IT Infrastructure is Key to Growth. Infrastructure nventory.

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "IT Infrastructure is Key to Growth. Infrastructure nventory."

Transcription

1

2 Introduction. The overall objective of an Information Technology (IT) Assessment is to evaluate whether an enterprise s current IT strategy is tightly coupled to the enterprise plans and challenges. Current and emerging IT technologies should be considered in determining their relevancy to the enterprise s defined goals and business objectives. During an IT Assessment, the high level business operations are examined with its strategies and goals, along with the IT strategy and planning, the currently installed IT infrastructure, and the IT operational processes that are in place to manage and monitor this infrastructure. Also examined are the IT enterprise structure, and the skills and resources assigned to support the entire IT operation and support the needs of the enterprise. A strengths, weaknesses, opportunities and threats (SWOT) analysis associated with the IT enterprise should also be conducted as it provides invaluable information about the effectiveness of IT, and where there is room for improvement. Included in this SWOT analysis should be whether continuous improvement processes are in place to enhance performance levels over time. Below is a chart illustrating how an enterprise needs to use customer requirements as the basis for their offerings, and customer satisfaction as their primary measure of delivering quality end products. IT assessments use this as the fundamental basis in evaluating the effectiveness of IT in providing services to the enterprise. 2

3 IT Infrastructure is Key to Growth. Critical business issues, the competitive marketplace, and the current economy are forcing enterprises to transform themselves. Enterprises need to move towards an environment of improved support for knowledge workers, and a more agile, flexible and responsive IT enterprise to nurture their end goals. A solid, high-performing IT infrastructure can be the key to achieving and facilitating many of the corporate and enterprise goals today. Consideration should always be given to business risks brought on by the use of the IT infrastructure, and the controls and audit framework in place to insure the technology systems have the ability to meet the end user requirements. The challenge is to determine whether an adequate and appropriate set of controls exists for the risks identified. The goal of an IT assessment should be to assure that risk is reduced to an acceptable level such that the goals and objectives of the enterprise can be achieved. Infrastructure nventory. The current infrastructure inventory including servers, storage, and network devices which support the critical business applications and services should be documented and evaluated in terms of their maturity and effectiveness. The competencies within the Information Technology Infrastructure Library (ITIL) processes of Service and Systems Management, Change Management, and Operational and Network Management are examined and analyzed for their quality and effectiveness. Most importantly however, the alignment between the enterprise s business needs and the IT support to help achieve these ends is thoroughly studied to determine whether the IT department is an efficient part of the corporate strategy, and is acting as a facilitator not an inhibitor. The current investment in IT needs to be examined to determine if it positions the enterprise to achieve its strategies, goals, and critical success factors. 3

4 Methodology. A thorough, disciplined and structured consultative methodology must be used in performing IT assessment in order to achieve the desired results. Experienced professionals with extensive backgrounds in IT project planning, IT requirements, and key industry technology trends and directions are also necessary as a backdrop for the information to be gathered. Several facts need to be gathered to provide the findings necessary to draw the proper conclusions, which lead to the required recommendations of an implementable IT plan the enterprise needs to improve their performance, and have the governance necessary to meet today s regulations and compliance required by such laws as Sarbanes-Oxley. The As Is current IT environment is captured, along with the desired target To Be state. This enables a gap analysis to be performed to determine whether the IT department is acting as a full partner within the enterprise. This is essential in order to provide the justification for, and the prioritization of, the recommendations. Industry best practices are considered and incorporated into the analysis to evaluate the maturity of the IT enterprise. Best practices are not always achievable or affordable, which is why the desired state, obtained through interviews with senior management, provides the corporate culture and business strategy necessary to help formulate the proper level of recommendations that are relevant to the enterprise. The question comes down to whether the enterprise is investing in the appropriate information technologies, and how to strike a balance between current IT project funding and the requirement to build a strategic information architecture. Business Strategy. The goal here is to reaffirm the business strategy of the enterprise, and whether there is alignment between the business vision and the technology vision. In other words, is the IT strategy supporting the business strategy? Which IT investments will provide maximum business return, and what is the appropriate priority of these investments? Functional executives and plans, goals and and competitive forces. impact on the business. critical success factor. technical management should be interviewed to review business objectives, critical success factors, targeted business and markets, Emerging technologies should also be discussed that can have an The adequacy of the relationship between IT and the business is a 4

5 Current IT Capabilities. An IT assessment examines the competency of the IT resources and support structure to determine the functional and technical adequacy of the existing infrastructure and systems management. The most critical business applications and services need to be examined, along with their respective Recovery Time Objective (RTO) and Recovery Point Objective (RPO) parameters. The RTO for an application is the goal for how quickly you need to have that application s information back available after an "event" has occurred that stopped the application. The RPO for an application describes the point in time to which data must be restored to successfully resume processing (often thought of as time between last backup and when an event occurred). The RTO and RPO metrics are useful in discussing what technologies, products, processes and procedures are required to meet those objectives, and whether the current business continuity and disaster recovery plan is adequate. Setting objectives should come from looking at the business impact of applications being unavailable, and the business impact of loss of data. Single points of failure in the IT infrastructure should always be avoided, and the analysis should be thorough enough to uncover any instances of these. In order to accomplish this, the complete data path for all critical applications is mapped and followed from the client workstations, to the servers, to data storage through all of the local and wide area networking devices and circuits. Servers, external storage devices and Storage Area Networks are mapped to allow a full understanding of the critical hardware components of the IT infrastructure. Switches, routers, firewalls, and intrusion detection devices are also examined and diagramed to develop a comprehensive understanding of the network connectivity environment. This provides an overview of the enterprise infrastructure in order to evaluate the maturity of the devices, as well as the overall architecture of the IT environment. This basic understanding of the environment is necessary to provide the backdrop for the gap analysis, which will determine the alignment of the IT infrastructure to that of the enterprise s defined business objectives. Risk Management. Risk management can be thought of as the evaluation of what can go wrong to the potential negative outcomes or results of not applying certain control procedures. Controls can be classified as preventive or corrective, and are designed to mitigate risk and allow achievement of three basic principles of risk management: Integrity of information to support the decision-making process Security and protection of the enterprise s information assets (hardware, software and data) Compliance with internal and external procedures and recommendations Management has the ultimate responsibility for ensuring the adequacy of controls. The IT assessment has the mission to evaluate whether the appropriate controls are in place and functioning as designed. Business objectives are a statement of desired accomplishments of the enterprise. Goals are specific targets that are identifiable, measurable, attainable and consistent with objectives. In fact, they should support the objectives. Risks of not achieving the enterprise s goals should be recognized, identified and documented. The system of controls can be thought of as a filtering device that prevents actions or events from leading to enterprise problems. 5

