEMENT RESPONSIBILITIES...

More information

OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific documents requested,

More information

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD. Business Continuity Management & Disaster Recovery Planning Presented by: Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD. 1 What is Business Continuity Management? Is a holistic management

More information

Emergency Response and Business Continuity Management Policy

Emergency Response and Business Continuity Management Policy Emergency Response and Business Continuity Management Policy Owner: John Duffy, Registrar & Secretary Last updated: September 2012 Version: 04 Document control Date Version Author Changes To be populated

More information

NHS 24 - Business Continuity Strategy

NHS 24 - Business Continuity Strategy NHS 24 - Strategy Version: 0.3 Issue Date: 20/09/2005 Status: Issued for Board Approval Status: draft Page 1 of 13 Table of Contents 1 INTRODUCTION...3 2 PURPOSE...3 3 SCOPE...3 4 ASSUMPTIONS...4 5 BUSINESS

More information

IT Infrastructure is Key to Growth. Infrastructure nventory.

IT Infrastructure is Key to Growth. Infrastructure nventory. Introduction. The overall objective of an Information Technology (IT) Assessment is to evaluate whether an enterprise s current IT strategy is tightly coupled to the enterprise plans and challenges. Current

More information

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific

More information

2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level. Tracy L. Hall, MBCP

2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level. Tracy L. Hall, MBCP 2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level Tracy L. Hall, MBCP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C.

More information

QUICK FACTS. Managing a Service Operations Team for a Leading Software Developer. TEKsystems Global Services Customer Success Stories.

QUICK FACTS. Managing a Service Operations Team for a Leading Software Developer. TEKsystems Global Services Customer Success Stories. Providing an IT Education Business Processing [ Information Technology, Applications Management ] TEKsystems Global Services Customer Success Stories Client Profile Industry: Software Revenue: $74.3 billion

More information

Business Continuity Planning 101. +1 610 768-4120 (800) 634-2016 www.strohlsystems.com info@strohlsystems.com

Business Continuity Planning 101. +1 610 768-4120 (800) 634-2016 www.strohlsystems.com info@strohlsystems.com Business Continuity Planning 101 Presentation Overview What is business continuity planning Plan Development Plan Testing Plan Maintenance Future advancements in BCP Question & Answer What is a Disaster?

More information

The Weill Cornell Medical College and Graduate School of Medical Sciences. Responsible Department: Information Technologies and Services (ITS)

The Weill Cornell Medical College and Graduate School of Medical Sciences. Responsible Department: Information Technologies and Services (ITS) Information Technology Disaster Recovery Policy Policy Statement This policy defines acceptable methods for disaster recovery planning, preparedness, management and mitigation of IT systems and services

More information

Introduction UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT

Introduction UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT INFORMATION SECURITY: UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT FACTSHEET This factsheet will introduce you to Business Continuity Management (BCM), which is a process developed to counteract systems

More information

Business Continuity (Policy & Procedure)

Business Continuity (Policy & Procedure) Business Continuity (Policy & Procedure) Publication Scheme Y/N Can be published on Force Website Department of Origin Force Operations Policy Holder Ch Supt Head of Force Ops Author Business Continuity

More information

NIST SP 800-34, Revision 1 Contingency Planning Guide for Federal Information Systems

NIST SP 800-34, Revision 1 Contingency Planning Guide for Federal Information Systems NIST SP 800-34, Revision 1 Contingency Planning Guide for Federal Information Systems Marianne Swanson NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Table Of Contents Introduction to NIST SP 800-34

More information

DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES

DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES APPENDIX 1 DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES March 2008 Auditor General s Office Jeffrey Griffiths, C.A., C.F.E. Auditor General City of Toronto TABLE OF CONTENTS EXECUTIVE SUMMARY...1

More information

The Business Continuity Maturity Continuum

The Business Continuity Maturity Continuum The Business Continuity Maturity Continuum Nick Benvenuto & Brian Zawada Protiviti Inc. 2004 Protiviti Inc. EOE Agenda Terminology Risk Management Infrastructure Discussion A Proposed Continuity Maturity

