Disaster Recovery and Business Continuity Planning Workshop. Jane Drews University IT Security Officer June 30, 2009

Similar documents
Why Should Companies Take a Closer Look at Business Continuity Planning?

Disaster Recovery Plan

Yale University Business Continuity Planning (BCP) Quick Start Guide

BUSINESS CONTINUITY PLANNING GUIDELINES

Creating a Business Continuity Plan for your Health Center

The University of Iowa. Enterprise Information Technology Disaster Plan. Version 3.1

GETTING THE MOST FROM THE CLOUD. A White Paper presented by

How To Prepare For A Disaster

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY

Disaster Recovery and Business Continuity What Every Executive Needs to Know

Business Continuity and Disaster Recovery Planning

Attachment N CPIC Vendor Resiliency Business Continuity Planning Questionnaire

Continuity Planning and Disaster Recovery

Business Continuity Planning (800)

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

Fire Department Guide. Creating and Maintaining Business Continuity Plans (BCP)

Intel Business Continuity Practices

Business Resiliency Business Continuity Management - January 14, 2014

Business Continuity Plan Infectious Diseases

Certified Disaster Recovery Engineer

Protecting Your Business

IT Disaster Recovery Plan Template

Continuity of Operations Planning. A step by step guide for business

1. Backup and Recovery Policy

DRAFT. CUNY Pandemic Influenza Response Plan Incident Level Responsibilities

Building and Maintaining a Business Continuity Program

Milk Haulers Pandemic Planning Guide

How to Design and Implement a Successful Disaster Recovery Plan

CERTIFIED DISASTER RECOVERY ENGINEER

Building a Disaster Recovery Program By: Stieven Weidner, Senior Manager

Managing business risk

Virginia Commonwealth University School of Medicine Information Security Standard

Ohio Conference for Payroll Professionals Disaster Recovery

Is Your Port Prepared to Recover from a Disaster? Can you keep the cash register ringing when bad things happen?

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan

IT Service Continuity Management PinkVERIFY

FORMULATING YOUR BUSINESS CONTINUITY PLAN

The handouts and presentations attached are copyright and trademark protected and provided for individual use only.

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

ICT Business Continuity & Disaster Recovery for Local Authorities. White Paper

Assessing Your Disaster. Andrews Hooper Pavlik PLC. Andrews Hooper Pavlik PLC

Business Continuity Template

Information Security Management: Business Continuity Planning. Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt.

Emergency Planning and Crisis Management initiatives rolled up into a viable Business Continuity and Enterprise Risk Management Program.

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

BUSINESS IMPACT ANALYSIS.5

Business Continuity Planning for Risk Reduction

Disaster Recovery Hosting Provider Selection Criteria

ICT & Communications Services Disaster & Recovery Plan

Contingency Planning and Disaster Recovery for BOMA

Disaster Recovery and Business Continuity Plan

CONTINUITY OF OPERATIONS PLAN TEMPLATE

PAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA

OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

Continuous Data Protection. PowerVault DL Backup to Disk Appliance

BUSINESS CONTINUITY PLANNING

Disaster Recovery Planning Process

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

DRAFT Disaster Recovery Policy Template

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA

Continuity of Business

Oadby and Wigston Borough Council. Information and Communications Technology (I.C.T.) Section

Business Continuity Planning and Disaster Recovery Planning

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

Guide to Business Continuity and Recovery Planning

BC / DR Implementation Tying Disaster Recovery Investment to Measurable Business Value

Unit Guide to Business Continuity/Resumption Planning

CIS 523/423 Disaster Recovery Business Continuity

Facilitated By: Ken M. Shaurette, CISSP, CISA, CISM, CRISC FIPCO Director IT Services

Ohio Supercomputer Center

Cloud Backup and Recovery

Course Title: Disaster Recovery, 1st Edition

Supervisory Policy Manual

Offsite Disaster Recovery Plan

Business Continuity Planning. Donna Curran, Director Audit and Risk Management February, 2014

Call: Disaster Recovery/Business Continuity (DR/BC) Services From VirtuousIT

Business Continuity Plan

Business Continuity Planning in IT

11 Common Disaster Planning Mistakes

PPSADOPTED: OCT BACKGROUND POLICY STATEMENT PHYSICAL FACILITIES. PROFESSIONAL PRACTICE STATEMENT Developing a Business Continuity Plan

Business Continuity Management

Sustainability through Business Continuity Management

Audit, Finance and Legislative Committee Mayor Craig Lowe, Chair Mayor-Commissioner Pro Tem Thomas Hawkins, Member

Transcription:

Disaster Recovery and Business Continuity Planning Workshop Jane Drews University IT Security Officer June 30, 2009

2 Learning Objectives 1. Identify the components of effective Disaster Recovery & Business Continuity Plans 2. Learn about resources which are available 3. Understand your unit s responsibility for planning 4. Utilize tool to assist in development of a DR/BC plan

3 Outline Overview Department Information Exercise 1 Critical Functions Exercise 2 Information Technology Exercise 3 Key Resources Exercise 4

4 Credit goes to UC Ready Tool! Much of the content for development of the DRBC-Planner tool comes from the UC-Ready web tool developed at Berkeley ITSO and UIRM will investigate possibility of adopting UC-Ready web tool for use at the UI Should we adopt, information collected and input by you should be relatively simple to migrate We will keep you informed

