Business Continuity Planning and Disaster Recovery Planning

Size: px
Start display at page:

Download "Business Continuity Planning and Disaster Recovery Planning"

Transcription

1 Business Continuity Planning and Disaster Recovery Planning Ed Crowley IAM/IEM 1

2 ISC 2 Key Areas of Knowledge Understand business continuity requirements 1. Develop and document project scope and plan Conduct business impact analysis 1. Identify and prioritize critical business functions 2. Determine maximum tolerable downtime and other criteria 3. Assess exposure to outages (e.g. local, regional, global) 4. Define recovery objectives 2

3 ISC 2 Key Areas of Knowledge Develop a recovery strategy 1. Implement a backup storage strategy (e.g. offsite storage, electronic vaulting, tape rotation) 2. Recovery site strategies Understand disaster recovery process 1. Response 2. Personnel 3. Communications 4. Assessment 5. Restoration 3

4 ISC 2 Key Areas of Knowledge Provide training Test, update, assess and maintain the plan (e.g., version control, distribution) 4

5 Topics Business Continuity Planning Prime BCP elements Business Impact Assessment (BIA) Three types of backup services Disaster Recovery DR plan process Five types of DR plan tests 5

6 Goals Minimize loss Online services Retain value Maintain Regulatory Compliance Utility companies Government Orgs (FISMA) Finance (SOX..) Healthcare (HIPAA) 6

7 BCP/DR Assures viability of organizational digital assets through emergencies and disasters. BCP focuses on viability through routine emergencies. DR focuses on disaster recovery 7

8 BCP/DR Goals Business continuity Focus on business process At least yearly testing Disaster Recovery Heavy IT focus Allows implementation of business continuity plan Requires Planning and Testing 8

9 Scope BCP process: Scope specification and plan initiation Business Impact Assessment (BIA) Business continuity plan development DRP includes: Processes Procedures Testing 9

10 Contingency Plans Defined A plan for emergency response, backup operations, and post-disaster recovery maintained by an entity as a part of its security program that will ensure the availability of critical resources and facilitate the continuity of operations in an emergency situation National Computer Security Center, survey >35% of companies have no plans 10

11 Business Continuity Planning Prevents interruptions to normal business activity Protects critical business processes from man made and natural disasters Strategy Minimize disturbances effects Business processes resumption Disruptive Event Any intentional or unintentional security violation that suspends normal operation. 11

12 BCP Addresses Staff Electronic Infrastructure LANs/WAN & related Telecommunications/data links Workstations/workspaces Applications software Data Media and records storage 12

13 Sample Disruptive Events Natural Fire Flood Earthquakes Power Outages Man-made Bombings Strikes Communication infrastructure failure 13

14 Four BCP Elements 1. Scope and Plan Initiation 2. Business Impact Assessment (BIA) 3. Business Continuity Plan Development 4. Plan Approval and Implementation 14

15 Scope and Plan Initiation Scope Creation Detailed account of work required Resource listing Defined management practices 15

16 Roles and Responsibility Senior Management Ultimate responsibility Executive Management Initiates project, gives ongoing support and final approval BCP Committee Creates, implements, and tests plan. Senior Business Unit Management Identifies and prioritizes critical systems Functional Business Units Participate in implementation and testing 16

17 IT Department Role Make sure that adequate backup restore processes are available Employ sufficient physical security mechanisms to protect systems Ensure that the organization uses sufficient logical measures for protecting data Ensure departments implement adequate system admin including up to date inventories 17

18 FCPA 1977 Foreign Corrupt Practices Act imposes civil and criminal penalties if publicly held organizations fail to maintain adequate controls over their information systems. 18

19 Due Diligence If a disruptive event causes losses that adherence to base industry standard of due care could have prevented, through this concept stockholders may hold senior managers, as well as the board of directors, personally responsible. Due Diligence Means that the company can demonstrate that it has taken all reasonable steps in protecting its employees. 19

20 Due Care that level of diligence which a prudent and competent person would exercise under a given set of circumstances. 20

21 Comparison Due Care Minimum and customary practice of responsible protection of assets that reflects a community or societal norm. Due Diligence Prudent management Execution of due care. 21

22 Vulnerability Assessment Produces Loss impact analysis Financial Operational Critical support areas listing Areas required for business continuity 22

23 Business Impact Assessment Documents a disruptive event s impact. Used to create awareness Impacts may be financial or operational. Note that this is a subset of a vulnerability assessment. 23

24 BIA Primary Goals Prioritize Criticality. Critical business unit processes identified and prioritized. Disruptive event s impact evaluated. Estimate Maximum Tolerable Downtime (MTD) Down time that business can tolerate and still remain viable. Articulate Resource Requirements 24

25 BIA Process Steps 1. Gather needed assessment materials 2. Perform vulnerability assessment 3. Analyze compiled information 4. Document results and present recommendations 25

26 Gathering Assessment Materials Identify which business units are critical to a continuing acceptable level of operations. 26

27 Vulnerability Assessment Similar to Risk Assessment in that there is: An objective Quantitative (financial) section. A subjective Qualitative (operational) section. Differs from RA in that it is smaller. Focuses on providing information solely for BCP/DR. 27

28 Vulnerability Assessment Identify distuption impacts and Maximum Tolerable downtime (MTD) Quantitative or Qualitative Loss projections 28

