William Rider Manager Disaster Recovery & Data Security The Johns Hopkins Health System & University
|
|
- Leonard Hancock
- 8 years ago
- Views:
Transcription
1 William Rider Manager Disaster Recovery & Data Security The Johns Hopkins Health System & University
2 Competitive Leadership- Twelve Principles For Success Brian Billick Chapter 3 Be Be Prepared The time to repair the roof is when the sun is shining John F. Kennedy Spectacular achievements are always preceded by unspectacular preparation Roger Staubach One of life s most painful moments comes when we must admit that we didn t do our homework, that we are not prepared Merlin Olsen Failure to prepare is preparing to fail John Wooden You must be able to respond to your circumstances as they exist not as you would like them to be Brian Billick
3 The Business Continuity Management Program The frequency of events, both manmade and natural are occurring at an alarmingly frequent rate.. And they are affecting more areas of the organization including I.T. Just as the impact of such events is being more severely felt in the I. T. Department, so it is also negatively affecting the business process of the organization, its mission, goals, and objectives..and possibly the community at large.
4 The interruption of fundamental business processes for any extended period of time could have a debilitating affect on our basic infrastructure.and our way of life E-Commerce Private and Business Online Trading Cash Advances at ATM Machines Personal and Commercial Online Banking Retail Purchases by Credit Cards Just In Time Inventories Communications Inpatient/Outpatient Hospital Registrations Pharmacy Refills Insurance Claims and Explanation of Benefits
5 It s not a Private Sector issue..or a Public Sector issue. The solution lies in the collaboration between Private and Public Sector to resolve these issues and the convergence to a single strategy with a consistent set of tactical solutions. Public Sector First Responders Emergency Medical Technicians Fire & Police Federal, State and Local Government Private Sector Healthcare Financial Manufacturing Retail Transportation
6 ERP DRP CMP BCP Working Definitions ERP Emergency Response Plan: Steps taken to immediately respond to an event, ensure personnel safety, minimize further impact to assets, and make proper notifications. DRP Disaster Recovery Plan: Steps taken to restore specified infrastructure requirements such as Information Systems, business equipment environments, internal and external network connections, and data structures utilizing alternate resources for hardware, software, data, and networks. CMP Crisis Management Plan: Steps taken to manage the event to ensure that order is maintained, proper information is being disseminated by appropriate representatives, action items are effectively escalated, and ongoing internal and external notifications are consistent. BCP Business Contingency Plan: Steps taken to restore alternate business processes in the event that automated processes or business infrastructures are unavailable, employing documented workaround and/or manual procedures and alternate resources.
7 Information Services DRP Disaster Recovery What To Do When The Computer Goes Down Those steps required to ensure recovery of critical systems Business Entities BCP Business Contingency What To Do While The Computer Is Down The steps required to ensure continued operations of critical processes
8 Considerations That Disaster Recovery Planning, Business Contingency Planning, Emergency Response Planning, and Crisis Management Planning are components of a much larger business strategy for a Continuity of Operations. That Business Contingency Planning is not and I.T. function. It is a function of business operations. A concept that must become a part of the corporate culture of an organization. That the attitudes and behaviors of those in the organization must reflect the importance of protecting people, process and assets as paramount to the organization. That a top-down commitment to Disaster Recovery Planning, Business Contingency Planning, Emergency Response Planning, and Crisis Management Planning must be demonstrated through ongoing training and awareness, clear and enforceable policies and standards, and operational efficiencies.
9 DRP DRP Disaster Recovery Plan: Steps taken to restore specified infrastructure requirements such as Information Systems, business equipment environments, internal and external network connections, and data structures utilizing alternate resources for hardware, software, data, and networks. - Hardware - System Software - Data and Data Structures - Applications - Networks - Desktop Services - Production Support
10 I.S. Recovery Time Requirements RECOVERY TIME OBJECTIVE: (RTO) The period of time in which systems, applications, or I.S. functions must be recovered after an outage. RTO's are often used as the basis for the development of recovery strategies, and as a determinant as to whether or not to implement the recovery strategies during a disaster situation. RECOVERY POINT OBJECTIVE: (RPO) The point in time to which systems and data must be restored after an outage. RPO's are often used as the basis for the development of backup strategies, and as a determinant of the amount of data that may need to be recreated after the systems or functions have been recovered.
11 Disaster Recovery Planning Operational Impact Analysis Applications Criticality Analysis Data Backups & Offsite Storage Recovery Teams & Recovery Times Objectives Testing & Maintenance
12 Disaster Recovery Planning Considerations Hardware Platforms Application Services Alternate Resources Network Connectivity Data Synchronization Systems Interoperability
13 DRP Approach Prioritize critical applications with consideration given to recovery time and recovery point objectives, while recognizing the business/operational impacts. Identify key infrastructure components to establish computing environment. Build recovery plans with testing performed at component and system level. Communicate RTOs and RPOs and validate User expectations.
