Protecting Your Business



Similar documents
Attachment #2. BUSINESS CONTINUITY PLAN Plan Development Guidelines

Business Continuity and Disaster Recovery Planning from an Information Technology Perspective

Simplify Your Data Protection Strategies: Best Practices for Online Backup & Recovery

BCP and DR. P K Patel AGM, MoF

Business Continuity Planning and Disaster Recovery Planning

Preparing for the Worst: Disaster Recovery and Business Continuity Planning for Investment Firms An Eze Castle Integration ebook

IT Disaster Recovery Plan Template

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA

DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES

Business Continuity & Recovery Plan Summary

Business Continuity Planning Principles and Best Practices Tom Hinkel and Zach Duke

Business Continuity & Recovery Plan Summary

BME CLEARING s Business Continuity Policy

Disaster Recovery Checklist Disaster Recovery Plan for <System One>

Overview of how to test a. Business Continuity Plan

The Shift Cloud Computing Brings to Disaster Recovery

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS

Tips and techniques a typical audit programme

a Disaster Recovery Plan

The Difference Between Disaster Recovery and Business Continuance

Disaster Recovery 101. Sudarshan Ranganath & Matthew Phillips Ellucian

Implementing Disaster Recovery? At What Cost?

Disaster Recovery Planning

Offsite Disaster Recovery Plan

EXECUTIVE SUMMARY 1.1 PROJECT OBJECTIVES

Best Practices in Disaster Recovery Planning and Testing

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

Disaster recovery strategic planning: How achievable will it be?

Virtualization, Business Continuation Plan & Disaster Recovery for EMS -By Ramanj Pamidi San Diego Gas & Electric

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

Building a Disaster Recovery Program By: Stieven Weidner, Senior Manager

Building a strong business continuity plan

Business Continuity Plan

Advent. Disaster Recovery: Options for Investment Managers. A White Paper from Advent Software and CyGem Ltd. Advent Software, Inc.

Disaster Recovery Hosting Provider Selection Criteria

Business Continuity and the Cloud. Aaron Shaver US Signal, Solution Architect

Template Courtesy of: Cloudnition LLC 55 W. 22 nd St Suite 115 Lombard, IL (630)

How to Plan for Disaster Recovery and Business Continuity

BC / DR Implementation Tying Disaster Recovery Investment to Measurable Business Value

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain

Business Continuity Management

Why Should Companies Take a Closer Look at Business Continuity Planning?

The Impact Of The WAN On Disaster Recovery Capabilities A commissioned study conducted by Forrester Consulting on behalf of F5 Networks

NAVIGATING THROUGH A CATASTROPHIC DISASTER:

SCADA Business Continuity and Disaster Recovery. Presented By: William Biehl, P.E (mobile)

CITY UNIVERSITY OF HONG KONG Business Continuity Management Standard

Disaster Recovery Planning

Infrastructure as a Service (IaaS) Dancik International and Peak 10

Expert. Trusted. Effective. IT managed services tailored to you. From Modern Networks.

Business Continuity Planning and Disaster Recovery Planning. Ed Crowley IAM/IEM

Backup Software? Article on things to consider when looking for a backup solution. 11/09/2015 Backup Appliance or

Creating a Business Continuity Plan for your Health Center

Protecting Microsoft SQL Server

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY

Security Architecture. Title Disaster Planning Procedures for Information Technology

How to Build a Disaster Recovery Plan

Business Continuity Management and The Extended Enterprise

Technical Considerations in a Windows Server Environment

Business Continuity Planning (800)

Backup and Recovery 1

Information Security Management: Business Continuity Planning. Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt.

DRAFT Disaster Recovery Policy Template

INSIDE. Preventing Data Loss. > Disaster Recovery Types and Categories. > Disaster Recovery Site Types. > Disaster Recovery Procedure Lists

HA / DR Jargon Buster High Availability / Disaster Recovery

Domain 3 Business Continuity and Disaster Recovery Planning

2014 NABRICO Conference

Infrastructure Support Engineer Job Profile

Interactive-Network Disaster Recovery

Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider

OKHAHLAMBA LOCAL MUNICIPALITY

Creating a Business Continuity Plan. What We ll Cover... What is a BCP? Micky Hogue, CRM