6 Operational Processes. It is not enough to have the latest and greatest IT infrastructure if it is not managed properly. The Information Technology Infrastructure Library (ITIL) is a set of practices for IT service management that focuses on aligning IT services with the needs of business. ITIL describes procedures, tasks and checklists that are not enterprise-specific, used by an enterprise for establishing a minimum level of competency. It allows the enterprise to establish a baseline from which it can plan, implement, and measure. It is used to demonstrate compliance and to measure improvement. The ITIL practices consist of five elements: Service Strategy Service Design Service Transition Service Operation Continual Service Improvement Service Strategy provides guidance on clarification and prioritization of service-provider investments in services. It helps IT enterprises improve and develop over the long term. Service Strategy relies largely upon a market-driven approach. Service Design provides guidance on the design of IT services, processes, and other aspects of the service management effort. Significantly, design within ITIL is understood to encompass all elements relevant to technology service delivery, rather than focusing solely on design of the technology itself. Some of the important aspects of Service Design deal with processes that can directly affect the business such as Service Level Agreements (SLAs) Management, Availability Management, Capacity Management, and Service Continuity Management. Service Transition relates to the delivery of services required by a business into live/operational use, and often encompasses the "project" side of IT rather than BAU (business as usual). This area covers topics such as managing changes to the BAU environment, and includes Transition Planning and Support, Change Management, Configuration Management, and Release and Deployment Management. Service Operation aims to provide best practices for achieving the delivery of agreed levels of services both to end-users and customers. Service Operation is the part of the lifecycle where the services and value is directly delivered. Here the monitoring of problems and balance between service reliability and cost, etc., are considered. The functions include technical, application, and operations management, and encompasses Event Management, Incident Management, Request Fulfillment, Problem Management, and Access Management. Continual Service Improvement aims to align and realign IT services to changing business needs by identifying and implementing improvements to the IT services that support the business processes. The perspective of CSI on improvement is the business perspective of service quality, even though CSI aims to improve process effectiveness, efficiency and cost effectiveness of the IT processes through the whole lifecycle. To manage improvement, CSI should clearly define what should be controlled and measured. A comprehensive IT assessment evaluates an enterprise s compliance with all of these operational ITIL processes. 6

7 Business Continuity Management. Business continuity are activities performed by an enterprise to ensure that critical business functions will be available to customers, suppliers, regulators, and other entities that must have access to those functions. These activities include many of the ITIL processes such as project management, system backups, change control, and help desk. Additionally, business continuity refers to those activities performed daily to maintain service, consistency, and recoverability. The foundation of business continuity are the standards, program development, and supporting policies; guidelines and procedures needed to ensure an enterprise s ability to continue without stoppage irrespective of the adverse circumstances or events. All system design, implementation, support, and maintenance must be based on this foundation in order to have any hope of achieving business continuity, disaster recovery, or in some cases, system support. Business continuity describes a mentality or methodology of conducting day-to-day business. The entire concept of business continuity is based on the identification of all business functions within an enterprise, and then assigning a level of importance to each business function. A Business Impact Analysis (BIA) is the primary tool for gathering this information and assigning criticality, recovery point objectives, and recovery time objectives, and is therefore part of the basic foundation of business continuity. The BIA can be used to identify extent and timescale of the impact on different levels of an enterprise. For instance, it can examine the effect of disruption on operational, functional and strategic activities of an enterprise, along with the effect of disruption on major business changes. The interface between management and information technology is the Service Level Agreement (SLA). This provides a written contract stipulating the expectations of management with regard to the availability of a necessary business function, and the deliverables that information technology provides in support of that business function. 7

8 Disaster Recovery. Disaster recovery is a subset of business continuity, and is the process, policies and procedures related to preparing for recovery or continuation of technology infrastructure critical to an enterprise after a natural or human-induced disaster. While business continuity involves planning for keeping all aspects of a business functioning in the midst of disruptive events, disaster recovery focuses on the IT or technology systems that supports business functions. Disaster recovery began as a result of computer center managers recognizing the dependence of their enterprises on their computer systems. As systems grew from batch to real-time processing, enterprises became increasingly dependent on their IT systems. Another driving force in the growth of disaster recovery awareness was increasing government regulations mandating business continuity and disaster recovery plans for enterprises in various sectors of the economy. With the rapid growth of the use of the Internet for transacting business, enterprises became further dependent on the continuous availability of their IT systems, with many enterprises setting an objective of 99.99% availability of critical systems. This increasing dependence on IT systems, as well as increased awareness from large-scale disasters such as 9/11, contributed to the awareness for the need for formal disaster recovery planning. As IT systems have become increasingly critical to the operations of an enterprise, and arguably the economy as a whole, the importance of ensuring the continued operation of those systems, or the rapid recovery of the systems, has increased. With the rapid growth of the use of the Internet for transacting business, enterprises became further dependent on the continuous availability of their IT systems. It is estimated that most large companies spend between two and four percent of their IT budget on disaster recovery planning, with the aim of avoiding larger losses in the event that the business cannot continue to function due to loss of IT infrastructure and data. As a result, preparation for continuation or recovery of systems needs to be taken very seriously. 8

