System Business Continuity Classification



Similar documents
System Business Continuity Classification

Understand Business Continuity

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014

Information Services Hosting Arrangements

Service Level Agreement (SLA) Hosted Products. Netop Business Solutions A/S

Monthly All IFS files, all Libraries, security and configuration data

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013

Chapter 7 Business Continuity and Risk Management

Session 9 : Information Security and Risk

Symantec User Authentication Service Level Agreement

GUIDANCE FOR BUSINESS ASSOCIATES

DISASTER RECOVERY PLAN TEMPLATE

SaaS Listing CA Cloud Service Management

How To Install An Orin Failver Engine On A Network With A Network Card (Orin) On A 2Gigbook (Orion) On An Ipad (Orina) Orin (Ornet) Ornet (Orn

SBClient and Microsoft Windows Terminal Server (Including Citrix Server)

BackupAssist SQL Add-on

A96 CALA Policy on the use of Computers in Accredited Laboratories Revision 1.5 August 4, 2015

Systems Support - Extended

June 29, 2009 Incident Review Dallas Fort Worth Data Center Review Dated: July 8, 2009

State of Wisconsin. File Server Service Service Offering Definition

Implementing SQL Manage Quick Guide

Microsoft Certified Database Administrator (MCDBA)

Technical White Paper

Backups and Backup Strategies

Improved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1

1)What hardware is available for installing/configuring MOSS 2010?

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy

Mobilizing Healthcare Staff with Cloud Services

SPECIFICATION. Hospital Report Manager Connectivity Requirements. Electronic Medical Records DRAFT. OntarioMD Inc. Date: September 30, 2010

IT CHANGE MANAGEMENT POLICY

The AppSec How-To: Choosing a SAST Tool

Administration of SQL Server

Project Startup Report Presented to the IT Committee June 26, 2012

Cloud Services Frequently Asked Questions FAQ

FOCUS Service Management Software Version 8.5 for CounterPoint Installation Instructions

In addition to assisting with the disaster planning process, it is hoped this document will also::

AML Internet Manor Court, Manor Farm House, London Road, Derby, Derbyshire, DE72 2GR. Tel: Fax:

ADMINISTRATION AND FINANCE POLICIES AND PROCEDURES TABLE OF CONTENTS

BME Smart-Colo. Smart-Colo is a solution optimized for colocating trading applications, built and managed by BME.

IT Help Desk Service Level Expectations Revised: 01/09/2012

Access to the Ashworth College Online Library service is free and provided upon enrollment. To access ProQuest:

Personal Data Security Breach Management Policy

AMERITAS INFORMATION TECHNOLOGY DISASTER RECOVERY AND DATA CENTER STRATEGY

IMHU-HRM-A February 15, 2012 PAI SOP. Ft. Huachuca Personnel Asset Inventory - SOP

Readme File. Purpose. Introduction to Data Integration Management. Oracle s Hyperion Data Integration Management Release 9.2.

Managed Firewall Service Definition. SD007v1.1

HP Connected Backup Online Help. Version October 2012

FOCUS Service Management Software Version 8.5 for Passport Business Solutions Installation Instructions

How To Install Fcus Service Management Software On A Pc Or Macbook

Help Desk Level Competencies

FCA US INFORMATION & COMMUNICATION TECHNOLOGY MANAGEMENT

EMR Certification Comprehensive Care Management Billing Support Specification

Licensing Windows Server 2012 R2 for use with virtualization technologies

1.2 Supporting References For information relating to the Company Hardware Request project, see the SharePoint web site.

GIS Service Provider. GIS Service Management

SolarWinds Orion Failover Engine Quick Start Guide

Support Services. v1.19 /

CSC IT practix Recommendations

Cyber Security: Simulation Platform

WEB APPLICATION SECURITY TESTING

2. When logging is used, which severity level indicates that a device is unusable?

Process of Setting up a New Merchant Account

Using Identity Finder. ITS Training Document

Licensing Windows Server 2012 for use with virtualization technologies

VCU Payment Card Policy

Oracle Cloud Enterprise Hosting and Delivery Policies

Microsoft Exchange 2010 on VMware Availability and Recovery Options

CENTURIC.COM ONLINE DATA BACKUP AND DISASTER RECOVERY SOLUTION ADDENDUM TO TERMS OF SERVICE

Firewall/Proxy Server Settings to Access Hosted Environment. For Access Control Method (also known as access lists and usually used on routers)

