Why Should Companies Take a Closer Look at Business Continuity Planning?

Size: px
Start display at page:

Download "Why Should Companies Take a Closer Look at Business Continuity Planning?"

Transcription

1 whitepaper Why Should Companies Take a Closer Look at Business Continuity Planning? How Datalink s business continuity and disaster recovery solutions can help organizations lessen the impact of disasters and incidents. Over the last 30 years, companies have significantly changed their approach to ensuring that their businesses can continue to run in the event of a catastrophe. In the 1970s, IT departments responsible for companies information-based assets focused on the recovery of the data center and associated networks. By the 1990s, the focus had shifted to business units. The commitment of management became a critical success factor in the development of business continuity plans, as both IT and the business were required to develop those plans. As a result of 9/11, organizations extended business continuity planning to create enterprise-wide plans. Today, executive management is much more involved in ensuring the success of the plans, and the focus has shifted from power, hardware, and software outages to regulatory requirements, business requirements, and non-traditional events such as terrorist attacks Disaster recovery planning > Recovery of data centers and networks > Located in IT department Contingency planning > Expanded scope of planning > Focus of audit / limited support Business continuity > Move within business areas > Management commitment Business resiliency > Enterprise-wide planning > Executive management involvement > Resiliency and sustainability Power outage Hardware outage Software outage Power outage Hardware outage Software outage Power outage Hardware outage Software outage Pandemics Terrorist attacks Biological / chemical attacks Business requirements May 2010 page 1

2 Business continuity planning / disaster recovery (BC / DR) definitions Many organizations still merge the terms disaster recovery and business continuity. However, for the purpose of this paper, each term is defined so that all parties involved have the same foundation from which to work. Disaster recovery is the process by which you resume business after a disruptive event. Events can range from significant (e.g., an earthquake, a terrorist attack) to something smaller like malfunctioning software caused by a computer virus. However, given the human tendency to look on the bright side, many business executives are prone to ignoring disaster recovery because disasters seem unlikely to occur. Business continuity planning suggests a more comprehensive approach to ensuring that the business can continue to make money, not only after a natural calamity, but also in the event of smaller disruptions including illness or departure of key staffers, supply chain partner problems, or other challenges that businesses face from time to time. The business continuity plan (BCP) encompasses every aspect of any recovery procedure used to keep a company operating. It provides an understanding of the risks the company has identified, mitigation for those risks, business impacts of the risks, and a mapping of critical business functions to the organization. A part of the BCP, the disaster recovery plan focuses on the recovery or resumption of IT as it supports the business. Disaster recovery plan Business continuity plan > The document that defines the resources, actions, tasks, and data required to manage the recovery of IT systems that support business functions. > The plan involves: _ Deficiency analysis _ Test drills _ Disaster recovery handbook > Technological recovery, mostly IT Disaster recovery plan Business continuity plan > The creation and validation of a practiced logistical plan for how an organization will recover and restore partially or completely interrupted critical (urgent) functions within a predetermined time after a disaster or extended disruption. > The plan involves: _ Risk assessment _ Business impact analysis _ Timely recovery of mission-critical processes _ Return to normal operations May 2010 page 2

3 Reasons for developing business continuity capabilities Changes in business processes and technology, increased terrorism concerns, recent catastrophic natural disasters, and the threat of a pandemic have focused even greater attention on the need for effective business continuity planning. Executive management is now expected to consider the potential for area-wide disasters that could affect an entire region and result in significant losses to the organization. In most cases, recovery time objectives (RTOs) are now much shorter than they were a few years ago, and for some institutions, RTOs are based on hours and even minutes. Ultimately, all business units should anticipate and plan for the unexpected and ensure that their business continuity planning processes appropriately address the lessons they have learned from past disasters. General Dwight D. Eisenhower said, In preparing for battle, I have always found that plans are useless, but planning is indispensable. The same thing can be said about business continuity planning. The real value in business continuity planning lies not in the report that is produced (although call-out lists and procedures are definitely of value), but in the following three areas: The decision-making / assessment process: Identifying what could happen, associated consequences, prevention and mitigation, and the business risks. The data gathering process: Evaluating what type of data you have, who uses it, where it is located, and what risks it faces. The increased awareness that results from such a project. The board and executive management are responsible for ensuring that the organization identifies, assesses, prioritizes, manages, and controls risks as part of the business continuity planning process. The board and senior management should establish policies that define how the organization will manage and control the identified risks. Once a policy is established, the board and senior management must understand the consequences of these identified risks and support continuity planning on a continuous basis. The business continuity planning process should include regular updates to the BCP. The BCP should be updated based on changes in business processes, audit recommendations, and lessons learned from testing. Changes in business processes include technological advancements that allow faster and more efficient processing, thereby reducing acceptable business process recovery periods. For example, in response to competitive and customer demands, many financial institutions are moving toward shorter recovery periods and designing technology recovery solutions into business processes. These technological advances underscore the importance of maintaining a current, enterprise-wide BCP. May 2010 page 3