29 Quantitative Loss Criteria Financial losses: Revenue loss, capital expenditure, personal liability. Resolution of contract agreements violation Resolution of regulatory or compliance requirements violation Additional operational expenses incurred due to the disruptive event 29

30 Qualitative Loss Criteria Loss of: Competitive advantage or market share Public confidence or credibility or incurring public embarrassment. A critical support area is defined as a business unit or function that must be present to sustain continuity or business processes, maintain life safety, or avoid public relations embarrassment. 30

31 Critical Support Areas Telecommunications, data communications or information technology Physical infrastructure or plant facilities, transportation services. Accounting, payroll, transaction processing, customer service, purchasing. 31

32 Analysis Phase Analysis phase includes: Documenting required processes Identifying interdependencies Determining what an acceptable interruption period would be. 32

33 BCP Development Two steps 1. Define continuity strategy 2. Document continuity strategy 33

34 IT Department Identifies company's dependencies Internal and external information. Should ensure that an organization employs: An adequate data backup and restore process Sufficient physical security mechanisms to preserve vital network and hardware components. Sufficient logical security methodologies Implements adequate system administration including up to date hware, sware, and media inventories 34

35 Defining Continuity Strategy Includes elements such as: Computing Facilities People Supplies and equipment 35

36 BCP Approval and Implementation Senior management approval Enterprise wide plan awareness Plan maintenance (updates) 36

37 Disaster Recovery Planning Comprehensive action plan dealing with disruptive events. Primary objectives Implement critical processes at an alternative site. Return to the primary site and normal processing Within time frame that minimizes organizational loss. 37

38 DRP Goals Organized decision methodology for use during a disruptive event. Reduce confusion Minimize decision making during a disaster Can include Protection from major computer services failure Minimize risk from delays in providing services Through testing and simulation, guarantee standby systems reliability 38

39 Disaster Recovery Planning Process Development and creation of the recovery plans (similar to the BCP process). Two steps Data Processing Continuity Planning Data Recovery Plan Maintenance 39

40 Data Processing Continuity Planning Most common alternate processing types Mutual aid agreements aka reciprocal agreement Subscription services Multiple centers Service bureaus Other data center backup alternatives 40

41 Mutual Aid Agreements A mutual aid agreement (sometimes called a reciprocal agreement) is an arrangement with another company that may have similar computing needs. As opposed to a hot or warm site, reciprocal arrangements severely limit the responsiveness and support available to the organization during an event. Can be used only for short term outage support. 41

42 Subscription Services Third party commercial service that provides alternative backup and processing facilities. Three basic forms Hot site Warm site Cold site 42

43 Hot Site A fully configured computer facility with: Electrical power Heating ventilation and air conditioning Functioning file/print servers Workstations. Optimal Most expensive 43

44 Warm Site Readily available computer facility with electrical power, HVAC, and computers. Applications may not be installed or configured. Compared to a hot site: Cheaper More flexible Lower administrative overhead 44

45 Cold Site Site ready for equipment to be brought in. No computer hardware. A room with electrical power and HVAC. Computers must be brought on site Communications links may not be ready. 45

46 Multiple Centers Processing spread across several centers. Managed by same org or with another org (RA) Advantage: Cost Disadvantage: Multiple sites may be damaged 46

47 Service Bureaus In rare cases, an organization may contract with a service bureau for all alternate backup processing services. 47

48 Other Data Center Backup Alternatives Rolling/mobile backup sites In-house or external supply of hardware replacements Prefabricated buildings. 48

49 Transaction Redundancy Implementations Electric vaulting Offsite transfer of backup data via comm. lines Remote journaling Parallel processing of transactions to an alternate site via comm. lines Database shadowing Live processing of remote journaling Creates more redundancy by duplicating database sets to multiple severs. 49

50 Disaster Recovery Plan Maintenance For many different reasons, all recovery plans quickly become obsolete. 50

51 Disaster Recovery Plan Testing A tape backup system cannot be considered working until restoration tests have been conducted Testing: Verifies the recovery procedures accuracy and identifies deficiencies Prepares and trains personnel to execute their emergency duties Verifies the alternate backup site processing capability 51

52 Test Document Document outlining test scenario must contain: Reasons for the test Test objectives Type of test to be conducted. The test s purpose is to find weaknesses in the plan. 52

53 Five Disaster Recovery Plan Test Types Checklist Individual departments review. Structured walk-through Business unit reps meet to walk through the plan Simulation Goes to the point of relocating to alternate backup site or enacting recovery procedures 53

54 Five Disaster Recovery Plan Test Types Parallel Full test of the recovery plan. Full-interruption (live-disaster-test) A disaster is replicated to the point of ceasing normal operations. 54

55 Backup Types Full Backsup everything Incremental Only modified files, achive bit cleared. Fast Differential Only modified files, doesn t clear archive bit. Faster than Full while requiring fewer components than Incremental 55

56 Elements of Disaster Recovery Recovery team Salvage team Normal operations resumption plan Other recovery issues 56

57 Recovery Team When a disaster is declared a clearly defined recovery team has the mandate to implement the recovery procedures. 57

58 Salvage Team A salvage team, separate from the recovery team, returns the primary site to normal processing environmental conditions. Has the mandate to quickly and safely: Clean Repair Salvage After the immediate disaster has ended, determine primary processing infrastructure s viability. 58