9 Disasters can be classified in two broad categories. The first is natural disasters such as floods, hurricanes, tornadoes or earthquakes. While preventing a natural disaster is impossible, measures such as good planning, which includes mitigation measures, can help reduce or avoid losses. The second category is manmade disasters. These include infrastructure failure, hazardous material spills, or bio-terrorism. In these instances surveillance and mitigation planning are invaluable towards avoiding or lessening losses from these events. A disaster recovery professional should refer to an enterprise's business continuity plan which should indicate the key metrics of Recovery Point Objective (RPO) and Recovery Time Objective (RTO) for all of the critical business processes, such as the process to run payroll, generate a customer order, etc. The IT assessment maps these metrics specified for the business processes to the underlying IT systems and infrastructure that support those processes. Once the RTO and RPO metrics have been mapped to the IT infrastructure, the disaster recovery professional can determine the most suitable recovery strategy for each system. An important note here, however, is that the business ultimately sets the IT budget, and therefore the RTO and RPO metrics need to fall within budget parameters. While most department heads would like zero data loss and zero time loss, the costs associated with that level of protection may make the desired high availability solutions impractical. The most common strategies for data protection are: Backups made to tape and sent off-site at regular intervals Backups made to disk on-site and automatically copied to off-site disk, or made directly to off-site disk Replication of data to an off-site location, which overcomes the need to restore the data (only the systems then need to be restored or synchronized). This generally makes use of storage area network (SAN) technology High availability systems which keep both the data and system synchronously replicated off-site, enabling continuous access to systems and data In many cases, an enterprise may elect to use an outsourced disaster recovery provider to provide a stand-by site and systems rather than using their own remote facilities. In addition to preparing for the need to recover systems, enterprises must also implement precautionary measures with the objective of preventing a disaster in the first place. These may include: Local mirrors of systems and/or data and use of disk protection technology such as RAID Surge protectors to minimize the effect of power surges on delicate electronic equipment Uninterruptible power supply (UPS), and/or a backup generator Fire preventions alarms, fire extinguishers, etc. Anti-virus software and other security measures 9

10 Summary. A comprehensive IT assessment examines the business strategies, objectives and goals of an enterprise, all aspects of the IT environment, from the hardware and software infrastructure to the operational processes in place to support the infrastructure, and the business continuity and disaster recovery plans in place to minimize the risk of a natural or manmade disaster impacting the ability of the enterprise to carry on its business. IT assessments can be inexpensive insurance that an enterprise is well-positioned with their IT infrastructure relative to risk management, and can provide a prioritized list of recommendations to address any exposures that may have been uncovered during the analysis of the enterprise. Howard Vipler Senior Information Technology Consultant nfrastructure About the author: Mr. Vipler is currently working for nfrastructure, an IT consulting company in Clifton Park, NY. Howard Vipler is a Senior Information Technology Consultant who holds a BS in Electrical Engineering, and MS in Computer Science. He has worked for IBM Corporation for more than 30 years as a Systems Engineer, International Account Manager, Workflow Consultant and Project Manager, for the Sperry Rand Corp., Raytheon, and was a 2nd Lieutenant in the U.S. Army Signal Corps. About nfrastructure: nfrastructure helps large enterprises design, build and operate mission-critical technology infrastructure. Combining proven methods and tools, world-class engineering talent, on-site technical service in every major North American market and tightly integrated low cost remote support, nfrastructure collaborates with customers to deliver sustainable disruptive value. With industry practices in public sector, financial services, retail, healthcare, technology, communications, public safety and energy, nfrastructure works with leading technology hardware and software vendors to provide comprehensive data center, network, security, unified communications, end-point, structured cabling, staffing and outsourcing solutions. 10

This volume is related to the topics of IT Governance and IT Portfolio Management.

This volume is related to the topics of IT Governance and IT Portfolio Management. ITIL Key Principles and Models This unit is aiming to help the candidate to comprehend and account for the key principles and models of Service Management and to balance some of the opposing forces within

More information

Business Continuity Plan

Business Continuity Plan Business Continuity Plan October 2007 Agenda Business continuity plan definition Evolution of the business continuity plan Business continuity plan life cycle FFIEC & Business continuity plan Questions

More information

DISASTER RECOVERY PLANNING GUIDE

DISASTER RECOVERY PLANNING GUIDE DISASTER RECOVERY PLANNING GUIDE AN INTRODUCTION TO BUSINESS CONTINUITY PLANNING FOR JD EDWARDS SOFTWARE CUSTOMERS www.wts.com WTS Disaster Recovery Planning Guide Page 1 Introduction This guide will provide

More information

Data Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com Fax: (718) 380-7322

Data Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com Fax: (718) 380-7322 Business Continuity and Disaster Recovery Job Descriptions Table of Contents Business Continuity Services Organization Chart... 2 Director Business Continuity Services Group... 3 Manager of Business Recovery

More information

OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific documents requested,

More information

DISASTER RECOVERY BUSINESS CONTINUITY DISASTER AVOIDANCE STRATEGIES

DISASTER RECOVERY BUSINESS CONTINUITY DISASTER AVOIDANCE STRATEGIES DISASTER RECOVERY BUSINESS CONTINUITY DISASTER AVOIDANCE STRATEGIES Dejan Živanović EMC Technology Solutions Group SEE Presales Manager Dejan.Zivanovic@emc.com 1 The Business Maturity Model V Enabled Web

