Business Continuity Management

Similar documents
Business Continuity and Disaster Recovery Planning from an Information Technology Perspective

Business Continuity Plan

Business Continuity Planning for Risk Reduction

Beyond Disaster Recovery: Why Your Backup Plan Won t Work

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning MARCH 2003 IT EXAMINATION H ANDBOOK

Disaster Recovery. Hendry Taylor Tayori Limited

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four

Business Continuity Planning in IT

DISASTER RECOVERY PLANNING GUIDE

Assessing Your Disaster. Andrews Hooper Pavlik PLC. Andrews Hooper Pavlik PLC

Disaster Recovery and Business Continuity Plan

Table of Contents... 1

Business Continuity Planning Principles and Best Practices Tom Hinkel and Zach Duke

Business Continuity and Disaster Recovery Planning

University of Michigan Disaster Recovery / Business Continuity Administrative Information Systems 4/6/2004 1

Why Should Companies Take a Closer Look at Business Continuity Planning?

Developing a Business Continuity Plan... More Than Disaster

Temple university. Auditing a business continuity management BCM. November, 2015

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION

Ohio Supercomputer Center

Business Continuity Planning (800)

Business Resiliency Business Continuity Management - January 14, 2014

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK

Business Continuity Planning and Disaster Recovery Planning

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

Prepared by Rod Davis, ABCP, MCSA November, 2011

DISASTER RECOVERY Steps You Need to Take (Before It s Too Late)

Disaster Recovery and Business Continuity What Every Executive Needs to Know

HA / DR Jargon Buster High Availability / Disaster Recovery

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain

Disaster Recovery Plan Checklist

Virginia Commonwealth University School of Medicine Information Security Standard

CITY UNIVERSITY OF HONG KONG Business Continuity Management Standard

Interactive-Network Disaster Recovery

INSIDE. Preventing Data Loss. > Disaster Recovery Types and Categories. > Disaster Recovery Site Types. > Disaster Recovery Procedure Lists

Ohio Conference for Payroll Professionals Disaster Recovery

Managing business risk

The Weill Cornell Medical College and Graduate School of Medical Sciences. Responsible Department: Information Technologies and Services (ITS)

Desktop Scenario Self Assessment Exercise Page 1

Success or Failure? Your Keys to Business Continuity Planning. An Ingenuity Whitepaper

Building a Disaster Recovery Program By: Stieven Weidner, Senior Manager

BUSINESS CONTINUITY PLAN OVERVIEW

2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level. Tracy L. Hall, MBCP

Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP).

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

Course: Information Security Management in e-governance. Day 2. Session 5: Disaster Recovery Planning

Application / Hardware - Business Impact Analysis Template. MARC Configuration Requirements. Business Impact Analysis

The 9 Ugliest Mistakes Made with Data Backup and How to Avoid Them

Business Continuity Planning for Schools, Departments & Support Units

Disaster Recovery Planning Procedures and Guidelines

The Business Continuity Maturity Continuum

Business Continuity and Disaster Survival Strategies for the Small and Mid Size Business.

The PNC Financial Services Group, Inc. Business Continuity Program

Advent. Disaster Recovery: Options for Investment Managers. A White Paper from Advent Software and CyGem Ltd. Advent Software, Inc.

DISASTER RECOVERY BUSINESS CONTINUITY DISASTER AVOIDANCE STRATEGIES

TO AN EFFECTIVE BUSINESS CONTINUITY PLAN

How to write a DISASTER RECOVERY PLAN. To print to A4, print at 75%.

