SB13: Leveraging IT Best Practice Toolkits for Business Continuity Planning. Derek Lonsdale and Glen Willis, PA Consulting Group
|
|
- Nigel Anderson
- 7 years ago
- Views:
Transcription
1 SB13: Leveraging IT Best Practice Toolkits for Business Continuity Planning Derek Lonsdale and Glen Willis, PA Consulting Group
2 Agenda Overview of the common IT best practice toolkits ITIL COBIT ISO Specific guidance in the area of Business Continuity Management from each toolkit Critical Success Factors Synergies and Integration concepts will be discussed throughout.
3 ITIL Overview The Information Technology Infrastructure Library (ITIL) An integrated, process based, best practice framework ITIL provides global standard framework for IT infrastructure management that is dependent on IT Service Management processes Accepted in the early 1990 s as the world de facto standard framework for Service Management Concentrates on delivering a Service Quality and Customer Orientated approach Industry forums now drive updates to ITIL ITIL v3 released in the summer of 2007
4 ITIL in context Management Customer Business Relationship Mgmt. Service Level Mgmt Corporate policy & strategy Strategic decision making Human Resource Management Service Delivery Financial Mgmt Capacity Mgmt Availability Mgmt Service Support Infrastructure / Architecture Continuity Mgmt Quality Mgmt / Program Mgmt Development Service Design Service Build & Test Supplier Service Desk User Incident Mgmt Problem Mgmt Change Mgmt Release Mgmt Supplier Management Configuration Management Performance Management
5 COBIT Overview Control Objectives for Information and related Technology (COBIT) A control and management framework for IT Four high level domains Plan and Organize Acquire and Implement Deliver and Support Monitor and Evaluate Consists of 34 high level control objectives and 215 detailed control objectives for IT Applicable to all activities within an IT organization Owned and supported by the IT Governance Institute
6 The COBIT Structure 34 high level control objectives 215 detailed control objectives
7 All ITIL Processes align with one or more COBIT control objectives Plan and Organize PO5 Manage the IT Investment aligns with >>>> PO9 Assess and Manage IT Risks Acquire and Implement AI6 Manage Changes AI7 Install and Accredit Solutions and Changes Deliver and Support DS1 Define and Manage Service Levels DS3 Manage Performance and Capacity DS4 Ensure Continuous Services aligns with >>>> aligns with >>>> aligns with >>>> aligns with >>>> aligns with >>>> aligns with >>>> DS6 Identify and Allocate Costs aligns with >>>> IT Financial Management DS7 Educate and Train Users DS8 Manage Service Desk and Incidents DS9 Manage the Configuration DS10 Manage Problems Monitor and Evaluate ME1Monitor and Evaluate IT Performance aligns with >>>> aligns with >>>> aligns with >>>> aligns with >>>> aligns with >>>> IT Financial Management ITIL Process IT Service Continuity Management Change Management Release Management Service Level Management Capacity Management ITIL Process ITIL Process Availability Mgt & IT Service Continuity Mgt Release Management Incident Management and Service Desk Configuration Management Problem Management All ITIL processes ITIL Process
8 12 of the 34 Control Objectives are Highly Aligned with ITIL Plan and Organize PO1 Define a Strategic IT Plan PO2 Define the Information Architecture PO3 Determine Technological Direction PO4 Define the IT Process, Organization and Direction PO5 Manage the IT Investment PO6 Communicate Management Aims and Direction PO7 Manage IT Human Resources PO8 Manage Quality PO9 Assess and Manage IT Risks PO10 Manage Projects Acquire and Implement AI1 Identify Automated Solutions AI2 Acquire and Maintain Application Software AI3 Acquire and Maintain Technology Infrastructure AI4 Enable Operation and Use AI5 Procure IT Resources AI6 Manage Changes AI7 Install and Accredit Solutions and Changes Deliver and Support DS1 Define and Manage Service Levels DS2 Manage Third-party Services DS3 Manage Performance and Capacity DS4 Ensure Continuous Services DS5 Ensure System Security DS6 Identify and Allocate Costs DS7 Educate and Train Users DS8 Manage Service Desk and Incidents DS9 Manage the Configuration DS10 Manage Problems DS11 Manage Data DS12 Manage the Physical Environment DS13 Manage Operations Monitor and Evaluate ME1Monitor and Evaluate IT Performance ME2 Monitor and Evaluate Internal Control ME3 Ensure Regulatory Compliance ME4 Provide IT Governance
9 What is ISO 20000? - The standard merges Capacity Management Service Continuity and Availability Management Release Processes QMS ideas and ITIL best practices Release Management Management system Planning and implementing service management Planning and implementing new and changed services Service Delivery Processes Service Level Management Service Reporting Control Processes Configuration Management Change Management Resolution Processes Incident Management Problem Management Information Security Management Budgeting and Accounting for IT services Relationship Processes Business Relationship Management Supplier Management
10 ITIL IT Service Continuity Management The primary goal of the IT Service Continuity Management process is to support the overall Business Continuity Management process by ensuring that the required IT technical and services facilities can be recovered within required and agreed business time-scales. Office of Government Commerce (2000)
11 ITIL Why Service Continuity Management? Manages the organization s ability to continue to provide a pre-determined and agreed level of IT services following an interruption to the business Ensures business survival by reducing the impact of a disaster or major failure Reduces the vulnerability and risk to the business by effective risk analysis and risk management Helps to prevent the loss of Customer or User confidence during a major incident Produce an IT Recovery plan that is integrated with and fully supports the organisations overall Business Continuity Plan
