2014 NABRICO Conference

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "2014 NABRICO Conference"

Transcription

1 Business Continuity Planning 2014 NABRICO Conference September 19, CityPlace Drive, Suite 900 St. Louis, Missouri S. Fifth Street, Suite 309 St. Charles, Missouri S. State Route 157, Ste. 300 Glen Carbon, IL

2 Presenter Tony Munns Partner IT Risk Advisory Services CISA, FBCS, CITP, CIRM Tel: Cell: Leads the Risk IT Audit Services for the firm s clients for the past 11 years. Prior experience includes 3 years with Andersen LLP as Technology Risk Consulting Practice Leader Previous employment experience over 18 years at 3 Fortune 500 companies: Lucent Technologies, Kraft Foods and the Prudential Assurance Company 2014 Brown Smith Wallace All Rights Reserved

3 Agenda Changing strategies Then and Now Business Impact Analysis Disaster Recovery Planning Business Continuity Planning Questions 2013 Brown Smith Wallace All Rights Reserved

4 Acronyms BIA Business Impact Analysis TRA Threat and Risk Analysis RTO Recovery Time Objective RPO Recovery Point Objective DRP Disaster Recovery Plan BCP Business Continuity Plan

5 Changing Strategies External Factors 9/11 Gave Us a Boost to Planning Activities Hurricane Sandy Tornados However: It couldn t happen again syndrome sets in Realities of economy stalling efforts Confusion over emerging regulations occurring Companies Outsourcing More Disaster Recovery Efforts Use of commercial hot-site contracts, moving to multiple datacenters, colocation. Complexity of task overwhelming for many companies Higher Emphasis Placed on Cyber Security perceived as the bigger risk Confusing Standards and Lack of Common Criteria 2013 Brown Smith Wallace All Rights Reserved

6 Then and Now THEN Few key applications Standalone systems Single platform Local connection Tape backups Office based Slow communications Bricks & mortar In-house systems Big company need NOW Many applications Highly integrated systems Multiple platforms LAN, WAN, remote connection Data replication Remote workers Instant connection e-commerce Remote & outsourced systems Every company s need 2013 Brown Smith Wallace All Rights Reserved

7 Components of Planned Recovery Executive Sponsorship Business Impact Analysis Disaster Recovery Planning Business Continuity Planning

8 BCP/DRP Plan Structure Conduct a Business Impact Analysis and Risk Assessment identifies mission critical business functions and processes assess the probability and impact to the business if critical business processes are disrupted identifies recovery requirements Disaster Recovery Plans usually developed using business process data flow diagrams identifies the priorities that infrastructure, systems and applications need to be recovered based upon a hierarchy of dependencies or business needs Crisis Management and Communication Plan provides guidance to management and outlines the necessary steps to execute during a significant business disruption (e.g. definition of a disaster, engaging crisis management team, communication plan, public relationships, etc.) Business Continuity Plans identifies alternate procedures to execute when primary business or work location and resources are unavailable Pandemic Plan Consideration It is necessary to prepare a plan to protect a business s #1 resource (employees) in the event of a wide spread influenza outbreak or chemical contamination Annual testing Encourages continuous process improvement and plan maintenance Continuous Update! 2012 Brown Smith Wallace All Rights Reserved

9 Templates and Approaches DRII - DRI International ISO International Organization for Standardization ISO 27031:2011 Guidelines for information and communications technology readiness for business continuity ITIL Information Technology Infrastructure Library NIST National Institute of Standards and Technology Special Publication Contingency Planning Guide for IT Systems Test, Training & Exercise Programs FEMA Template for SMBs FINRA

10 Business Impact Analysis Step 1 Risk Assessment Perform a Business Impact Analysis (BIA) Risk Assessment to identify: threats and risks, control options and their cost. Approach: Identify and prioritize risk associated with each business unit/area within the company Develop a high level matrix providing management a summary view of the BIAs across the enterprise Identify gaps and provide recommendations to mitigate the identified risks Deliverable: An executive summary accompanied by a high level matrix identifying business processes and the threats and risks that could cause a significant business disruption. In addition, the matrix should include a TRA (Threat and Risk Analysis) that includes risk control options, cost of risk control options, effectiveness of risk control options, and comparison of risk control options cost and effectiveness Brown Smith Wallace All Rights Reserved

11 Business Impact Analysis Step 2 Identify Recovery Requirements For mission critical business functions and processes, interview business owners and document desired recovery time and point objectives. Approach: Identify and prioritize critical business functions and processes associated with each business unit/area within the company including all back office systems For various RTOs and RPOs develop a cost analysis of the architecture required for the desired recovery Identify any potential architectural or process improvements that would facilitate a more cost effective approach to recovery Deliverable: An executive summary accompanied by a high level matrix identifying business processes desired recovery requirements, and the costs associated with each approach. In addition, recommendations should be presented for architecture and process improvements that will mitigate the cost associated with the desired recovery objectives Brown Smith Wallace All Rights Reserved

12 Business Impact Analysis Step 3: Based upon the results of the BIA, identify action steps necessary to develop the Disaster Recovery Plan and Business Continuity Plan. This may include Crisis Management, Continuity, and Disaster Recovery Plan development. Deliverable: Provide management a gap analysis and action plan identifying the necessary steps for completing the Disaster Recovery Planning and Business Continuity process Brown Smith Wallace All Rights Reserved

13 Contents of a Good Plan Definition The IT Disaster Recovery Plan is a written strategy created to facilitate an organization s quick and successful response to severe disasters. Through the division and allocation of pre-defined responsibilities and duties, response times are minimized. With the creation of an IT DR plan, effort is made to provide a dependable and efficient restoration of services in the event of a disaster.