More information

University of Michigan Disaster Recovery / Business Continuity Administrative Information Systems 4/6/2004 1

University of Michigan Disaster Recovery / Business Continuity Administrative Information Systems 4/6/2004 1 University of Michigan Disaster Recovery / Business Continuity Administrative Information Systems. 1 Michigan Administrative Information Services (MAIS) MAIS is responsible for the production support of

More information

Managing information technology in a new age

Managing information technology in a new age IBM Global Services Managing information technology in a new age Key Topics Keeps pace with the new purpose and structure of IT Describes a dynamic, flexible IT management construct Incorporates techniques

More information

Abhi Rathinavelu Foster School of Business

Abhi Rathinavelu Foster School of Business Abhi Rathinavelu Foster School of Business What is Disaster? A disaster is considered any incident or event that results in a major interruption of business operations Major: Earthquake >5.0, Volcanic

More information

Business Continuity & Recovery Plan Summary

Business Continuity & Recovery Plan Summary Introduction An organization s ability to survive a significant business interruption is determined by the company s ability to develop, implement, and maintain viable recovery and business continuity

More information

MICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL

MICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL MICHIGAN OFFICE OF THE AUDITOR GENERAL AUDIT REPORT THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL The auditor general shall conduct post audits of financial transactions and accounts of the state and of all

More information

Domain 1 The Process of Auditing Information Systems

Domain 1 The Process of Auditing Information Systems Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge

More information

BUSINESS CONTINUITY PLAN OVERVIEW

BUSINESS CONTINUITY PLAN OVERVIEW BUSINESS CONTINUITY PLAN OVERVIEW INTRODUCTION The purpose of this document is to provide Loomis customers with an overview of the company s Business Continuity Plan (BCP). Because of the specific and

More information

The case for cloud-based disaster recovery

The case for cloud-based disaster recovery IBM Global Technology Services IBM SmartCloud IBM SmartCloud Virtualized Server Recovery i The case for cloud-based disaster recovery Cloud technologies help meet the need for quicker restoration of service

More information

Disaster Recovery and Business Continuity Plan

Disaster Recovery and Business Continuity Plan Disaster Recovery and Business Continuity Plan Table of Contents 1. Introduction... 3 2. Objectives... 3 3. Risks... 3 4. Steps of Disaster Recovery Plan formulation... 3 5. Audit Procedure.... 5 Appendix

More information

Technical Considerations in a Windows Server Environment

Technical Considerations in a Windows Server Environment Technical Considerations in a Windows Server Environment INTRODUCTION Cloud computing has changed the economics of disaster recovery and business continuity options. Accordingly, it is time many organizations

More information

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific

More information

Why Cloud CompuTing ThreaTens midsized enterprises and WhaT To do about it

Why Cloud CompuTing ThreaTens midsized enterprises and WhaT To do about it The Cloud Threat Why Cloud CompuTing ThreaTens midsized enterprises and WhaT To do about it This white paper outlines the concerns that often prevent midsized enterprises from taking advantage of the Cloud.

More information

Business Continuity & Recovery Plan Summary

Business Continuity & Recovery Plan Summary Introduction An organization s ability to survive a significant business interruption is determined by the company s ability to develop, implement, and maintain viable recovery and business continuity

More information

Disaster Recovery Hosting Provider Selection Criteria

Disaster Recovery Hosting Provider Selection Criteria Disaster Recovery Hosting Provider Selection Criteria By, Solution Director 6/18/07 As more and more companies choose to use Disaster Recovery (DR), services the questions that keep coming up are What

More information

Security solutions White paper. Acquire a global view of your organization s security state: the importance of security assessments.

Security solutions White paper. Acquire a global view of your organization s security state: the importance of security assessments. Security solutions White paper Acquire a global view of your organization s security state: the importance of security assessments. April 2007 2 Contents 2 Overview 3 Why conduct security assessments?

More information

AUDITING A BCP PLAN. Thomas Bronack Auditing a BCP Plan presentation Page: 1

AUDITING A BCP PLAN. Thomas Bronack Auditing a BCP Plan presentation Page: 1 AUDITING A BCP PLAN Thomas Bronack Auditing a BCP Plan presentation Page: 1 What are the Objectives of a Good BCP Plan Protect employees Restore critical business processes or functions to minimize the

More information

The Weill Cornell Medical College and Graduate School of Medical Sciences. Responsible Department: Information Technologies and Services (ITS)

The Weill Cornell Medical College and Graduate School of Medical Sciences. Responsible Department: Information Technologies and Services (ITS) Information Technology Disaster Recovery Policy Policy Statement This policy defines acceptable methods for disaster recovery planning, preparedness, management and mitigation of IT systems and services

More information

Disaster Recovery Planning

Disaster Recovery Planning Mission Statement To improve the quality of life in Phoenix through efficient delivery of outstanding public services. Disaster Recovery Planning Information Technology Services December 11, 2012 Project

More information

a Disaster Recovery Plan

a Disaster Recovery Plan Construction of a Disaster Recovery Plan David Godwin, Sr. Sales Engineer March 18, 2014 Objectives Understand What Disaster Recovery is? Why is Disaster Recovery Needed? Effectively assist customers or

More information

Operational Continuity

Operational Continuity Solution Brief Operational Continuity Achieve Maximum Uptime In a recent speech, Omar Sherin of the Qatar CERT, shared how they shifted their focus from protection and detection to response in the wake