12 Process Description ITIL Stage 1 Initiation Initiate BCM Stage 2 Requirements & Strategy Business Impact Analysis Risk Assessment Business Continuity Strategy Stage 3 Implementation Organization & Implementation Planning Implement Standby Arrangements Develop Recovery Plans Implement Risk Reduction Measures Develop Procedures Initial Testing Stage 4 Operational Management Education & Awareness Review & Audit Testing Change Management Training Assurance
13 ITIL Business Impact Analysis An ITIL BIA identifies Critical business processes Potential damage or loss resulting from loss of service The form that the damage or loss may take e.g. lost income, additional costs, damaged reputation How the level of damage will escalate after a service disruption The staffing, skills, facilities and service levels needed to enable critical business operations to continue The time for minimum levels of staff and services to be recovered The time for all required business processes, staff and services to be fully recovered
14 ITIL Business Continuity Strategy Options Do Nothing Manual Working Reciprocal Arrangement Gradual Recovery ( Cold Standby ) Intermediate Recovery ( Warm Standby ) Immediate Recovery ( Hot Standby ) Rarely used as few businesses can function effectively without any IT services Can be effective as an interim measure until the IT service is resumed Organizations agree to back each other up in an emergency, rarely used now except for off-site storage because of practical difficulties e.g. limited excess IT capacity Usually consists of an empty computer room where an organization can install it s own equipment. May be used where a business can wait for a period of 72 hours or more without IT services. Can be internal or external, fixed or portable. Typically consists of a computer room, containing recovery IT equipment that would need to be configured to support the business within a hour period. Can be internal or external, fixed or portable and would normally be focused on critical systems and services. Would involve the use of an alternative site with continuous mirroring of live equipment and data. Can be internal or external and is the most expensive option. Would only be used for critical business services where loss of service would cause an immediate business impact.
15 ITIL Testing an IT Service Continuity Plan When? As a section is completed When the whole plan is completed At times of change e.g. staff, 3 rd party providers, infrastructure On a regular basis e.g. at least once a year How? Announced and unannounced Full and partial Why? To ensure that it works! Time and cost Staff and 3 rd party preparedness Completeness and clarity
16 ITIL Key Considerations Invocation Who can invoke the plan? e.g. 2 out of 3 Board Members When can it be invoked? e.g. Pre-agreed scenarios, automatically invoke if certain conditions are met What can it be invoked? e.g. Pre-agreed scenarios, automatically invoke if certain conditions are met Return to normal Once the disaster has struck the plan is invoked but then it s time to think about how we go home If using 3rd parties data needs to be removed or deleted securely from all systems Has the technology changed or been updated during invocation Not as simple as running a plan in reverse
17 ITIL Roles and Responsibilities Roles in Normal Operation Roles in Crisis Situation BOARD LEVEL Initiate BCM, Define Policy Allocate Responsibilities, Direct & Authorize Crisis Management, Corporate Decisions, External Affairs SENIOR MANAGEMENT Integrate ITSCM with BCM, Communicate & Maintain awareness Co-ordination & Arbitration, Resource authorization JUNIOR MANAGEMENT Undertake Risk Analysis, Define deliverables, Manage testing & Assurance Leading Teams, Site Management, Liaison & Reporting SUPERVISORS & STAFF Develop procedures, Perform testing, Develop & Operate processes & procedures Implement the plan, Team Membership, liaison
18 COBIT: Ensure Continuous Service (DS4) Process Requirement Focus Achieved by Measured by Ensure continuous service Ensuring minimum business impact in the event of an IT service interruption Building resilience into automated solutions and developing, maintaining and testing IT continuity plans Developing, maintaining and improving IT contingency Number of hours lost per user per month due to unplanned outages Number of business critical
19 COBIT Detailed Control Objectives ID DS 4.1 DS 4.2 DS 4.3 DS 4.4 DS 4.5 DS 4.6 DS 4.7 DS 4.8 DS 4.9 DS 4.10 Control Objective IT Continuity Framework: Based upon the BCP, identify resiliency requirements and develop framework to satisfy those requirements. IT Continuity Plans: Based upon the requirements, develop plans ensure the necessary resiliency through methods such as real-time replication, alternative processing, etc. Critical IT Resources: Develop prioritization of what infrastructure should be recovered most quickly and which recovery plans should be reviewed and validated most frequently. Maintenance of the IT Continuity Plan: Develop and implement a change control plan for the Continuity plans so that changes to Business Continuity Plans are reflected in updates to the IT Continuity Plans. Testing of the IT Continuity Plan: Test organization s ability to execute the test plans on a periodic basis to ensure the validity, identify and remediate shortcoming and accomplish continuing education with IT staff. IT Continuity Plan Training: Accomplish frequent training with all staff to ensure familiarity with processes, roles and responsibilities, etc. Distribution of the IT Continuity Plan: Define and implement a repeatable plan to ensure that appropriate parties maintain current versions of the relevant continuity plans. IT Services Recovery and Resumption: Plan the actions that should place while IT is working on recovering critical systems (manual workarounds, customer communications, etc.) Offsite Backup Storage: Ensure data storage backup and restorability procedures reflect the requirements of the continuity plans. Post-resumption Review: Define a plan to review performance after the real-world execution of a continuity plan to ensure lessons learned are captured and actioned.