More information

Business Continuity and Disaster Recovery Planning

Business Continuity and Disaster Recovery Planning Business Continuity and Disaster Recovery Planning Jennifer Brandt, CISA A p r i l 16, 2015 HISTORY OF STINNETT & ASSOCIATES Stinnett & Associates (Stinnett) is a professional advisory firm offering services

More information

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS DIRECTORATE OF BANKING SUPERVISION AUGUST 2009 TABLE OF CONTENTS PAGE 1.0 INTRODUCTION..3 1.1 Background...3 1.2 Citation...3

More information

AUSTRACLEAR REGULATIONS Guidance Note 10

AUSTRACLEAR REGULATIONS Guidance Note 10 BUSINESS CONTINUITY AND DISASTER RECOVERY The purpose of this Guidance Note The main points it covers To assist participants to understand the disaster recovery and business continuity arrangements they

More information

Ohio Conference for Payroll Professionals Disaster Recovery

Ohio Conference for Payroll Professionals Disaster Recovery Ohio Conference for Payroll Professionals Disaster Recovery Speaker Bruce E. Phipps CPP 2011 APA Payroll Man of the Year Principal Product Manager US Legislative Analyst ORACLE Corporation bruce.phipps@oracle.com

More information

Interagency Statement on Pandemic Planning

Interagency Statement on Pandemic Planning Interagency Statement on Pandemic Planning PURPOSE The FFIEC agencies 1 are jointly issuing guidance to remind financial institutions that business continuity plans should address the threat of a pandemic

More information

Disaster Recovery Journal Spring World 2014

Disaster Recovery Journal Spring World 2014 Disaster Recovery Journal Spring World 2014 What works: Services and service supply chain business continuity risk management Don Hall, CBCP, Cisco Services Business Continuity Analyst Cisco Systems, Inc.

More information

DISASTER RECOVERY PLANNING GUIDE

DISASTER RECOVERY PLANNING GUIDE DISASTER RECOVERY PLANNING GUIDE AN INTRODUCTION TO BUSINESS CONTINUITY PLANNING FOR JD EDWARDS SOFTWARE CUSTOMERS www.wts.com WTS Disaster Recovery Planning Guide Page 1 Introduction This guide will provide

More information

Guideline on Business Continuity Management

Guideline on Business Continuity Management Circular No. 033/B/2009-DSB/AMCM (Date: 14/8/2009) Guideline on Business Continuity Management The Monetary Authority of Macao (AMCM), under the powers conferred by Article 9 of the Charter approved by

More information

Preparing for the Worst: Disaster Recovery and Business Continuity Planning for Investment Firms An Eze Castle Integration ebook

Preparing for the Worst: Disaster Recovery and Business Continuity Planning for Investment Firms An Eze Castle Integration ebook Preparing for the Worst: Disaster Recovery and Business Continuity Planning for Investment Firms An Eze Castle Integration ebook Table of Contents 1. Introduction to Business Continuity Planning and Disaster

More information

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan EMERGENCY PREPAREDNESS PLAN Business Continuity Plan GIS Bankers Insurance Group Powered by DISASTER PREPAREDNESS Implementation Small Business Guide to Business Continuity Planning Surviving a Catastrophic

More information

University of Massachusetts Medical School's Data Center Relocation For the period July 1, 2008 through August 31, 2010

University of Massachusetts Medical School's Data Center Relocation For the period July 1, 2008 through August 31, 2010 ` Official Audit Report Issued September 30, 2011 University of Massachusetts Medical School's Data Center Relocation For the period July 1, 2008 through August 31, 2010 State House Room 230 Boston, MA

More information

BEST PRACTICES IN CYBER SUPPLY CHAIN RISK MANAGEMENT

BEST PRACTICES IN CYBER SUPPLY CHAIN RISK MANAGEMENT BEST PRACTICES IN CYBER SUPPLY CHAIN RISK MANAGEMENT Communications Company One Company s Supply Chain Transformation Journey INTERVIEWS Senior Manager Supply Chain Operations Strategy Manager Procurement