More information

CONTINUITY OF OPERATIONS AUDIT PROGRAM EVALUATION AND AUDIT

CONTINUITY OF OPERATIONS AUDIT PROGRAM EVALUATION AND AUDIT CONTINUITY OF OPERATIONS AUDIT PROGRAM EVALUATION AND AUDIT April 16, 2014 INTRODUCTION Purpose The purpose of the audit is to give assurance that the development of the Metropolitan Council s Continuity

More information

Course: Information Security Management in e-governance. Day 2. Session 5: Disaster Recovery Planning

Course: Information Security Management in e-governance. Day 2. Session 5: Disaster Recovery Planning Course: Information Security Management in e-governance Day 2 Session 5: Disaster Recovery Planning Agenda Introduction to Disaster Recovery Planning (DRP) Need for disaster recovery planning Approach

More information

Protecting your Enterprise

Protecting your Enterprise Understanding Disaster Recovery in California Protecting your Enterprise Session Overview Why do we Prepare What is? How do I analyze (measure) it? What to do with it? How do I communicate it? What does

More information

Disaster Recovery. Hendry Taylor Tayori Limited

Disaster Recovery. Hendry Taylor Tayori Limited Disaster Recovery Hendry Taylor Tayori Limited Agenda What is Business Continuity planning (BCP) What is Disaster Recovery (DR) and Disaster Recovery Planning (DRP) Overview Lifecycle Analysis Plan design

More information

High Availability and Disaster Recovery for Exchange Servers Through a Mailbox Replication Approach

High Availability and Disaster Recovery for Exchange Servers Through a Mailbox Replication Approach High Availability and Disaster Recovery for Exchange Servers Through a Mailbox Replication Approach Introduction Email is becoming ubiquitous and has become the standard tool for communication in many

More information

Creating a Business Continuity Plan for your Health Center

Creating a Business Continuity Plan for your Health Center Creating a Business Continuity Plan for your Health Center 1 Page Left Intentionally Blank 2 About This Manual This tool is the result of collaboration between the Primary Care Development Corporation

More information

Business Continuity Management

Business Continuity Management Business Continuity Management cliftonlarsonallen.com Introductions Brian Pye CliftonLarsonAllen Senior Manager Business Risk Services group 15 years of experience with Business Continuity Megan Moore

More information

Oregon-Montana Disaster Recovery Phase 1

Oregon-Montana Disaster Recovery Phase 1 Oregon-Montana Disaster Recovery Phase 1 Oregon Department of Administrative Services Enterprise Technology Services http://www.oregon.gov/das/ets/pages/index.aspx Category 10: Cyber Security Project Completion

More information

The Government Cloud Protection Program: Disaster Recovery Services Transformed for the Perfect Storm

The Government Cloud Protection Program: Disaster Recovery Services Transformed for the Perfect Storm 2010 NASCIO RECOGNITION AWARD NOMINATION The Government Cloud Protection Program: Disaster Recovery Services Transformed for the Perfect Storm Nomination Category: Risk Management Initiatives Name of State

More information

Disaster recovery strategic planning: How achievable will it be?

Disaster recovery strategic planning: How achievable will it be? Disaster recovery strategic planning: How achievable will it be? Amr Ahmed Ernst & Young Advisory Services, Executive Director amr.ahmed@ey.com Christopher Rivera Ernst & Young Advisory Services, Manager

More information

Things You Need to Know About Cloud Backup

Things You Need to Know About Cloud Backup Things You Need to Know About Cloud Backup Over the last decade, cloud backup, recovery and restore (BURR) options have emerged as a secure, cost-effective and reliable method of safeguarding the increasing

More information

IF DISASTER STRIKES IS YOUR BUSINESS READY?

IF DISASTER STRIKES IS YOUR BUSINESS READY? 1 IF DISASTER STRIKES IS YOUR BUSINESS READY? DISASTER RECOVERY and BUSINESS CONTINUITY: WHAT YOU NEED TO KNOW Realize the Power of Technology Many business owners put off disaster planning, perhaps thinking

More information

E-Guide BEST PRACTICES FOR CLOUD BASED DISASTER RECOVERY

E-Guide BEST PRACTICES FOR CLOUD BASED DISASTER RECOVERY E-Guide BEST PRACTICES FOR CLOUD BASED DISASTER RECOVERY and mean for F or IT managers, has always been high priority, however the new IT landscape and increased deployment of cloud has complicated the

More information

SOUTH LAKELAND DISTRICT COUNCIL INTERNAL AUDIT FINAL REPORT IT 11-02. IT Backup, Recovery and Disaster Recovery Planning

SOUTH LAKELAND DISTRICT COUNCIL INTERNAL AUDIT FINAL REPORT IT 11-02. IT Backup, Recovery and Disaster Recovery Planning SOUTH LAKELAND DISTRICT COUNCIL INTERNAL AUDIT FINAL REPORT IT 11-02 IT Backup, Recovery and Disaster Recovery Planning Executive Summary Introduction As part of the 2011/12 Audit Plan and following discussions

More information

Five Assets of an Effective Data Recovery Strategy

Five Assets of an Effective Data Recovery Strategy WHITE PAPER Five Assets of an Effective Data Recovery Strategy EXECUTIVE OVERVIEW Data recovery strategies should contribute to operational efficiencies and business initiatives, as well as focus on shrinking

More information

2014 NABRICO Conference

2014 NABRICO Conference Business Continuity Planning 2014 NABRICO Conference September 19, 2014 6 CityPlace Drive, Suite 900 St. Louis, Missouri 63141 314.983.1200 1520 S. Fifth Street, Suite 309 St. Charles, Missouri 63303 636.255.3000

More information

Audit of the Disaster Recovery Plan

Audit of the Disaster Recovery Plan Audit of the Disaster Recovery Plan Report # 11-05 Prepared by Office of Inspector General J. Timothy Beirnes, CPA, Inspector General Kit Robbins, CISA, CISM, CRISC, Lead Information Systems Auditor TABLE