4 Reasons for developing business continuity capabilities (cont.) Additional industry practices that are commonly used to maintain a current BCP include: Integrating business continuity planning into every business decision Incorporating BCP maintenance responsibilities in applicable employee job descriptions and personnel evaluations Human resources represent one of most critical BCP components, and often, personnel issues are not fully integrated into the enterprise-wide plan. Based on the business impact analysis (BIA), the BCP should assign responsibilities to management, specific personnel, teams, and service providers. Assigning the responsibility for periodic review of the BCP to a planning coordinator, department, group, or committee Performing regular audits and annual, or more frequent, tests of the BCP Business continuity plan Business managers > Availability of service _ Continuous uptime (24x7) _ ebusiness > Manage data _ Timely _ Reliable _ Accurate _ Available > Manage change _ Address customer demands _ Quick delivery times _ Change management BCP CEO, CFO, and CIO > Globalization of businesses _ Single global source of products business model > Corporate image _ Robust _ Reliable _ Resilient Legal authorities and customers > Shareholder value _ Reason to invest > Legal requirements _ Sarbanes-Oxley Act _ HIPA A _ NFPA 1600 Standard > Insurance and financial conditions _ Financial decisions _ Insurance discounts > Customer consideration _ Competitive advantage _ Customer contract _ Customer disaster recovery requests from vendors May 2010 page 4

5 Plan purpose A BCP provides for the continuation of critical business functions and the recovery of those functions in the event of a disaster. Many potential contingencies and disasters can be averted, or the damage they cause can be reduced, if appropriate steps are taken to manage through the event. A completed plan outlines the course of action taken in the event of an emergency and the recovery process for business units to return to normal business operation. The BCP addresses the following: How will management prepare employees for a disaster, reduce the overall risks, and shorten the recovery window? How will decision-making succession be determined in the event management personnel are unavailable? How will management continue operations if employees are unable or unwilling to return to work due to personal losses, closed roads, or unavailable transportation? Who will be responsible for contacting employees and directing them to their alternate locations, if required? Who will be responsible for leading the various BCP teams (e.g., crisis / emergency, recovery, technology, communications, facilities, human resources, business units and processes, and customer service)? Who will be the primary contact for critical vendors, suppliers, and service providers? Who will be responsible for security (information and physical)? May 2010 page 5

6 Plan objectives Objectives of the BCP include: Reducing the risk of disruption of operations or loss of information Communicating responsibilities for the protection of information and continuity of mission-critical business functions Minimizing the number of decisions that must be made following an event Decreasing dependence on the participation of any one specific person in the response process Minimizing the need to develop procedures during response May 2010 page 6

7 Plan components All BCPs need to encompass how employees will communicate, where they will go, and how they will keep doing their jobs. Details can vary greatly, depending on the size and scope of a company and the way it does business. For some businesses, issues such as supply chain logistics are most crucial and are the focus of the plan. For others, IT may play a more pivotal role, and the developed plan may concentrate on systems recovery. For example, the plan at one global manufacturing company would restore critical mainframes with vital data at a backup site within four to six days of a disruptive event; obtain a mobile PBX unit with 3,000 telephones within two days; recover the company s more than 1,000 LANs in order of business need; and set up a temporary call center for 100 agents at a nearby training facility. But the critical point is that neither IT systems nor supply chain logistics can be ignored, and IT and human resources plans cannot be developed in isolation from each other. BC / DR is about constant communication. Business and IT leaders should work together to determine what kind of plan is necessary and which processes and business units are most crucial to the company. Together, they should decide which people are responsible for declaring a disruptive event and mitigating its effects. Most importantly, the plan should establish a process for locating and communicating with employees after such an event. In case of a catastrophic event, the plan also needs to account for employees who have more pressing concerns than returning to work, as was recently demonstrated along the U.S. Gulf Coast during the aftermath of Hurricane Ike. May 2010 page 7

8 Plan components (cont.) To be successful, the BCP should include the following items at a minimum: 1. Escalation chart documents the escalation path for specific issues based on prepared scenarios 2. Call list determines who is on call and how to contact those people supporting specific components of the plan 3. Actions to take document action items and recommended decisions to minimize decisionmaking in a crisis 4. Recovery inventories identify the items required for recovery to determine what can be recovered if lost (e.g., building, systems, etc.). 5. Disaster recovery plans establish the procedure for recovering IT systems 6. Responsibilities determine roles and responsibilities of personnel during a disaster and as part of ongoing plan maintenance 7. Priorities provide the recovery priority and sequence 8. Administration maintenance and exercising identify required maintenance and sign-offs 9. Organization details organizational charts 10. Alternate facilities and resources list backup work and recovery locations (e.g., contracts, vendor) Alternate facilities and resources Recovery time objectives / recovery point objectives Escalation Call lists Organization Actions Administrative maintenance and exercising Recovery inventories Priorities Responsibilities Disaster recovery plans May 2010 page 8

9 Plan organization Business continuity plan Risk analysis and business impact analysis Mission-critical processes Business impact analysis and assessment Risk identification Risk analysis and assessment Countermeasures development of recovery strategy disaster recovery plan response and escalation strategy Complete infrastructure Applications and processes Network topology Escalation procedures Notification tree Revoery process Workstations / notebooks / printers Contracts and service-level agreements Data backup and archiving Emergency declaration procedures Emergency response teams Support function teams Statutory infrastructure Telecom infrastructure Servers Vendor notification Facilities management External agencies Development and implementation of plan Solution deployment based on strategy adopted Test drills Training and maintenance May 2010 page 9

10 Plan organization (cont.) Below is a sample of how a BCP might be organized: Section 1: General company information Plan mission statement Outage emergency definition Escalation levels Service levels during an outage emergency Listing of business functions and processes Definition of criticality Section 2: Business recovery teams Description of recovery teams List of team members List of team tasks Section 3: Backup procedures Configurations Inventories Applications Backup procedures Inventories of offsite data, documents, forms, and supplies Section 4: Recovery procedures Hardware Software Communications Applications Section 5: Implementation plan Tasks required for execution of BCP Section 6: Recovery exercise plan Parameters Objectives Measurement criteria Section 7: Recovery plan maintenance Requirements Procedures Section 8: Relocation / migration plan Tasks required to return to permanent site Appendices: Vendor contacts Equipment lists Personnel information Forms / documents May 2010 page 10