14 Contents of a Good Plan Objectives know what they are, and limitations Document specific definitions and guidelines for declaring disaster scenarios and corresponding emergency responses. Provide for the continuation of critical IT and related business functions and recovery in the event of a disaster. Maximize the expediency and effectiveness of recovery operations through an established set of strategic plans. Identify the necessary policies, procedures, and resources required to maintain critical Information Technology support services during prolonged interruptions to routine operations. Assign responsibilities and duties to designated personnel for the implementation of disaster recovery procedures. Ensure coordination between appropriate staff concerning disaster contingency planning strategies. Ensure appropriate plans have been created to coordinate external vendors, clients, and contacts in the event of a disaster. Provide standards for testing components of the Disaster Recovery Plan.

15 Contents of a Good Plan Assumptions document & Validate them Key personnel have been identified and trained in their emergency response and recovery roles. It is also assumed that each person is available to activate and carry out their assigned responsibilities and duties. Current backup media, containing relevant data for applicable critical IT services and components, are available thru designated data library relocation providers. All required IT related hardware is either available, or can be obtained in a timely fashion. All required software is available and current along with appropriate licensing. All required hardware and software vendor support contracts are maintained and are current. Contracted temporary disaster recovery sites will be available at the time of need. Designated management staff will communicate appropriate status information to those applicable personnel, vendors, and agents affected by a declared disaster. All required disaster recovery related documentation is available and current. Most importantly, it is assumed that this Disaster Recovery Plan is reviewed, tested, and updated on an annual basis at a minimum.

16 Contents of a Good Plan Overview Introduction Scope Objective Assumptions Disaster definitions Disaster likelihood ratings Threat levels Declaration of disaster Preparing for disaster Disaster response budget Disaster response team defined

17 Contents of a Good Plan Disaster recovery escalation process defined Quick reference guide DR temporary recovery site Updated IT related documentation Dependencies Contact listings Vendor failures Avoiding & minimizing disasters IT recovery details Plan monitoring, review, and testing Continuous Update

18 Contents of a Good Plan Make sure you include: Wide Area Network Documentation Local Area Network Documentation Server Documentation Password Documentation Network/Software Application Documentation Vendor Contract Documentation Critical System Log Documentation Telecommunications and Voice Infrastructure Documentation

19 Business Continuity Planning Business Continuity Planning is the next step after Disaster Recovery Planning. DRP provides the technology infrastructure for the company to continue to function BCP provides procedures for operation of the organization and business units during a disaster

20 What is Business Continuity Planning? Business Continuity Planning is a planning process that identifies an organization s exposure to internal and external threats and identifies key processes that need to be protected to sustain business operations and maintain a competitive advantage in the event of a significant business disruption. Key Objectives: Minimize the possibility of interruptions to business operations Maintain a competitive advantage Prevent the company from becoming a business closure statistic due lack of planning

21 Business Continuity Planning Address all business functional areas (HR, Sales, Accounting, etc.) Address non-it related items Office supplies Desks/workspaces Business forms (check stock, purchase orders, sales orders, etc.) Reference material Supply chain management Communications Employees and stakeholders Media Legal and regulatory Customers Incident response planning and handling

22 BCP Lifecycle

23 Plan Contents Program Administration Define the scope, objectives, and assumptions of the business continuity plan. Business Continuity Organization Define the roles and responsibilities for team members. Identify the lines of authority, succession of management, and delegation of authority. Address interaction with external organizations including contractors and vendors.

24 Plan Contents Organization Chart Include a schedule of team member contact information, role, alternatives

25 Plan Contents Business Impact Analysis Insert results of Business Impact Analysis Identify Recovery Time Objectives for business processes and information technology Identify Recovery Point Objective for data restoration Business Continuity Strategies & Requirements Insert detailed procedures, resource requirements, and logistics for execution of all recovery strategies Insert detailed procedures, resource requirements, and logistics for relocation to alternate worksites Insert detailed procedures, resource requirements, and data restoration plan for the recovery of information technology (networks and required connectivity, servers, desktop/laptops, wireless devices, applications, and data)

26 Plan Contents Manual Workarounds Document all forms and resource requirements for all manual workarounds Incident Management Define procedures: Incident detection and reporting Alerting and notifications Business continuity plan activation Emergency operations center activation Damage assessment (coordination with emergency response plan) and situation analysis Development and approval of an incident action plan

27 Plan Contents Training, Testing & Exercising Training curriculum for business continuity team members Testing schedule, procedures, and forms for business recovery strategies and information technology recovery strategies Orientation, tabletop, and full-scale exercises Program Maintenance and Improvement Schedule, triggers, and assignments for the periodic review of the business continuity plan Details of corrective action program to address deficiencies

28 Plan Contents Also include references to related Policies & Procedures Emergency Response Plan Information Technology Disaster Recovery Plan (if not included in the business continuity plan) Vendors, Suppliers and Partners Contact Information Crisis Communications Plan Employee Assistance Plan