More information

The Complete Disaster Recovery Plan

The Complete Disaster Recovery Plan The Complete Disaster Recovery Plan Larry Mattox, VC3 1 If A Disaster Strikes, Can You? Provide your services: When your citizens need them the most? At the level needed by your citizens? Recover your

More information

Unlock your Business Potential

Unlock your Business Potential Unlock your Business Potential Plexstone strategy PLEXSTONE The major function of IT Architecture is to evaluate and synchronize strategies for all layers of IT infrastructure in order to align them to

More information

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 13 Business Continuity

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 13 Business Continuity Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 13 Business Continuity Objectives Define environmental controls Describe the components of redundancy planning List disaster recovery

More information

Western Intergovernmental Audit Forum

Western Intergovernmental Audit Forum Western Intergovernmental Audit Forum Business Continuity & Disaster Recovery Planning September 12, 2013 Presented by: City of Phoenix City Auditor Department Aaron Cook, Sr Internal Auditor IT Audit

More information

What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility

What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility Your Guide to Cost, Security, and Flexibility What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility 10 common questions answered Over the last decade, cloud backup, recovery

More information

Blackboard Collaborate Web Conferencing Hosted Environment Technical Infrastructure and Security

Blackboard Collaborate Web Conferencing Hosted Environment Technical Infrastructure and Security Overview Blackboard Collaborate Web Conferencing Hosted Environment Technical Infrastructure and Security Blackboard Collaborate web conferencing is available in a hosted environment and this document

More information

ITSM Process Description

ITSM Process Description ITSM Process Description Office of Information Technology Incident Management 1 Table of Contents Table of Contents 1. Introduction 2. Incident Management Goals, Objectives, CSFs and KPIs 3. Incident Management

More information

What you need to know about cloud backup: your guide to cost, security and flexibility.

What you need to know about cloud backup: your guide to cost, security and flexibility. What you need to know about cloud backup: your guide to cost, security and flexibility. Over the last decade, cloud backup, recovery and restore (BURR) options have emerged as a secure, cost-effective

More information

Oregon-Montana Disaster Recovery Phase 1 & 2

Oregon-Montana Disaster Recovery Phase 1 & 2 Oregon-Montana Disaster Recovery Phase 1 & 2 Oregon Department of Administrative Services Enterprise Technology Services http://www.oregon.gov/das/ets/pages/index.aspx Category: Disaster Recovery/Security

More information

Supplier Security Assessment Questionnaire

Supplier Security Assessment Questionnaire HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.

More information

HA / DR Jargon Buster High Availability / Disaster Recovery

HA / DR Jargon Buster High Availability / Disaster Recovery HA / DR Jargon Buster High Availability / Disaster Recovery Welcome to Maxava s Jargon Buster. Your quick reference guide to Maxava HA and industry technical terms related to High Availability and Disaster

More information

Planning and Implementing Disaster Recovery for DICOM Medical Images

Planning and Implementing Disaster Recovery for DICOM Medical Images Planning and Implementing Disaster Recovery for DICOM Medical Images A White Paper for Healthcare Imaging and IT Professionals I. Introduction It s a given - disaster will strike your medical imaging data

More information

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the

More information

Interactive-Network Disaster Recovery

Interactive-Network Disaster Recovery Interactive-Network Disaster Recovery BACKGROUND IT systems are vulnerable to a variety of disruptions, ranging from mild (e.g., short-term power outage, disk drive failure) to severe (e.g., terrorism,

More information

Business Continuity and the Cloud. Aaron Shaver US Signal, Solution Architect

Business Continuity and the Cloud. Aaron Shaver US Signal, Solution Architect Business Continuity and the Cloud Aaron Shaver US Signal, Solution Architect Overview What is BC/DR? Why should businesses have a strategy? Why do many business choose not to? How does the cloud change

More information

Disaster Recovery Planning

Disaster Recovery Planning Assess, Adjust, Improve An LXI Publication Page 1 of 11 Your company's ability to recover is a high priority. In a survey by Contingency Planning & Management Magazine of 1437 contingency planners, 76%

More information

Business Continuity Planning and Disaster Recovery Planning. Ed Crowley IAM/IEM

Business Continuity Planning and Disaster Recovery Planning. Ed Crowley IAM/IEM Business Continuity Planning and Disaster Recovery Planning Ed Crowley IAM/IEM 1 Goals Compare and contrast aspects of business continuity Execute disaster recovery plans and procedures 2 Topics Business

More information

Disaster Recovery & Business Continuity Dell IT Executive Learning Series

Disaster Recovery & Business Continuity Dell IT Executive Learning Series Disaster Recovery & Business Continuity Dell IT Executive Learning Series Presented by Rich Armour, Debi Higdon & Mitchell McGovern THIS PRESENTATION SUMMARY IS FOR INFORMATIONAL PURPOSES ONLY AND MAY

More information

courtesy of F5 NETWORKS New Technologies For Disaster Recovery/Business Continuity overview f5 networks P

courtesy of F5 NETWORKS New Technologies For Disaster Recovery/Business Continuity overview f5 networks P courtesy of F5 NETWORKS New Technologies For Disaster Recovery/Business Continuity overview Business Continuity, Disaster Recovery and Data Center Consolidation IT managers today must be ready for the

More information

Beyond Disaster Recovery: Why Your Backup Plan Won t Work

Beyond Disaster Recovery: Why Your Backup Plan Won t Work Beyond Disaster Recovery: Why Your Backup Plan Won t Work Contents Introduction... 3 The Data Backup Model - Upgraded for 2015... 4 Why Disaster Recovery Isn t Enough... 5 Business Consequences with DR-Only

More information

Managed Desktop Support Services

Managed Desktop Support Services managed enterprise technologies Managed Desktop Support Services MET Managed Desktop Support Service Most organisations spend lots of time and money trying to manage complex desktop environments and worrying

More information

Business Continuity and Disaster Recovery Planning from an Information Technology Perspective

Business Continuity and Disaster Recovery Planning from an Information Technology Perspective Business Continuity and Disaster Recovery Planning from an Information Technology Perspective Presenter: David Bird, Director of Sales, Business Technology Consultant phone: 215-672-7100 email: dbird@quatro.com

More information

What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered

What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered Over the last decade, cloud backup, recovery and restore (BURR) options have emerged

More information

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14

More information

AL RAFEE ENTERPRISES Solutions & Expertise.