11 Why build a BCP rather than move to a second data center for disaster recovery? The most significant benefits of developing a BCP are the organization and prioritization of processes and applications required to recover critical business processes in an orderly fashion. Moving to a secondary site without developing a plan essentially doubles your infrastructure costs and does not ensure business continuity or disaster recovery. Key drivers for these excess costs include: Lack of application consolidation and virtualization planning could make determining budget priorities more difficult. Lack of process modification could lead to disruptions and additional downtime. Unplanned outages during the transition phase could impact the business and customers. Not all processes or applications will need redundancy immediately, if at all. Lack of a plan may emphasize quantity over quality, which in turn, will decrease productivity and impact the customer experience. Failover of equipment does not guarantee failover of systems, extending potential outages. Lack of planning could conceal critical interdependencies among in-house applications and other companies. Lack of planning may result in purchasing infrastructure to mirror technologies at end of life or late in the technology refresh cycle. Lack of planning may impact balancing the risks and benefits of the second site. May 2010 page 11

12 Why Datalink? Datalink s consultative methodology provides a consistent framework for our customers to execute the basic steps to develop a BCP for their organizations. By introducing the steps needed to develop a complete plan, customers can lessen the impact an incident or disaster has on their businesses. By integrating our proven best practices into an individualized process, we turn business continuity and disaster recovery into an overall change process. We get to know each customer s organization, and then leveraging our 20 years of experience as end-to-end data center specialists, we develop a reliable foundation that is tailored to your organization. Our consultative methodology includes: Identifying and validating mission-critical business functions aligned with IT support capabilities Improving security and compliance Optimizing capital investments Reducing the risk of disruption to operations or loss of information Establishing documented responsibilities for mission-critical business functions Defining and testing disaster recovery plans phase one Project initiation > Execution support (sponsor, committee) > Objective setting Business leaders / decision makers phase two Discovery and assessment > Identify business-critical needs > Risk identification and assessment > Business impact assessment Historical and current understanding Development of strategies phase three > Disaster recovery plan (DR) > Business continuity plan (BCP) > Response and escalation plans DR BCP Piecing it together Testing and maintenance phase four > Gap assessments > Training > Preparation Testing and training May 2010 page 12

13 Why Datalink? (cont.) Critical to the execution of a successful project, initiation activities occur during the first week of our projects. Datalink works with customers to finalize the project schedule, secure resource commitments, and outline key procedural processes. A key element of the discovery and assessment phase is a BIA that identifies the business most crucial systems and processes and the effect an outage would have on the business. The greater the potential impact, the more money a company should spend to restore a system or process quickly. For instance, a stock trading company may decide to pay for completely redundant IT systems that would allow it to immediately start processing trades at another location. On the other hand, a manufacturing company may decide that it can wait 24 hours to resume shipping. A BIA will help companies set a restoration sequence to determine which parts of the business should be restored first. Upon completion of the discovery and assessment, we work with customers to develop the recovery strategies, response and escalation strategies, and the BCP. The final phase of our methodology includes the development and implementation of the plans, including the deployment, testing, and integration into change management. Schedule valuable time with one of our IT specialists to review your BCP objectives today by calling May 2010 page 13

14 Contact our sales team To learn more, visit us online at Making IT happen A complete data center solutions and services provider, Datalink helps Fortune 500 and mid-tier enterprises get the most from every IT investment with storage, server, and network expertise across the infrastructure. We deliver greater business results throughout, designing what we sell, deploying what we design, and supporting what we deliver. Corporate Headquarters Crosstown Circle, Suite 500 Eden Prairie, MN , Datalink. All rights reserved. The information contained herein is subject to change without notice. WP-BCDR

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION Federal Financial Institutions Examination Council FFIEC Business Continuity Planning MARCH 2003 MARCH 2008 BCP IT EXAMINATION H ANDBOOK TABLE OF CONTENTS INTRODUCTION... 1 BOARD AND SENIOR MANAGEMENT

More information

www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014

www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 Agenda Key Definitions Risks Business Continuity Management Program BCM Capability Assessment Process BCM Value Proposition

More information

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK Federal Financial Institutions Examination Council FFIEC Business Continuity Planning BCP FEBRUARY 2015 IT EXAMINATION H ANDBOOK Table of Contents Introduction 1 Board and Senior Management Responsibilities

More information

Business Continuity and Disaster Recovery Planning

Business Continuity and Disaster Recovery Planning Business Continuity and Disaster Recovery Planning Jennifer Brandt, CISA A p r i l 16, 2015 HISTORY OF STINNETT & ASSOCIATES Stinnett & Associates (Stinnett) is a professional advisory firm offering services

More information

Business Continuity Planning Preparing Your Organization

Business Continuity Planning Preparing Your Organization Business Continuity Planning Preparing Your Organization Nicholas De Laurentis, CRM, IGP nick.delaurentis.gmkj@statefarm.com 1 Objectives Understand the importance of Business Continuity Planning Know

More information

Business Continuity Plan

Business Continuity Plan Business Continuity Plan October 2007 Agenda Business continuity plan definition Evolution of the business continuity plan Business continuity plan life cycle FFIEC & Business continuity plan Questions

More information

Table of Contents... 1

Table of Contents... 1 ... 1 Chapter 1 Introduction... 4 1.1 Executive Summary... 4 1.2 Goals and Objectives... 5 1.3 Senior Management and Board of Directors Responsibilities... 5 1.4 Business Continuity Planning Processes...

