Business Continuity Management and The Extended Enterprise

Similar documents
THE CXO S GUIDE TO MANAGING EXPANSION... WHILE CONTROLLING COSTS & COMPLIANCE CONSIDERATIONS

courtesy of F5 NETWORKS New Technologies For Disaster Recovery/Business Continuity overview f5 networks P

Why Should Companies Take a Closer Look at Business Continuity Planning?

Business Resiliency Business Continuity Management - January 14, 2014

How to Design and Implement a Successful Disaster Recovery Plan

How To Protect Your Network From Attack From A Network Security Threat

BT Conferencing Business Continuity Management. Planning to stay in business

Business Continuity and Disaster Recovery Planning from an Information Technology Perspective

Overview. Emergency Response. Crisis Management

Managing business risk

Disaster Recovery & Business Continuity Dell IT Executive Learning Series

This white paper describes the three reasons why backup is a strategic element of your IT plan and why it is critical to your business that you plan

BUSINESS CONTINUITY PLAN OVERVIEW

Protecting Your Business

Enterprise Risk Management taking on new dimensions

[Insert Company Logo]

DISASTER RECOVERY PLANNING GUIDE

Business Continuity Overview

Interactive-Network Disaster Recovery

Payment Card Industry Data Security Standard

Success or Failure? Your Keys to Business Continuity Planning. An Ingenuity Whitepaper

Beyond Connecting the Call: Empowering Corporate Strategy With Hosted IP-Based Contact Routing

NHS 24 - Business Continuity Strategy

Creating the Resilient Corporation

BCP and DR. P K Patel AGM, MoF

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

White Paper FASTFILE / Page 1

Spyders Managed Security Services

Interagency Statement on Pandemic Planning

Information Security Management: Business Continuity Planning. Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt.

KPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity

Solution Brief. Secure and Assured Networking for Financial Services

How To Manage A Financial Institution

RSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief

Top 10 Reasons for Using Disk-based Online Server Backup and Recovery

Business Continuity and Disaster Recovery Planning

2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level. Tracy L. Hall, MBCP

Top 7 Best Practices for IT Service Continuity

Creating a Business Continuity Plan for your Health Center

WHY CLOUD BACKUP: TOP 10 REASONS

THORNBURG INVESTMENT MANAGEMENT THORNBURG INVESTMENT TRUST. Business Continuity Plan

How Proactive Business Continuity Can Protect and Grow Your Business. A CenturyLink White Paper

Unit Guide to Business Continuity/Resumption Planning

The Difference Between Disaster Recovery and Business Continuance

Planning and Implementing Disaster Recovery for DICOM Medical Images

Table of Contents... 1

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain

Business Continuity Management Software

Network Enabled Cloud

Business Continuity and the Cloud. Aaron Shaver US Signal, Solution Architect

DISASTER RECOVERY AND CONTINGENCY PLANNING CHECKLIST FOR ICT SYSTEMS

Why cloud backup? Top 10 reasons

Preparing for the Worst: Disaster Recovery and Business Continuity Planning for Investment Firms An Eze Castle Integration ebook

Emergency Response and Business Continuity Management Policy

Protecting your Enterprise

Prepared by Rod Davis, ABCP, MCSA November, 2011

INFORMATION TECHNOLOGY SECURITY STANDARDS

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

Managed Security Services for Data

Continuity of Business

BACKUP IS DEAD: Introducing the Data Protection Lifecycle, a new paradigm for data protection and recovery WHITE PAPER

Five keys to a more secure data environment

The case for cloud-based disaster recovery

TRENDS IN BUSINESS CONTINUITY AND CRISIS COMMUNICATIONS SURVEY

Temple university. Auditing a business continuity management BCM. November, 2015

Recovery Site Evaluation: Finding Viable Alternatives

Disaster Recovery Hosting Provider Selection Criteria

BUSINESS CONTINUITY PLANNING GUIDELINES

Risk mitigation for business resilience White paper. A comprehensive, best-practices approach to business resilience and risk mitigation.

North American Electric Reliability Corporation (NERC) Cyber Security Standard

VitalPBX. Hosted Voice That Works. For You

Business Continuity Policy

Injazat s Managed Services Portfolio

Business Continuity protection for SIP trunking service

Disaster Recovery. Hendry Taylor Tayori Limited

Blackboard Managed Hosting SM Disaster Recovery Planning Document

Toronto Public Library Disaster Recovery recommended safeguards and controls

Cisco Advanced Services for Network Security

Telecom Business Continuity Solutions FOR INTERNAL USE ONLY

Testimony of. Edward L. Yingling. On Behalf of the AMERICAN BANKERS ASSOCIATION. Before the. Subcommittee on Oversight and Investigations.