14 I.S. Technology Recovery Four Phased Approach Emergency Management Coordinate Control Fund Approve Documentation Alternate Resources Available Data Response Recovery Resumption Restoration Immediate Actions -Personnel Safety -Damage Mitigation -Notifications Procedures -Hardware -Software -Data -Telecomm Systems Networks Interoperability Validation Refurbish Replace Construct Return
15 Interfaces & Dependencies Data Backup Synchronization 2:00am 3:00am 4:00am 5:00am 6:00am 7:00am 8:00am 9:00am 10:00am11:00am12:00am1:00pm Data Backup Synchronization Point Platform #1 Platform #2 Platform #1 Platform #2 Gateway Srvr #1 Gateway Srvr #2 Interface Engine Interface Engine DB2 DB2 App l Data App l Data Current Backups Proposed Snapshots Snapshot To Tape Physical Rotation To Offsite
16 * $$ 900, , , ,000 Comparison of $$ Impact To Cost To Recover Cost of Impact 500, ,000 Optimum Recovery Point (i.e., Cost vs. Risk) 300, , ,000 Cost of Recovery 50,000 * min 1 hr to 3 hrs to 12 hrs - 24 hrs - 48 hrs - 72 hrs - mins to 1 hr 3 hrs 12 hrs 24 hrs 48 hrs 72 hrs 96 hrs * Numbers Above Are For Demonstration Purpose Only Accurate Impact numbers can be determined from the Business Impact Analysis
17 BCP BCP Business Contingency Plan: Steps taken to restore alternate business processes in the event that automated processes or business infrastructures are unavailable, employing documented workaround and/or manual procedures and alternate resources. - Relocation of Personnel - Availability of remote support services and network connections - Contingency office space
18 Business Recovery Requirements RECOVERY TIME OBJECTIVE: (RTO) When do I.T. systems need to be available to the end users? RECOVERY POINT OBJECTIVE: (RPO) How current does the information have to be when systems and services are made available?
19 Business Contingency Planning Business Contingency Planning Business Impact Analysis Business Function Prioritization Manual Procedures Business Unit Contingency Planning Crisis Management Teams
20 Contingency Planning Considerations Business Cycles Personnel Skill Sets Alternate Personnel Alternate Resources Alternate Communications Human Resources Manual Procedures Alternate Locations Alternate Process Vendors
21 BCP Approach Prioritize Business Functions Identify Key Components Of Each Process Identify Risk Scenarios Loss Of I.T. Services Loss Of Network Connectivity Loss of Facility Loss of Personnel Loss of Supply Chain Loss of Inter/Intra Departmental Support Build Business Contingency Plans Exercise The Plans Validate BCP Test Results with I.T. RTOs and RPOs
22 Business Contingency Planning Crisis Management Emergency Response Evacuation Communication Four Phased Approach Emergency Management Coordinate Communicate Activate Resume Documentation Alternate Resources Available Data Reaction Relocation Resumption Restoration Logistics Location(s) Transportation Personnel Facilities Vendors Hardware/Software Communications Procedures Logistical Support Forms Contact Lists
23 2:00am 3:00am 4:00am 5:00am 6:00am 7:00am 8:00am 9:00am 10:00am 11:00am 12:00am 1:00pm Data Backup Synchronization Point Process #1 Process #2 Interfaces & Dependencies Data Backup Synchronization Process #1 Process #2 Interdependent Processes Interdependent Processes Supply Chain Supply Chain Work In Process Work In Process Input Transactions Input Transactions Current Backups Proposed Snapshots Snapshot To Tape Physical Rotation To Offsite
24 * $$ 900, , , , ,000 Comparison of $$ Impact To Cost To Recover Cost of Impact 400,000 Optimum Recovery Point (i.e., Cost vs. Risk) 300, , ,000 50,000 * min 1 hr to 3 hrs to 12 hrs - 24 hrs - 48 hrs - 72 hrs - Cost of Recovery mins to 1 hr 3 hrs 12 hrs 24 hrs 48 hrs 72 hrs 96 hrs * Numbers Above Are For Demonstration Purpose Only Accurate Impact numbers can be determined from the Business Impact Analysis
25 Window Of Exposure Without BCP 900, , , , , , , , ,000 50, min 1 hr to 3 hrs to 12 hrs - 24 hrs - 48 hrs - 72 hrs - mins to 1 hr 3 hrs 12 hrs 24 hrs 48 hrs 72 hrs 96 hrs Without BCP Cost of Impact Cost of Recovery Numbers Are For Demonstration Purposes Only
26 Window Of Exposure With BCP 900, , , , , , , , ,000 50, min 1 hr to 3 hrs to 12 hrs - 24 hrs - 48 hrs - 72 hrs - mins to 1 hr 3 hrs 12 hrs 24 hrs 48 hrs 72 hrs 96 hrs Cost of Impact With BCP Cost of Recovery Numbers Are For Demonstration Purposes Only
27 900, , , , , , , , ,000 50, min 1 hr to 3 hrs to 12 hrs - 24 hrs - 48 hrs - 72 hrs - mins to 1 hr 3 hrs 12 hrs 24 hrs 48 hrs 72 hrs 96 hrs Cost of Impact Without BCP Cost of Recovery 900, , , , , , , , ,000 50, min 1 hr to 3 hrs to 12 hrs - 24 hrs - 48 hrs - 72 hrs - mins to 1 hr 3 hrs 12 hrs 24 hrs 48 hrs 72 hrs 96 hrs Cost of Impact With BCP Cost of Recovery Numbers Are For Demonstration Purposes Only
28 I.S. Recovery Time Requirements RECOVERY TIME OBJECTIVE: (RTO) The period of time in which systems, applications, or I.S. functions must be recovered after an outage. RTO's are often used as the basis for the development of recovery strategies, and as a determinant as to whether or not to implement the recovery strategies during a disaster situation. RECOVERY POINT OBJECTIVE: (RPO) The point in time to which systems and data must be restored after an outage. RPO's are often used as the basis for the development of backup strategies, and as a determinant of the amount of data that may need to be recreated after the systems or functions have been recovered. Business Recovery Requirements RECOVERY TIME OBJECTIVE: (RTO) When do the I.T. Systems and Services have to be available? RECOVERY POINT OBJECTIVE: (RPO) How current does the information have to be when systems and services are made available?