More information

Business Continuity and Disaster Survival Strategies for the Small and Mid Size Business. www.integrit-network.com

Business Continuity and Disaster Survival Strategies for the Small and Mid Size Business. www.integrit-network.com Business Continuity and Disaster Survival Strategies for the Small and Mid Size Business www.integrit-network.com Business Continuity & Disaster Survival Strategies for the Small & Mid Size Business AGENDA:

More information

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA 1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

CISM Certified Information Security Manager

CISM Certified Information Security Manager CISM Certified Information Security Manager Firebrand Custom Designed Courseware Chapter 4 Information Security Incident Management Exam Relevance Ensure that the CISM candidate Establish an effective

More information

Business Continuity Planning for Risk Reduction

Business Continuity Planning for Risk Reduction Business Continuity Planning for Risk Reduction Ion PLUMB ionplumb@yahoo.com Andreea ZAMFIR zamfir_andreea_ileana@yahoo.com Delia TUDOR tudordelia@yahoo.com Faculty of Management Academy of Economic Studies

More information

Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning 4 Business Continuity Planning and Disaster Recovery Planning Basic Concepts 1. Business Continuity Management: Business Continuity means maintaining the uninterrupted availability of all key business

More information

Temple university. Auditing a business continuity management BCM. November, 2015

Temple university. Auditing a business continuity management BCM. November, 2015 Temple university Auditing a business continuity management BCM November, 2015 Auditing BCM Agenda 1. Introduction 2. Definitions 3. Standards 4. BCM key elements IT Governance class - IT audit program

More information

FORMULATING YOUR BUSINESS CONTINUITY PLAN

FORMULATING YOUR BUSINESS CONTINUITY PLAN WHITE PAPER Page 0 Planning for the Worst Case Scenario: FORMULATING YOUR BUSINESS CONTINUITY PLAN 9 Wing Drive Cedar Knolls, NJ 07927 www.nac.net Page 1 Table of Contents Overview... 2 What is Disaster

More information

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan EMERGENCY PREPAREDNESS PLAN Business Continuity Plan GIS Bankers Insurance Group Powered by DISASTER PREPAREDNESS Implementation Small Business Guide to Business Continuity Planning Surviving a Catastrophic

More information

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

Desktop Scenario Self Assessment Exercise Page 1

Desktop Scenario Self Assessment Exercise Page 1 Page 1 Neil Jarvis Head of IT Security & IT Risk DHL Page 2 From reputation to data loss - how important is business continuity? Neil Jarvis Head of IT Security (EMEA) DHL Logistics IT Security Taking

More information

Business Continuity Planning 101. +1 610 768-4120 (800) 634-2016 www.strohlsystems.com info@strohlsystems.com

Business Continuity Planning 101. +1 610 768-4120 (800) 634-2016 www.strohlsystems.com info@strohlsystems.com Business Continuity Planning 101 Presentation Overview What is business continuity planning Plan Development Plan Testing Plan Maintenance Future advancements in BCP Question & Answer What is a Disaster?

More information

MANAGEMENT AUDIT REPORT DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION

MANAGEMENT AUDIT REPORT DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION MANAGEMENT AUDIT REPORT OF DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION REPORT NO. 13-101 City of Albuquerque Office of Internal Audit

More information

Data Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com Fax: (718) 380-7322

Data Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com Fax: (718) 380-7322 Business Continuity and Disaster Recovery Job Descriptions Table of Contents Business Continuity Services Organization Chart... 2 Director Business Continuity Services Group... 3 Manager of Business Recovery

More information

The PNC Financial Services Group, Inc. Business Continuity Program

The PNC Financial Services Group, Inc. Business Continuity Program The PNC Financial Services Group, Inc. Business Continuity Program subsidiaries) 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis

More information

Business Unit CONTINGENCY PLAN

Business Unit CONTINGENCY PLAN Contingency Plan Template Business Unit CONTINGENCY PLAN Version 1.0 (Date submitted) Submitted By: Business Unit Date Version 1.0 Page 1 1 Plan Review and Updates... 3 2 Introduction... 3 2.1 Purpose...

More information

Business Continuity and Disaster Survival Strategies for the Small and Mid Size Business

Business Continuity and Disaster Survival Strategies for the Small and Mid Size Business Business Continuity and Disaster Survival Strategies for the Small and Mid Size Business Business Continuity & Disaster Survival Strategies for the Small and Mid Size Business AGENDA Welcome / Introduction

More information

Building and Maintaining a Business Continuity Program

Building and Maintaining a Business Continuity Program Building and Maintaining a Business Continuity Program Successful strategies for financial institutions for effective preparation and recovery Table of Contents Introduction...3 This white paper was written

More information

Unit Guide to Business Continuity/Resumption Planning

Unit Guide to Business Continuity/Resumption Planning Unit Guide to Business Continuity/Resumption Planning (February 2009) Revised June 2011 Executive Summary... 3 Purpose and Scope for a Unit Business Continuity Plan(BCP)... 3 Resumption Planning... 4 Assumptions

More information

Assessing Your Disaster. Andrews Hooper Pavlik PLC. Andrews Hooper Pavlik PLC

Assessing Your Disaster. Andrews Hooper Pavlik PLC. Andrews Hooper Pavlik PLC Assessing Your Disaster Recovery Plans Gregory H. Soule, CPA, CISA, CISSP, CFE Andrews Hooper Pavlik PLC Andrews Hooper Pavlik PLC Agenda Business Continuity Concepts Impact Analysis Risk Assessment Risk

More information

Overview of how to test a. Business Continuity Plan

Overview of how to test a. Business Continuity Plan Overview of how to test a Business Continuity Plan Prepared by: Thomas Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com BRP/DRP Test Plan Creation and Exercise Page: 1 Table of Contents BCP/DRP Test