20 COBIT Key Performance Indicators Elapsed time between IT continuity plan tests Number of continuity training hours per employee % of critical infrastructure components with automated availability monitoring % of availability SLA s met # of critical business processes not covered by the IT continuity plan* % of tests that achieve recovery objectives Frequency of service interruption of critical systems # of hours lost per user per month due to unplanned outages
21 ISO20000 The objective of ISO20000 is to provide a foundation for effective quality IT Service Management via repeatable, documented processes which are essential to improving IT Service Delivery.
22 ISO20000 What is ISO 20000? - The standard is structured in two parts ISO is an International Standard on Best practices for ensuring quality of IT service management processes. It is based on the tradition of ITIL and BS and structured in two parts: Part 1 specifies IT service management according to ISO Part 2 gives further explanations, examples and best practices Part 1- specification Part 2- code of practice ISO/IEC /2:2005: The International Service Management Standard Colette Elcacho / PA Consulting Group October 2006
23 ISO20000 What is ISO 20000? - The quality model enables achieving the objective Chapter 4 Plan-Do-Check-Act methodology for service management processes Repeatable, documented processes are essential to improving IT service delivery and management. The ISO framework provides an effective foundation for quality IT service management. objective
24 ISO20000 ISO20000 Service Continuity and Availability Objective: To ensure that agreed service continuity and availability commitments to customers can be met in all circumstances Service continuity management defines: Maximum acceptable periods of lost service Maximum acceptable periods of degraded service Document, data and software backups for service restoration Staff and instruction of staff necessary for service restoration Backups of service continuity documents at secure remote locations
25 Critical Success Factors for any IT Toolkit Implementation Business Engagement An IT Continuity Plan that exists in the absence of a BCP has little if any worth IT Executive Support Many executive views any spend on DR and continuity initiatives to be sunk cost Budget Support The continued relevance of an IT Continuity Plan requires year-over-year budget support Resource Support IT Staff will need to be periodically engaged in planning and testing initiatives, SME s are especially critical to have involved Categorization and Prioritization Most DR and Continuity Initiatives failures are caused by an inability to convince lines of business that all business processes are not the highest priority or by an inability to identify which infrastructure components support the critical business processes Customer Focus
26 Thank You Derek Lonsdale PA Consulting Group One Memorial Drive Cambridge Massachusetts Direct Dial: Mobile: Glen Willis PA Consulting Group 4601 N Fairfax Drive Suite 600 Arlington, Va Direct dial: Mobile:
BCP and DR. P K Patel AGM, MoF
BCP and DR P K Patel AGM, MoF Key difference between BS 25999 and ISO 22301 ISO 22301 puts a much greater emphasis on setting the objectives, monitoring performance and metrics aligning BC to top management
More informationBusiness Continuity Planning and Disaster Recovery Planning
4 Business Continuity Planning and Disaster Recovery Planning Basic Concepts 1. Business Continuity Management: Business Continuity means maintaining the uninterrupted availability of all key business
More informationThe Value of ITIL to IT Audit
The Value of ITIL to IT Audit HP Suen Chairman 9 August 2005 IT Infrastructure Library 1 ITIL Best practice in IT Service management, developed by Office of Government Commerce (OGC), UK in the late 1980s.