More information

FORMULATING YOUR BUSINESS CONTINUITY PLAN

FORMULATING YOUR BUSINESS CONTINUITY PLAN WHITE PAPER Page 0 Planning for the Worst Case Scenario: FORMULATING YOUR BUSINESS CONTINUITY PLAN 9 Wing Drive Cedar Knolls, NJ 07927 www.nac.net Page 1 Table of Contents Overview... 2 What is Disaster

More information

BCP and DR. P K Patel AGM, MoF

BCP and DR. P K Patel AGM, MoF BCP and DR P K Patel AGM, MoF Key difference between BS 25999 and ISO 22301 ISO 22301 puts a much greater emphasis on setting the objectives, monitoring performance and metrics aligning BC to top management

More information

10-POINT FRAMEWORK. for Pandemic Influenza Business Preparedness

10-POINT FRAMEWORK. for Pandemic Influenza Business Preparedness 10-POINT FRAMEWORK for Pandemic Influenza Business Preparedness In using this business framework, keep in mind the following principles: The framework is intended to serve as a guideline to trigger business

More information

Preparing for the Convergence of Risk Management & Business Continuity

Preparing for the Convergence of Risk Management & Business Continuity Preparing for the Convergence of Risk Management & Business Continuity Disaster Recovery Journal Webinar Series September 5, 2012 2012 Strategic BCP, Inc. All rights reserved. strategicbcp.com 1 Today

More information

BUSINESS CONTINUITY PLAN OVERVIEW

BUSINESS CONTINUITY PLAN OVERVIEW BUSINESS CONTINUITY PLAN OVERVIEW INTRODUCTION The purpose of this document is to provide Loomis customers with an overview of the company s Business Continuity Plan (BCP). Because of the specific and

More information

Disaster Recovery and Business Continuity Plan

Disaster Recovery and Business Continuity Plan Disaster Recovery and Business Continuity Plan Table of Contents 1. Introduction... 3 2. Objectives... 3 3. Risks... 3 4. Steps of Disaster Recovery Plan formulation... 3 5. Audit Procedure.... 5 Appendix

More information

Audit of the Disaster Recovery Plan

Audit of the Disaster Recovery Plan Audit of the Disaster Recovery Plan Report # 11-05 Prepared by Office of Inspector General J. Timothy Beirnes, CPA, Inspector General Kit Robbins, CISA, CISM, CRISC, Lead Information Systems Auditor TABLE

More information

Disaster Recovery Plan The Business Imperatives

Disaster Recovery Plan The Business Imperatives Disaster Recovery Plan The Business Imperatives Table of Contents Disaster Recovery Plan The Business Imperatives... 3 Introduction... 3 A Disaster Recovery Program The Need of the Hour... 3 Approach to

More information

Business Continuity & Recovery Plan Summary

Business Continuity & Recovery Plan Summary Introduction An organization s ability to survive a significant business interruption is determined by the company s ability to develop, implement, and maintain viable recovery and business continuity

More information

Building a strong business continuity plan

Building a strong business continuity plan Building a strong business continuity plan Protect your clients and firm with a well-planned business continuity plan A solid business continuity plan (BCP) is about more than simply staying in compliance.

More information

Business Continuity Planning for Risk Reduction

Business Continuity Planning for Risk Reduction Business Continuity Planning for Risk Reduction Ion PLUMB ionplumb@yahoo.com Andreea ZAMFIR zamfir_andreea_ileana@yahoo.com Delia TUDOR tudordelia@yahoo.com Faculty of Management Academy of Economic Studies

More information

Desktop Scenario Self Assessment Exercise Page 1

Desktop Scenario Self Assessment Exercise Page 1 Page 1 Neil Jarvis Head of IT Security & IT Risk DHL Page 2 From reputation to data loss - how important is business continuity? Neil Jarvis Head of IT Security (EMEA) DHL Logistics IT Security Taking

More information

Overview of how to test a. Business Continuity Plan

Overview of how to test a. Business Continuity Plan Overview of how to test a Business Continuity Plan Prepared by: Thomas Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com BRP/DRP Test Plan Creation and Exercise Page: 1 Table of Contents BCP/DRP Test