59 Normal Operations Resume The steps to resume normal processing operations will be different than the steps in the recovery plan; that is, the least critical work should be brought back first to the primary site. 59

60 Other Recovery Issues Interfacing with external groups Employee relations Fraud and crime Financial disbursement Media relations 60

61 External Groups Often, the organization may be well equipped to cope with a disaster in relation to its own employees, but overlooks its relationship with external parties such as: Police Fire EMS Utility Press 61

62 When is the Disaster Over? When all operations have returned to their normal location and function. 62

63 Other Recovery Issues How does the organization manage its relationship with its employees and their families? In major physical disasters, fraud and crime along with vandalism and looting are common. Procedures for storing signed, authorized checks off site must be considered in order to facilitate financial reimbursement. How does the plan address dealing with the media and with civic officials. 63

64 Questions? 64

Business Continuity Planning and Disaster Recovery Planning. Ed Crowley IAM/IEM

Business Continuity Planning and Disaster Recovery Planning. Ed Crowley IAM/IEM Business Continuity Planning and Disaster Recovery Planning Ed Crowley IAM/IEM 1 Goals Compare and contrast aspects of business continuity Execute disaster recovery plans and procedures 2 Topics Business

More information

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain 1. What is the most common planned performance duration for a continuity of operations plan (COOP)? A. 30 days B. 60 days C. 90 days D. It depends on the severity of a disaster. 2. What is the business

More information

Domain 3 Business Continuity and Disaster Recovery Planning

Domain 3 Business Continuity and Disaster Recovery Planning Domain 3 Business Continuity and Disaster Recovery Planning Steps (ISC) 2 steps [Har10] Project initiation Business Impact Analysis (BIA) Recovery strategy Plan design and development Implementation Testing

More information

Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP).

Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP). Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP). Ed Fortin President Fortin Consulting Paul Godden Consultant & Quotation Author Friday 24 th February 2012 Business Continuity Planning

More information

CISSP Common Body of Knowledge: Business Continuity & Disaster Recovery Planning Domain Version: 5.9.2

CISSP Common Body of Knowledge: Business Continuity & Disaster Recovery Planning Domain Version: 5.9.2 CISSP Common Body of Knowledge: Business Continuity & Disaster Recovery Planning Domain Version: 5.9.2 CISSP Common Body of Knowledge Review by Alfred Ouyang is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike

More information

Disaster Recovery Planning. Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT)

Disaster Recovery Planning. Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT) Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT) When disaster strikes and the business continuity plan fails to prevent interruption of business

More information

DISASTER RECOVERY AND CONTINGENCY PLANNING CHECKLIST FOR ICT SYSTEMS

DISASTER RECOVERY AND CONTINGENCY PLANNING CHECKLIST FOR ICT SYSTEMS Appendix L DISASTER RECOVERY AND CONTINGENCY PLANNING CHECKLIST FOR ICT SYSTEMS I. GETTING READY A. Obtain written commitment from top management of support for contingency planning objectives. B. Assemble

More information

Assessing Your Disaster. Andrews Hooper Pavlik PLC. Andrews Hooper Pavlik PLC

Assessing Your Disaster. Andrews Hooper Pavlik PLC. Andrews Hooper Pavlik PLC Assessing Your Disaster Recovery Plans Gregory H. Soule, CPA, CISA, CISSP, CFE Andrews Hooper Pavlik PLC Andrews Hooper Pavlik PLC Agenda Business Continuity Concepts Impact Analysis Risk Assessment Risk

More information

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 13 Business Continuity

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 13 Business Continuity Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 13 Business Continuity Objectives Define environmental controls Describe the components of redundancy planning List disaster recovery

More information

Disaster Recovery Plan (DRP) / Business Continuity Plan (BCP)

Disaster Recovery Plan (DRP) / Business Continuity Plan (BCP) Preface Computer systems are the core tool of today s business and are vital to every business from the smallest to giant organizations. Money transactions, customer service are just simple examples. Despite

More information

Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning 4 Business Continuity Planning and Disaster Recovery Planning Basic Concepts 1. Business Continuity Management: Business Continuity means maintaining the uninterrupted availability of all key business

More information

BCP and DR. P K Patel AGM, MoF

BCP and DR. P K Patel AGM, MoF BCP and DR P K Patel AGM, MoF Key difference between BS 25999 and ISO 22301 ISO 22301 puts a much greater emphasis on setting the objectives, monitoring performance and metrics aligning BC to top management

More information

DISASTER RECOVERY PLANNING GUIDE

DISASTER RECOVERY PLANNING GUIDE DISASTER RECOVERY PLANNING GUIDE AN INTRODUCTION TO BUSINESS CONTINUITY PLANNING FOR JD EDWARDS SOFTWARE CUSTOMERS www.wts.com WTS Disaster Recovery Planning Guide Page 1 Introduction This guide will provide

More information

Temple university. Auditing a business continuity management BCM. November, 2015

Temple university. Auditing a business continuity management BCM. November, 2015 Temple university Auditing a business continuity management BCM November, 2015 Auditing BCM Agenda 1. Introduction 2. Definitions 3. Standards 4. BCM key elements IT Governance class - IT audit program

More information

Business Continuity Plan

Business Continuity Plan Business Continuity Plan October 2007 Agenda Business continuity plan definition Evolution of the business continuity plan Business continuity plan life cycle FFIEC & Business continuity plan Questions