29 Consequences Due to Lack of DRP/BCP Lost data Longer data recovery time No contingency procedures during recovery process Damage to company reputation Employee downtime Dependence on a few key people who have required system/organizational knowledge

30 Closing Quotes Bob Clark CEO Clayco I don t want to become a Katrina statistic; like some of my competitors in Louisiana CBS MoneyWatch Big, disruptive events like the BP oil spill, Hurricane Katrina, and the California wildfires make the news, but it's more often the smaller, unexpected disasters that wreak havoc on a company's ability to function. Unknown An organization that fails to provide a minimum level of service to its clients following a disastrous event may not have a business to recover. Protect all to protect one in order to protect any single business function, the enterprise must be protected Brown Smith Wallace All Rights Reserved

31 Questions 2013 All Rights Reserved Brown Smith Wallace LLC 31

32 Presenter Tony Munns Partner IT Risk Advisory Services CISA, FBCS, CITP, CIRM Tel: Cell: Leads the Risk IT Audit Services for the firm s clients for the past 11 years. Prior experience includes 3 years with Andersen LLP as Technology Risk Consulting Practice Leader Previous employment experience over 18 years at 3 Fortune 500 companies: Lucent Technologies, Kraft Foods and the Prudential Assurance Company 2014 Brown Smith Wallace All Rights Reserved

Temple university. Auditing a business continuity management BCM. November, 2015

Temple university. Auditing a business continuity management BCM. November, 2015 Temple university Auditing a business continuity management BCM November, 2015 Auditing BCM Agenda 1. Introduction 2. Definitions 3. Standards 4. BCM key elements IT Governance class - IT audit program

More information

Business Continuity Plan

Business Continuity Plan Business Continuity Plan October 2007 Agenda Business continuity plan definition Evolution of the business continuity plan Business continuity plan life cycle FFIEC & Business continuity plan Questions

More information

CISM Certified Information Security Manager

CISM Certified Information Security Manager CISM Certified Information Security Manager Firebrand Custom Designed Courseware Chapter 4 Information Security Incident Management Exam Relevance Ensure that the CISM candidate Establish an effective

More information

New Clerk Academy. August 13, 2015

New Clerk Academy. August 13, 2015 New Clerk Academy August 13, 2015 Disaster Recovery OVERVIEW Presentation Agenda Introduction and Definitions DR Motivators and Drivers Recovery Challenges Scope of Disasters Components of Recovery Plans

More information

State of South Carolina Policy Guidance and Training

State of South Carolina Policy Guidance and Training State of South Carolina Policy Guidance and Training Policy Workshop All Agencies Business Continuity Management Policy June 2014 Agenda Questions & Follow-Up Policy Workshop Overview & Timeline Policy

More information

Why Should Companies Take a Closer Look at Business Continuity Planning?

Why Should Companies Take a Closer Look at Business Continuity Planning? whitepaper Why Should Companies Take a Closer Look at Business Continuity Planning? How Datalink s business continuity and disaster recovery solutions can help organizations lessen the impact of disasters

More information

Business Continuity and Disaster Recovery Planning

Business Continuity and Disaster Recovery Planning Business Continuity and Disaster Recovery Planning Jennifer Brandt, CISA A p r i l 16, 2015 HISTORY OF STINNETT & ASSOCIATES Stinnett & Associates (Stinnett) is a professional advisory firm offering services

More information

By: Tracy Hall. Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level. June 9, 2015

By: Tracy Hall. Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level. June 9, 2015 Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level June 9, 2015 By: Tracy Hall MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company,

More information

NIST SP 800-34, Revision 1 Contingency Planning Guide for Federal Information Systems

NIST SP 800-34, Revision 1 Contingency Planning Guide for Federal Information Systems NIST SP 800-34, Revision 1 Contingency Planning Guide for Federal Information Systems Marianne Swanson NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Table Of Contents Introduction to NIST SP 800-34

More information

Continuity of Operations Planning. A step by step guide for business

Continuity of Operations Planning. A step by step guide for business What is a COOP? Continuity of Operations Planning A step by step guide for business A Continuity Of Operations Plan (COOP) is a MANAGEMENT APPROVED set of agreed-to preparations and sufficient procedures

More information

2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level. Tracy L. Hall, MBCP

2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level. Tracy L. Hall, MBCP 2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level Tracy L. Hall, MBCP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C.

More information

Western Intergovernmental Audit Forum

Western Intergovernmental Audit Forum Western Intergovernmental Audit Forum Business Continuity & Disaster Recovery Planning September 12, 2013 Presented by: City of Phoenix City Auditor Department Aaron Cook, Sr Internal Auditor IT Audit

More information

9/3/2009. Information Systems Disaster Recovery. Learning Objectives. Why have a plan? unexpected? APPA-Institute for Facilities Management

9/3/2009. Information Systems Disaster Recovery. Learning Objectives. Why have a plan? unexpected? APPA-Institute for Facilities Management Information Systems Disaster Recovery APPA-Institute for Facilities Management J. Craig Klimczak, D.V.M., M.S. Vice-Chancellor for Technology St. Louis Community College 300 South Broadway St. Louis, MO