5

6 Overview Disaster Recovery vs. Business Continuity As duration of disaster increases, BC more important As scope of disaster increases, BC more important Assessment of Risk: No plan = accept full risk and consequence of a disaster Plan = identify worst case scenarios and mitigations to lessen disaster consequence and minimize loss

7 Overview Plans should address these aspects Physical Environmental Operational Personnel Critical functions or important? Not practical to cover everything in detail Consider Natural as well as Artificial Threats Planning process and outcomes Prevention measures

8 DR Fundamentals: Prevention and Mitigation Back-up methodology, off-site storage Physical security for equipment Logical security measures Administration and inventories Testing and training

9 University Responsibility Top level chain of command is already documented (CIMP) Communications regarding events http://www.uiowa.edu/~pubsfty/cimp.pdf Infrastructure services: Network (ITS) Power and HVAC (FM) Physical space (FM) Telephone (ITS)

10 Things to Consider Personnel issues Payroll issues Purchasing Emergency Contacts Social distancing & working from home

11 Unit Responsibility Business Impact Analysis Critical functions (prioritization) Cost of failures Resources people, systems, supplies, etc Vital records Recovery procedures Communications within unit Chain of command for decision making

12 Things to Consider 1. Disasters (obviously!) happen 2. Planning > Plan 3. Learn from experience and be better prepared Crisis is not the time to deliberate decisions Communication is a priority 4. You will not leave today with a finished plan

13

14 General Department Information Name, type of dept Personnel (categories, estimated numbers) Location(s) occupied References to other plans/documents Pandemic plan Evacuation/emergency plan Faculty plan (teaching and research)

15 ABOUT ACTION ITEMS Most important part of the DR/BC Plan What can your unit do to be better prepared? Ideas, not commitments Cost estimates: Low (less than $1,000) Moderate ($1,000 to $10,000) High ($10,000 to $100,000) Cost is means one time, annual, or both

16 Exercise 1: Dept Information Navigate to: http://cio.uiowa.edu/itsecurity/resources/drbcp.shtml Save the spreadsheet to your desktop ( often ) Open and complete the Dept Info tab information as well as you can Utilize the Action Items tab. If there is information you need to collect (not available via web) note it in your action items! Be sure to hover to see the Comments

17

18 Critical Functions List of functions performed by your unit Don t reinvent the wheel: Essential Functions for your unit were already identified in pandemic plans Indication of function relative criticality: Critical 1 Critical 2 Critical 3 Deferrable Essential, must continue at normal and perhaps increased function Essential, serious consequences if disrupted, must continue function at normal or reduced level May pause briefly, but must resume function within 30 days May pause if necessary, but should resume function as soon as conditions permit

19 Critical Functions - Examples Classroom instruction Laboratory research Process applicants (admission, degree, etc) In-patient, out-patient care Scheduling (courses, classrooms, etc) Produce Payroll Deliver supplies

20 Critical Functions The Details Peak periods (i.e., start/end of sessions, FY) References to documents Dependencies to consider Upstream: HR, Registrar, ITS, FM, Purchasing, Downstream: may be groups or units Consequences of failure/reduction Coping strategies

21 Exercise 2: Critical Functions Complete the Critical Functions List tab first. Use pandemic plans to get started. http://provost.uiowa.edu/docs/reports/panfluresponseplan.pdf Each critical function should be detailed in a separate (Critical Functions(1), etc) tab. To add more tabs: Right click tab, select move or copy, click X to copy Right click new tab, and move it before the IT tab Record actions to complete at the bottom of each tab

22

23 Information Technology IT typically supports the unit s critical functions web site = communication vehicle server = file storage, sharing, archive IT is centrally-supported as well as locally supported they will be addressed separately Focus is on applications, inventory, procedures IT planning is to lessen impact on critical functions Redundancy Recovery procedures Alternatives

24 Information Technology Recovery procedures should be documented, referenced, but not maintained within this tool Maintain and share relevant information Hardware Software (and appropriate licenses, access keys) Personnel (and appropriate expertise) Contact information vendors, suppliers Redundancy, resiliency, recoverability,.

25 Exercise 3: Information Technology Complete the IT tab as best you can First priority is support of critical functions, but everything should be collected Central Enterprise applications utilized Department applications Servers describe those owned and managed by your unit Workstations what inventory do you have, and how many, in general terms Backups looking for adequacy, not details Review the IT-Recovery tab scenarios and make notes

26

27 Key Resources Personnel General things to consider before emergency Key personnel Start with information from pandemic plan Working from home Survey your department personnel? Requirements to make this successful? Other personnel considerations Teams, skills, functions, replacements, alternatives, etc

28 Key Resources Non Personnel Documents where are primary/definitive? Equipment and supplies Office equipment Other equipment Supplies Facilities and transportation Space Utilities Transportation Other resources

29 Exercise 4: Key Resources Complete the Key Resources-Personnel tab Chain of command and decision makers Expertise should be considered Consider strategies to collaborate Consider the support of critical functions Complete the Key Resources-NonPersonnel tab Can t prepare meals without food Can t run busses without gas Can t treat (some) illness without drugs

30 Next Steps Save the plan! Review your recorded actions Complete the missing parts of your plan Share within your department as draft Obtain executive review and acceptance Provide FEEDBACK on the tool How to conduct a tabletop exercise???

31

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information