More information

Business Continuity Glossary

Business Continuity Glossary Developed In Conjuction with Business Continuity Glossary ACTIVATION: The implementation of business continuity capabilities, procedures, activities, and plans in response to an emergency or disaster declaration;

More information

Disaster Recovery Planning Process

Disaster Recovery Planning Process Disaster Recovery Planning Process By Geoffrey H. Wold Part I of III This is the first of a three-part series that describes the planning process related to disaster recovery. Based on the various considerations

More information

Business Continuity and Disaster Recovery Planning

Business Continuity and Disaster Recovery Planning Business Continuity and Disaster Recovery Planning Jennifer Brandt, CISA A p r i l 16, 2015 HISTORY OF STINNETT & ASSOCIATES Stinnett & Associates (Stinnett) is a professional advisory firm offering services

More information

Business Continuity Planning 101. +1 610 768-4120 (800) 634-2016 www.strohlsystems.com info@strohlsystems.com

Business Continuity Planning 101. +1 610 768-4120 (800) 634-2016 www.strohlsystems.com info@strohlsystems.com Business Continuity Planning 101 Presentation Overview What is business continuity planning Plan Development Plan Testing Plan Maintenance Future advancements in BCP Question & Answer What is a Disaster?

More information

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan EMERGENCY PREPAREDNESS PLAN Business Continuity Plan GIS Bankers Insurance Group Powered by DISASTER PREPAREDNESS Implementation Small Business Guide to Business Continuity Planning Surviving a Catastrophic

More information

Business Continuity Planning Principles and Best Practices Tom Hinkel and Zach Duke

Business Continuity Planning Principles and Best Practices Tom Hinkel and Zach Duke Business Continuity Planning Principles and Best Practices Tom Hinkel and Zach Duke Agenda Key components essential to a FFIEC compliant Business Continuity Plan Recovery Time Objectives & Recovery Point

More information

INSIDE. Preventing Data Loss. > Disaster Recovery Types and Categories. > Disaster Recovery Site Types. > Disaster Recovery Procedure Lists

INSIDE. Preventing Data Loss. > Disaster Recovery Types and Categories. > Disaster Recovery Site Types. > Disaster Recovery Procedure Lists Preventing Data Loss INSIDE > Disaster Recovery Types and Categories > Disaster Recovery Site Types > Disaster Recovery Procedure Lists > Business Continuity Plan 1 Preventing Data Loss White Paper Overview

More information

Department of Information Technology Data Center Disaster Recovery Audit Report Final Report. September 2006

Department of Information Technology Data Center Disaster Recovery Audit Report Final Report. September 2006 Department of Information Technology Data Center Disaster Recovery Audit Report Final Report September 2006 promoting efficient & effective local government Executive Summary Our audit found that a comprehensive

More information

Disaster Recovery. 1.1 Introduction. 1.2 Reasons for Disaster Recovery. EKAM Solutions Ltd Disaster Recovery

Disaster Recovery. 1.1 Introduction. 1.2 Reasons for Disaster Recovery. EKAM Solutions Ltd Disaster Recovery Disaster Recovery 1.1 Introduction Every day, there is the chance that some sort of business interruption, crisis, disaster, or emergency will occur. Anything that prevents access to key processes and

More information

Application / Hardware - Business Impact Analysis Template. MARC Configuration Requirements. Business Impact Analysis

Application / Hardware - Business Impact Analysis Template. MARC Configuration Requirements. Business Impact Analysis Application / Hardware - Business Impact Analysis Template The single most important thing we can do is help you understand the criticality of each application, supporting hardware/server/pc and the required

More information

Data Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com Fax: (718) 380-7322

Data Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com Fax: (718) 380-7322 Business Continuity and Disaster Recovery Job Descriptions Table of Contents Business Continuity Services Organization Chart... 2 Director Business Continuity Services Group... 3 Manager of Business Recovery

More information

D2-02_01 Disaster Recovery in the modern EPU

D2-02_01 Disaster Recovery in the modern EPU CONSEIL INTERNATIONAL DES GRANDS RESEAUX ELECTRIQUES INTERNATIONAL COUNCIL ON LARGE ELECTRIC SYSTEMS http:d2cigre.org STUDY COMMITTEE D2 INFORMATION SYSTEMS AND TELECOMMUNICATION 2015 Colloquium October

More information

EXECUTIVE SUMMARY 1.1 PROJECT OBJECTIVES

EXECUTIVE SUMMARY 1.1 PROJECT OBJECTIVES 1 1.1 PROJECT OBJECTIVES The main objective of the project is to develop a comprehensive IT Business Continuity/Disaster Recovery Plan for the Rochester-Genesee Regional Transportation Authority (RGRTA)

More information

Protecting your Enterprise

Protecting your Enterprise Understanding Disaster Recovery in California Protecting your Enterprise Session Overview Why do we Prepare What is? How do I analyze (measure) it? What to do with it? How do I communicate it? What does

More information

Disaster Recovery Planning. By Janet Coggins

Disaster Recovery Planning. By Janet Coggins Comp 5940 Project Disaster Recovery Planning By Janet Coggins Janet H. Coggins Page 1 11/21/2004 Table of Contents List of each Section....Page 2 Section 1 Executive Summary Overview of the scope of the

More information

Ohio Supercomputer Center

Ohio Supercomputer Center Ohio Supercomputer Center IT Business Continuity Planning No: Effective: OSC-13 06/02/2009 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original

More information

Disaster Avoidance: A Key to Business Continuity

Disaster Avoidance: A Key to Business Continuity Disaster Avoidance: A Key to Business Continuity Keeping the Doors of Business Open Disaster Avoidance: A Key to Business Continuity Natural Disasters Disaster Avoidance: A Key to Business Continuity Unnatural

More information

Business Unit CONTINGENCY PLAN

Business Unit CONTINGENCY PLAN Contingency Plan Template Business Unit CONTINGENCY PLAN Version 1.0 (Date submitted) Submitted By: Business Unit Date Version 1.0 Page 1 1 Plan Review and Updates... 3 2 Introduction... 3 2.1 Purpose...