More information

MHA Consulting. Business Continuity Management 101

MHA Consulting. Business Continuity Management 101 0 MHA Consulting Business Continuity Management 101 Presented by: Michael Herrera Brandon Magestro MHA Consulting Agenda MHA Consulting Introduction Business Continuity Management (BCM) Defined 2013 Trends

More information

Disaster Recovery Planning. By Janet Coggins

Disaster Recovery Planning. By Janet Coggins Comp 5940 Project Disaster Recovery Planning By Janet Coggins Janet H. Coggins Page 1 11/21/2004 Table of Contents List of each Section....Page 2 Section 1 Executive Summary Overview of the scope of the

More information

Best Practices in Disaster Recovery Planning and Testing

Best Practices in Disaster Recovery Planning and Testing Best Practices in Disaster Recovery Planning and Testing axcient.com 2015. Axcient, Inc. All Rights Reserved. 1 Best Practices in Disaster Recovery Planning and Testing Disaster Recovery plans are widely

More information

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain 1. What is the most common planned performance duration for a continuity of operations plan (COOP)? A. 30 days B. 60 days C. 90 days D. It depends on the severity of a disaster. 2. What is the business

More information

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY 14304-1745

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY 14304-1745 ECP - 601: Effective Business Continuity Management: ISO 22301 This 3-day course provides an intensive, hands-on workshop covering all major aspects for the design of an effective Business Continuity Plan

More information

Assessing Your Disaster. Andrews Hooper Pavlik PLC. Andrews Hooper Pavlik PLC

Assessing Your Disaster. Andrews Hooper Pavlik PLC. Andrews Hooper Pavlik PLC Assessing Your Disaster Recovery Plans Gregory H. Soule, CPA, CISA, CISSP, CFE Andrews Hooper Pavlik PLC Andrews Hooper Pavlik PLC Agenda Business Continuity Concepts Impact Analysis Risk Assessment Risk

More information

Business Continuity Planning for Risk Reduction

Business Continuity Planning for Risk Reduction Business Continuity Planning for Risk Reduction Ion PLUMB ionplumb@yahoo.com Andreea ZAMFIR zamfir_andreea_ileana@yahoo.com Delia TUDOR tudordelia@yahoo.com Faculty of Management Academy of Economic Studies

More information

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

William Rider Manager Disaster Recovery & Data Security The Johns Hopkins Health System & University

William Rider Manager Disaster Recovery & Data Security The Johns Hopkins Health System & University William Rider Manager Disaster Recovery & Data Security The Johns Hopkins Health System & University Competitive Leadership- Twelve Principles For Success Brian Billick Chapter 3 Be Be Prepared The time

More information

Domain 3 Business Continuity and Disaster Recovery Planning

Domain 3 Business Continuity and Disaster Recovery Planning Domain 3 Business Continuity and Disaster Recovery Planning Steps (ISC) 2 steps [Har10] Project initiation Business Impact Analysis (BIA) Recovery strategy Plan design and development Implementation Testing

More information

STEP-BY-STEP BUSINESS CONTINUITY AND EMERGENCY PLANNING MAY 27 2015

STEP-BY-STEP BUSINESS CONTINUITY AND EMERGENCY PLANNING MAY 27 2015 STEP-BY-STEP BUSINESS CONTINUITY AND EMERGENCY PLANNING MAY 27 2015 AGENDA: Emergency Management Business Continuity Planning Q & A MONTH DAY, YEAR TITLE OF THE PRESENTATION 2 CANADIAN RED CROSS Disaster

More information

Business Continuity Overview

Business Continuity Overview Business Continuity Overview Beverley A. Retjos Senior Manager WW SWG Security & Controls 03/12/07 Business Continuity Management (BCM) Process of ensuring that a business is prepared to survive any disruption

More information

a Disaster Recovery Plan

a Disaster Recovery Plan Construction of a Disaster Recovery Plan David Godwin, Sr. Sales Engineer March 18, 2014 Objectives Understand What Disaster Recovery is? Why is Disaster Recovery Needed? Effectively assist customers or

More information

Proposal for Business Continuity Plan and Management Review 6 August 2008

Proposal for Business Continuity Plan and Management Review 6 August 2008 Proposal for Business Continuity Plan and Management Review 6 August 2008 2008/8/6 Contents About Newton IT / Quality of our services. BCM & BS25999 Overview 2. BCM Development in line with BS25999 3.

More information

THORNBURG INVESTMENT MANAGEMENT THORNBURG INVESTMENT TRUST. Business Continuity Plan

THORNBURG INVESTMENT MANAGEMENT THORNBURG INVESTMENT TRUST. Business Continuity Plan THORNBURG INVESTMENT MANAGEMENT THORNBURG INVESTMENT TRUST Business Continuity Plan June 2012 Purpose The purpose of this Business Continuity Plan ( BCP ) is to define the strategies and the plans which

More information

Disaster Recovery Plan (Business Continuity) Template

Disaster Recovery Plan (Business Continuity) Template Brochure More information from http://www.researchandmarkets.com/reports/2786932/ Disaster Recovery Plan (Business Continuity) Template Description: The Disaster Planning Template is over 200 pages and

More information

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 125. When Disaster Strikes Are You Prepared?

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 125. When Disaster Strikes Are You Prepared? RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 125 When Disaster Strikes Are You Prepared? Copyright Materials This presentation is protected by US and International Copyright laws.