More informationCourse: Information Security Management in e-governance. Day 1. Session 3: Models and Frameworks for Information Security Management
Course: Information Security Management in e-governance Day 1 Session 3: Models and Frameworks for Information Security Management Agenda Introduction to Enterprise Security framework Overview of security
More informationPAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA
1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand
More informationBusiness Continuity Management
Business Continuity Management Policy Statement & Strategy July 2009 Basildon District Council Business Continuity Management Policy Statement The Council is committed to ensuring robust and effective
More informationData Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com Fax: (718) 380-7322
Business Continuity and Disaster Recovery Job Descriptions Table of Contents Business Continuity Services Organization Chart... 2 Director Business Continuity Services Group... 3 Manager of Business Recovery
More informationBUSINESS CONTINUITY POLICY
BUSINESS CONTINUITY POLICY Document Type Corporate Policy Unique Identifier CO-038 Document Purpose To provide a structure through which: i. A comprehensive business continuity management system (BCMS)
More informationExternal Supplier Control Requirements BCM
External Supplier Control Requirements BCM BCM Requirement Description BCM Tiers Recovery Time Objective Why this is important 1. Business Continuity Policy Supplier will have a documented Business Continuity
More informationBusiness Continuity (Policy & Procedure)
Business Continuity (Policy & Procedure) Publication Scheme Y/N Can be published on Force Website Department of Origin Force Operations Policy Holder Ch Supt Head of Force Ops Author Business Continuity
More informationProposal for Business Continuity Plan and Management Review 6 August 2008
Proposal for Business Continuity Plan and Management Review 6 August 2008 2008/8/6 Contents About Newton IT / Quality of our services. BCM & BS25999 Overview 2. BCM Development in line with BS25999 3.
More informationBy. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd
BS 25999 Business Continuity Management By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd 1 Contents slide BSI British Standards 2006 BS 25999(Business Continuity) 2002 BS 15000
More informationPost-Class Quiz: Business Continuity & Disaster Recovery Planning Domain
1. What is the most common planned performance duration for a continuity of operations plan (COOP)? A. 30 days B. 60 days C. 90 days D. It depends on the severity of a disaster. 2. What is the business
More informationDRAFT BUSINESS CONTINUITY MANAGEMENT POLICY
DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY This document outlines a set of policies and procedures for formalising a Business Continuity programme, and provides guidelines for developing, maintaining
More informationDocumentation. Disclaimer
HOME UTORprotect DOCUMENTATION AMS/ROSI SERVICES CONTACT Documentation Disaster Recovery Planning Disaster Recovery Planning Disclaimer The following project outline is provided solely as a guide. It is
More informationSR-2006-0363. Take Home Messages. *Information Technology Infrastructure Library
The Three Fold ITIL* Process Path to Disaster Recovery & Continuity of Storage Operations Enlightenment Dr. D. Akira Robinson Department of the Navy, Consulting Computer Scientist akira.robinson@navy.mil
More informationUnit Guide to Business Continuity/Resumption Planning
Unit Guide to Business Continuity/Resumption Planning (February 2009) Revised June 2011 Executive Summary... 3 Purpose and Scope for a Unit Business Continuity Plan(BCP)... 3 Resumption Planning... 4 Assumptions
More informationThe Role of Internal Audit In Business Continuity Planning
The Role of Internal Audit In Business Continuity Planning Dan Bailey, MBCP Page 0 Introduction Dan Bailey, MBCP Senior Manager Protiviti Inc. dan.bailey@protiviti.com Actively involved in the Information
More informationOverview of Service Support & Service
Overview of Service Support & Service Delivery Functions ITIL Service Support / Delivery- 1 Service Delivery Functions Availability Management IT Services Continuity Management Capacity Management Financial
More informationBusiness Continuity Policy and Business Continuity Management System
Business Continuity Policy and Business Continuity Management System Summary: This policy sets out the structure for ensuring that the PCT has effective Business Continuity Plans in place in order to maintain
More informationVICTOR KHANYE LOCAL MUNICIPALITY PLAASLIKE MUNISIPALITEIT. ICT Business Continuity Plan. DRAFT v0.1 Page 1 of 9
VICTOR KHANYE LOCAL MUNICIPALITY PLAASLIKE MUNISIPALITEIT ICT Business Continuity Plan Policy Number: Approved by Council: Resolution No: Review Date: DRAFT v0.1 Page 1 of 9 Contents 1 Purpose, scope and
More informationService Improvement. Part 3 The Strategic View. Robert.Gormley@ed.ac.uk http://www.is.ed.ac.uk/itil
Service Improvement Part 3 The Strategic View Robert.Gormley@ed.ac.uk http://www.is.ed.ac.uk/itil Service Management House Customers Avail. Mgmt Capacity Mgmt Service Level Mgmt Continuity Mgmt Financial
More informationChecklist of ISO 22301 Mandatory Documentation
Checklist of ISO 22301 Mandatory Documentation 1) Which documents and records are required? The list below shows the minimum set of documents and records required by ISO 22301:2012 (the standard refers
More informationBusiness Continuity Plan Toolkit
Business Continuity Plan Toolkit March 2015 1 Contents The Template instructions for use... 2 Introduction... 3 What is the purpose of this toolkit?... 3 Why do you need a Business Continuity Plan?...