More information

Business Continuity Overview

Business Continuity Overview Business Continuity Overview Beverley A. Retjos Senior Manager WW SWG Security & Controls 03/12/07 Business Continuity Management (BCM) Process of ensuring that a business is prepared to survive any disruption

More information

Business Continuity Management

Business Continuity Management Business Continuity Management cliftonlarsonallen.com Introductions Brian Pye CliftonLarsonAllen Senior Manager Business Risk Services group 15 years of experience with Business Continuity Megan Moore

More information

Creating a Business Continuity Plan for your Health Center

Creating a Business Continuity Plan for your Health Center Creating a Business Continuity Plan for your Health Center 1 Page Left Intentionally Blank 2 About This Manual This tool is the result of collaboration between the Primary Care Development Corporation

More information

State of South Carolina Policy Guidance and Training

State of South Carolina Policy Guidance and Training State of South Carolina Policy Guidance and Training Policy Workshop All Agencies Business Continuity Management Policy June 2014 Agenda Questions & Follow-Up Policy Workshop Overview & Timeline Policy

More information

Executive Briefing Topic 5 Info Assurance and Security. Business Continuity and Disaster Recovery For Information Technology

Executive Briefing Topic 5 Info Assurance and Security. Business Continuity and Disaster Recovery For Information Technology Executive Briefing Topic 5 Info Assurance and Security Business Continuity and Disaster Recovery For Information Technology John Pardini ISYM 540 SSII Current Topics in ISM 7/26/2009 Overview Disaster

More information

Business Continuity Glossary

Business Continuity Glossary Developed In Conjuction with Business Continuity Glossary ACTIVATION: The implementation of business continuity capabilities, procedures, activities, and plans in response to an emergency or disaster declaration;

More information

Business Continuity & Recovery Plan Summary

Business Continuity & Recovery Plan Summary Introduction An organization s ability to survive a significant business interruption is determined by the company s ability to develop, implement, and maintain viable recovery and business continuity

More information

IT Disaster Recovery and Business Resumption Planning Standards

IT Disaster Recovery and Business Resumption Planning Standards Information Technology Disaster Recovery and Business IT Disaster Recovery and Business Adopted by the Information Services Board (ISB) on May 28, 1992 Policy No: Also see: 500-P1, 502-G1 Supersedes No:

More information

BUSINESS CONTINUITY PLAN OVERVIEW

BUSINESS CONTINUITY PLAN OVERVIEW BUSINESS CONTINUITY PLAN OVERVIEW INTRODUCTION The purpose of this document is to provide Loomis customers with an overview of the company s Business Continuity Plan (BCP). Because of the specific and

More information

Some companies never recover from a disaster related loss. A business that cannot operate will lose money, customers, credibility, and good will.

Some companies never recover from a disaster related loss. A business that cannot operate will lose money, customers, credibility, and good will. How Disaster Recovery Planning Can Be Leveraged For Electronic Discovery and Litigation Response Digital Discovery and e-evidence John Connell April 1. 2008 Hurricanes, floods, earthquakes, power outages,

More information

2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level. Tracy L. Hall, MBCP

2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level. Tracy L. Hall, MBCP 2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level Tracy L. Hall, MBCP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C.

More information

2014 NABRICO Conference

2014 NABRICO Conference Business Continuity Planning 2014 NABRICO Conference September 19, 2014 6 CityPlace Drive, Suite 900 St. Louis, Missouri 63141 314.983.1200 1520 S. Fifth Street, Suite 309 St. Charles, Missouri 63303 636.255.3000

More information

NEEDS BASED PLANNING FOR IT DISASTER RECOVERY

NEEDS BASED PLANNING FOR IT DISASTER RECOVERY The Define/Align/Approve Reference Series NEEDS BASED PLANNING FOR IT DISASTER RECOVERY Disaster recovery planning is essential it s also expensive. That s why every step taken and dollar spent must be

More information

Business Continuity & Recovery Plan Summary

Business Continuity & Recovery Plan Summary Introduction An organization s ability to survive a significant business interruption is determined by the company s ability to develop, implement, and maintain viable recovery and business continuity

More information

By: Tracy Hall. Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level. June 9, 2015

By: Tracy Hall. Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level. June 9, 2015 Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level June 9, 2015 By: Tracy Hall MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company,

More information

Success or Failure? Your Keys to Business Continuity Planning. An Ingenuity Whitepaper

Success or Failure? Your Keys to Business Continuity Planning. An Ingenuity Whitepaper Success or Failure? Your Keys to Business Continuity Planning An Ingenuity Whitepaper May 2006 Overview With the level of uncertainty in our world regarding events that can disrupt the operation of an

More information

Intel Business Continuity Practices

Intel Business Continuity Practices Intel Business Continuity Practices As a global corporation with locations and suppliers all over the world, Intel requires every designated Intel organization to embed business continuity as a core business

More information

FlyntGroup.com. Enterprise Risk Management and Business Impact Analysis: Understanding, Treating and Monitoring Risk

FlyntGroup.com. Enterprise Risk Management and Business Impact Analysis: Understanding, Treating and Monitoring Risk Enterprise Risk Management and Business Impact Analysis: Understanding, Treating and Monitoring Risk 2012 The Flynt Group, Inc., All Rights Reserved FlyntGroup.com Enterprise Risk Management and Business

More information

Evaluation of the Railroad Retirement Board s Disaster Recovery Plan Report No. 06-08, August 14, 2006 INTRODUCTION