AL RAFEE ENTERPRISES Solutions & Expertise. AL RAFEE ENTERPRISES Solutions & Expertise. Virtualization Al Rafee has strategically made substantial investment in building up a large end to end portfolio of Virtualization across the entire IT infrastructure

More information

HP Business Continuity Services. Is your business agile enough to respond to whatever comes your way?

HP Business Continuity Services. Is your business agile enough to respond to whatever comes your way? HP Business Continuity Services Is your business agile enough to respond to whatever comes your way? Ask the right questions. If your business is like most others today, its success depends heavily on

More information

Temple university. Auditing a business continuity management BCM. November, 2015

Temple university. Auditing a business continuity management BCM. November, 2015 Temple university Auditing a business continuity management BCM November, 2015 Auditing BCM Agenda 1. Introduction 2. Definitions 3. Standards 4. BCM key elements IT Governance class - IT audit program

More information

The University of Iowa. Enterprise Information Technology Disaster Plan. Version 3.1

The University of Iowa. Enterprise Information Technology Disaster Plan. Version 3.1 Version 3.1 November 22, 2004 TABLE OF CONTENTS PART 1: DISASTER RECOVERY EXPECTATIONS... 3 OVERVIEW...3 EXPECTATIONS PRIOR TO AN INCIDENT OCCURRENCE...3 EXPECTATIONS PRIOR TO A DISASTER OCCURRENCE...4

More information

Running Successful Disaster Recovery Tests

Running Successful Disaster Recovery Tests Running Successful Disaster Recovery Tests Understanding the DR Process Running Successful Disaster Recovery Tests Understanding the DR Process Presented by Ray Lucchesi President Silverton Consulting,

More information

Simplified Windows Vista Migration Mitigating Business Risk through Deployment Automation SOLUTION WHITE PAPER

Simplified Windows Vista Migration Mitigating Business Risk through Deployment Automation SOLUTION WHITE PAPER Simplified Windows Vista Migration Mitigating Business Risk through Deployment Automation SOLUTION WHITE PAPER Table of Contents Executive Summary...1 Windows Vista and Microsoft Solution Accelerator for

More information

Continuity of Operations Planning. A step by step guide for business

Continuity of Operations Planning. A step by step guide for business What is a COOP? Continuity of Operations Planning A step by step guide for business A Continuity Of Operations Plan (COOP) is a MANAGEMENT APPROVED set of agreed-to preparations and sufficient procedures

More information

Why Should Companies Take a Closer Look at Business Continuity Planning?

Why Should Companies Take a Closer Look at Business Continuity Planning? whitepaper Why Should Companies Take a Closer Look at Business Continuity Planning? How Datalink s business continuity and disaster recovery solutions can help organizations lessen the impact of disasters

More information

Data protection: Time-proven truths for your disruptive, virtual world

Data protection: Time-proven truths for your disruptive, virtual world WHITE PAPER Data protection: Time-proven truths for your disruptive, virtual world Table of contents Executive summary 2 Fundamentals for protecting virtual and physical environments 3 4 steps toward a

More information

5 Essential Benefits of Hybrid Cloud Backup

5 Essential Benefits of Hybrid Cloud Backup 5 Essential Benefits of Hybrid Cloud Backup QBR is a backup, disaster recovery (BDR), and business continuity solution targeted to the small to medium business (SMB) market. QBR solutions are designed

More information

Flinders University IT Disaster Recovery Framework

Flinders University IT Disaster Recovery Framework Flinders University IT Disaster Recovery Framework Establishment: Flinders University, 1 August 2013 Last Amended: Manager, ITS Security Services, 4 October 2013 Nature of Amendment: Initial release Date

More information

Advent. Disaster Recovery: Options for Investment Managers. A White Paper from Advent Software and CyGem Ltd. Advent Software, Inc.

Advent. Disaster Recovery: Options for Investment Managers. A White Paper from Advent Software and CyGem Ltd. Advent Software, Inc. Advent Disaster Recovery: Options for Investment Managers A White Paper from Advent Software and CyGem Ltd. Advent Software, Inc. This communication is provided by Advent Software, Inc. for informational

More information

Virginia Commonwealth University School of Medicine Information Security Standard

Virginia Commonwealth University School of Medicine Information Security Standard Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Business Continuity Management Standard for IT Systems This standard is applicable to all VCU School of Medicine

More information

Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning Business Continuity Planning and Disaster Recovery Planning Ed Crowley IAM/IEM 1 ISC 2 Key Areas of Knowledge Understand business continuity requirements 1. Develop and document project scope and plan

More information

Business Unit CONTINGENCY PLAN

Business Unit CONTINGENCY PLAN Contingency Plan Template Business Unit CONTINGENCY PLAN Version 1.0 (Date submitted) Submitted By: Business Unit Date Version 1.0 Page 1 1 Plan Review and Updates... 3 2 Introduction... 3 2.1 Purpose...

