System Business Continuity Classification



Similar documents
System Business Continuity Classification

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014

Understand Business Continuity

Information Services Hosting Arrangements

Monthly All IFS files, all Libraries, security and configuration data

Service Level Agreement (SLA) Hosted Products. Netop Business Solutions A/S

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013

DISASTER RECOVERY PLAN TEMPLATE

Chapter 7 Business Continuity and Risk Management

GUIDANCE FOR BUSINESS ASSOCIATES

Symantec User Authentication Service Level Agreement

Systems Support - Extended

Session 9 : Information Security and Risk

1.2 Supporting References For information relating to the Company Hardware Request project, see the SharePoint web site.

June 29, 2009 Incident Review Dallas Fort Worth Data Center Review Dated: July 8, 2009

IT CHANGE MANAGEMENT POLICY

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy

A96 CALA Policy on the use of Computers in Accredited Laboratories Revision 1.5 August 4, 2015

SBClient and Microsoft Windows Terminal Server (Including Citrix Server)

Electronic Data Interchange (EDI) Requirements

Improved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1

State of Wisconsin. File Server Service Service Offering Definition

SaaS Listing CA Cloud Service Management

Implementing SQL Manage Quick Guide

Microsoft Certified Database Administrator (MCDBA)

Backups and Backup Strategies

ViPNet VPN in Cisco Environment. Supplement to ViPNet Documentation

BME Smart-Colo. Smart-Colo is a solution optimized for colocating trading applications, built and managed by BME.

Avaya Business Continuity Plan Overview

Help Desk Level Competencies

IT Help Desk Service Level Expectations Revised: 01/09/2012

Technical White Paper

FCA US INFORMATION & COMMUNICATION TECHNOLOGY MANAGEMENT

The AppSec How-To: Choosing a SAST Tool

AML Internet Manor Court, Manor Farm House, London Road, Derby, Derbyshire, DE72 2GR. Tel: Fax:

In addition to assisting with the disaster planning process, it is hoped this document will also::

BackupAssist SQL Add-on

Software and Hardware Change Management Policy for CDes Computer Labs

Mobilizing Healthcare Staff with Cloud Services

Mobile Workforce. Improving Productivity, Improving Profitability

Cloud Services Frequently Asked Questions FAQ

Managed Firewall Service Definition. SD007v1.1

SPECIFICATION. Hospital Report Manager Connectivity Requirements. Electronic Medical Records DRAFT. OntarioMD Inc. Date: September 30, 2010

Personal Data Security Breach Management Policy

1)What hardware is available for installing/configuring MOSS 2010?

How To Install An Orin Failver Engine On A Network With A Network Card (Orin) On A 2Gigbook (Orion) On An Ipad (Orina) Orin (Ornet) Ornet (Orn

Oracle Cloud Enterprise Hosting and Delivery Policies

Schedule 2b. additional terms for Managed Video Service 1. SERVICE DESCRIPTION

Administration of SQL Server

The Importance Advanced Data Collection System Maintenance. Berry Drijsen Global Service Business Manager. knowledge to shape your future

FOCUS Service Management Software Version 8.5 for CounterPoint Installation Instructions

Project Startup Report Presented to the IT Committee June 26, 2012

Datasheet. PV4E Management Software Features

Data Protection Act Data security breach management

OFFICIAL JOB SPECIFICATION. Network Services Analyst. Network Services Team Manager

GIS Service Provider. GIS Service Management

IMHU-HRM-A February 15, 2012 PAI SOP. Ft. Huachuca Personnel Asset Inventory - SOP

ITIL V3 Planning, Protection and Optimization (PPO) Certification Program - 5 Days

Support Services. v1.19 /

Data Protection Policy & Procedure

StarterPak: Dynamics CRM Opportunity To NetSuite Sales Order

OITS Service Level Agreement

Army DCIPS Employee Self-Report of Accomplishments Overview Revised July 2012

ADMINISTRATION AND FINANCE POLICIES AND PROCEDURES TABLE OF CONTENTS

Process of Setting up a New Merchant Account

FOCUS Service Management Software Version 8.5 for Passport Business Solutions Installation Instructions

AMERITAS INFORMATION TECHNOLOGY DISASTER RECOVERY AND DATA CENTER STRATEGY

Introduction LIVE MAPS UNITY PORTAL / INSTALLATION GUIDE Savision B.V. savision.com All rights reserved.

Loss Share Data Specifications Change Management Plan

EMR Certification Comprehensive Care Management Billing Support Specification

How To Install Fcus Service Management Software On A Pc Or Macbook

Licensing Windows Server 2012 R2 for use with virtualization technologies

Phi Kappa Sigma International Fraternity Insurance Billing Methodology

Cyber Security: Simulation Platform

Preparing to Deploy Reflection : A Guide for System Administrators. Version 14.1

Knowledge Base Article

Consumer Complaint Roadmap

Access to the Ashworth College Online Library service is free and provided upon enrollment. To access ProQuest:

The ADVANTAGE of Cloud Based Computing:

In connection with the SEC's Money Market Reform proposal, DST Systems, Inc. respectfully submits our comments for your consideration.

ITIL Release Control & Validation (RCV) Certification Program - 5 Days

Best Practice - Pentaho BA for High Availability

Microsoft has released Windows 8.1, a free upgrade to Windows 8. Follow the steps below to upgrade to Windows 8.1.