29 Negotiate The Service Level Agreement Between I.T. And Business Operations Use Both The I.T. And Business RTO & RPO As The Basis Disaster Recovery Plan Test Results Quantify Timelines Business Contingency Plan Exercises Qualify Impact I.T. Capabilities Improve Timelines But At A Cost Business Contingencies Reduce Impact - But Require I.T. Capabilities Criticality Rankings Systems Recovery Sequencing Business Process Prioritization I.T. and Business Process Timelines Negotiated RTO and RPO
30 Results I.T. Better Understands The Customers Issues and Requirements I.T. Obtains A Clearly Documented Set Of Customer Expectations For DRP s - Clarify and Justify Budget Forecasts - Establishes Specific Test Objectives - Ensure Active Customer Involvement In Testing & Recovery Processes Business Units Better Understand The Role Of I.T. In The Contingency Process Business Units Obtain A Set Of Parameters From Which To Develop their BCP s - Workaround Procedures During Downtime - Procedures For Capturing Lost Transactions From Downtime and During Recovery - Restoration Of Normal Environments Everyone in in the the organization works towards a common interest, that that of of ensuring that that the the business processes of of the the organization, its its mission, goals, and and objectives..and possibly the the community at at large.are protected
31 The Business Continuity Management Program When the issues surrounding both I.T. Disaster Recovery Plans and Business Unit Business Contingency Plans come together what is at stake becomes much clearer, and each can understand the others objectives and expectations. Only then can a total Business Continuation Program be effective. And if the organization has an effective Business Continuation Program, not only can it assure that its goals and objectives will be met..but will also become a valued partner in the protection of the larger infrastructure..
32 Questions/Issues to consider: Was the original disaster recovery initiative driven by I.T., business units, or Sr Management? What are Sr. Management s expectations with respect to continuity of service? Has a business impact analysis been done on some or all of the business units? Quantified Impact Quantified Cost of DRP vs. Impact of Risk Acceptable Downtime Criteria (services, workstations, etc.) What discussions have taken place between I.T. and critical business units? State of DRP State of BCP Quantified RTOs and RPOs Systems Development Life Cycles What are the business units expectation with respect to current I.T. RTOs and RTOs? Are they driven by I.T. technologies or business requirements? Are there current SLAs? Service Center Problem/Change Control Network Outage Response Time Are regulatory compliance, industry certification, or audit issues creating more compelling reasons for addressing DRP and BCP?
Seeking Your Contingency Plan: Are You. Panel Members: Johns Hopkins University & Health System
Seeking Your Contingency Plan: Are You HOT, COLD,, or WARM? Panel Members: Bill Rider (Johns Johns Hopkins Hospital & University Hospital and University) Kathy Lee Patterson (Children s Hospital of Philadelphia)
More informationBusiness Continuity Plan
Business Continuity Plan October 2007 Agenda Business continuity plan definition Evolution of the business continuity plan Business continuity plan life cycle FFIEC & Business continuity plan Questions
More informationData Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com Fax: (718) 380-7322
Business Continuity and Disaster Recovery Job Descriptions Table of Contents Business Continuity Services Organization Chart... 2 Director Business Continuity Services Group... 3 Manager of Business Recovery
More informationBusiness Continuity Glossary
Developed In Conjuction with Business Continuity Glossary ACTIVATION: The implementation of business continuity capabilities, procedures, activities, and plans in response to an emergency or disaster declaration;
More informationJoint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four
Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four Data Handling in University Business Impact Analysis ( BIA ) Agenda Overview Terminologies Performing
More informationwww.pwc.com Business Resiliency Business Continuity Management - January 14, 2014
www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 Agenda Key Definitions Risks Business Continuity Management Program BCM Capability Assessment Process BCM Value Proposition
More informationUniversity of Michigan Disaster Recovery / Business Continuity Administrative Information Systems 4/6/2004 1
University of Michigan Disaster Recovery / Business Continuity Administrative Information Systems. 1 Michigan Administrative Information Services (MAIS) MAIS is responsible for the production support of
More informationBusiness Continuity Planning 101. +1 610 768-4120 (800) 634-2016 www.strohlsystems.com info@strohlsystems.com
Business Continuity Planning 101 Presentation Overview What is business continuity planning Plan Development Plan Testing Plan Maintenance Future advancements in BCP Question & Answer What is a Disaster?