More information

Business Continuity and the Cloud. Aaron Shaver US Signal, Solution Architect

Business Continuity and the Cloud. Aaron Shaver US Signal, Solution Architect Business Continuity and the Cloud Aaron Shaver US Signal, Solution Architect Overview What is BC/DR? Why should businesses have a strategy? Why do many business choose not to? How does the cloud change

More information

An Overview of Disaster Recovery Planning Under HIPPA Security Rules

An Overview of Disaster Recovery Planning Under HIPPA Security Rules Disaster Recovery Planning Under HIPAA An Overview 1 White Paper Published October 2003 - Doug Thompson - MITG, Inc. - Quincy, IL An Overview of Disaster Recovery Planning Under HIPPA Security Rules Overview

More information

DRAFT Disaster Recovery Policy Template

DRAFT Disaster Recovery Policy Template DRAFT Disaster Recovery Policy Template NOTE: This is a boiler plate template much information is needed from to finalizeconsider this document pre-draft FOREWARD... 3 Policy Overview...

More information

MANAGEMENT AUDIT REPORT DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION

MANAGEMENT AUDIT REPORT DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION MANAGEMENT AUDIT REPORT OF DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION REPORT NO. 13-101 City of Albuquerque Office of Internal Audit

More information

How to write a DISASTER RECOVERY PLAN. To print to A4, print at 75%.

How to write a DISASTER RECOVERY PLAN. To print to A4, print at 75%. How to write a DISASTER RECOVERY PLAN To print to A4, print at 75%. TABLE OF CONTENTS SUMMARY SUMMARY WHAT IS A DRP AND HOW CAN IT HELP MY COMPANY? CHAPTER PREPARING TO WRITE YOUR DISASTER RECOVERY PLAN

More information

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three Information Security- Perspective for Management Business Impact Analysis ( BIA ) and Business

More information

Disaster Preparedness & Response

Disaster Preparedness & Response 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 A B C E INTRODUCTION AND PURPOSE REVIEW ELEMENTS ABBREVIATIONS NCUA REFERENCES EXTERNAL REFERENCES Planning - Ensuring

More information

IT Disaster Recovery Plan Template

IT Disaster Recovery Plan Template HOPONE INTERNET CORP IT Disaster Recovery Plan Template Compliments of: Tim Sexton 1/1/2015 An information technology (IT) disaster recovery (DR) plan provides a structured approach for responding to unplanned

More information

CISM Certified Information Security Manager

CISM Certified Information Security Manager CISM Certified Information Security Manager Firebrand Custom Designed Courseware Chapter 4 Information Security Incident Management Exam Relevance Ensure that the CISM candidate Establish an effective

More information

William Rider Manager Disaster Recovery & Data Security The Johns Hopkins Health System & University

William Rider Manager Disaster Recovery & Data Security The Johns Hopkins Health System & University William Rider Manager Disaster Recovery & Data Security The Johns Hopkins Health System & University Competitive Leadership- Twelve Principles For Success Brian Billick Chapter 3 Be Be Prepared The time

More information

NEEDS BASED PLANNING FOR IT DISASTER RECOVERY

NEEDS BASED PLANNING FOR IT DISASTER RECOVERY The Define/Align/Approve Reference Series NEEDS BASED PLANNING FOR IT DISASTER RECOVERY Disaster recovery planning is essential it s also expensive. That s why every step taken and dollar spent must be

More information

85-01-55 Overview of Business Continuity Planning Sally Meglathery Payoff

85-01-55 Overview of Business Continuity Planning Sally Meglathery Payoff 85-01-55 Overview of Business Continuity Planning Sally Meglathery Payoff Because a business continuity plan affects all functional units within the organization, each functional unit must participate

More information

Disaster Recovery & Business Continuity Related, but NOT the Same! Teri Stokes, Ph.D., Director GXP International

Disaster Recovery & Business Continuity Related, but NOT the Same! Teri Stokes, Ph.D., Director GXP International Disaster Recovery & Business Continuity Related, but NOT the Same! Teri Stokes, Ph.D., Director GXP International BCP Definitions Business Continuity Plan: An ongoing process supported by senior management

More information

IT Service Management

IT Service Management IT Service Management Service Continuity Methods (Disaster Recovery Planning) White Paper Prepared by: Rick Leopoldi May 25, 2002 Copyright 2001. All rights reserved. Duplication of this document or extraction

More information

The Essential Guide for Protecting Your Legal Practice From IT Downtime

The Essential Guide for Protecting Your Legal Practice From IT Downtime The Essential Guide for Protecting Your Legal Practice From IT Downtime www.axcient.com Introduction: Technology in the Legal Practice In the professional services industry, the key deliverable of a project