More information

Processing Sites for Commonwealth Agencies

Processing Sites for Commonwealth Agencies Information Technology Supporting Documentation Commonwealth of Pennsylvania Governor's Office of Administration/Office for Information Technology Document Number: OPD-SYM004A Document Title: Guidelines

More information

With the large number of. How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning. Virginia A. Jones, CRM, FAI RIM FUNDAMENTALS

With the large number of. How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning. Virginia A. Jones, CRM, FAI RIM FUNDAMENTALS How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning The world has experienced a great deal of natural and man-made upheaval and destruction in the past few years, including tornadoes,

More information

Supervisory Policy Manual

Supervisory Policy Manual This module should be read in conjunction with the Introduction and with the Glossary, which contains an explanation of abbreviations and other terms used in this Manual. If reading on-line, click on blue

More information

IT Disaster Recovery and Business Resumption Planning Standards

IT Disaster Recovery and Business Resumption Planning Standards Information Technology Disaster Recovery and Business IT Disaster Recovery and Business Adopted by the Information Services Board (ISB) on May 28, 1992 Policy No: Also see: 500-P1, 502-G1 Supersedes No:

More information

E x E c u t i v E B r i E f IT Innovation. Business Value. 4 Stages of IT Disaster Recovery Planning Are You Resilient?

E x E c u t i v E B r i E f IT Innovation. Business Value. 4 Stages of IT Disaster Recovery Planning Are You Resilient? IT Innovation. Business Value. 4 Stages of IT Disaster Recovery Planning Are You Resilient? As the enterprise IT landscape becomes more complex, customers more demanding, and computing devices more abundant

More information

Business Continuity Position Description

Business Continuity Position Description Position Description February 9, 2015 Position Description February 9, 2015 Page i Table of Contents General Characteristics... 2 Career Path... 3 Explanation of Proficiency Level Definitions... 8 Summary

More information

The University of Iowa. Enterprise Information Technology Disaster Plan. Version 3.1

The University of Iowa. Enterprise Information Technology Disaster Plan. Version 3.1 Version 3.1 November 22, 2004 TABLE OF CONTENTS PART 1: DISASTER RECOVERY EXPECTATIONS... 3 OVERVIEW...3 EXPECTATIONS PRIOR TO AN INCIDENT OCCURRENCE...3 EXPECTATIONS PRIOR TO A DISASTER OCCURRENCE...4

More information

Intel Business Continuity Practices

Intel Business Continuity Practices Intel Business Continuity Practices As a global corporation with locations and suppliers all over the world, Intel requires every designated Intel organization to embed business continuity as a core business

More information

Cisco Security Services

Cisco Security Services Cisco Security Services Cisco Security Services help you defend your business from evolving security threats, enhance the efficiency of your internal staff and processes, and increase the return on your

More information

Company Management System. Business Continuity in SIA

Company Management System. Business Continuity in SIA Company Management System Business Continuity in SIA Document code: Classification: Company Project/Service Year Document No. Version Public INDEX 1. INTRODUCTION... 3 2. SIA S BUSINESS CONTINUITY MANAGEMENT

More information

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

AUDITING A BCP PLAN. Thomas Bronack Auditing a BCP Plan presentation Page: 1

AUDITING A BCP PLAN. Thomas Bronack Auditing a BCP Plan presentation Page: 1 AUDITING A BCP PLAN Thomas Bronack Auditing a BCP Plan presentation Page: 1 What are the Objectives of a Good BCP Plan Protect employees Restore critical business processes or functions to minimize the

More information

2014 NABRICO Conference

2014 NABRICO Conference Business Continuity Planning 2014 NABRICO Conference September 19, 2014 6 CityPlace Drive, Suite 900 St. Louis, Missouri 63141 314.983.1200 1520 S. Fifth Street, Suite 309 St. Charles, Missouri 63303 636.255.3000

More information

Security Architecture. Title Disaster Planning Procedures for Information Technology