More informationState of South Carolina Policy Guidance and Training
State of South Carolina Policy Guidance and Training Policy Workshop All Agencies Business Continuity Management Policy June 2014 Agenda Questions & Follow-Up Policy Workshop Overview & Timeline Policy
More information2014 NABRICO Conference
Business Continuity Planning 2014 NABRICO Conference September 19, 2014 6 CityPlace Drive, Suite 900 St. Louis, Missouri 63141 314.983.1200 1520 S. Fifth Street, Suite 309 St. Charles, Missouri 63303 636.255.3000
More informationCISM Certified Information Security Manager
CISM Certified Information Security Manager Firebrand Custom Designed Courseware Chapter 4 Information Security Incident Management Exam Relevance Ensure that the CISM candidate Establish an effective
More informationWhy Should Companies Take a Closer Look at Business Continuity Planning?
whitepaper Why Should Companies Take a Closer Look at Business Continuity Planning? How Datalink s business continuity and disaster recovery solutions can help organizations lessen the impact of disasters
More informationEvaluating and Improving Your Business Continuity Plan
Evaluating and Improving Your Business Continuity Plan As presented to the Northeast Florida IIA Chapter January 23, 2015 Contact Information Karen Weir, MAC, CISA, CBCP Manager kweir@accretivesolutions.com
More informationTemple university. Auditing a business continuity management BCM. November, 2015
Temple university Auditing a business continuity management BCM November, 2015 Auditing BCM Agenda 1. Introduction 2. Definitions 3. Standards 4. BCM key elements IT Governance class - IT audit program
More informationInformation Privacy and Security Program Title:
Page: 1 of 11 I. PURPOSE: The purpose of this standard is to protect the safety of our workforce members and mitigate potential risk(s) that could materially affect the ability of the facility to remain
More informationDISASTER RECOVERY PLANNING GUIDE
DISASTER RECOVERY PLANNING GUIDE AN INTRODUCTION TO BUSINESS CONTINUITY PLANNING FOR JD EDWARDS SOFTWARE CUSTOMERS www.wts.com WTS Disaster Recovery Planning Guide Page 1 Introduction This guide will provide
More informationDisaster Recovery Plan
Disaster Recovery Plan Date: Revision: 8.0 EXTERNAL BCP PLAN PAGE 1 OF 12 Federal regulation states, and internal corporate policies require, that Penson Financial Services, Inc. (Penson) develop Business
More informationThe Weill Cornell Medical College and Graduate School of Medical Sciences. Responsible Department: Information Technologies and Services (ITS)
Information Technology Disaster Recovery Policy Policy Statement This policy defines acceptable methods for disaster recovery planning, preparedness, management and mitigation of IT systems and services
More informationBusiness Continuity Management
Business Continuity Management cliftonlarsonallen.com Introductions Brian Pye CliftonLarsonAllen Senior Manager Business Risk Services group 15 years of experience with Business Continuity Megan Moore
More informationVirginia Commonwealth University School of Medicine Information Security Standard
Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Business Continuity Management Standard for IT Systems This standard is applicable to all VCU School of Medicine
More informationBusiness Continuity & Recovery Plan Summary
Introduction An organization s ability to survive a significant business interruption is determined by the company s ability to develop, implement, and maintain viable recovery and business continuity
More informationSCADA Business Continuity and Disaster Recovery. Presented By: William Biehl, P.E. 913-601-0104 (mobile) Bill.Biehl@we-inc.com
SCADA Business Continuity and Disaster Recovery Presented By: William Biehl, P.E. 913-601-0104 (mobile) Bill.Biehl@we-inc.com Business Continuity Planning, a Sound Process A Business Continuity Plan: "A
More informationAttachment to Data Center Services Multisourcing Service Integrator Master Services Agreement
Attachment to Data Center Services Multisourcing Service Integrator Master Services Agreement DIR Contract No. DIR-DCS-MSI-MSA-001 Between The State of Texas, acting by and through the Texas Department
More information85-01-55 Overview of Business Continuity Planning Sally Meglathery Payoff
85-01-55 Overview of Business Continuity Planning Sally Meglathery Payoff Because a business continuity plan affects all functional units within the organization, each functional unit must participate
More informationBC / DR Implementation Tying Disaster Recovery Investment to Measurable Business Value
BC / DR Implementation Tying Disaster Investment to Measurable Business Value Continuity Insights Conference May 16-18, 2005 Agenda Purpose Discuss best practice process and tools that might be leveraged
More informationDesktop Scenario Self Assessment Exercise Page 1
Page 1 Neil Jarvis Head of IT Security & IT Risk DHL Page 2 From reputation to data loss - how important is business continuity? Neil Jarvis Head of IT Security (EMEA) DHL Logistics IT Security Taking
More informationGOVERNMENT FINANCE OFFICERS ASSOCIATION OF MISSOURI SPRING 2012 CONFERENCE IT DISASTER PLAN
GOVERNMENT FINANCE OFFICERS ASSOCIATION OF MISSOURI SPRING 2012 CONFERENCE IT DISASTER PLAN 2012 Sikich LLP. All Rights Reserved. Presented by: Scott Wegner Partner, Director Networking Services Sikich
More informationCENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT
CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14
More informationMHA Consulting. Business Continuity Management 101