More informationNOT PROTECTIVELY MARKED BUSINESS CONTINUITY. Specialist Operations Contingency Planning Business Continuity Manager 17.09.12
POLICY BUSINESS CONTINUITY Policy owners Policy holder Author Head of Services Specialist Operations Contingency Planning Business Continuity Manager Policy No. 132 Approved by Legal Services 17.09.12
More informationDisaster Recovery Policy
Disaster Recovery Policy INTRODUCTION This policy provides a framework for the ongoing process of planning, developing and implementing disaster recovery management for IT Services at UCD. A disaster is
More informationESCB definitions of major business continuity terms in relation to payment and securities settlement systems 1
ESCB definitions of major business continuity terms in relation to payment and securities settlement systems 1 June 2007 The ESCB has developed a glossary of major business continuity terms for market
More informationCompany Management System. Business Continuity in SIA
Company Management System Business Continuity in SIA Document code: Classification: Company Project/Service Year Document No. Version Public INDEX 1. INTRODUCTION... 3 2. SIA S BUSINESS CONTINUITY MANAGEMENT
More informationITIL: What is it? How does ITIL link to COBIT and ISO 17799?
ITIL: What is it? How does ITIL link to COBIT and ISO 17799? 1 What is ITIL? The IT Infrastructure Library A set of books comprising an IT service management Best Practices framework An industry of products,
More informationIT Service Continuity Management PinkVERIFY
-11-G-001 General Criteria Does the tool use ITIL 2011 Edition process terms and align to ITIL 2011 Edition workflows and process integrations? -11-G-002 Does the tool have security controls in place to
More informationBusiness Continuity Management Framework 2014 2017
Business Continuity Management Framework 2014 2017 Blackpool Council Business Continuity Framework V3.0 Page 1 of 13 CONTENTS 1.0 Forward 03 2.0 Administration 04 3.0 Policy 05 4.0 Business Continuity
More informationInformation Technology Engineers Examination. Information Technology Service Manager Examination. (Level 4) Syllabus
Information Technology Engineers Examination Information Technology Service Manager Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination
More informationWestern Intergovernmental Audit Forum
Western Intergovernmental Audit Forum Business Continuity & Disaster Recovery Planning September 12, 2013 Presented by: City of Phoenix City Auditor Department Aaron Cook, Sr Internal Auditor IT Audit
More informationTutorial: Towards better managed Grids. IT Service Management best practices based on ITIL
Tutorial: Towards better managed Grids. IT Service Management best practices based on ITIL EGI Technical Forum 2011, Lyon (France) September 22, 2011 Dr. Thomas Schaaf www.gslm.eu EMERGENCE TECH LTD. The
More informationBusiness Continuity Planning. A guide to loss prevention
Business Continuity Planning A guide to loss prevention There are many statistics quoted about the effect that a lack of planning for a disaster has on a business. What s certain is that any unplanned
More informationSuccess or Failure? Your Keys to Business Continuity Planning. An Ingenuity Whitepaper
Success or Failure? Your Keys to Business Continuity Planning An Ingenuity Whitepaper May 2006 Overview With the level of uncertainty in our world regarding events that can disrupt the operation of an
More informationIT Service Management Practitioner: Plan & Improve (based on ITIL ) (IPPI.EN)
Exam requirements IT Service Management Practitioner: Plan & Improve (based on ITIL ) (IPPI.EN) Publication date 01-12-2009 Start date 01-03-2007 Summary Target group Context Prerequisites Practical assignment
More informationIT Disaster Recovery Plan Template
HOPONE INTERNET CORP IT Disaster Recovery Plan Template Compliments of: Tim Sexton 1/1/2015 An information technology (IT) disaster recovery (DR) plan provides a structured approach for responding to unplanned
More informationEMERGENCY PREPAREDNESS PLAN Business Continuity Plan
EMERGENCY PREPAREDNESS PLAN Business Continuity Plan GIS Bankers Insurance Group Powered by DISASTER PREPAREDNESS Implementation Small Business Guide to Business Continuity Planning Surviving a Catastrophic
More informationContingency Planning Guide
Institutional and Sector Modernisation Facility ICT Standards Contingency Planning Guide Document number: ISMF-ICT/3.03 - ICT Security/MISP/SD/CP Version: 1.20 Project Funded by the European Union 1 Document
More informationBusiness Continuity Management
Business Continuity Management Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme. It should not
More informationSample Exam. IT Service Management Foundation based on ISO/IEC 20000
Sample Exam IT Service Management Foundation based on ISO/IEC 20000 Edition April 2011 Copyright 2011 EXIN All rights reserved. No part of this publication may be published, reproduced, copied or stored
More informationBusiness Continuity Planning 101. +1 610 768-4120 (800) 634-2016 www.strohlsystems.com info@strohlsystems.com
Business Continuity Planning 101 Presentation Overview What is business continuity planning Plan Development Plan Testing Plan Maintenance Future advancements in BCP Question & Answer What is a Disaster?