Principles for BCM requirements for the Dutch financial sector and its providers.

a Disaster Recovery Plan

NIST SP , Revision 1 Contingency Planning Guide for Federal Information Systems

Creating a Business Continuity Plan for your Health Center

Unit Guide to Business Continuity/Resumption Planning

BUSINESS CONTINUITY PLANNING GUIDELINES

NCUA LETTER TO CREDIT UNIONS

PPSADOPTED: OCT BACKGROUND POLICY STATEMENT PHYSICAL FACILITIES. PROFESSIONAL PRACTICE STATEMENT Developing a Business Continuity Plan

So You Think You Have a Good Business Recovery Plan? Steps an Asset Management Company can take to Recover from a Major Disaster

2014 NABRICO Conference

SCADA Business Continuity and Disaster Recovery. Presented By: William Biehl, P.E (mobile)

Business Continuity & Recovery Plan Summary

Business Continuity & Recovery Plan Summary

Business Continuity and Disaster Planning

Overview of how to test a. Business Continuity Plan

Business Continuity Planning Toolkit. (For Deployment of BCP to Campus Departments in Phase 2)

Disaster Recovery Planning

Business Continuity Glossary

Cloud Computing. Chapter 10 Disaster Recovery and Business Continuity and the Cloud

STEP-BY-STEP BUSINESS CONTINUITY AND EMERGENCY PLANNING MAY

BUSINESS CONTINUITY. Plan Annex

Business Continuity Planning. Donna Curran, Director Audit and Risk Management February, 2014

Business Continuity Planning Guide

Statement of Guidance

NHS 24 - Business Continuity Strategy

Expecting the Unexpected. Disaster Preparedness Strategies for Small Business

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY

Building and Maintaining a Business Continuity Program

Transcription:

Business Continuity Management cliftonlarsonallen.com

Introductions Brian Pye CliftonLarsonAllen Senior Manager Business Risk Services group 15 years of experience with Business Continuity Megan Moore CliftonLarsonAllen Senior Manager Business Risk Services group 9 years of experience with Business Continuity 2

Session Objectives Why is it Important Define Business Continuity Getting Started and Objectives Content of a Plan Responsibilities and Objectives Business Continuity Life Cycle 3

Why is Business Continuity Important? Increased dependence for businesses on IT; Reliance on business-critical information; Importance of protecting irreplaceable data; Most foundations relying on their computer systems as critical infrastructure in their business; Most foundations do not have a comprehensive business continuity or disaster recovery plan 4

It Can Happen and DOES Happen! According to the Federal Emergency Management Agency (FEMA), in 2011, 80 presidential declared disasters have occurred 55 severe storms 12 tornado 5 flood 3 earthquake 5 other FEMA estimates that upwards of 70% of organizations in the country will experience some form of operational disruption due to severe storms, tornadoes and flooding Most organizations only spend between 2% and 4% of their IT budget on disaster recovery planning; Of companies that had a major loss of computerized data without a disaster recovery plan: 43% never reopen; 51% closed within two years; only 6% will survive long-term 5

What Should We Be Thinking About? What state would my business be in if we experienced one of these events? How long would it take for me to recover? Define all of the efforts needed to get us back in operation? Information technology based Operation based How much revenue would we lose if we were down for 24, 48, 72 hours? How safe are my foundation s assets? 6

What is Business Continuity Planning (BCP)? BCP is the process whereby foundations ensure the maintenance or recovery of operations when confronted with adverse events including: Natural disasters Technology failures Human error Terrorism The objectives of a BCP are to minimize financial loss, continue to help consumers, and mitigate the negative effects that disruptions can have on strategic plans, reputation, operations, etc. 7

Getting Started Define some important terms and metrics for business continuity planning What is a disaster Key business processes Business critical systems and data Recovery Point Objective (RPO) Defined as the amount of data lost measured in time. Example: If the last available good copy of data upon an outage was from 24 hours ago, then the RPO would be 24 hours. Recovery Time Objective (RTO) Defined as the duration of time and a service level within which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in continuity. 8

What are the Objectives? A BCP should reflect the following objectives: BCP is maintaining, resuming, and recovering the overall business, including the recovery of technology (disaster recovery). The planning process should be conducted enterprise-wide and include all functional departments. A thorough business impact analysis and risk assessment are the foundation of an effective BCP. The effectiveness of a BCP process can only be validated through testing or practical application. The BCP and test results should be subjected to an independent audit and reviewed by the board of directors. A BCP should be periodically updated to reflect and respond to changes in the Foundation or its service provider(s). 9