0 MHA Consulting Business Continuity Management 101 Presented by: Michael Herrera Brandon Magestro MHA Consulting Agenda MHA Consulting Introduction Business Continuity Management (BCM) Defined 2013 Trends
More informationEMERGENCY PREPAREDNESS PLAN Business Continuity Plan
EMERGENCY PREPAREDNESS PLAN Business Continuity Plan GIS Bankers Insurance Group Powered by DISASTER PREPAREDNESS Implementation Small Business Guide to Business Continuity Planning Surviving a Catastrophic
More informationFederal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION
Federal Financial Institutions Examination Council FFIEC Business Continuity Planning MARCH 2003 MARCH 2008 BCP IT EXAMINATION H ANDBOOK TABLE OF CONTENTS INTRODUCTION... 1 BOARD AND SENIOR MANAGEMENT
More informationCITY UNIVERSITY OF HONG KONG Business Continuity Management Standard
PUBLIC Version: 1.0 CITY UNIVERSITY OF HONG KONG Business Continuity Management Standard (Approved by the Information Strategy and Governance Committee in December 2013; revision 1.1 approved by Chief
More informationOverview of how to test a. Business Continuity Plan
Overview of how to test a Business Continuity Plan Prepared by: Thomas Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com BRP/DRP Test Plan Creation and Exercise Page: 1 Table of Contents BCP/DRP Test
More informationNEEDS BASED PLANNING FOR IT DISASTER RECOVERY
The Define/Align/Approve Reference Series NEEDS BASED PLANNING FOR IT DISASTER RECOVERY Disaster recovery planning is essential it s also expensive. That s why every step taken and dollar spent must be
More informationHow To Plan A Crisis Management Program
Building a Security Conscious Business Continuity Management (BCM) Program Sam Stahl, CBCP, MBCI EMC Global Professional Services Program Manager stahl_samuel@emc.com ASIS Singapore, 2014 Agenda Overview
More informationApplication / Hardware - Business Impact Analysis Template. MARC Configuration Requirements. Business Impact Analysis
Application / Hardware - Business Impact Analysis Template The single most important thing we can do is help you understand the criticality of each application, supporting hardware/server/pc and the required
More informationDisaster Recovery Plan
Disaster Recovery Plan Date: February 2, 2009 Revision: 9.0 EXTERNAL BUSINESS CONTINUITY PLAN PAGE 1 of 13 Federal regulation states, and internal corporate policies require, that Penson Financial Services,
More informationBusiness Continuity Planning Principles and Best Practices Tom Hinkel and Zach Duke
Business Continuity Planning Principles and Best Practices Tom Hinkel and Zach Duke Agenda Key components essential to a FFIEC compliant Business Continuity Plan Recovery Time Objectives & Recovery Point
More informationTechnology Recovery Plan Instructions
State of California California Information Security Office Technology Recovery Plan Instructions SIMM 5325-A (Formerly SIMM 65A) September 2013 REVISION HISTORY REVISION DATE OF RELEASE OWNER SUMMARY OF
More informationBusiness Continuity Planning (BCP) & Disaster Recovery Planning (DRP).
Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP). Ed Fortin President Fortin Consulting Paul Godden Consultant & Quotation Author Friday 24 th February 2012 Business Continuity Planning
More informationa Disaster Recovery Plan
Construction of a Disaster Recovery Plan David Godwin, Sr. Sales Engineer March 18, 2014 Objectives Understand What Disaster Recovery is? Why is Disaster Recovery Needed? Effectively assist customers or
More informationDeveloping a Business Continuity Plan... More Than Disaster
Developing a Business Continuity Plan..... More Than Disaster Recovery! April 19, 2010 UHY / MMA Business Survival Series Webinar Focus.... Understanding the components of Business Continuity Planning
More informationBusiness Continuity Planning and Disaster Recovery Planning
Business Continuity Planning and Disaster Recovery Planning Ed Crowley IAM/IEM 1 ISC 2 Key Areas of Knowledge Understand business continuity requirements 1. Develop and document project scope and plan
More informationA Tactical view of Resiliency Strategies What worked and what didn t
Rodney Yip Product and Portfolio Manager, IBM Canada June 2012 A Tactical view of Resiliency Strategies What worked and what didn t Rodney Yip IBM Canada, Product and Portfolio Manager ryip@ca.ibm.com
More informationBusiness Continuity & Recovery Plan Summary
Introduction An organization s ability to survive a significant business interruption is determined by the company s ability to develop, implement, and maintain viable recovery and business continuity
More informationInstitute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY 14304-1745
ECP - 601: Effective Business Continuity Management: ISO 22301 This 3-day course provides an intensive, hands-on workshop covering all major aspects for the design of an effective Business Continuity Plan
More informationBusiness Continuity and Disaster Recovery Planning from an Information Technology Perspective
Business Continuity and Disaster Recovery Planning from an Information Technology Perspective Presenter: David Bird, Director of Sales, Business Technology Consultant phone: 215-672-7100 email: dbird@quatro.com
More informationDisaster Recovery Plan Review Checklist. A High-Level Internal Planning Tool to Assist State Agencies with Their Disaster Recovery Plans
Disaster Recovery Plan Review Checklist A High-Level Internal Planning Tool to Assist State Agencies with Their Disaster Recovery Plans November 2008 DISASTER RECOVERY PLAN REVIEW CHECKLIST - FOR INTERNAL
More informationIF DISASTER STRIKES IS YOUR BUSINESS READY?