Cisco Disaster Recovery: Best Practices White Paper

Documentation. Disclaimer

Proposal for Business Continuity Plan and Management Review 6 August 2008

Business Continuity Planning and Disaster Recovery Planning

Business Continuity Plan

Running Successful Disaster Recovery Tests

DISASTER RECOVERY PLANNING GUIDE

How to measure your business resiliency

Version Copyright Janco Associates, Inc. - Page 1

Transcription:

Protecting Your Business Business Continuity/Disaster Recovery Planning Robert Haberman Senior Product Manager BCP/DRP TELUS BUSINESS SOLUTIONS

Business Continuity/Disaster Recovery Planning 1 Agenda: By-Law 17.19 BC/DR Planning The Structure BC/DR Planning - Build Vs Buy How A 3 rd Party Vendor Can Help Summary And Conclusion

IDA By-law 17.19 2 Protecting Your Industry.. Every Member shall establish and maintain a business continuity plan identifying the necessary procedures to to be be undertaken during an an emergency or or significant business disruption. Such procedures shall be be reasonably designed to to enable the Member to to stay in in business in in the event of of a future significant business disruption in in order to to meet obligations to to its its customers and capital markets counterparts..

IDA By-law 17.19 3 What it means to you. The objective of By-law 17.19 is to ensure that, in the event of an emergency, firms can keep operating at a given level, so as to: Meet legal, fiduciary and regulatory obligations Meet customer obligations To meet this objective, each member firm has to develop and maintain a business continuity plan that: 1. Meets a set of minimum standards. 2. Will provide appropriate / effective recoverability from a significant business disruption (SBD). 3. Meets the laws, regulations, and unique circumstances of their jurisdiction and location.

IDA By-law 17.19 4 Significant Business Disruption A Significant Business Disruption is defined as an event which: Prevents access to the normal business premises and/or Prevents access to primary systems and services. For Example: Human Error Fire / Smoke Damage Burst Water Pipe Electrical failure Computer virus / computer failure The The BCP BCP shall shall be be designed with with the the worst case scenario in in mind.

IDA By-law 17.19 5 Timetable: Once the By-Law is approved, a Notice to Members will be released. From that point, members will have 12 months to: 1. Develop the BCP 2. Test the BCP 3. Have the BCP reviewed Members can expect the Notice, within the next 3-6 months. Now Now is is the the time time to to start start the the planning and and preparations!!

Business Continuity/Disaster Recovery Planning 6 Agenda: By-Law 17.19 BC/DR Planning The Structure BC/DR Planning - Build Vs Buy How A 3 rd Party Vendor Can Help Summary And Conclusion

Structure for Business Continuity Planning 7 Business Continuity Planning is driven from the top down. The BCP Officer: The BCP Officer is a senior manager, who is the champion / keeper of the Business Continuity Plan. Ensures resources/funding are available. Senior Management Team: Responsible for approving initial and updated Business Continuity Plans.

Strategy for Business Continuity Planning 8 To comply with By-law 17.19, the BCP must have the following primary components: 1. Plans and Procedures Senior Management Crisis Management Plan Documents procedures & support facilities required by senior managers. Incident Management Plan Documents staff responsibilities. Includes internal / external communications procedures and procedures required for continuity and recovery. 2. Staff Awareness Plan Designed to ensure all staff members are aware of their roles and responsibilities during a crisis.

Strategy for Business Continuity Planning 9 3. Facilities and Infrastructure Systems Technologies Data Recovery Sites 4. Business Continuity Plan Review and Test Procedures Plans must be reviewed and approved by senior management to ensure they meet IDA standards. Once completed, the BCP must be tested to prove it is fully operational. Business Continuity Plans are to be reviewed by an independent third party. Senior management will review and approve the BCP annually. The The BCP BCP is is a living document and and must be be up-to-date at at all all times.

Required Standards for the BCP 10 To meet these strategic goals, the following standards must be met: 1. Communications: Contact lists / procedures to contact all employees, building management, customers and counterparties. Alternative communications methods should also be detailed. 2. Recovery Site: Recovery site and required infrastructure ( as required) shall be geographically distant from the primary site. 3. System Back-Up: Comprehensive back-up processes to ensure data / application source code is protected and quickly recoverable.