More information

Protecting Microsoft SQL Server

Protecting Microsoft SQL Server Your company relies on its databases. How are you protecting them? Protecting Microsoft SQL Server 2 Hudson Place suite 700 Hoboken, NJ 07030 Powered by 800-674-9495 www.nsisoftware.com Executive Summary

More information

Roles within ITIL V3. Contents

Roles within ITIL V3. Contents Roles within ITIL V3 Roles are employed in order to define responsibilities. In particular, they are used to assign Process Owners to the various ITIL V3 processes, and to illustrate responsibilities for

More information

REPORT 2014/001 INTERNAL AUDIT DIVISION. Audit of information and communications technology help desk operations at United Nations Headquarters

REPORT 2014/001 INTERNAL AUDIT DIVISION. Audit of information and communications technology help desk operations at United Nations Headquarters INTERNAL AUDIT DIVISION REPORT 2014/001 Audit of information and communications technology help desk operations at United Nations Headquarters Overall results relating to the adequacy and effectiveness

More information

HP StorageWorks Data Protection Strategy brief

HP StorageWorks Data Protection Strategy brief HP StorageWorks Data Protection Strategy brief Your business depends on IT more than ever before. The availability of key application services and information is critical to maintain business processes,

More information

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain 1. What is the most common planned performance duration for a continuity of operations plan (COOP)? A. 30 days B. 60 days C. 90 days D. It depends on the severity of a disaster. 2. What is the business

More information

Managed Services. Business Intelligence Solutions

Managed Services. Business Intelligence Solutions Managed Services Business Intelligence Solutions Business Intelligence Solutions provides an array of strategic technology services for life science companies and healthcare providers. Our Managed Services

More information

Planning a Backup Strategy

Planning a Backup Strategy Planning a Backup Strategy White Paper Backups, restores, and data recovery operations are some of the most important tasks that an IT organization performs. Businesses cannot risk losing access to data

More information

How to Build a Disaster Recovery Plan

How to Build a Disaster Recovery Plan How to Build a Disaster Recovery Plan Best Practices, Templates & Tools E-BOOK EXECUTIVE SUMMARY How do you start building a DR plan? While there are lots of tools from vendors, it s hard to find a practical

More information

ITIL Introducing service transition

ITIL Introducing service transition ITIL Introducing service transition The goals of service transition Aligning the new or changed service with the organisational requirements and organisational operations Plan and manage the capacity and

More information

White Paper AN INTRODUCTION TO BUSINESS CONTINUITY PLANNING AND SOLUTIONS FOR IT AND TELECOM DECISION MAKERS. Executive Summary

White Paper AN INTRODUCTION TO BUSINESS CONTINUITY PLANNING AND SOLUTIONS FOR IT AND TELECOM DECISION MAKERS. Executive Summary AN INTRODUCTION TO BUSINESS CONTINUITY PLANNING AND SOLUTIONS FOR IT AND TELECOM DECISION MAKERS Executive Summary Today s businesses rely heavily on voice communication systems and data networks to such

More information

(Instructor-led; 2 Days)

(Instructor-led; 2 Days) Protecting Your Revenues: A Risk Management Approach to Business Continuity Planning (Instructor-led; 2 Days) Module I. Project Initiation and Management A. DRII/BCI Project initiation and control B. Business

More information

www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014

www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 Agenda Key Definitions Risks Business Continuity Management Program BCM Capability Assessment Process BCM Value Proposition

More information

Cloud for Business Continuity: Separating Fact From Fiction

Cloud for Business Continuity: Separating Fact From Fiction Unitrends Cloud Survey Cloud for Business Continuity: Separating Fact From Fiction 5 Things to Consider to Get the Cloud to Work for You Cloud for Business Continuity: Separating Fact From Fiction 5 Things

More information

Template Courtesy of: Cloudnition LLC 55 W. 22 nd St Suite 115 Lombard, IL 60148 (630) 297-4090 www.cloudnition.com

Template Courtesy of: Cloudnition LLC 55 W. 22 nd St Suite 115 Lombard, IL 60148 (630) 297-4090 www.cloudnition.com Template Courtesy of: Cloudnition LLC 55 W. 22 nd St Suite 115 Lombard, IL 60148 (630) 297-4090 www.cloudnition.com 1 1.1 Introduction 1.2 Purpose 1.3 Priorities 2.1 About your business 2.1.1 Business

More information

Unit Guide to Business Continuity/Resumption Planning

Unit Guide to Business Continuity/Resumption Planning Unit Guide to Business Continuity/Resumption Planning (February 2009) Revised June 2011 Executive Summary... 3 Purpose and Scope for a Unit Business Continuity Plan(BCP)... 3 Resumption Planning... 4 Assumptions

More information

Our Colorado region is offering a FREE Disaster Recovery Review promotional through June 30, 2009!

Our Colorado region is offering a FREE Disaster Recovery Review promotional through June 30, 2009! Disaster Recovery Review FREE Promotional Offer Our Colorado region is offering a FREE Disaster Recovery Review promotional through June 30, 2009! This review is designed to help the small business better

More information

CACI Cloud Consulting Services

CACI Cloud Consulting Services Index 1. Summary... 3 2. Services provided... 3 2.1. Advisory... 3 2.2. Strategy and Architecture... 4 2.3. Cloud Application Development... 7 2.4. Cloud Service Management... 8 3. Pricing... 10 Page 2

More information

IBM Virtualization Engine TS7700 GRID Solutions for Business Continuity

IBM Virtualization Engine TS7700 GRID Solutions for Business Continuity Simplifying storage processes and ensuring business continuity and high availability IBM Virtualization Engine TS7700 GRID Solutions for Business Continuity The risks are even greater for companies that

More information