1 IF DISASTER STRIKES IS YOUR BUSINESS READY? DISASTER RECOVERY and BUSINESS CONTINUITY: WHAT YOU NEED TO KNOW Realize the Power of Technology Many business owners put off disaster planning, perhaps thinking
More informationDisaster Recovery Planning
Disaster Recovery Planning NOW or NEVER Disaster Recovery Team Aura Advanced Technologies Aura Advanced Technologies Inc 1301-1121 Sixth Avenue SW Calgary, Alberta T2P 5J4 Phone: 403-269-6123 Fax: 403-269-6169
More informationBusiness Continuity Planning for Risk Reduction
Business Continuity Planning for Risk Reduction Ion PLUMB ionplumb@yahoo.com Andreea ZAMFIR zamfir_andreea_ileana@yahoo.com Delia TUDOR tudordelia@yahoo.com Faculty of Management Academy of Economic Studies
More informationFederal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK
Federal Financial Institutions Examination Council FFIEC Business Continuity Planning BCP FEBRUARY 2015 IT EXAMINATION H ANDBOOK Table of Contents Introduction 1 Board and Senior Management Responsibilities
More informationDISASTER RECOVERY AND CONTINGENCY PLANNING CHECKLIST FOR ICT SYSTEMS
Appendix L DISASTER RECOVERY AND CONTINGENCY PLANNING CHECKLIST FOR ICT SYSTEMS I. GETTING READY A. Obtain written commitment from top management of support for contingency planning objectives. B. Assemble
More informationBusiness Continuity Planning and Disaster Recovery Planning. Ed Crowley IAM/IEM
Business Continuity Planning and Disaster Recovery Planning Ed Crowley IAM/IEM 1 Goals Compare and contrast aspects of business continuity Execute disaster recovery plans and procedures 2 Topics Business
More informationBusiness Continuity and Disaster Recovery Planning
Business Continuity and Disaster Recovery Planning Jennifer Brandt, CISA A p r i l 16, 2015 HISTORY OF STINNETT & ASSOCIATES Stinnett & Associates (Stinnett) is a professional advisory firm offering services
More informationMARQUIS DISASTER RECOVERY PLAN (DRP)
MARQUIS DISASTER RECOVERY PLAN (DRP) Disaster Recovery is an ongoing process to plan, develop, test and implement changes, processes and procedures supporting the recovery of the critical functions in
More informationDisaster Recovery Plan Documentation for Agencies Instructions
California Office of Information Security Disaster Recovery Plan Documentation for Agencies Instructions () November 2009 SCOPE AND PURPOSE The requirements included in this document are applicable to
More informationBusiness Continuity. Port environment
Business Continuity Port environment DEFINE BUSINESS CONTINUITY WHAT IT IS NOT RECOVERY FOCUS: PEOPLE PROCESSES TECHNOLOGY DELIVERABLES INFRAGARD DEFINITION MANAGEMENT PROCESS DEVELOPING ADVANCE PROCEDURES
More informationFederal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning MARCH 2003 IT EXAMINATION H ANDBOOK
Federal Financial Institutions Examination Council FFIEC Business Continuity Planning MARCH 2003 BCP IT EXAMINATION H ANDBOOK TABLE OF CONTENTS INTRODUCTION... 1 BOARD AND SENIOR MANAGEMENT RESPONSIBILITIES...
More informationShankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.
Business Continuity Management & Disaster Recovery Planning Presented by: Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD. 1 What is Business Continuity Management? Is a holistic management
More informationTips and techniques a typical audit programme
Auditing Business Continuity Planning Tips and techniques a typical audit programme Karen Wills, Senior Internal Auditor St James s Place Wealth Management February 2014 Contents Background Roles and Responsibilities
More informationThe Difference Between Disaster Recovery and Business Continuance
The Difference Between Disaster Recovery and Business Continuance In high school geometry we learned that a square is a rectangle, but a rectangle is not a square. The same analogy applies to business
More informationAssessment of natural hazards, man made hazards, technical and societal related risks and associated impact.