Business Continuity and Disaster Planning

Whitepaper: 7 Steps to Developing a Cloud Security Plan

a Disaster Recovery Plan

NCUA LETTER TO CREDIT UNIONS

VoIP Deployment Options

ACI ON DEMAND DELIVERS PEACE OF MIND

FlyntGroup.com. Enterprise Risk Management and Business Impact Analysis: Understanding, Treating and Monitoring Risk

Transcription:

WHITE PAPER Business Continuity Business Continuity Management and The Extended Enterprise Continuous Availability in a Real-Time Economy Business Continuity is receiving a great deal of attention in the aftermath of recent events, including the London Bombings, the devastating hurricanes of 2005, as well as numerous software failures and cyber-attacks. Business Continuity Management (BCM) and Continuity of Operations (COOP) is a multi-dimensional practice requiring a balance of investment against risk to the enterprise. Verizon Business s experience managing a large global network infrastructure through some of the most disruptive events of the past few years has provided it with a number of proven BCM and incident management capabilities. This paper discusses the major themes within Business Continuity Management, namely the shift from event driven IT-focused disaster recovery to a more broad-based integrated risk management approach that deals with emerging issues like the extended enterprise and workforce continuity. The discussion begins with a review of the potential threats to continuity of operations and the requirements of recent regulatory actions. By Jonathan Nguyen-Duy Continuous Availability The real-time, widely distributed enterprise has become a standard global business model. Driven by market forces for greater efficiency, productivity, and profitability; enterprise businesses are leveraging new processes and technologies to compete in a highly dynamic global market place. Real-time transactions and integrated supply chains, linking the buyer and seller, mean businesses are vulnerable to even the shortest interruptions. For many enterprises, an hour of down time can cost millions of dollars in lost revenue, productivity, and market capitalization. Historically, businesses focused on IT recovery creating a plan to recover from an unforeseen event, such as a power outage, hurricane, earthquake or fire. Traditional approaches featured redundant data centers, telecommunications capabilities, and IT resources. Disaster recovery plans often involved an off-site facility where a set of the minimum business critical systems were available to receive a copy of the latest back-up tapes. The systems would be reloaded and brought online, typically within 24 to 48 hours and sometimes as long as 72 hours, depending on the complexity and criticality of the environment. In today s business environment, the need for real-time access to data and applications makes this model no longer tenable. Businesses simply cannot afford to stop for a few minutes, let alone a couple of days while critical systems are brought back online. While maintaining data and communications resilience is an important component of any business continuity plan, enterprises must also consider how to protect the most critical component of their business the workforce. Workforce continuity has emerged as an important BCM consideration as enterprise perimeters expand to support new partnerships, global customers and mobile or remote workers. BCM initiatives need to consider continuity of operations for an extended enterprise through events such as pandemic influenza, infrastructure disruptions and a wide array of other events that may prevent employees from reaching their primary work sites. For some businesses, administrative recovery can be just as critical as IT recovery. 1 of 6

This factor drives requirements to go beyond redundant facilities and resources to address the need for continuous interactive communications and secure remote access. Key Components of Successful BCM Programs BCM initiatives typically focus on the continuous assessment of business needs, acceptable levels of risk and responding with a set of processes and infrastructure designed to optimize operational availability. Effective BCM initiatives must enable the continuation of all critical business processes through a wide range of events from power outages to pandemic influenza. Therefore, successful business continuity programs are multifaceted, drawing from a broad range of alternatives, and striking a balance between the risks and expense that are appropriate for each enterprise. BCM is more process than product and one size does not fit all. However, successful business continuity management solutions usually incorporate generally accepted best practices and include the following key components: Executive sponsorship Senior leadership must champion BC Multi-disciplined team BC cannot be done by IT alone Risk Assessment Understand the potential exposure and tolerance for uncertainty Business Impact Assessment Quantified analysis of all critical processes and systems Recovery Time Objective the maximum amount of time within which a function must be restored in order to avoid unacceptable damage Recovery Point Objective the maximum amount of acceptable data loss after an incident as measured in time Network and Security Assessments for critical applications and processes Strategy Development Recovery strategies based on the corresponding recovery objectives Automated plan development and implementation Investment in planning tools; regular plan review, test and refresh; update plans at least once per year Compliance: Setting the Agenda Business Continuity Can No Longer Be Ignored One needs to look no further than the headlines in today s business publications to know that compliance is setting the agenda for many executive management teams in boardrooms around the world. More and more often business continuity is being linked to regulatory compliance. A number of industry regulations and guidelines now include requirements related to business continuity, such as disaster recovery plans, data backup/retention and secondary sites for IT operations. Enterprises are increasingly being asked to provide details about their BCM programs in order to maintain existing business or to compete for new contracts. Enterprises understand that they re only as resilient as their supply chain and now set high BCP standards for partners, vendors and other stakeholders. Below are just of few of the compliance/regulatory items frequently identified on a CEO s agenda: Sarbanes-Oxley Gramm-Leach- Bliley (GLB) Industries Affected All public companies traded on U.S. stock exchanges Financial Services Primary Focus Corporate governance Information retention and security HIPAA Healthcare Standardization of healthcare transactions and privacy of patient records Business Continuity Implications Long-term data storage/archiving Data Replication long-term storage/archiving Requires disaster recovery plan, crisis operations plan, and data backup FISMA U.S. Government Information security Requires government to be open and operational through a crisis Basel II Accord Financial/Banking Created by the Basel Committee on Banking Supervision, Sound Practices for Management and Supervision, 2003 FERC RM01-12- 00 (Appendix G) Energy/Utility Regulation focused on larger metro utilities. Rural Utility Services are exempt. Table 1. Sampling of Industry Regulations Affecting Business Continuity Requires business continuity plan and loss limitations Requires disaster recovery plan 2 of 6