More informationAppendix 2 - Leicester City Council s Business Continuity Management Policy Statement and Strategy 2015. Business Continuity Policy Statement 2015
Appendix 2 - Leicester City Council s Business Continuity Management Policy Statement and Strategy 2015 Business Continuity Policy Statement 2015 This Policy sets the direction for Business Continuity
More informationIntroduction UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT
INFORMATION SECURITY: UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT FACTSHEET This factsheet will introduce you to Business Continuity Management (BCM), which is a process developed to counteract systems
More informationThe ABC s of BCP. Jeremy Sucharski Governance Risk and Compliance G31
The ABC s of BCP Jeremy Sucharski Governance Risk and Compliance G31 Jeremy Sucharski, CISA, CRISC Over 12 years of experience CISA and CRISC Certifications Governance, Risk and Compliance Practice Leader
More informationIncident Management Get Your Basics Right
Incident Management Get Your Basics Right Introduction Neil Thomas Industry experience in IT & IT support ITIL Vendor Product Management ITIL Consulting Specialised in Service Catalog & CMDB Introduction
More informationD2-02_01 Disaster Recovery in the modern EPU
CONSEIL INTERNATIONAL DES GRANDS RESEAUX ELECTRIQUES INTERNATIONAL COUNCIL ON LARGE ELECTRIC SYSTEMS http:d2cigre.org STUDY COMMITTEE D2 INFORMATION SYSTEMS AND TELECOMMUNICATION 2015 Colloquium October
More informationBank of Papua New Guinea Prudential Standard BPS251: Business Continuity Management
Bank of Papua New Guinea Prudential Standard BPS251: Business Continuity Management Issued under Section 27 of the Banks and Financial Institutions Act 2000 Overview and Key Requirements Business Continuity
More informationBusiness Continuity Planning
Business Continuity Planning We believe all organisations recognise the importance of having a Business Continuity Plan, however we understand that it can be difficult to know where to start. That s why
More informationInstitute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY 14304-1745
ECP - 601: Effective Business Continuity Management: ISO 22301 This 3-day course provides an intensive, hands-on workshop covering all major aspects for the design of an effective Business Continuity Plan
More informationInformation Technology Infrastructure Library -ITIL. IT Governance CEN 667
Information Technology Infrastructure Library -ITIL IT Governance CEN 667 1 Lectures Schedule Week Topic Introduction to IT governance Week 1 Overwiev of Information Security standards - ISO 27000 series
More informationIT Organisation in Change
IT Organisation in Change ENTERPRISE SOFTWARE ENGINEERING & SOFTWARE ENGINEERING IN THE ENTERPRISE IT change Quality of IT s Costs of IT s change Future Now Perfect IT s Business Demands Can we deliver?
More informationQ uick Guide to Disaster Recovery Planning An ITtoolkit.com White Paper
This quick reference guide provides an introductory overview of the key principles and issues involved in IT related disaster recovery planning, including needs evaluation, goals, objectives and related
More informationTemple university. Auditing a business continuity management BCM. November, 2015
Temple university Auditing a business continuity management BCM November, 2015 Auditing BCM Agenda 1. Introduction 2. Definitions 3. Standards 4. BCM key elements IT Governance class - IT audit program
More informationITIL Essentials Study Guide
ITIL Essentials Study Guide Introduction Service Support Functions: Service Desk Incident Management Problem Management Change Management Configuration Management Release Management Service Delivery Functions:
More informationBUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS
BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS DIRECTORATE OF BANKING SUPERVISION AUGUST 2009 TABLE OF CONTENTS PAGE 1.0 INTRODUCTION..3 1.1 Background...3 1.2 Citation...3
More informationBusiness Continuity Management Emerging Trends
Business Continuity Management Emerging Trends Presentation Title Goes Here Samir Shah CA, CISA, DISA, CIA, CISSP, CFE, ISO 22301 LI Associate Director Axis Risk Consulting March 2013 Outline 2 1. Business
More informationCISM Certified Information Security Manager
CISM Certified Information Security Manager Firebrand Custom Designed Courseware Chapter 4 Information Security Incident Management Exam Relevance Ensure that the CISM candidate Establish an effective
More informationITIL Introducing service design
ITIL Introducing service design The objectives of service design The main objective of the service design stage can be defined as: The design of appropriate and innovative IT services, including their
More information<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP
IT Disaster Recovery Plan Template By Paul Kirvan, CISA, CISSP, FBCI, CBCP Revision History REVISION DATE NAME DESCRIPTION Original 1.0 2 Table of Contents Information Technology Statement
More informationBUSINESS CONTINUITY MANAGEMENT POLICY
BUSINESS CONTINUITY MANAGEMENT POLICY AUTHORISED BY: DATE: Andy Buck Chief Executive March 2011 Ratifying Committee: NHS Rotherham Board Date Agreed: Issue No: NEXT REVIEW DATE: 2013 1 Lead Director John
More informationPART II ITIL FOUNDATIONS FOR SNIA CERTIFICATION SERVICE DELIVERY & STORAGE MANAGEMENT. Dr. D. Akira Robinson, Dept of Navy American ITIL, Ltd.