Aon Business Continuity Planning The Aon Business Continuity Planning practice provides consulting services that allow Aon clients to measure and manage their strategic and tactical risks through Crisis
More informationAssessing Your Disaster. Andrews Hooper Pavlik PLC. Andrews Hooper Pavlik PLC
Assessing Your Disaster Recovery Plans Gregory H. Soule, CPA, CISA, CISSP, CFE Andrews Hooper Pavlik PLC Andrews Hooper Pavlik PLC Agenda Business Continuity Concepts Impact Analysis Risk Assessment Risk
More informationCompany Management System. Business Continuity in SIA
Company Management System Business Continuity in SIA Document code: Classification: Company Project/Service Year Document No. Version Public INDEX 1. INTRODUCTION... 3 2. SIA S BUSINESS CONTINUITY MANAGEMENT
More informationBusiness Continuity Planning. Presentation and. Direction
Business Continuity Planning Presentation and Direction Thomas Bronack, president Data Center Assistance Group, Inc. 15180 20 th Avenue Whitestone, NY 11357 Phone: (718) 591-5553 Email: bronackt@dcag.com
More informationBuilding and Maintaining a Business Continuity Program
Building and Maintaining a Business Continuity Program Successful strategies for financial institutions for effective preparation and recovery Table of Contents Introduction...3 This white paper was written
More informationBusiness Unit CONTINGENCY PLAN
Contingency Plan Template Business Unit CONTINGENCY PLAN Version 1.0 (Date submitted) Submitted By: Business Unit Date Version 1.0 Page 1 1 Plan Review and Updates... 3 2 Introduction... 3 2.1 Purpose...
More informationNew Clerk Academy. August 13, 2015
New Clerk Academy August 13, 2015 Disaster Recovery OVERVIEW Presentation Agenda Introduction and Definitions DR Motivators and Drivers Recovery Challenges Scope of Disasters Components of Recovery Plans
More informationOhio Supercomputer Center
Ohio Supercomputer Center IT Business Continuity Planning No: Effective: OSC-13 06/02/2009 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original
More informationOhio Conference for Payroll Professionals Disaster Recovery
Ohio Conference for Payroll Professionals Disaster Recovery Speaker Bruce E. Phipps CPP 2011 APA Payroll Man of the Year Principal Product Manager US Legislative Analyst ORACLE Corporation bruce.phipps@oracle.com
More informationWhat is Business Continuity Planning (BCP) / Disaster Recovery Plan(DRP)?
Workshop on System Audit of Banks BCP Workshop on System Audit of Banks What is Business Continuity Planning (BCP) / Disaster Recovery Plan(DRP)? - Preparedness of an organisation to ensure continuity,
More informationSCOPE; ENFORCEMENT; AUTHORITY; EXCEPTIONS
Title: DRAFT USG Continuity of Operation Plan Policy Policy Number: 2009-Julian Date Topical Security Area: Document Type: Standard Pages: Words: Lines: 5 1,387 182 Issue Date: May-09 Effective Date: Immediately
More informationDisaster Recovery Plan Overview for Customers. Sage ERP Online
Disaster Recovery Plan Overview for Customers Sage ERP Online Table of Contents 1.0 Executive Summary... 3 1.1 The Plan... 3 1.2 Determining Factors... 4 2.0 Disaster Recovery Strategy... 5 2.1 Summary
More informationPAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA
1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand
More informationCreating a Business Continuity Plan for your Health Center
Creating a Business Continuity Plan for your Health Center 1 Page Left Intentionally Blank 2 About This Manual This tool is the result of collaboration between the Primary Care Development Corporation
More informationBuilding a Disaster Recovery Program By: Stieven Weidner, Senior Manager
Building a Disaster Recovery Program By: Stieven Weidner, Senior Manager Part two of a two-part series. If you read my first article in this series, Building a Business Continuity Program, you know that
More informationSAMPLE IT CONTINGENCY PLAN FORMAT
SAMPLE IT CONTINGENCY PLAN FORMAT This sample format provides a template for preparing an information technology (IT) contingency plan. The template is intended to be used as a guide, and the Contingency
More informationBUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS
BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS DIRECTORATE OF BANKING SUPERVISION AUGUST 2009 TABLE OF CONTENTS PAGE 1.0 INTRODUCTION..3 1.1 Background...3 1.2 Citation...3
More informationDisaster Recovery Planning. By Janet Coggins
Comp 5940 Project Disaster Recovery Planning By Janet Coggins Janet H. Coggins Page 1 11/21/2004 Table of Contents List of each Section....Page 2 Section 1 Executive Summary Overview of the scope of the
More informationThe University of Iowa. Enterprise Information Technology Disaster Plan. Version 3.1
Version 3.1 November 22, 2004 TABLE OF CONTENTS PART 1: DISASTER RECOVERY EXPECTATIONS... 3 OVERVIEW...3 EXPECTATIONS PRIOR TO AN INCIDENT OCCURRENCE...3 EXPECTATIONS PRIOR TO A DISASTER OCCURRENCE...4
More informationE x E c u t i v E B r i E f IT Innovation. Business Value. 4 Stages of IT Disaster Recovery Planning Are You Resilient?