Required Standards for the BCP 11 4. External Dependencies: All key third party companies must demonstrate an effective and proven business continuity capability. 5. Vital Records: All vital records (regardless of media) shall be Duplicated and stored in a geographically separate location. Current Available for use in the required time frame. 6. Staff Awareness: Staff shall be trained and fully capable of performing their required duties at the alternate site.

Required Standards for the BCP 12 7. Maintenance of BCP: Business Continuity must be included as part of the development/introduction of new products/services and infrastructure. 8. Human Resources Plan: Provision of HR services (including payroll, financial assistance and grief counseling ) must be included as part of the BCP. 9. Management Reporting: The BCP officer is required to report to senior management, on a quarterly basis.

BC/DR Planning The Toolkit 13 Developing a By-law 17.19 compliant Business Continuity Plan requires a clear, structured, well defined process. The critical first step in this process is the Business Impact Analysis (BIA). The BIA looks at all aspects of your brokerage, and asks the question What Would Happen If? The BIA is is a straightforward, highly structured, process.

BC/DR Planning The Toolkit 14 Step 1: Business Impact Analysis The Business Impact Analysis is a process designed to: Identify the critical applications and timeframe for recovery. Recovery Point Objectives Recovery Time Objectives Identify the IT infrastructure to support those critical applications. Review system backup strategy and identify areas of deficiencies with recommendations if any. Identify network components required in order to connect to the recovery site in the event of a disaster. Identify critical external connections. Review the Data Centre environment and protection in terms of security, power, UPS, HVAC and fire protection.

BC/DR Planning The Toolkit 15 Step 1: Business Impact Analysis(continued) The Business Impact Analysis is a process designed to: Identify alternate Work Areas. Establish emergency communications policies and procedures for staff and customers. Identify the critical suppliers that need to be contacted in the event of a disaster. Examines HR policies and procedures. Provide recommendations and cost options to provide a proper Business Continuity / Disaster Recovery Plan. Highly detailed, exacting process that that explores your your business processes.

Business Impact Analysis 16 In BC/DR Planning - Not all Applications / Data are Equal The right solution is a trade-off between the cost of insuring business continuance and the cost of failure. Level and Sophistication of Redundancy Impact of Outage CRM Cost Cost Email Cost G/L Time to Recover Time to Recover Time to Recover

Business Impact Analysis 17 Recovery Point Objective (RPO) Disaster Event to last backup (lost data) Recovery Time Objective (RTO) Disaster Event to recovered systems and data RPO Event RTO Revert to Production Systems Last backup Restore system and data Manual Process Enter Manual Process Data Normal Operations Recover lost data (RPO to Event) Enter Lost Data

Plan Development / Implementation 18 Implement the Disaster Recovery Infrastructure Hot site or warm site Data Backup, Offsite vaulting Data / Server Replication Network connectivity Work Area Recovery The Disaster Recovery Manual Document Recovery Procedures Communication Plan for stakeholders executive, recovery teams, vendors, media, employees, shareholders Declaration Procedures Etc.

BC/DR Plan Testing 19 The BC/DR Plan MUST be tested periodically Ensures the plan is up-to-date. Ensures required systems are operational and meet current requirements. Ensures key staff is trained. Test Plan Structure: Pre-test checklist Test objectives Personnel Assignment Test Audit the results Post-test review: Implement action items Testing PROVES the the Plan Plan Works and and you you are are prepared.

Technical Components for a BC/DR Plan 20 1) Storage Off-the-shelf services 3 rd party off-site Enterprise Storage. Data Centre to Data Centre Data Replication. Keeps secure copies of your data in different geographic locations. Customer SAN to Data Centre Data Replication Customer Premise Specific Storage Area Network (SAN) Solutions: Professional Services to assess, design and build. SAN and NAS equipment located on Customer Premises. Data back-ups can be set to meet particular RPO / budgetary objectives Ensures critical data data is is safe safe and and quickly recoverable.

Technical Components for a BC/DR Plan 21 2) Work Area Recovery Secure, off-site location Designed as a safe retreat for key personnel Includes: Standard Office Equipment Desks / Chairs / Telephones / etc. Computers, Printers, Fax Network connectivity LAN & WAN as required Strong physical security Allows key key staff staff to to resume their their roles quickly and and efficiently.