Security Architecture. Title Disaster Planning Procedures for Information Technology Category Applicability Title Disaster Planning Procedures for Information Technology All Public Entities (See the Applicability section below.) Standard - A degree or level of requirement that all jurisdictions

More information

The case for cloud-based disaster recovery

The case for cloud-based disaster recovery IBM Global Technology Services IBM SmartCloud IBM SmartCloud Virtualized Server Recovery i The case for cloud-based disaster recovery Cloud technologies help meet the need for quicker restoration of service

More information

Best Practices in Disaster Recovery Planning and Testing

Best Practices in Disaster Recovery Planning and Testing Best Practices in Disaster Recovery Planning and Testing axcient.com 2015. Axcient, Inc. All Rights Reserved. 1 Best Practices in Disaster Recovery Planning and Testing Disaster Recovery plans are widely

More information

Interactive-Network Disaster Recovery

Interactive-Network Disaster Recovery Interactive-Network Disaster Recovery BACKGROUND IT systems are vulnerable to a variety of disruptions, ranging from mild (e.g., short-term power outage, disk drive failure) to severe (e.g., terrorism,

More information

ESCB definitions of major business continuity terms in relation to payment and securities settlement systems 1

ESCB definitions of major business continuity terms in relation to payment and securities settlement systems 1 ESCB definitions of major business continuity terms in relation to payment and securities settlement systems 1 June 2007 The ESCB has developed a glossary of major business continuity terms for market

More information

BC / DR Implementation Tying Disaster Recovery Investment to Measurable Business Value

BC / DR Implementation Tying Disaster Recovery Investment to Measurable Business Value BC / DR Implementation Tying Disaster Investment to Measurable Business Value Continuity Insights Conference May 16-18, 2005 Agenda Purpose Discuss best practice process and tools that might be leveraged

More information

What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility

What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility Your Guide to Cost, Security, and Flexibility What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility 10 common questions answered Over the last decade, cloud backup, recovery

More information

BUSINESS CONTINUITY PLAN

BUSINESS CONTINUITY PLAN How to Develop a BUSINESS CONTINUITY PLAN To print to A4, print at 75%. TABLE OF CONTENTS SUMMARY SUMMARY WHAT IS A BUSINESS CONTINUITY PLAN? CHAPTER PREPARING TO WRITE YOUR BUSINESS CONTINUITY PLAN CHAPTER

More information

: Chief Executive Officers of all Licensed Commercial Banks, Primary Dealers, Central Depository Systems (Pvt) Ltd. and LankaClear (Pvt.) Ltd.

: Chief Executive Officers of all Licensed Commercial Banks, Primary Dealers, Central Depository Systems (Pvt) Ltd. and LankaClear (Pvt.) Ltd. March 29, 2006 BCP Guidelines No: 01/2006 To : Chief Executive Officers of all Licensed Commercial Banks, Primary Dealers, Central Depository Systems (Pvt) Ltd. and LankaClear (Pvt.) Ltd. Introduction

More information

Monetary Authority of Singapore BUSINESS CONTINUITY MANAGEMENT GUIDELINES

Monetary Authority of Singapore BUSINESS CONTINUITY MANAGEMENT GUIDELINES Monetary Authority of Singapore BUSINESS CONTINUITY MANAGEMENT GUIDELINES June 2003 TABLE OF CONTENTS 1.0 INTRODUCTION... 1 1.1 READINESS IS YOUR ONLY PROTECTION... 1 1.2 APPLICATION OF THE GUIDELINES...

More information

TUFTS HEALTH PLAN CORPORATE CONTINUITY STRATEGY FREQUENTLY ASKED QUESTIONS OVERVIEW CORPORATE CONTINUITY PROGRAM.