More information

Business Continuity Management

Business Continuity Management Business Continuity Management cliftonlarsonallen.com Introductions Brian Pye CliftonLarsonAllen Senior Manager Business Risk Services group 15 years of experience with Business Continuity Megan Moore

More information

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14

More information

Protecting your Enterprise

Protecting your Enterprise Understanding Disaster Recovery in California Protecting your Enterprise Session Overview Why do we Prepare What is? How do I analyze (measure) it? What to do with it? How do I communicate it? What does

More information

BCP and DR. P K Patel AGM, MoF

BCP and DR. P K Patel AGM, MoF BCP and DR P K Patel AGM, MoF Key difference between BS 25999 and ISO 22301 ISO 22301 puts a much greater emphasis on setting the objectives, monitoring performance and metrics aligning BC to top management

More information

Overview of how to test a. Business Continuity Plan

Overview of how to test a. Business Continuity Plan Overview of how to test a Business Continuity Plan Prepared by: Thomas Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com BRP/DRP Test Plan Creation and Exercise Page: 1 Table of Contents BCP/DRP Test

More information

GOVERNMENT FINANCE OFFICERS ASSOCIATION OF MISSOURI SPRING 2012 CONFERENCE IT DISASTER PLAN

GOVERNMENT FINANCE OFFICERS ASSOCIATION OF MISSOURI SPRING 2012 CONFERENCE IT DISASTER PLAN GOVERNMENT FINANCE OFFICERS ASSOCIATION OF MISSOURI SPRING 2012 CONFERENCE IT DISASTER PLAN 2012 Sikich LLP. All Rights Reserved. Presented by: Scott Wegner Partner, Director Networking Services Sikich

More information

Business Continuity Planning 101. +1 610 768-4120 (800) 634-2016 www.strohlsystems.com info@strohlsystems.com

Business Continuity Planning 101. +1 610 768-4120 (800) 634-2016 www.strohlsystems.com info@strohlsystems.com Business Continuity Planning 101 Presentation Overview What is business continuity planning Plan Development Plan Testing Plan Maintenance Future advancements in BCP Question & Answer What is a Disaster?

More information

Evaluating and Improving Your Business Continuity Plan

Evaluating and Improving Your Business Continuity Plan Evaluating and Improving Your Business Continuity Plan As presented to the Northeast Florida IIA Chapter January 23, 2015 Contact Information Karen Weir, MAC, CISA, CBCP Manager kweir@accretivesolutions.com

More information

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION Federal Financial Institutions Examination Council FFIEC Business Continuity Planning MARCH 2003 MARCH 2008 BCP IT EXAMINATION H ANDBOOK TABLE OF CONTENTS INTRODUCTION... 1 BOARD AND SENIOR MANAGEMENT

More information

Disaster Recovery Plan (Business Continuity) Template - Version 8.2

Disaster Recovery Plan (Business Continuity) Template - Version 8.2 Brochure More information from http://www.researchandmarkets.com/reports/3630899/ Disaster Recovery Plan (Business Continuity) Template - Version 8.2 Description: ISO 27000, SOX, PCI-DSS & HIPAA Compliant

More information

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015 Business Continuity Management Governance Frank Higgins Abu Dhabi March 2015 Different Names Same Concept BCM (Business Continuity Management) BSI 25999 IPOCM (Incident Preparedness & Operational Continuity

More information

Building a Security Conscious Business Continuity Management (BCM) Program

Building a Security Conscious Business Continuity Management (BCM) Program Building a Security Conscious Business Continuity Management (BCM) Program Sam Stahl, CBCP, MBCI EMC Global Professional Services Program Manager stahl_samuel@emc.com ASIS Singapore, 2014 Agenda Overview

More information

Ohio Supercomputer Center

Ohio Supercomputer Center Ohio Supercomputer Center IT Business Continuity Planning No: Effective: OSC-13 06/02/2009 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original

More information

Desktop Scenario Self Assessment Exercise Page 1

Desktop Scenario Self Assessment Exercise Page 1 Page 1 Neil Jarvis Head of IT Security & IT Risk DHL Page 2 From reputation to data loss - how important is business continuity? Neil Jarvis Head of IT Security (EMEA) DHL Logistics IT Security Taking

More information

The PNC Financial Services Group, Inc. Business Continuity Program

The PNC Financial Services Group, Inc. Business Continuity Program The PNC Financial Services Group, Inc. Business Continuity Program subsidiaries) 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis

More information

Table of Contents... 1

Table of Contents... 1 ... 1 Chapter 1 Introduction... 4 1.1 Executive Summary... 4 1.2 Goals and Objectives... 5 1.3 Senior Management and Board of Directors Responsibilities... 5 1.4 Business Continuity Planning Processes...

More information

Building and Maintaining a Business Continuity Program

Building and Maintaining a Business Continuity Program Building and Maintaining a Business Continuity Program Successful strategies for financial institutions for effective preparation and recovery Table of Contents Introduction...3 This white paper was written

More information

BC / DR Implementation Tying Disaster Recovery Investment to Measurable Business Value

BC / DR Implementation Tying Disaster Recovery Investment to Measurable Business Value BC / DR Implementation Tying Disaster Investment to Measurable Business Value Continuity Insights Conference May 16-18, 2005 Agenda Purpose Discuss best practice process and tools that might be leveraged

More information

Version 8.0 2014 Copyright Janco Associates, Inc. - http://www.e-janco.com Page 1

Version 8.0 2014 Copyright Janco Associates, Inc. - http://www.e-janco.com Page 1 Version 8.0 2014 Copyright Janco Associates, Inc. - http://www.e-janco.com Page 1 Table of Contents 1 1.0 Plan Introduction... 4 1.1 Mission and Objectives... 5 Compliance... 5 ISO Compliance Process...