Hazards To frame the discussion of business continuity planning, it is useful to begin with an assessment of the types of events that can disrupt business. One can then begin to assess the impact and formulate a strategy for mitigating the effects of each potential threat. Hazards come in many forms but can be broken down into three basic categories: Facilities Infrastructure, Workforce Continuity, and IT Infrastructure. Facilities Infrastructure Hazards Natural Hazards (floods, blizzards, hurricanes, forest fires, earthquakes, etc.) Human caused (chemical spills, train derailments, terrorist attack, civil unrest, power outages, fuel disruptions, etc.) Geographic (transport infrastructure, amenities, staffing resources) Events that affect the facilities, whether of natural origin or man-made, have been the focus of the disaster recovery discussions. The hazards that typically impact an entire facility are large in scale and often come with little warning. Within the context of Business Continuity Planning, interruptions of this magnitude may be the central driver of the solution, but they should not be the sole focus of planning. Workforce Continuity Hazards Flu pandemic Employee loss (work stoppage, death, layoff, resignation, or illness) Events that affect the personnel of a business, rather than its infrastructure, are a relatively recent BCM issue. However, when one examines the information flows within an enterprise, the people and their ability to access data and applications are clearly a critical element. Personnel-related disruptions can be broad, as in the case of a significant pandemic flu outbreak or weather-related event. However, even the loss of a single key employee can be devastating, if the person in question is the only one who possesses critical knowledge or skills. Effective Business Continuity Planning must also address somewhat unpleasant topics, such as, how would an enterprise sustain operations if a significant percentage of employees were unable to perform their duties for several days, weeks, months or permanently. Can the business rapidly implement staggered work shifts or remote working strategies? The first step to ensuring workforce continuity is to assess which skills are needed to sustain critical processes, where they are located and how readily they can be re-directed to ensure continuity. IT Infrastructure Hazards Hardware failure Software errors Security event (virus, worm, denial of service attacks or break-ins) Network transmission degradation or failure Change management error Human error IT infrastructure has long been at the center of disaster recovery. It is an area where technology creates both exposures and the solutions needed to support the real-time, extended enterprise. The threats to IT infrastructure include physical impacts, such as hardware failures and circuit cuts, as well as less visible but very real threats from software bugs, security events, and simple human error. BCM initiatives need to address the complete business information flow and the entire critical infrastructure that supports it. Each hazard, large or small, carries with it a unique set of challenges that a business must address as its BCM strategy evolves. Of course, a number of the BCM components will not be within the scope of IT. For example, to avoid the impact of a significant flu outbreak, many businesses offer free flu shots to employees, thereby mitigating the risk of significant employee absenteeism resulting from seasonal illness. 3 of 6

Business Continuity Management Business Continuity Management is a continuous process driven by the critical business needs of an enterprise. A complete assessment of the information flows must take into consideration the people, processes and systems (including communications infrastructure) involved in each business information flow. All information flows internal to the company or external to suppliers or customers must be examined. The business assessment is then reviewed in the context of the Risk Assessment. The Risk Assessment helps identify the business continuity requirements, top and bottom line income exposures and potential expenses should an impacting event occur. Figure 1 below illustrates the Business Continuity Life Cycle. By adopting a life cycle approach to BCM, enterprises should be able to maintain the needed operational resiliency as their environment changes. New applications, mergers and acquisitions, changing regulatory landscapes, and technological advancements can alter the business environment overnight. It is critical that BCM is integrated into all significant business decisions to help enable the enterprise to continue operations while maintaining an acceptable level of risk for its critical information flows. Business Assessment People Processes Systems Business Continuity: Steady Management Testing and Verification Implementation Potential Impacting Events Compliance Requirements Expense Exposure Exposure Income Risk Assessment People Processes Systems Business Continuity: Planning and Design Verizon Business: Business Continuity Solutions Verizon Business provides a broad array of business continuity solution components from traditional resilient voice and data services to high-availability, network-embedded applications that enable customers to take advantage of a highly resilient platform at a fraction of the cost of building the platform in-house. The foundation of the business continuity portfolio is a suite of consulting services that integrate continuity planning with network architectures helping you through all stages of Business Continuity Plan Development, from initial planning and assessment through implementation. 4 of 6