TUFTS HEALTH PLAN CORPORATE CONTINUITY STRATEGY FREQUENTLY ASKED QUESTIONS OVERVIEW CORPORATE CONTINUITY PROGRAM. TUFTS HEALTH PLAN CORPORATE CONTINUITY STRATEGY FREQUENTLY ASKED QUESTIONS July 2015 OVERVIEW The intent of this document is to provide external customers and auditors with a high-level overview of the

More information

Business Continuity Management Policy

Business Continuity Management Policy Business Continuity Management Policy Business Continuity Policy Version 1.0 1 Version control Version Date Changes Author 0.1 April 13 1 st draft PH 0.2 June 13 Amendments in line with guidance PH 0.3

More information

GUIDELINES FOR BUSINESS CONTINUITY IN WHOLESALE MARKETS AND SUPPORT SYSTEMS MARKET SUPERVISION OFFICE. October 2004

GUIDELINES FOR BUSINESS CONTINUITY IN WHOLESALE MARKETS AND SUPPORT SYSTEMS MARKET SUPERVISION OFFICE. October 2004 GUIDELINES FOR BUSINESS CONTINUITY IN WHOLESALE MARKETS AND SUPPORT SYSTEMS MARKET SUPERVISION OFFICE October 2004 1 1. Introduction Guaranteeing the efficiency and correct operation of money and financial

More information

SCOPE; ENFORCEMENT; AUTHORITY; EXCEPTIONS

SCOPE; ENFORCEMENT; AUTHORITY; EXCEPTIONS Title: DRAFT USG Continuity of Operation Plan Policy Policy Number: 2009-Julian Date Topical Security Area: Document Type: Standard Pages: Words: Lines: 5 1,387 182 Issue Date: May-09 Effective Date: Immediately

More information

Unit Guide to Business Continuity/Resumption Planning

Unit Guide to Business Continuity/Resumption Planning Unit Guide to Business Continuity/Resumption Planning (February 2009) Revised June 2011 Executive Summary... 3 Purpose and Scope for a Unit Business Continuity Plan(BCP)... 3 Resumption Planning... 4 Assumptions

More information

[INSERT NAME OF SCHOOL] BUSINESS CONTINUITY PLAN

[INSERT NAME OF SCHOOL] BUSINESS CONTINUITY PLAN Plan Ref No: [INSERT NAME OF SCHOOL] BUSINESS CONTINUITY PLAN PLAN DETAILS Date Written Plan Owner Plan Writer Version Number Review Schedule 6 monthly Annually Date of Plan Review Date of Plan Exercise

More information

PBSi Business Continuity Planning

PBSi Business Continuity Planning Business Continuity Planning Definition Business Continuity planning is a planning process designed to reduce the risk that disruptive failures or events could seriously harm your business. It is designed

More information

END TO END DATA CENTRE SOLUTIONS COMPANY PROFILE

END TO END DATA CENTRE SOLUTIONS COMPANY PROFILE END TO END DATA CENTRE SOLUTIONS COMPANY PROFILE About M 2 TD M2 TD is a wholly black Owned IT Consulting Business. M 2 TD is a provider of data center consulting and managed services. In a rapidly changing

More information

Table of contents. Providing continuity for your key business processes. A white paper on HP s Business Continuity and Availability Solutions

Table of contents. Providing continuity for your key business processes. A white paper on HP s Business Continuity and Availability Solutions Providing continuity for your key business processes A white paper on HP s Business Continuity and Availability Solutions Table of contents Executive summary...2 Reducing business risks...3 Availability

More information

IBM Global Technology Services March 2008. Virtualization for disaster recovery: areas of focus and consideration.

IBM Global Technology Services March 2008. Virtualization for disaster recovery: areas of focus and consideration. IBM Global Technology Services March 2008 Virtualization for disaster recovery: Page 2 Contents 2 Introduction 3 Understanding the virtualization approach 4 A properly constructed virtualization strategy

More information

QUICK FACTS. Replicating Canada-based Database Support at a New Facility in the U.S. TEKSYSTEMS GLOBAL SERVICES CUSTOMER SUCCESS STORIES

QUICK FACTS. Replicating Canada-based Database Support at a New Facility in the U.S. TEKSYSTEMS GLOBAL SERVICES CUSTOMER SUCCESS STORIES [ Energy Services, Managed Services Offering/ Network Infrastructure Services ] TEKSYSTEMS GLOBAL SERVICES CUSTOMER SUCCESS STORIES Client Profile Industry: Oil and natural gas Revenue: Approximately $5.2

More information