More information

Creating a Business Continuity Plan for your Health Center

Creating a Business Continuity Plan for your Health Center Creating a Business Continuity Plan for your Health Center 1 Page Left Intentionally Blank 2 About This Manual This tool is the result of collaboration between the Primary Care Development Corporation

More information

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four Data Handling in University Business Impact Analysis ( BIA ) Agenda Overview Terminologies Performing

More information

IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP IT Disaster Recovery Plan Template By Paul Kirvan, CISA, CISSP, FBCI, CBCP Revision History REVISION DATE NAME DESCRIPTION Original 1.0 2 Table of Contents Information Technology Statement

More information

IT Disaster Recovery and Business Resumption Planning Standards

IT Disaster Recovery and Business Resumption Planning Standards Information Technology Disaster Recovery and Business IT Disaster Recovery and Business Adopted by the Information Services Board (ISB) on May 28, 1992 Policy No: Also see: 500-P1, 502-G1 Supersedes No:

More information

Top 10 Reasons for Using Disk-based Online Server Backup and Recovery

Top 10 Reasons for Using Disk-based Online Server Backup and Recovery ADVISORY Top 10 Reasons for Using Disk-based Online Server Backup and Recovery INTRODUCTION Backup of vital company information is critical to a company s survival, no matter what size the company. Recent

More information

IF DISASTER STRIKES IS YOUR BUSINESS READY?

IF DISASTER STRIKES IS YOUR BUSINESS READY? 1 IF DISASTER STRIKES IS YOUR BUSINESS READY? DISASTER RECOVERY and BUSINESS CONTINUITY: WHAT YOU NEED TO KNOW Realize the Power of Technology Many business owners put off disaster planning, perhaps thinking

More information

Business Continuity Planning. Donna Curran, Director Audit and Risk Management February, 2014

Business Continuity Planning. Donna Curran, Director Audit and Risk Management February, 2014 Business Continuity Planning Donna Curran, Director Audit and Risk Management February, 2014 Agenda Business Continuity Defined The Importance of a Plan Determining the Costs Business Impact Analysis MTO,

More information

OKHAHLAMBA LOCAL MUNICIPALITY

OKHAHLAMBA LOCAL MUNICIPALITY OKHAHLAMBA LOCAL MUNICIPALITY I.T DISASTER RECOVERY PLAN 2012/2013 TABLE OF CONTENTS 1. INTRODUCTION 1 1.1 PURPOSE 2 1.2 OBJECTIVES 2 1.3 SCOPE 2 1.4 DISASTER RECOVERY STRATEGY 2 1.5 DISASTER DEFINITION

More information

Unit Guide to Business Continuity/Resumption Planning

Unit Guide to Business Continuity/Resumption Planning Unit Guide to Business Continuity/Resumption Planning (February 2009) Revised June 2011 Executive Summary... 3 Purpose and Scope for a Unit Business Continuity Plan(BCP)... 3 Resumption Planning... 4 Assumptions

More information

Q uick Guide to Disaster Recovery Planning An ITtoolkit.com White Paper

Q uick Guide to Disaster Recovery Planning An ITtoolkit.com White Paper This quick reference guide provides an introductory overview of the key principles and issues involved in IT related disaster recovery planning, including needs evaluation, goals, objectives and related

More information

Beyond Disaster Recovery: Why Your Backup Plan Won t Work

Beyond Disaster Recovery: Why Your Backup Plan Won t Work Beyond Disaster Recovery: Why Your Backup Plan Won t Work Contents Introduction... 3 The Data Backup Model - Upgraded for 2015... 4 Why Disaster Recovery Isn t Enough... 5 Business Consequences with DR-Only

More information

Vital Records. Mary Hilliard, CRM

Vital Records. Mary Hilliard, CRM Vital Records Mary Hilliard, CRM Background Vital records of an organization must be identified so they can be protected Protection of vital records is a joint effort of records management and disaster

More information

PAPER-6 PART-4 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-4 OF 5 CA A.RAFEQ, FCA 1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-4 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS DIRECTORATE OF BANKING SUPERVISION AUGUST 2009 TABLE OF CONTENTS PAGE 1.0 INTRODUCTION..3 1.1 Background...3 1.2 Citation...3

More information

Department of Budget & Management. State of Maryland Information Technology (IT) Disaster Recovery Guidelines Version 4.0

Department of Budget & Management. State of Maryland Information Technology (IT) Disaster Recovery Guidelines Version 4.0 Department of Budget & Management State of Maryland Information Technology (IT) Disaster Recovery Guidelines Version 4.0 July 2006 TABLE OF CONTENTS 1.0 INTRODUCTION...1 1.1 Purpose...1 1.2 Scope...1 1.3

More information

Overview of how to test a. Business Continuity Plan

Overview of how to test a. Business Continuity Plan Overview of how to test a Business Continuity Plan Prepared by: Thomas Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com BRP/DRP Test Plan Creation and Exercise Page: 1 Table of Contents BCP/DRP Test

More information

Midsize Enterprise Summit Business Continuity Questions

Midsize Enterprise Summit Business Continuity Questions Select Q&A, D. Scott, F. DeSalvo Research Note 6 February 2003 Midsize Enterprise Summit Business Continuity Questions Current events have created a new awareness of the importance of business continuity