More information

Business Unit CONTINGENCY PLAN

Business Unit CONTINGENCY PLAN Contingency Plan Template Business Unit CONTINGENCY PLAN Version 1.0 (Date submitted) Submitted By: Business Unit Date Version 1.0 Page 1 1 Plan Review and Updates... 3 2 Introduction... 3 2.1 Purpose...

More information

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP IT Disaster Recovery Plan Template By Paul Kirvan, CISA, CISSP, FBCI, CBCP Revision History REVISION DATE NAME DESCRIPTION Original 1.0 2 Table of Contents Information Technology Statement

More information

Interactive-Network Disaster Recovery

Interactive-Network Disaster Recovery Interactive-Network Disaster Recovery BACKGROUND IT systems are vulnerable to a variety of disruptions, ranging from mild (e.g., short-term power outage, disk drive failure) to severe (e.g., terrorism,

More information

Business continuity strategy

Business continuity strategy Business continuity strategy 2009 2012 Table of contents 1 Why this strategy is needed 3 2 Aim of the strategy 4 3 Our approach to business continuity 4 PROCESS 4 STRUCTURE 5 DOCUMENTATION 6 DISRUPTION

More information

University Information Technology Services. Information System Contingency Plan Instructions

University Information Technology Services. Information System Contingency Plan Instructions University Information Technology Services Information System Contingency Plan Instructions Prepared by Victor Font UITS Business Continuity / Disaster Recovery Coordinator January 2013 Table of Contents

More information

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK Federal Financial Institutions Examination Council FFIEC Business Continuity Planning BCP FEBRUARY 2015 IT EXAMINATION H ANDBOOK Table of Contents Introduction 1 Board and Senior Management Responsibilities

More information

www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014

www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 Agenda Key Definitions Risks Business Continuity Management Program BCM Capability Assessment Process BCM Value Proposition

More information

Ohio Conference for Payroll Professionals Disaster Recovery

Ohio Conference for Payroll Professionals Disaster Recovery Ohio Conference for Payroll Professionals Disaster Recovery Speaker Bruce E. Phipps CPP 2011 APA Payroll Man of the Year Principal Product Manager US Legislative Analyst ORACLE Corporation bruce.phipps@oracle.com

More information

External Supplier Control Requirements BCM

External Supplier Control Requirements BCM External Supplier Control Requirements BCM BCM Requirement Description BCM Tiers Recovery Time Objective Why this is important 1. Business Continuity Policy Supplier will have a documented Business Continuity

More information

Loss Control Webcast. Disaster Recovery Planning we re not in Kansas anymore

Loss Control Webcast. Disaster Recovery Planning we re not in Kansas anymore Loss Control Webcast Disaster Recovery Planning we re not in Kansas anymore May 15, 2013 1 The information presented in this material has been developed from sources believed to be reliable. It is presented

More information

Disaster Recovery Business Continuity Premium Edition

Disaster Recovery Business Continuity Premium Edition Brochure More information from http://www.researchandmarkets.com/reports/2787481/ Disaster Recovery Business Continuity Premium Edition Description: The Disaster Recovery Plan (DRP) Template PREMIUM Edition

More information

Creating a Business Continuity Plan for your Health Center

Creating a Business Continuity Plan for your Health Center Creating a Business Continuity Plan for your Health Center 1 Page Left Intentionally Blank 2 About This Manual This tool is the result of collaboration between the Primary Care Development Corporation

More information

Disaster Recovery Planning

Disaster Recovery Planning Disaster Recovery Planning NOW or NEVER Disaster Recovery Team Aura Advanced Technologies Aura Advanced Technologies Inc 1301-1121 Sixth Avenue SW Calgary, Alberta T2P 5J4 Phone: 403-269-6123 Fax: 403-269-6169

More information

Business Continuity Planning

Business Continuity Planning Business Continuity Planning We believe all organisations recognise the importance of having a Business Continuity Plan, however we understand that it can be difficult to know where to start. That s why

More information

Emergency Preparedness for Design Firms. RLI Design Professionals Design Professionals Learning Event DPLE 244 September 16, 2015

Emergency Preparedness for Design Firms. RLI Design Professionals Design Professionals Learning Event DPLE 244 September 16, 2015 Emergency Preparedness for Design Firms RLI Design Professionals Design Professionals Learning Event DPLE 244 September 16, 2015 RLI Design Professionals is a Registered Provider with The American Institute

More information

Company Management System. Business Continuity in SIA

Company Management System. Business Continuity in SIA Company Management System Business Continuity in SIA Document code: Classification: Company Project/Service Year Document No. Version Public INDEX 1. INTRODUCTION... 3 2. SIA S BUSINESS CONTINUITY MANAGEMENT