PART II ITIL FOUNDATIONS FOR SNIA CERTIFICATION SERVICE DELIVERY & STORAGE MANAGEMENT Dr. D. Akira Robinson, Dept of Navy American ITIL, Ltd. SNIA Legal Notice The material contained in this tutorial is
More informationA Managed Storage Service on a Hybrid Cloud
A Managed Storage on a Hybrid Cloud Business Context Sustainability Improve procurement & contract management Embrace and optimise advances in technology Environmental improvement & carbon reduction Global
More informationBlackboard Managed Hosting SM Disaster Recovery Planning Document
BLACKBOARD MANAGED HOSTING Blackboard Managed Hosting SM Disaster Recovery Planning Document Prepared By: MH Services Modified Date: March 2009 Revision: 1.8 1. OBJECTIVES... 3 2. SCOPE... 3 3. ASSUMPTIONS...
More informationBusiness Continuity Management Policy
Business Continuity Management Policy Business Continuity Policy Version 1.0 1 Version control Version Date Changes Author 0.1 April 13 1 st draft PH 0.2 June 13 Amendments in line with guidance PH 0.3
More informationOffsite Disaster Recovery Plan
1 Offsite Disaster Recovery Plan Offsite Disaster Recovery Plan Presented By: Natan Verkhovsky President Disty Portal Inc. 2 Offsite Disaster Recovery Plan Introduction This document is a comprehensive
More informationBusiness Continuity Management 101. Patrick Potter, CBCP MHA Consulting ISACA November 19, 2009
Business Continuity Management 101 Patrick Potter, CBCP MHA Consulting ISACA November 19, 2009 1 Who is MHA Consulting Who We Are What We Do Leading boutique consulting firm since 1998 Provider of consulting
More informationBUSINESS CONTINUITY MANAGEMENT FRAMEWORK
BUSINESS CONTINUITY MANAGEMENT FRAMEWORK Document Author: Civil Contingencies Service - Authorised by the CCS Joint Management Board - Version 1.0. Issued December 2012 Page 1 FRAMEWORK STATEMENT Business
More informationBusiness Continuity Planning
Business Continuity Planning Presenter Carolyn Bell-Wisdom, CIA, FCCA, FCA, CISA, CFE, Director, Internal Audit Outsourcing, Risk & Business Continuity Services at Jamaica AGENDA Welcome and introduction
More informationModule 7. Business Continuity Management
Module 7 Business Continuity Management MODULE 7: BUSINESS CONTINUITY MANAGEMENT Table of Contents Module 7: Business Continuity Management... 1 SECTION 1: OVERVIEW... 7 MODLULE 7: BUSINESS CONTINUITY
More informationWhy Should Companies Take a Closer Look at Business Continuity Planning?
whitepaper Why Should Companies Take a Closer Look at Business Continuity Planning? How Datalink s business continuity and disaster recovery solutions can help organizations lessen the impact of disasters
More informationProtecting your Enterprise
Understanding Disaster Recovery in California Protecting your Enterprise Session Overview Why do we Prepare What is? How do I analyze (measure) it? What to do with it? How do I communicate it? What does
More informationDomain 1 The Process of Auditing Information Systems
Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge
More informationHow to measure your business resiliency
How to measure your business resiliency Define the KPI s/kri s and scorecards to control your security and business continuity capabilities Krzysztof Pulkiewicz BCMLogic krzysztof.pulkiewicz@bcmlogic.com
More informationGuideline - Business Continuity Plan
Guideline - Business Continuity Plan 1. Introduction: The Business Continuity Plan is a component of the Risk and Business Management suite. This suite includes: Risk Management including risk registers
More information#316 The Security Elements of Business Continuity & Disaster Recovery Plans
#316 The Security Elements of Business Continuity & Disaster Recovery Plans Ken Doughty CISA CBCP ODAS kdoughty@ozemail.com.au Presentation Outline Introduction Overview of Business Continuity Security
More informationDisaster Recovery. Hendry Taylor Tayori Limited
Disaster Recovery Hendry Taylor Tayori Limited Agenda What is Business Continuity planning (BCP) What is Disaster Recovery (DR) and Disaster Recovery Planning (DRP) Overview Lifecycle Analysis Plan design
More informationBusiness Continuity Management (BCM) Policy
Business Continuity Management (BCM) Policy Reference number: Corporate 042 Title: Business Continuity Management (BCM) Policy Version number: Version 2 Policy Approved by: LLR PCT Cluster Board Date of
More informationBusiness Continuity Plan
Business Continuity Plan October 2007 Agenda Business continuity plan definition Evolution of the business continuity plan Business continuity plan life cycle FFIEC & Business continuity plan Questions
More informationwww.td.com.au Business Continuity - IT Disaster Recovery Discussion Paper - - Commercial in Confidence Version V2.0R Wednesday, 5 September 2012
Business Continuity - IT Disaster Recovery Discussion Paper - - Version V2.0R Wednesday, 5 September 2012 Commercial in Confidence Melbourne Sydney 79-81 Coppin St Level 2 Richmond VIC 3121 414 Kent St
More informationRegulatory Requirements for Disaster Recovery/Business Continuity Programs
Regulatory Requirements for Disaster Recovery/Business Continuity Programs Al Berman Business Continuity Planning Practice Post 9/11 Surge in Business Continuity Regulations and Standards Post 9-11 20
More informationBusiness Continuity and Disaster Recovery Planning
Business Continuity and Disaster Recovery Planning Jennifer Brandt, CISA A p r i l 16, 2015 HISTORY OF STINNETT & ASSOCIATES Stinnett & Associates (Stinnett) is a professional advisory firm offering services
More informationFinding the areas for improvement in plans, processes and procedures to protect shareholder value Performance driven. Quality assured.