More information

The Difference Between Disaster Recovery and Business Continuance

The Difference Between Disaster Recovery and Business Continuance The Difference Between Disaster Recovery and Business Continuance In high school geometry we learned that a square is a rectangle, but a rectangle is not a square. The same analogy applies to business

More information

10 Hidden IT Risks That Threaten Your Practice

10 Hidden IT Risks That Threaten Your Practice (Plus 1 Fast Way to Find Them) Your practice depends on intelligence. But can you count on your technology? You may not be in the intelligence technology business, but it s probably impossible to imagine

More information

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

Disaster Recovery Planning for Homesteaders 2004 Paul Edwards & Associates

Disaster Recovery Planning for Homesteaders 2004 Paul Edwards & Associates Disaster Recovery Planning for Homesteaders 2004 Paul Edwards & Associates Introduction The term homesteading comes from the days of the pioneers that setled in the midwest and western United States. That

More information

White Paper. 1 800 FASTFILE / www.ironmountain.ca Page 1

White Paper. 1 800 FASTFILE / www.ironmountain.ca Page 1 White Paper LIVEVAULT Top 10 Reasons for Using Online Server Backup and Recovery Introduction Backup of vital company information is critical to a company s survival, no matter what size the company. Recent

More information

Company Management System. Business Continuity in SIA

Company Management System. Business Continuity in SIA Company Management System Business Continuity in SIA Document code: Classification: Company Project/Service Year Document No. Version Public INDEX 1. INTRODUCTION... 3 2. SIA S BUSINESS CONTINUITY MANAGEMENT

More information

Four Steps to Disaster Recovery and Business Continuity using iscsi

Four Steps to Disaster Recovery and Business Continuity using iscsi White Paper Four Steps to Disaster Recovery and Business Continuity using iscsi It s a fact of business life physical, natural, and digital disasters do occur, and they interrupt operations and impact

More information

Disaster Recovery Plan

Disaster Recovery Plan Disaster Recovery Plan Date: Revision: 8.0 EXTERNAL BCP PLAN PAGE 1 OF 12 Federal regulation states, and internal corporate policies require, that Penson Financial Services, Inc. (Penson) develop Business

More information

Technology Recovery Plan Instructions

Technology Recovery Plan Instructions State of California California Information Security Office Technology Recovery Plan Instructions SIMM 5325-A (Formerly SIMM 65A) September 2013 REVISION HISTORY REVISION DATE OF RELEASE OWNER SUMMARY OF

More information

Desktop Scenario Self Assessment Exercise Page 1

Desktop Scenario Self Assessment Exercise Page 1 Page 1 Neil Jarvis Head of IT Security & IT Risk DHL Page 2 From reputation to data loss - how important is business continuity? Neil Jarvis Head of IT Security (EMEA) DHL Logistics IT Security Taking

More information

Building and Maintaining a Business Continuity Program

Building and Maintaining a Business Continuity Program Building and Maintaining a Business Continuity Program Successful strategies for financial institutions for effective preparation and recovery Table of Contents Introduction...3 This white paper was written

More information

Business Continuity and Disaster Planning

Business Continuity and Disaster Planning WHITE PAPER Business Continuity and Disaster Planning A guide to preparing for the unexpected Robert Drewniak Director, Strategic & Advisory Services Disasters are not always the result of high winds and

More information

AUSTRACLEAR REGULATIONS Guidance Note 10

AUSTRACLEAR REGULATIONS Guidance Note 10 BUSINESS CONTINUITY AND DISASTER RECOVERY The purpose of this Guidance Note The main points it covers To assist participants to understand the disaster recovery and business continuity arrangements they

More information

Our Colorado region is offering a FREE Disaster Recovery Review promotional through June 30, 2009!

Our Colorado region is offering a FREE Disaster Recovery Review promotional through June 30, 2009! Disaster Recovery Review FREE Promotional Offer Our Colorado region is offering a FREE Disaster Recovery Review promotional through June 30, 2009! This review is designed to help the small business better

More information

Offsite Disaster Recovery Plan

Offsite Disaster Recovery Plan 1 Offsite Disaster Recovery Plan Offsite Disaster Recovery Plan Presented By: Natan Verkhovsky President Disty Portal Inc. 2 Offsite Disaster Recovery Plan Introduction This document is a comprehensive

More information

Assessment of natural hazards, man made hazards, technical and societal related risks and associated impact.

Assessment of natural hazards, man made hazards, technical and societal related risks and associated impact. Aon Business Continuity Planning The Aon Business Continuity Planning practice provides consulting services that allow Aon clients to measure and manage their strategic and tactical risks through Crisis

More information

Information Security Management: Business Continuity Planning. Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt.

Information Security Management: Business Continuity Planning. Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt. Information Security Management: Business Continuity Planning Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt. Overview BCP: Definition BCP: Need for (Why?) BCP: When BCP: Who

More information

This is the third and final presentation on HIPAA Security Administrative Safeguards. This presentation focuses on the last 2 standards under the

This is the third and final presentation on HIPAA Security Administrative Safeguards. This presentation focuses on the last 2 standards under the This is the third and final presentation on HIPAA Security Administrative Safeguards. This presentation focuses on the last 2 standards under the HIPAA Security rule: Contingency planning and evaluation.