Technical Components for a BC/DR Plan 3) Off-Site Hosting Keeps critical applications / servers in a secure 3 rd -party data centre Internal / External Web Sites Back-Office Applications Customer Databases Data centre can provide customer with a range of services: From: Simple co-location Serviced floor space, in a secure enclosure, 24/7 access. Customer provides hardware / application / support. To: A complete package Hardware, software, and management services, in the data centre Ensures critical business applications // processes are operational, regardless of of the event. 22

Technical Components for a BC/DR Plan 23 4) Wide Area Network Connectivity Secure, high speed WAN ensure businesses have access to their applications from anywhere. All work area recovery sites offer high-speed network access. Staff members can also access corporate networks from alternate work sites or home offices. Ensures staff has access to critical data and applications, regardless of the situation. The network ties everything together!!

Technical Components for a BC/DR Plan 24 5) Voice Continuity Technologies are available to quickly re-direct telephone calls to alternate phone numbers: Emergency call centres Emergency voicemail Mobile telephones Voice Over IP In In the the brokerage business, the the personal touch reassures customers.

Technical Components for a BC/DR Plan How it all comes together 3 rd Party Work Area Recovery Centre 25 Toronto Data Centre Wide Area Network Client scentre Calgary Data Centre

Business Continuity/Disaster Recovery Planning 26 Agenda: By-Law 17.19 BC/DR Planning The Structure BC/DR Planning - Build Vs Buy How A 3 rd Party Vendor Can Help Summary And Conclusion

BC/DR Planning Build vs Buy? 27 Developing and implementing a compliant Business Continuity / Disaster Recovery Plan is a tough task. Business Impact Analysis BC/DR Plan Development & Implementation Periodic Testing Corporate planners must have: Complete understanding of critical / non-critical systems Impact of crisis on critical systems Technical resources Senior management support Time However, brokerage firms want to to be be brokerage firms.

BC/DR Planning Build vs Buy? 28 Many brokerage firms would be happy to engage a recovery services provider. BUT will demand; End-To-End Service High level of security / performance Value for the money One throat to choke

BC/DR Planning Build vs Buy? 29 Ideally the perfect BCP/DRP Vendor: Understands ALL aspects of the business Is national in scope Provides a complete End-To-End suite of services Has PROVEN technical reliability A solid, demonstrable track record. A lot lot to to ask from one vendor!!

Business Continuity/Disaster Recovery Planning 30 Agenda: By-Law 17.19 BC/DR Planning The Structure BC/DR Planning - Build Vs Buy How A 3 rd Party Vendor Can Help Summary And Conclusion

How A 3 rd Party Vendor Can Help 31 The perfect vendor must offer a complete range of products and services to ensure your company keeps operating under any circumstances! Business Impact Analysis BCP/DRP Consulting Plan Testing Work Area Recovery Sites Network Services System / Application Recovery Storage Hardware Unix, Mainframe, AS/400, Intel, The solution must be a unique, custom one, to meet your specific requirements.

Why TELUS / SunGard? 32 Networks Data Centres Storage (SAN) Voice (IP One) Partners DR Experience Citrix Servers Router Firewall Ethernet Appl Servers UNIX Servers Active Directory Disaster Internet WAN Work Area Recovery Voice No No other other solutions provider in in Canada has has the the breadth and and depth. depth.

Business Continuity/Disaster Recovery Planning 33 Agenda: By-Law 17.19 BC/DR Planning The Structure BC/DR Planning - Build Vs Buy How A 3 rd Party Vendor Can Help Summary And Conclusion

BCP/DRP SUMMARY & CONCLUSION 34 The writing is on the wall IDA members will have to develop the business continuity plans and processes needed to protect their customers, their business and the industry. With careful planning and the right partners, a fully compliant Business Continuity Plan can be developed and implemented, with a minimum of expense and disruption to your business. Rest Easy!!

BCP/DRP SUMMARY & CONCLUSION 35 For further reference and details, please check the IDA website at: www.ida.ca For further information on TELUS s Business Continuity / Disaster Recovery services, please contact: Robert Haberman P.Eng Senior Product Manager Business Continuity / Disaster Recovery TELUS Business Solutions Voice: 416 228-3408 Email: robert.haberman@telus.com

BCP/DRP SUMMARY & CONCLUSION 36 Any Questions?

37