Avaya Business Continuity Plan Overview

StarterPak: Dynamics CRM Opportunity To NetSuite Sales Order

Knowledge Base Article

Best Practice - Pentaho BA for High Availability

Integrating With incontact dbprovider & Screen Pops

ROSS RepliWeb Operations Suite for SharePoint. SSL User Guide

The Importance Advanced Data Collection System Maintenance. Berry Drijsen Global Service Business Manager. knowledge to shape your future

Data Protection Policy & Procedure

Vulnerability Management:

Army DCIPS Employee Self-Report of Accomplishments Overview Revised July 2012

Phi Kappa Sigma International Fraternity Insurance Billing Methodology

Software Distribution

Southeast Michigan Disaster Recovery Talking Points

Electronic Data Interchange (EDI) Requirements

Loss Share Data Specifications Change Management Plan

Considerations for Success in Workflow Automation. Automating Workflows with KwikTag by ImageTag

Transcription:

Business Cntinuity Prcedures Business Impact Analysis (BIA) System Recvery Prcedures (SRP) System Business Cntinuity Classificatin Cre Infrastructure Criticality Levels Critical High Medium Lw Required Required Required Required suggested t cmplete Required Required Required suggested t cmplete cmplete Business Cntinuity Methds System Availability High Availability High Availability High Availability Recverable Reliable Maximum Dwntime <2 hurs <4 hurs <24 hurs <72 hurs >72 hurs Data Recvery Strategy Cntinuus backup Cntinuus backup Testing Cntinuus backup Incremental r differential between full backups Incremental r differential between full backups Dcumentatin Review Semiannual Semiannual Annual Biennial Biennial Walkthrugh Semiannual Annual Annual Biennial Biennial Simulatin Annual Annual Biennial Biennial Nt Required Parallel Cmpnent Interruptin cmplete biennially cmplete biennially cmplete biennially cmplete biennially cmplete biennially System Business Cntinuity Classificatin (Jan-12) 1

Criticality Levels Criticality levels are determined by the service wner and are used t classify the criticalness f an IT system* t a business prcess. The level selected defines the necessary business cntinuity prcedures, methds, and testing requirements. Cre Infrastructure: IT systems that must be functining and are cnsidered cre cmpnents, which will need t be peratinal befre ther dependent systems can perfrm as they are intended. Examples f cre systems include, but are nt limited t; electricity, the data netwrk, netwrk services such as DNS and DHCP, and varius authenticatin systems such as Active Directry. Immediate recvery is required t prevent substantial interruptin f University peratins. Systems shuld have a maximum dwntime f 2 hurs r less. Critical: IT systems which are essential t supprt University business peratins. Lss r failure f these systems will have an extreme impact n business peratins. Systems shuld have a maximum dwntime f 4 hurs r less. High: IT systems which are crucial t supprt primary University business peratins. Lss r failure f these systems will have a significant impact n business peratins. Systems shuld have a maximum dwntime f 24 hurs r less. Medium: IT systems which are imprtant t University business peratins. Lss r failure f these systems will have a mdest impact n business peratins. Systems shuld have a maximum dwntime f 72 hurs r less. Lw: IT systems which imprve the effectiveness r efficiency f University peratins. An extensive lss r failure f these systems will have a negligible impact n business peratins. *An IT system is a hardware r virtual cmputing envirnment that is installed r cnfigured t prvide, share, stre, r prcess infrmatin fr multiple users r, that cmmunicates with ther systems t transmit data r prcess transactins. Business Cntinuity Prcedures Different services are ffered t prperly dcument and utline business cntinuity prcedures. Each f these items define different prcedures and requirements necessary t prperly evaluate and restre an IT system. System Business Cntinuity Classificatin (Jan-12) 2