More information

NCUA LETTER TO CREDIT UNIONS

NCUA LETTER TO CREDIT UNIONS NCUA LETTER TO CREDIT UNIONS NATIONAL CREDIT UNION ADMINISTRATION 1775 Duke Street, Alexandria, VA 22314 DATE: December 2001 LETTER NO.: 01-CU-21 TO: SUBJ: ENCL: All Federally Insured Credit Unions Disaster

More information

Business Continuity Planning Principles and Best Practices Tom Hinkel and Zach Duke

Business Continuity Planning Principles and Best Practices Tom Hinkel and Zach Duke Business Continuity Planning Principles and Best Practices Tom Hinkel and Zach Duke Agenda Key components essential to a FFIEC compliant Business Continuity Plan Recovery Time Objectives & Recovery Point

More information

The Weill Cornell Medical College and Graduate School of Medical Sciences. Responsible Department: Information Technologies and Services (ITS)

The Weill Cornell Medical College and Graduate School of Medical Sciences. Responsible Department: Information Technologies and Services (ITS) Information Technology Disaster Recovery Policy Policy Statement This policy defines acceptable methods for disaster recovery planning, preparedness, management and mitigation of IT systems and services

More information

With the large number of. How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning. Virginia A. Jones, CRM, FAI RIM FUNDAMENTALS

With the large number of. How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning. Virginia A. Jones, CRM, FAI RIM FUNDAMENTALS How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning The world has experienced a great deal of natural and man-made upheaval and destruction in the past few years, including tornadoes,

More information

TECHNICAL ADVISORY BULLETIN

TECHNICAL ADVISORY BULLETIN DOES YOUR BUSINESS CONTINUITY PLAN ADDRESS AN EVENT LIKE EBOLA? The degree of spread of Ebola in the months ahead is uncertain. In the unlikely event of a worst- case scenario, can your organization meet

More information

Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning 4 Business Continuity Planning and Disaster Recovery Planning Basic Concepts 1. Business Continuity Management: Business Continuity means maintaining the uninterrupted availability of all key business

More information

IT Disaster Recovery Plan Template

IT Disaster Recovery Plan Template HOPONE INTERNET CORP IT Disaster Recovery Plan Template Compliments of: Tim Sexton 1/1/2015 An information technology (IT) disaster recovery (DR) plan provides a structured approach for responding to unplanned

More information

Tufts Health Plan Corporate Continuity Strategy

Tufts Health Plan Corporate Continuity Strategy Tufts Health Plan Corporate Continuity Strategy July 2015 OVERVIEW The intent of this document is to provide external customers and auditors with a highlevel overview of the Tufts Health Plan Corporate

More information

Business Continuity Glossary

Business Continuity Glossary Developed In Conjuction with Business Continuity Glossary ACTIVATION: The implementation of business continuity capabilities, procedures, activities, and plans in response to an emergency or disaster declaration;

More information

Disaster Recovery Policy

Disaster Recovery Policy Disaster Recovery Policy INTRODUCTION This policy provides a framework for the ongoing process of planning, developing and implementing disaster recovery management for IT Services at UCD. A disaster is

More information

IF DISASTER STRIKES IS YOUR BUSINESS READY?

IF DISASTER STRIKES IS YOUR BUSINESS READY? 1 IF DISASTER STRIKES IS YOUR BUSINESS READY? DISASTER RECOVERY and BUSINESS CONTINUITY: WHAT YOU NEED TO KNOW Realize the Power of Technology Many business owners put off disaster planning, perhaps thinking

More information

SAMPLE IT CONTINGENCY PLAN FORMAT

SAMPLE IT CONTINGENCY PLAN FORMAT SAMPLE IT CONTINGENCY PLAN FORMAT This sample format provides a template for preparing an information technology (IT) contingency plan. The template is intended to be used as a guide, and the Contingency

More information

BCM and DRP - RFP Template

BCM and DRP - RFP Template BCM and DRP - The Supreme Council of Information & Communication Technology ictqatar PUBLICATION DATE Document Reference This document should be used as an example of the contents of an RFP for business

More information

MANAGEMENT AUDIT REPORT DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION

MANAGEMENT AUDIT REPORT DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION MANAGEMENT AUDIT REPORT OF DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION REPORT NO. 13-101 City of Albuquerque Office of Internal Audit

More information

How to Design and Implement a Successful Disaster Recovery Plan

How to Design and Implement a Successful Disaster Recovery Plan How to Design and Implement a Successful Disaster Recovery Plan Feb. 21 ASA Office-Administrative Section is Sponsored by Today s ASAPro Webinar is Brought to You by the How to Ask a Question Questions

More information

Data Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com Fax: (718) 380-7322

Data Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com Fax: (718) 380-7322 Business Continuity and Disaster Recovery Job Descriptions Table of Contents Business Continuity Services Organization Chart... 2 Director Business Continuity Services Group... 3 Manager of Business Recovery

More information

Business Continuity and Disaster Recovery Planning from an Information Technology Perspective

Business Continuity and Disaster Recovery Planning from an Information Technology Perspective Business Continuity and Disaster Recovery Planning from an Information Technology Perspective Presenter: David Bird, Director of Sales, Business Technology Consultant phone: 215-672-7100 email: dbird@quatro.com

More information

Business Continuity Management Review

Business Continuity Management Review Office of Internal Audit Business Continuity Management Review November 14, 2014 Internal Audit Team Shannon Henry Chief Audit Officer & Executive Director of Institutional Compliance Stacy Sneed Audit