Evaluation of the Railroad Retirement Board s Disaster Recovery Plan Report No. 06-08, August 14, 2006 INTRODUCTION Evaluation of the Railroad Retirement Board s Disaster Recovery Plan Report No. 06-08, August 14, 2006 INTRODUCTION This report presents the results of the Office of Inspector General s evaluation of the

More information

PPSADOPTED: OCT. 2012 BACKGROUND POLICY STATEMENT PHYSICAL FACILITIES. PROFESSIONAL PRACTICE STATEMENT Developing a Business Continuity Plan

PPSADOPTED: OCT. 2012 BACKGROUND POLICY STATEMENT PHYSICAL FACILITIES. PROFESSIONAL PRACTICE STATEMENT Developing a Business Continuity Plan PROFESSIONAL PRACTICE STATEMENT Developing a Business Continuity Plan OCT. 2012 PPSADOPTED: What is a professional practice statement? Professional Practice developed by the Association Forum of Chicagoland

More information

IT Disaster Recovery Plan Template

IT Disaster Recovery Plan Template HOPONE INTERNET CORP IT Disaster Recovery Plan Template Compliments of: Tim Sexton 1/1/2015 An information technology (IT) disaster recovery (DR) plan provides a structured approach for responding to unplanned

More information

Ohio Supercomputer Center

Ohio Supercomputer Center Ohio Supercomputer Center IT Business Continuity Planning No: Effective: OSC-13 06/02/2009 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original

More information

White Paper. Lifecycle Disaster Recovery Costs

White Paper. Lifecycle Disaster Recovery Costs White Paper Lifecycle Disaster Recovery Costs Lifecycle Disaster Recovery Costs Do you really understand the costs to a financial institution for IT Disaster Recovery? Most professionals working in a

More information

BUSINESS CONTINUITY PLANNING GUIDELINES

BUSINESS CONTINUITY PLANNING GUIDELINES BUSINESS CONTINUITY PLANNING GUIDELINES Washington University in St. Louis The purpose of this guide is to serve as a tool to all departments, divisions, and labs across the University in building a Business

More information

DISASTER RECOVERY PLANNING GUIDE

DISASTER RECOVERY PLANNING GUIDE DISASTER RECOVERY PLANNING GUIDE AN INTRODUCTION TO BUSINESS CONTINUITY PLANNING FOR JD EDWARDS SOFTWARE CUSTOMERS www.wts.com WTS Disaster Recovery Planning Guide Page 1 Introduction This guide will provide

More information

Western Intergovernmental Audit Forum

Western Intergovernmental Audit Forum Western Intergovernmental Audit Forum Business Continuity & Disaster Recovery Planning September 12, 2013 Presented by: City of Phoenix City Auditor Department Aaron Cook, Sr Internal Auditor IT Audit

More information

Business Continuity and Disaster Planning

Business Continuity and Disaster Planning WHITE PAPER Business Continuity and Disaster Planning A guide to preparing for the unexpected Robert Drewniak Director, Strategic & Advisory Services Disasters are not always the result of high winds and

More information

Managing business risk

Managing business risk Managing business risk What senior managers need to know about business continuity bell.ca/businesscontinuity Information and Communications Technology (ICT) has become more vital than ever to the success

More information

BUSINESS CONTINUITY PLAN

BUSINESS CONTINUITY PLAN How to Develop a BUSINESS CONTINUITY PLAN To print to A4, print at 75%. TABLE OF CONTENTS SUMMARY SUMMARY WHAT IS A BUSINESS CONTINUITY PLAN? CHAPTER PREPARING TO WRITE YOUR BUSINESS CONTINUITY PLAN CHAPTER

More information

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning MARCH 2003 IT EXAMINATION H ANDBOOK

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning MARCH 2003 IT EXAMINATION H ANDBOOK Federal Financial Institutions Examination Council FFIEC Business Continuity Planning MARCH 2003 BCP IT EXAMINATION H ANDBOOK TABLE OF CONTENTS INTRODUCTION... 1 BOARD AND SENIOR MANAGEMENT RESPONSIBILITIES...

More information

Business Continuity Position Description

Business Continuity Position Description Position Description February 9, 2015 Position Description February 9, 2015 Page i Table of Contents General Characteristics... 2 Career Path... 3 Explanation of Proficiency Level Definitions... 8 Summary

More information

Continuity of Operations Planning. A step by step guide for business

Continuity of Operations Planning. A step by step guide for business What is a COOP? Continuity of Operations Planning A step by step guide for business A Continuity Of Operations Plan (COOP) is a MANAGEMENT APPROVED set of agreed-to preparations and sufficient procedures

More information

Disaster Recovery Plan

Disaster Recovery Plan Disaster Recovery Plan Date: Revision: 8.0 EXTERNAL BCP PLAN PAGE 1 OF 12 Federal regulation states, and internal corporate policies require, that Penson Financial Services, Inc. (Penson) develop Business

More information

Interactive-Network Disaster Recovery

Interactive-Network Disaster Recovery Interactive-Network Disaster Recovery BACKGROUND IT systems are vulnerable to a variety of disruptions, ranging from mild (e.g., short-term power outage, disk drive failure) to severe (e.g., terrorism,

More information

Datacenter Migration Think, Plan, Execute

Datacenter Migration Think, Plan, Execute Datacenter Migration Think, Plan, Execute Datacenter migration is often regarded as a purely technical, almost trivial side-project, to be delivered by existing IT staff alongside their day jobs. With

More information

AUDITING A BCP PLAN. Thomas Bronack Auditing a BCP Plan presentation Page: 1

AUDITING A BCP PLAN. Thomas Bronack Auditing a BCP Plan presentation Page: 1 AUDITING A BCP PLAN Thomas Bronack Auditing a BCP Plan presentation Page: 1 What are the Objectives of a Good BCP Plan Protect employees Restore critical business processes or functions to minimize the