Business Impact Analysis (BIA) The purpse f the BIA is t identify and priritize system cmpnents by crrelating them t the missin/business prcess(es) the system supprts, and using this infrmatin t characterize the impact n the prcess(es) if the system was unavailable. System Recvery Prcedures (SRP) System recvery prcedures (SRP) prvide general prcedures fr the recvery f a system frm backup media r ther surces. Business Cntinuity Methds Business Cntinuity Methds define the system availability and data recvery strategies. System Availability: Cntinuus Availability: A system that is created with a gal f n scheduled r unscheduled dwntime. Cntinuus availability systems can nly be reliant upn ther systems that are unremitting. Alternate facilities, nt physically lcated within the same building, will be used t ensure that n lcal disruptins interfere with the system s cntinuus availability. Real time synchrnizatin between the sites is used t rute data t bth the primary site and the alternate facility(ies). Cntinuusly available systems cnsist f hardware and sftware designed t prtect against cmpnent and system-level failures at any pint in time, with an understanding that the system will always be active. High Availability: A system that can quickly recver frm a failure by way f autmatin built int the system. There may be a small amunt f dwntime while ne system switches ver t anther, but prcessing will cntinue. There shuld be a gal f n unscheduled utages r dwntimes. High availability systems can nly be reliant n unremitting systems r ther systems that have n lwer availability than high. Alternate facilities, nt physically lcated within the same building, will be used t ensure that n lcal disruptins interfere with the system s high availability. Near real time synchrnizatin between the tw sites is used t mirrr the data envirnment f the riginal site. The alternate site will have hardware and system resurce cmpnents; netwrking equipment with an active cnnectin; and the resurces needed t recver the business prcesses impacted by the system disruptin. Recverable: Redundant infrastructure cmpnents, such as web and file servers, which have data replicatin. The facility will have backups n hand, but they may nt be current r culd be incmplete. A full backup shuld be dne System Business Cntinuity Classificatin (Jan-12) 3

first with either an incremental r differential backup cmpleted n a set schedule. The system will recver by manual interventin which will cause sme dwntime as tlerable. An alternate facility (pssibly smaller in scale) with the equipment and resurces t recver the business functins affected by the ccurrence f a disaster may be used. Reliable: Nn-redundant cmpnents that have n prtectin r ht-swappable hardware. IT staff will restre them eventually after majr failure, but the business des nt depend n them. System will have backups, but they may nt be current r culd be incmplete. An alternate facility wuld nt be needed in this instance. Data Recvery Strategies: Cntinuus backup: Backup f cmputer data by autmatically saving a cpy f every change made t that data in real time r near real time. It allws fr the data t be restred at any pint in time. The data will be lcated in different physical lcatins t ensure data availability in the event f a disruptin. Full backup: A backup in which all f a defined set f data bjects are cpied, regardless f whether they have been mdified since the last backup. Incremental backup: An incremental backup stres all files that have changed since the last full, differential r incremental backup. Differential backup: A backup in which data bjects mdified since the last full backup r incremental backup are cpied. Testing and Exercises The purpse f testing is t cnfirm the business cntinuity slutin satisfies the rganizatin's recvery requirements. Plans may fail t meet expectatins due t insufficient r inaccurate recvery requirements, slutin design flaws, r slutin implementatin errrs. Dcumentatin Review: Staff will individually review the plan fr accuracy and cmpleteness and ensure supprting dcumentatin fr critical systems is up t date. Business cntinuity dcumentatin shuld be reviewed in cnjunctin with system changes and updated if necessary. System Business Cntinuity Classificatin (Jan-12) 4

Walkthrugh: Staff walkthrugh the recvery plan as a grup, discussing each step alng the way. Simulatin: Staff members perfrm a walkthrugh in the cntext f a simulated disaster that includes peridic annuncements f events as they ccur. Staff d nt actually perfrm any recvery steps. Parallel: Staff members perfrm actual recvery steps t mve business prcesses t alternate lcatins. Staff build r activate recvery servers while primary servers are als still wrking. Primary everyday business prcesses shuld cntinue uninterrupted. Cmpnent: Individual cmpnents (such as a webserver r database) are rendered ffline t test failver and backup slutins. Interruptin (cmplete rehearsal): The business stps perfrming critical business prcesses, as thugh an actual disaster has ccurred. Staff members carry ut business peratins accrding t the interim plan. Minr issues identified in the initial testing phase may be dcumented and retested during the next test cycle. Significant cmplicatins, such as a lack f apprpriate technlgies needed t meet the maximum tlerable dwntime r system recvery effrts, shuld be addressed and remediated immediately. References: NIST 800-34 Cntingency Planning Guide fr IT Systems The BS 25999 series will include tw standards, as fllws: - BS 25999-1:2006 Cde f Practice fr BCM - BS 25999-2:2006 A Specificatin fr BCM. NFOA 1600: Standard n Disaster/Emergency Management and Business Cntinuity Prgrams ISO/IEC FDIS 27031: Infrmatin technlgy -- Security techniques -- Guidelines fr infrmatin and cmmunicatin technlgy readiness fr business cntinuity Revisin date: 6/5/2015 System Business Cntinuity Classificatin (Jan-12) 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information