More information

Planning for Disaster Disaster

Planning for Disaster Disaster Planning for Disaster Ramesh Ramani CISM CGEIT Ramesh Ramani CISM CGEIT Paramount-Dubai Agenda Disaster Management-Introduction Examples BCP and IT Continuity Process of Disaster Management-PDCA Disaster

More information

KPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity

KPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity INFORMATION RISK MANAGEMENT KPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity ADVISORY Contents Agenda: Global trends and BCM

More information

Business Continuity Planning Guide

Business Continuity Planning Guide Business Continuity Planning Guide For Small Businesses Prepared by the City of Vaughan Emergency Planning Department 1 Business Continuity Planning Business Continuity Planning (BCP) is a planning process

More information

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four Data Handling in University Business Impact Analysis ( BIA ) Agenda Overview Terminologies Performing

More information

BUSINESS CONTINUITY PLAN

BUSINESS CONTINUITY PLAN How to Develop a BUSINESS CONTINUITY PLAN To print to A4, print at 75%. TABLE OF CONTENTS SUMMARY SUMMARY WHAT IS A BUSINESS CONTINUITY PLAN? CHAPTER PREPARING TO WRITE YOUR BUSINESS CONTINUITY PLAN CHAPTER

More information

TUFTS HEALTH PLAN CORPORATE CONTINUITY STRATEGY FREQUENTLY ASKED QUESTIONS OVERVIEW CORPORATE CONTINUITY PROGRAM.

TUFTS HEALTH PLAN CORPORATE CONTINUITY STRATEGY FREQUENTLY ASKED QUESTIONS OVERVIEW CORPORATE CONTINUITY PROGRAM. TUFTS HEALTH PLAN CORPORATE CONTINUITY STRATEGY FREQUENTLY ASKED QUESTIONS July 2015 OVERVIEW The intent of this document is to provide external customers and auditors with a high-level overview of the

More information

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA 1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

CERTIFIED DISASTER RECOVERY ENGINEER

CERTIFIED DISASTER RECOVERY ENGINEER CERTIFIED DISASTER RECOVERY ENGINEER KEY DATA COURSE OVERVIEW ACCREDITATION Course Title: C)DRE Duration: 4 days CPE Credits: 32 Class Format Options: Instructor-led classroom Live Online Training Computer

More information

Business Continuity Management AIRM Presentation

Business Continuity Management AIRM Presentation 16 January, 2008 Business Continuity Management AIRM Presentation David Hamilton, Senior Consultant http://www.marsh.ie Presentation Overview Terms used for BCP Where BCM fits in a business plan Business

More information

Disaster Recovery Journal Spring World 2014

Disaster Recovery Journal Spring World 2014 Disaster Recovery Journal Spring World 2014 What works: Services and service supply chain business continuity risk management Don Hall, CBCP, Cisco Services Business Continuity Analyst Cisco Systems, Inc.

More information

Certified Disaster Recovery Engineer

Certified Disaster Recovery Engineer Cyber Security Training & Consulting Certified Disaster COURSE OVERVIEW 4 Days 32 CPE Credits $2,500 When a business is hit by a natural disaster, cyber crime or any other disruptive tragedy, how should

More information

NEEDS BASED PLANNING FOR IT DISASTER RECOVERY

NEEDS BASED PLANNING FOR IT DISASTER RECOVERY The Define/Align/Approve Reference Series NEEDS BASED PLANNING FOR IT DISASTER RECOVERY Disaster recovery planning is essential it s also expensive. That s why every step taken and dollar spent must be

More information

Disaster Preparedness & Response

Disaster Preparedness & Response 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 A B C E INTRODUCTION AND PURPOSE REVIEW ELEMENTS ABBREVIATIONS NCUA REFERENCES EXTERNAL REFERENCES Planning - Ensuring

More information

CITY OF RICHMOND CONTINUITY OF OPERATIONS (COOP) DEPARTMENT PLAN TEMPLATE

CITY OF RICHMOND CONTINUITY OF OPERATIONS (COOP) DEPARTMENT PLAN TEMPLATE CITY OF RICHMOND CONTINUITY OF OPERATIONS (COOP) DEPARTMENT PLAN TEMPLATE Version 2 February 2010 This template is derived from the Virginia Department of Emergency Management (VDEM) Local Government COOP

More information

Business Continuity Management Policy

Business Continuity Management Policy Business Continuity Management Policy Business Continuity Policy Version 1.0 1 Version control Version Date Changes Author 0.1 April 13 1 st draft PH 0.2 June 13 Amendments in line with guidance PH 0.3

More information

Some companies never recover from a disaster related loss. A business that cannot operate will lose money, customers, credibility, and good will.

Some companies never recover from a disaster related loss. A business that cannot operate will lose money, customers, credibility, and good will. How Disaster Recovery Planning Can Be Leveraged For Electronic Discovery and Litigation Response Digital Discovery and e-evidence John Connell April 1. 2008 Hurricanes, floods, earthquakes, power outages,

More information

Business Continuity Planning Preparing Your Organization

Business Continuity Planning Preparing Your Organization Business Continuity Planning Preparing Your Organization Nicholas De Laurentis, CRM, IGP nick.delaurentis.gmkj@statefarm.com 1 Objectives Understand the importance of Business Continuity Planning Know

More information