End-to-End Business Continuity Testing Finding the areas for improvement in plans, processes and procedures to protect shareholder value Performance driven. Quality assured. End-to-End Business Continuity
More informationOverview. Service Description: BCP & DR Strategy (L6)
Service Description: BCP & DR Strategy (L6) Government Enterprise Architecture Specialists T: 07966 457 571 E: peter@vision-ist.net Overview Visionist will help your organisation develop a Business Continuity
More informationAn ITIL Perspective for Storage Resource Management
An ITIL Perspective for Storage Resource Management BJ Klingenberg, IBM Greg Van Hise, IBM Abstract Providing an ITIL perspective to storage resource management supports the consistent integration of storage
More informationWhat is Business Continuity Planning (BCP) / Disaster Recovery Plan(DRP)?
Workshop on System Audit of Banks BCP Workshop on System Audit of Banks What is Business Continuity Planning (BCP) / Disaster Recovery Plan(DRP)? - Preparedness of an organisation to ensure continuity,
More informationHA / DR Jargon Buster High Availability / Disaster Recovery
HA / DR Jargon Buster High Availability / Disaster Recovery Welcome to Maxava s Jargon Buster. Your quick reference guide to Maxava HA and industry technical terms related to High Availability and Disaster
More informationPAPER-6 PART-4 OF 5 CA A.RAFEQ, FCA
1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-4 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand
More informationInformation Security Management: Business Continuity Planning. Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt.
Information Security Management: Business Continuity Planning Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt. Overview BCP: Definition BCP: Need for (Why?) BCP: When BCP: Who
More informationFINRMFS9 Facilitate Business Continuity Planning and disaster recovery for a financial services organisation
Facilitate Business Continuity Planning and disaster recovery for a Overview This unit is suitable for those working in risk management roles who have responsibility for facilitating business continuity
More informationNEEDS BASED PLANNING FOR IT DISASTER RECOVERY
The Define/Align/Approve Reference Series NEEDS BASED PLANNING FOR IT DISASTER RECOVERY Disaster recovery planning is essential it s also expensive. That s why every step taken and dollar spent must be
More informationState of South Carolina Policy Guidance and Training
State of South Carolina Policy Guidance and Training Policy Workshop All Agencies Business Continuity Management Policy June 2014 Agenda Questions & Follow-Up Policy Workshop Overview & Timeline Policy
More informationDRAFT Disaster Recovery Policy Template
DRAFT Disaster Recovery Policy Template NOTE: This is a boiler plate template much information is needed from to finalizeconsider this document pre-draft FOREWARD... 3 Policy Overview...
More informationCENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT
CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14
More informationStatement of Guidance
Statement of Guidance Business Continuity Management All Licensees 1. Statement of Objectives 1.1. To enhance the resilience of the financial sector and to minimise the potential impact of a major operational
More informationInformation Services IT Security Policies B. Business continuity management and planning
Information Services IT Security Policies B. Business continuity management and planning Version 1 Date created: 28th May 2009 Approved by Directorate: 2nd July 2009 Review date: 1st July 2010 Primary
More informationTips and techniques a typical audit programme
Auditing Business Continuity Planning Tips and techniques a typical audit programme Karen Wills, Senior Internal Auditor St James s Place Wealth Management February 2014 Contents Background Roles and Responsibilities
More informationApplication / Hardware - Business Impact Analysis Template. MARC Configuration Requirements. Business Impact Analysis
Application / Hardware - Business Impact Analysis Template The single most important thing we can do is help you understand the criticality of each application, supporting hardware/server/pc and the required
More informationMHA Consulting. Business Continuity Management 101
0 MHA Consulting Business Continuity Management 101 Presented by: Michael Herrera Brandon Magestro MHA Consulting Agenda MHA Consulting Introduction Business Continuity Management (BCM) Defined 2013 Trends
More information