By integrating Business Continuity Planning and network planning, Verizon Business can help ensure critical processes and systems are supported by a resilient network architecture delivering advanced communications across one of the world s largest local to global IP networks. This is a critical vulnerability for many enterprises because BCP and network planning are often segregated functions rather an integrated risk mitigation process. Separate leadership and funding priorities means the network architecture might not be able to deliver performance required in the business continuity disaster recovery (BCDR) plan. With Verizon Business, we work with your enterprise to develop and implement business continuity plans and systems to help you meet these critical business objectives. BCM solutions are built starting with core components of our Consulting Services, Resilient Voice and Data Services, Security Services, IT Solutions, and then a select set of Network Embedded Applications. Verizon Business can then incorporate Managed Services enabling your enterprise to focus IT efforts on driving business, rather than supporting your infrastructure. Finally, Verizon Business can provide complete end-to-end responsibility for hosting and managing of key business applications. Verizon has been building and managing its communication infrastructure to some of the highest standards in the telecommunications industry. Verizon enables millions of businesses and consumers to communicate on a daily basis and through some of the most severe events. With years of experience building and managing reliable communications networks, Verizon Business is able to provide enterprises with the opportunity to establish cost-effective solutions to help maintain non-stop, realtime enterprise operations. Services available to meet key business continuity requirements include the following:* Service Focus Service Benefit to the Customer Business Continuity Professional Services Resilient Voice and Data Networking Technology Consulting Services Enterprise Mobility EVDO IP VPN Broadband Wireless Back-Up SIG Broadband Wireless Back-Up Private IP Disaster Recovery Ports Assistance in developing or refreshing Business Continuity and regulatory compliance plans Ability to stay connected via notebook PCs via broadband wireless combined with Verizon s Enterprise Mobility Management Service IP VPN and broadband wireless back-up solution to traditional wire line access Public access back-up via broadband wireless to tie public locations into private networks Secondary Private IP port and access valuepriced to use as back-up access 5 of 6

Security Services Ethernet Private Line Custom Redirect Service Denial of Service Defense Detection Managed Firewall Enterprise and Managed Intrusion Protection Provides overall metro area LAN/WAN network flexibility and resiliency Real-time redirect of inbound calls based upon a trigger event to pre-configured alternative numbers Increased preventative measures to protect systems from outages caused by DoS attacks Increased preventative measures to protect systems from outages caused by viruses and malicious hacking IT Solutions IP Application Hosting Warm and hot fail-over options to facilitate ongoing operations during outage impact to primary facilities and systems Network-Embedded Applications Managed Network Services Customized Business Outcome SLA Remote Backup and Restore Managed Storage Hosted IP Centrex Web Center Integrated Communications Package Managed Network Services Customized Business Outcome SLA Data back-up to a remote, secure location managed by Verizon with full restore back to the primary data site when needed Variety of managed and hosted storage solutions to integrate into overall Business Continuity plan Flexible VoIP-based calling service with network based IP PBX that enables calling locations to change on demand to any location with Internet access Flexible hosted multimodal contact center functionality that permits contact center agents to reside anywhere there is Internet access Small business focused unified communication application that provides flexible calling and alternative communications options that does not require a fixed location A variety of management options for Verizon services that remove day-to-day operations from an enterprise and move them to Verizon s resilient network operations centers Customized solutions focused on achieving specific business outcomes for an application vs. traditional network and data center SLAs About Verizon Business Verizon Business, a unit of Verizon Communications (NYSE: VZ), is a leading provider of advanced communications and information technology (IT) solutions to large-business and government customers worldwide. Combining unsurpassed global network reach with advanced communications, security, and other professional service capabilities, Verizon Business delivers innovative and seamless business solutions to customers around the world. *All services may not be available in all areas. verizonbusiness.com 2008 Verizon. All Rights Reserved. WP11255 05/08 The Verizon and Verizon Business names and logos and all other names, logos, and slogans identifying Verizon s products and services are trademarks and service marks or registered trademarks and service marks of Verizon Trademark Services LLC or its affiliates in the United States and/or other countries. All other trademarks and service marks are the property of their respective owners. 6 of 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information