More information

The University of Iowa. Enterprise Information Technology Disaster Plan. Version 3.1

The University of Iowa. Enterprise Information Technology Disaster Plan. Version 3.1 Version 3.1 November 22, 2004 TABLE OF CONTENTS PART 1: DISASTER RECOVERY EXPECTATIONS... 3 OVERVIEW...3 EXPECTATIONS PRIOR TO AN INCIDENT OCCURRENCE...3 EXPECTATIONS PRIOR TO A DISASTER OCCURRENCE...4

More information

The PNC Financial Services Group, Inc. Business Continuity Program

The PNC Financial Services Group, Inc. Business Continuity Program The PNC Financial Services Group, Inc. Business Continuity Program 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis (BIA) Page

More information

Principles for BCM requirements for the Dutch financial sector and its providers.

Principles for BCM requirements for the Dutch financial sector and its providers. Principles for BCM requirements for the Dutch financial sector and its providers. Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) Werkgroep BCM requirements 21 September 2011

More information

Disaster Recovery and Business Continuity Plan

Disaster Recovery and Business Continuity Plan Disaster Recovery and Business Continuity Plan Table of Contents 1. Introduction... 3 2. Objectives... 3 3. Risks... 3 4. Steps of Disaster Recovery Plan formulation... 3 5. Audit Procedure.... 5 Appendix

More information

Business Continuity & Disaster Recovery

Business Continuity & Disaster Recovery Business Continuity & Disaster Recovery Safety First Quality Every Time 1 Business Continuity & Disaster Recovery Planning Who here has a formal Business Continuity & Disaster Recovery plan? The purpose

More information

Disaster Recovery Plan

Disaster Recovery Plan Disaster Recovery Plan Date: February 2, 2009 Revision: 9.0 EXTERNAL BUSINESS CONTINUITY PLAN PAGE 1 of 13 Federal regulation states, and internal corporate policies require, that Penson Financial Services,

More information

Offsite Disaster Recovery Plan

Offsite Disaster Recovery Plan 1 Offsite Disaster Recovery Plan Offsite Disaster Recovery Plan Presented By: Natan Verkhovsky President Disty Portal Inc. 2 Offsite Disaster Recovery Plan Introduction This document is a comprehensive

More information

BCP and DR. P K Patel AGM, MoF

BCP and DR. P K Patel AGM, MoF BCP and DR P K Patel AGM, MoF Key difference between BS 25999 and ISO 22301 ISO 22301 puts a much greater emphasis on setting the objectives, monitoring performance and metrics aligning BC to top management

More information

Business Continuity Management Software

Business Continuity Management Software Business Continuity Management (BCM) Software 1 Business Continuity Management Software All In One Continuity Management Solution A Single Platform Approach Manage entire lifecycle with comprehensive BC

More information

Statement of Guidance

Statement of Guidance Statement of Guidance Business Continuity Management All Licensees 1. Statement of Objectives 1.1. To enhance the resilience of the financial sector and to minimise the potential impact of a major operational

More information

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP IT Disaster Recovery Plan Template By Paul Kirvan, CISA, CISSP, FBCI, CBCP Revision History REVISION DATE NAME DESCRIPTION Original 1.0 2 Table of Contents Information Technology Statement

More information

Information Security Management: Business Continuity Planning. Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt.

Information Security Management: Business Continuity Planning. Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt. Information Security Management: Business Continuity Planning Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt. Overview BCP: Definition BCP: Need for (Why?) BCP: When BCP: Who

More information

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14

More information

CITY UNIVERSITY OF HONG KONG Business Continuity Management Standard

CITY UNIVERSITY OF HONG KONG Business Continuity Management Standard PUBLIC Version: 1.0 CITY UNIVERSITY OF HONG KONG Business Continuity Management Standard (Approved by the Information Strategy and Governance Committee in December 2013; revision 1.1 approved by Chief

More information

Building a strong business continuity plan

Building a strong business continuity plan Building a strong business continuity plan Protect your clients and firm with a well-planned business continuity plan A solid business continuity plan (BCP) is about more than simply staying in compliance.

More information

Technology Recovery Plan Instructions

Technology Recovery Plan Instructions State of California California Information Security Office Technology Recovery Plan Instructions SIMM 5325-A (Formerly SIMM 65A) September 2013 REVISION HISTORY REVISION DATE OF RELEASE OWNER SUMMARY OF

More information

MHA Consulting. Business Continuity Management 101

MHA Consulting. Business Continuity Management 101 0 MHA Consulting Business Continuity Management 101 Presented by: Michael Herrera Brandon Magestro MHA Consulting Agenda MHA Consulting Introduction Business Continuity Management (BCM) Defined 2013 Trends

More information

Hanh Do, Director, Information System Audit Division, GAA. SUBJECT: Review of HUD s Information Technology Contingency Planning and Preparedness

Hanh Do, Director, Information System Audit Division, GAA. SUBJECT: Review of HUD s Information Technology Contingency Planning and Preparedness Issue Date: August 31, 2006 Audit Report Number 2006-DP-0005 TO: Lisa Schlosser, Chief Information Officer, A FROM: Hanh Do, Director, Information System Audit Division, GAA SUBJECT: Review of HUD s Information

More information

With the large number of. How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning. Virginia A. Jones, CRM, FAI RIM FUNDAMENTALS

With the large number of. How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning. Virginia A. Jones, CRM, FAI RIM FUNDAMENTALS How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning The world has experienced a great deal of natural and man-made upheaval and destruction in the past few years, including tornadoes,