IT Innovation. Business Value. 4 Stages of IT Disaster Recovery Planning Are You Resilient? As the enterprise IT landscape becomes more complex, customers more demanding, and computing devices more abundant
More informationWhy you need a new approach to Disaster Recovery
Why you need a new approach to Disaster Recovery Summary Disaster Recovery as a Service (DRaaS) not only ensures business critical applications and data are available rapidly in the event of a partial
More informationDisaster Recovery 101. Sudarshan Ranganath & Matthew Phillips Ellucian
Disaster Recovery 101 Sudarshan Ranganath & Matthew Phillips Ellucian SESSION OBJECTIVES Business continuity is critical to every institution and its IT organization. How do you set up your ERP and other
More informationWestern Intergovernmental Audit Forum
Western Intergovernmental Audit Forum Business Continuity & Disaster Recovery Planning September 12, 2013 Presented by: City of Phoenix City Auditor Department Aaron Cook, Sr Internal Auditor IT Audit
More informationEMERGENCY MANAGEMENT BUSINESS CONTINUITY PLANNING TEMPLATE
EMERGENCY MANAGEMENT BUSINESS CONTINUITY PLANNING TEMPLATE A. BUSINESS CONTINUITY PLAN (BCP) To be better prepared, UHCL personnel and its programs may use this form to complete a Business Continuity Plan
More informationPreparing for the Worst: Disaster Recovery and Business Continuity Planning for Investment Firms An Eze Castle Integration ebook
Preparing for the Worst: Disaster Recovery and Business Continuity Planning for Investment Firms An Eze Castle Integration ebook Table of Contents 1. Introduction to Business Continuity Planning and Disaster
More informationASX CLEAR (FUTURES) OPERATING RULES Guidance Note 10
BUSINESS CONTINUITY AND DISASTER RECOVERY The purpose of this Guidance Note The main points it covers To assist participants to understand the disaster recovery and business continuity arrangements they
More informationDisaster Recovery. Stanley Lopez Premier Field Engineer Premier Field Engineering Southeast Asia Customer Services and Support
Disaster Recovery Stanley Lopez Premier Field Engineer Premier Field Engineering Southeast Asia Customer Services and Support Categories of Risk Financial Operational Reputational Market share Revenue
More informationWhite Paper: Backup vs. Business Continuity. Backup vs. Business Continuity: Using RTO to Better Plan for Your Business
Backup vs. Business Continuity: Using RTO to Better Plan for Your Business Executive Summary SMBs in general don t have the same IT budgets and staffs as larger enterprises. Yet just like larger organizations
More informationTechnical Considerations in a Windows Server Environment
Technical Considerations in a Windows Server Environment INTRODUCTION Cloud computing has changed the economics of disaster recovery and business continuity options. Accordingly, it is time many organizations
More informationGuidelines for Maintaining Business Continuity for Your Organization
Guidelines for Maintaining Business Continuity for Your Organization Protect your business from disruptions and keep your workforce productive. Every organization faces the possibility of disruptions.
More informationQ uick Guide to Disaster Recovery Planning An ITtoolkit.com White Paper
This quick reference guide provides an introductory overview of the key principles and issues involved in IT related disaster recovery planning, including needs evaluation, goals, objectives and related
More informationHow to write a DISASTER RECOVERY PLAN. To print to A4, print at 75%.
How to write a DISASTER RECOVERY PLAN To print to A4, print at 75%. TABLE OF CONTENTS SUMMARY SUMMARY WHAT IS A DRP AND HOW CAN IT HELP MY COMPANY? CHAPTER PREPARING TO WRITE YOUR DISASTER RECOVERY PLAN
More informationTufts Health Plan Corporate Continuity Strategy
Tufts Health Plan Corporate Continuity Strategy July 2015 OVERVIEW The intent of this document is to provide external customers and auditors with a highlevel overview of the Tufts Health Plan Corporate
More informationIT Service Management
IT Service Management Service Continuity Methods (Disaster Recovery Planning) White Paper Prepared by: Rick Leopoldi May 25, 2002 Copyright 2001. All rights reserved. Duplication of this document or extraction
More informationPlanning for Disaster Disaster
Planning for Disaster Ramesh Ramani CISM CGEIT Ramesh Ramani CISM CGEIT Paramount-Dubai Agenda Disaster Management-Introduction Examples BCP and IT Continuity Process of Disaster Management-PDCA Disaster
More informationDISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES
APPENDIX 1 DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES March 2008 Auditor General s Office Jeffrey Griffiths, C.A., C.F.E. Auditor General City of Toronto TABLE OF CONTENTS EXECUTIVE SUMMARY...1
More informationAgenda and Materials Dec 11, 2012. ITS Executive Steering Committee (ITESC)
Agenda and Materials Dec 11, 2012 ITS Executive Steering Committee (ITESC) 1 2 Agenda Academic Technology Committee Update C. Scheidenhelm, B. Montes Sakai Migration Plans C. Scheidenhelm, B. Montes Disaster
More informationRunning head: COMPONENTS OF A DISASTER RECOVERY PLAN 1
Running head: COMPONENTS OF A DISASTER RECOVERY PLAN 1 Components of a Disaster Recovery Plan DeVry Institute of Technology 2 Components of a Disaster Recovery Plan Disasters do strike without warning.
More information