More information

Business Continuity Planning for Risk Reduction

Business Continuity Planning for Risk Reduction Business Continuity Planning for Risk Reduction Ion PLUMB ionplumb@yahoo.com Andreea ZAMFIR zamfir_andreea_ileana@yahoo.com Delia TUDOR tudordelia@yahoo.com Faculty of Management Academy of Economic Studies

More information

Business Continuity (Policy & Procedure)

Business Continuity (Policy & Procedure) Business Continuity (Policy & Procedure) Publication Scheme Y/N Can be published on Force Website Department of Origin Force Operations Policy Holder Ch Supt Head of Force Ops Author Business Continuity

More information

The Weill Cornell Medical College and Graduate School of Medical Sciences. Responsible Department: Information Technologies and Services (ITS)

The Weill Cornell Medical College and Graduate School of Medical Sciences. Responsible Department: Information Technologies and Services (ITS) Information Technology Disaster Recovery Policy Policy Statement This policy defines acceptable methods for disaster recovery planning, preparedness, management and mitigation of IT systems and services

More information

PPSADOPTED: OCT. 2012 BACKGROUND POLICY STATEMENT PHYSICAL FACILITIES. PROFESSIONAL PRACTICE STATEMENT Developing a Business Continuity Plan

PPSADOPTED: OCT. 2012 BACKGROUND POLICY STATEMENT PHYSICAL FACILITIES. PROFESSIONAL PRACTICE STATEMENT Developing a Business Continuity Plan PROFESSIONAL PRACTICE STATEMENT Developing a Business Continuity Plan OCT. 2012 PPSADOPTED: What is a professional practice statement? Professional Practice developed by the Association Forum of Chicagoland

More information

Virtual Infrastructure Security

Virtual Infrastructure Security Virtual Infrastructure Security 2 The virtual server is a perfect alternative to using multiple physical servers: several virtual servers are hosted on one physical server and each of them functions both

More information

Data Center Refresh: Build or Buy?

Data Center Refresh: Build or Buy? Data Center Refresh: Build or Buy? In-house data centers vs. colocation, managed services and cloud computing: 5 questions to consider Presented by Cosentry, the trusted Midwest provider of Managed and

More information

Business Continuity Planning for Schools, Departments & Support Units

Business Continuity Planning for Schools, Departments & Support Units Business Continuity Planning for Schools, Departments & Support Units 1 What is Business Continuity Planning? Examples Planning for an adverse, major or catastrophic event that would cause a disruption

More information

WHY CLOUD BACKUP: TOP 10 REASONS

WHY CLOUD BACKUP: TOP 10 REASONS WHITE PAPER DATA PROTECTION WHY CLOUD BACKUP: TOP 10 REASONS Contents REASON #1: Achieve disaster recovery with secure offsite cloud backup REASON #2: Freedom from manual and complex tape backup tasks

More information

Identify and Protect Your Vital Records

Identify and Protect Your Vital Records Identify and Protect Your Vital Records INTRODUCTION The Federal Emergency Management Agency s Federal Preparedness Circular 65 states The protection and ready availability of electronic and hardcopy documents,

More information

Disaster Recovery. Hendry Taylor Tayori Limited

Disaster Recovery. Hendry Taylor Tayori Limited Disaster Recovery Hendry Taylor Tayori Limited Agenda What is Business Continuity planning (BCP) What is Disaster Recovery (DR) and Disaster Recovery Planning (DRP) Overview Lifecycle Analysis Plan design

More information

Business Continuity Planning. Presentation and. Direction

Business Continuity Planning. Presentation and. Direction Business Continuity Planning Presentation and Direction Thomas Bronack, president Data Center Assistance Group, Inc. 15180 20 th Avenue Whitestone, NY 11357 Phone: (718) 591-5553 Email: bronackt@dcag.com

More information

July 30, 2009. Internal Audit Report 2009-08 Information Technology Business Continuity Plan Information Technology Department

July 30, 2009. Internal Audit Report 2009-08 Information Technology Business Continuity Plan Information Technology Department Internal Audit Report 2009-08 Introduction. The Municipality depends heavily on technology and automated information systems, and their disruption for even a few days could have a severe impact on critical

More information

Course: Information Security Management in e-governance. Day 2. Session 5: Disaster Recovery Planning

Course: Information Security Management in e-governance. Day 2. Session 5: Disaster Recovery Planning Course: Information Security Management in e-governance Day 2 Session 5: Disaster Recovery Planning Agenda Introduction to Disaster Recovery Planning (DRP) Need for disaster recovery planning Approach

More information

Business Continuity Planning

Business Continuity Planning Business Continuity Planning We believe all organisations recognise the importance of having a Business Continuity Plan, however we understand that it can be difficult to know where to start. That s why

More information

www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014

www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 Agenda Key Definitions Risks Business Continuity Management Program BCM Capability Assessment Process BCM Value Proposition

More information

Disaster Recovery Plan Documentation for Agencies Instructions

Disaster Recovery Plan Documentation for Agencies Instructions California Office of Information Security Disaster Recovery Plan Documentation for Agencies Instructions () November 2009 SCOPE AND PURPOSE The requirements included in this document are applicable to

More information

ASX CLEAR (FUTURES) OPERATING RULES Guidance Note 10

ASX CLEAR (FUTURES) OPERATING RULES Guidance Note 10 BUSINESS CONTINUITY AND DISASTER RECOVERY The purpose of this Guidance Note The main points it covers To assist participants to understand the disaster recovery and business continuity arrangements they

More information