More information

Business Continuity and Disaster Recovery Planning

Business Continuity and Disaster Recovery Planning Business Continuity and Disaster Recovery Planning Jeffrey P. Back 2009 Oncore Associates, LLC Business Continuity Planning Business continuity planning is the way an organization can prepare for and aid

More information

Business Continuity Planning. Presentation and. Direction

Business Continuity Planning. Presentation and. Direction Business Continuity Planning Presentation and Direction Thomas Bronack, president Data Center Assistance Group, Inc. 15180 20 th Avenue Whitestone, NY 11357 Phone: (718) 591-5553 Email: bronackt@dcag.com

More information

HA / DR Jargon Buster High Availability / Disaster Recovery

HA / DR Jargon Buster High Availability / Disaster Recovery HA / DR Jargon Buster High Availability / Disaster Recovery Welcome to Maxava s Jargon Buster. Your quick reference guide to Maxava HA and industry technical terms related to High Availability and Disaster

More information

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD. Business Continuity Management & Disaster Recovery Planning Presented by: Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD. 1 What is Business Continuity Management? Is a holistic management

More information

Business Continuity. Port environment

Business Continuity. Port environment Business Continuity Port environment DEFINE BUSINESS CONTINUITY WHAT IT IS NOT RECOVERY FOCUS: PEOPLE PROCESSES TECHNOLOGY DELIVERABLES INFRAGARD DEFINITION MANAGEMENT PROCESS DEVELOPING ADVANCE PROCEDURES

More information

ASX SETTLEMENT OPERATING RULES Guidance Note 10

ASX SETTLEMENT OPERATING RULES Guidance Note 10 BUSINESS CONTINUITY AND DISASTER RECOVERY The purpose of this Guidance Note The main points it covers To assist participants to understand the disaster recovery and business continuity arrangements they

More information

Keys to a Successful Data Center Relocation

Keys to a Successful Data Center Relocation whitepaper Keys to a Successful Data Center Relocation Table of contents What you will learn 2 Selecting a DCR planning partner 3 The five keys to achieving DCR success 4 A DCR success story 7 Conclusion

More information

Q uick Guide to Disaster Recovery Planning An ITtoolkit.com White Paper

Q uick Guide to Disaster Recovery Planning An ITtoolkit.com White Paper This quick reference guide provides an introductory overview of the key principles and issues involved in IT related disaster recovery planning, including needs evaluation, goals, objectives and related

More information

Disaster Recovery Journal Spring World 2014

Disaster Recovery Journal Spring World 2014 Disaster Recovery Journal Spring World 2014 What works: Services and service supply chain business continuity risk management Don Hall, CBCP, Cisco Services Business Continuity Analyst Cisco Systems, Inc.

More information

BUSINESS RESILIENCE READY OR NOT

BUSINESS RESILIENCE READY OR NOT BUSINESS RESILIENCE READY OR NOT EDC Whitepaper 2014 Table of Contents Executive Summary 2 Need for Effective BCM 2 Government requirements for BCM 4 The Challenge - Disasters and Threats 4 Pandemic and

More information

SAMPLE IT CONTINGENCY PLAN FORMAT

SAMPLE IT CONTINGENCY PLAN FORMAT SAMPLE IT CONTINGENCY PLAN FORMAT This sample format provides a template for preparing an information technology (IT) contingency plan. The template is intended to be used as a guide, and the Contingency

More information

DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES

DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES APPENDIX 1 DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES March 2008 Auditor General s Office Jeffrey Griffiths, C.A., C.F.E. Auditor General City of Toronto TABLE OF CONTENTS EXECUTIVE SUMMARY...1

More information

The events of September 11, 2001 didn t

The events of September 11, 2001 didn t 09laliberte-p44 3/4/08 3:46 PM Page 2 MANAGEMENT STRATEGIES How Disaster-Tolerant Is Your Company? By Bob Laliberte Bob Laliberte is an analyst with the Enterprise Strategy Group, www. enterprisestrategygroup.com,

More information

Business Continuity and Disaster Recovery Planning from an Information Technology Perspective

Business Continuity and Disaster Recovery Planning from an Information Technology Perspective Business Continuity and Disaster Recovery Planning from an Information Technology Perspective Presenter: David Bird, Director of Sales, Business Technology Consultant phone: 215-672-7100 email: dbird@quatro.com

More information

Company Management System. Business Continuity in SIA

Company Management System. Business Continuity in SIA Company Management System Business Continuity in SIA Document code: Classification: Company Project/Service Year Document No. Version Public INDEX 1. INTRODUCTION... 3 2. SIA S BUSINESS CONTINUITY MANAGEMENT

More information

ASX CLEAR (FUTURES) OPERATING RULES Guidance Note 10

ASX CLEAR (FUTURES) OPERATING RULES Guidance Note 10 BUSINESS CONTINUITY AND DISASTER RECOVERY The purpose of this Guidance Note The main points it covers To assist participants to understand the disaster recovery and business continuity arrangements they

More information

Disaster Recovery Policy

Disaster Recovery Policy Disaster Recovery Policy INTRODUCTION This policy provides a framework for the ongoing process of planning, developing and implementing disaster recovery management for IT Services at UCD. A disaster is

More information

Recovery Site Evaluation: Finding Viable Alternatives

Recovery Site Evaluation: Finding Viable Alternatives Delivering the business value of IT. Recovery Site Evaluation: Finding Viable Alternatives Michael Croy Director, Business Continuity Solutions, Forsythe Solutions Group Session Agenda - Past to Present:

More information