Business Continuity Planning Content Overview Policies and preparedness Organization impacts Notification strategy / plan activation Business process continuity roadmap Personnel dependencies / succession Technology infrastructure Facility and space 10

Who is Responsible? Senior management is responsible for: Allocating sufficient resources and knowledgeable personnel. Development of the BCP. Setting policy by determining how the foundation will manage and control identified risks. Review BCP test results. Ensuring the BCP is kept up-to-date and approved on an annual basis. Employees are trained and aware of their role in its implementation. 11

Business Continuity Planning Lifecycle Analysis Solution design Implementation Testing and acceptance Maintenance 12

Analysis Phase Define the team Identify your key business processes Initiate the planning process Impact analysis Threat analysis Recovery requirements (business & technical) Compile your business continuity manual 13

Analysis Phase Business Continuity Manual May be simply a printed manual stored safely away from the primary work location containing: The names, addresses, and phone numbers for crisis management staff; General staff members; Clients and vendors; Insurance contracts; The location of the offsite data backup storage media; Data/systems recovery process Include recovery requirements Number and types of workstations Primary and secondary locations Key individuals involved in a recovery effort Key applications and date Maximum time allowed for an outage Peripheral requirements like computers, printers, copiers, faxes, etc. 14

Business Impact Analysis A business impact analysis (BIA) is the first step in developing a BCP. It should include the following: Identification of the potential impact of uncontrolled, non-specific events on the foundation's business. Consideration of all departments and business functions, not just data processing. Estimation of maximum allowable downtime and acceptable levels of data, operations, and financial losses. 15

Risk Assessment A risk assessment is the second step in developing a BCP. It should include the following: Prioritizing of potential business disruptions based upon severity and likelihood of occurrence. A gap analysis comparing the existing BCP, if any, to what is necessary to achieve recovery time objectives. An analysis of threats based upon the impact on the Foundation, including its consumers, not just the nature of the threat. 16

Solution Design Phase Your goal is to identify the most cost effective disaster recovery solutions based on RPO and RTO based on your foundations risk tolerance levels. Develop critical response times and recovery strategies. Important ranking of key business applications and processes: E-commerce; E-mail based communications; Production processes; IT services; Finance; Sales and marketing; Accounting & reporting; 17

Implementation Phase Complete assessment of your IT and operational infrastructure; Significant operational processes Network (communications and security equipment) Servers Workstations Application systems Data files and databases Review the findings report (health check); Make the necessary improvements; Document the new environment. 18

Testing and Organizational Acceptance Phase Test the plan in it entirety or parts Power outages Hardware failures Telecommunications outages Applications test Business process test 19

Notification Strategy & Plan Activation Who to call When to call Assessment.how extensive is the damage? Plan activation..yes or no? 20

Maintenance Phase Monitoring is the final step in business continuity planning. It should ensure that the Foundation's BCP is viable through the following: Testing the BCP at least annually. Subjecting the BCP to independent audit and review. Updating the BCP based upon changes to personnel and the internal and external environments. Perform training. 21

Important Notes Firms should ensure that their BCP manual is realistic and easy to use during a crisis; The BCP sits along side crisis management and disaster recovery planning and is a part of a foundation's overall risk management. 22

Best Practices Implement a back-up and data restore process. Due to power outages Implement a battery back up solution and surge protection strategy; Consider a diesel generator for your data center of facility; E-mail application defense. Spam and viruses filtering before they enter your network; Keep your desktops, laptops and mobile devices secure from viruses and theft The BCP sits along side crisis management and disaster recovery planning and is a part of a foundation's overall risk management 23

Brian Pye Senior Manager Business Risk Services Brian.Pye@cliftonlarsonallen.com 612-397-3139 Megan Moore Senior Manager Business Risk Services Megan.Moore@cliftonlarsonallen.com 612-397-3129 cliftonlarsonallen.com twitter.com/ CLA_CPAs facebook.com/ cliftonlarsonallen linkedin.com/company/ cliftonlarsonallen 24

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information