Transcription:

System Business Cntinuity Classificatin Business Cntinuity Prcedures Infrmatin System Cntingency Plan (ISCP) Business Impact Analysis (BIA) System Recvery Prcedures (SRP) Cre Infrastructure Criticality Levels Critical High Medium Lw Required Required Required Nt required Nt required Included in ISCP Included in ISCP Included in ISCP Required Included in ISCP Included in ISCP Included in ISCP Business Cntinuity Methds System Availability High Availability High Availability High Availability Recverable Reliable Maximum Dwntime <2 hurs <4 hurs <24 hurs <72 hurs >72 hurs Data Recvery Strategy Cntinuus Cntinuus Cntinuus Incremental r differential between full s Incremental r differential between full s Testing Dcumentatin Review Semiannual Semiannual Annual Biennial Biennial Walkthrugh Semiannual Annual Annual Biennial Biennial Simulatin Annual Annual Biennial Biennial Nt Required Parallel Interruptin annually annually annually annually Nt required Nt required Nt required System Business Cntinuity Classificatin (Jan-12) 1

Criticality Levels Criticality levels are determined by the service wner and are used t classify the criticalness f an IT system* t a business prcess. The level selected defines the necessary business cntinuity prcedures, methds, and testing requirements. Cre Infrastructure: IT systems that must be functining and are cnsidered cre cmpnents, which will need t be peratinal befre ther dependent systems can perfrm as they are intended. Examples f cre systems include, but are nt limited t; electricity, the data netwrk, netwrk services such as DNS and DHCP, and varius authenticatin systems such as Active Directry. Immediate recvery is required t prevent substantial interruptin f University peratins. Systems shuld have a maximum dwntime f 2 hurs r less. Critical: IT systems which are essential t supprt University business peratins. Lss r failure f these systems will have an extreme impact n business peratins. Systems shuld have a maximum dwntime f 4 hurs r less. High: IT systems which are crucial t supprt primary University business peratins. Lss r failure f these systems will have a significant impact n business peratins. Systems shuld have a maximum dwntime f 24 hurs r less. Medium: IT systems which are imprtant t University business peratins. Lss r failure f these systems will have a mdest impact n business peratins. Systems shuld have a maximum dwntime f 72 hurs r less. Lw: IT systems which imprve the effectiveness r efficiency f University peratins. An extensive lss r failure f these systems will have a negligible impact n business peratins. *An IT system is a hardware r virtual cmputing envirnment that is installed r cnfigured t prvide, share, stre, r prcess infrmatin fr multiple users r, that cmmunicates with ther systems t transmit data r prcess transactins. Business Cntinuity Prcedures Three different services are ffered t prperly dcument and utline business cntinuity prcedures. Each f these define different prcedures and requirements necessary t prperly restre an IT system. System Business Cntinuity Classificatin (Jan-12) 2

Infrmatin System Cntingency Plan (ISCP) An ISCP prvides established prcedures fr the assessment and recvery f a system fllwing a system disruptin. The ISCP prvides key infrmatin needed fr system recvery, including rles and respnsibilities, inventry infrmatin, assessment prcedures, detailed recvery prcedures, and testing prcedures f a system. Business Impact Analysis (BIA)* The purpse f the BIA is t identify and priritize system cmpnents by crrelating them t the missin/business prcess(es) the system supprts, and using this infrmatin t characterize the impact n the prcess(es) if the system was unavailable. System Recvery Prcedures (SRP)* System recvery prcedures (SRP) prvide general prcedures fr the recvery f a system frm media r ther surces. Business Cntinuity Methds *Included as a part f the ISCP. Business Cntinuity Methds define the system availability and data recvery strategies. System Availability: Cntinuus Availability: A system that is created with a gal f n scheduled r unscheduled dwntime. Cntinuus availability systems can nly be reliant upn ther systems that are unremitting. Alternate facilities, nt physically lcated within the same building, will be used t ensure that n lcal disruptins interfere with the system s cntinuus availability. Real time synchrnizatin between the sites is used t rute data t bth the primary site and the alternate facility(ies). Cntinuusly available systems cnsist f hardware and sftware designed t prtect against cmpnent and system-level failures at any pint in time, with an understanding that the system will always be active. High Availability: A system that can quickly recver frm a failure by way f autmatin built int the system. There may be a small amunt f dwntime while ne system switches ver t anther, but prcessing will cntinue. There shuld be a gal f n unscheduled utages r dwntimes. High availability systems can nly be reliant n unremitting System Business Cntinuity Classificatin (Jan-12) 3

systems r ther systems that have n lwer availability than high. Alternate facilities, nt physically lcated within the same building, will be used t ensure that n lcal disruptins interfere with the system s high availability. Near real time synchrnizatin between the tw sites is used t mirrr the data envirnment f the riginal site. The alternate site will have hardware and system resurce cmpnents; netwrking equipment with an active cnnectin; and the resurces needed t recver the business prcesses impacted by the system disruptin. Recverable: Redundant infrastructure cmpnents, such as web and file servers, which have data replicatin. The facility will have s n hand, but they may nt be current r culd be in. A full shuld be dne first with either an incremental r differential d n a set schedule. The system will recver by manual interventin which will cause sme dwntime as tlerable. An alternate facility (pssibly smaller in scale) with the equipment and resurces t recver the business functins affected by the ccurrence f a disaster may be used. Reliable: Nn-redundant cmpnents that have n prtectin r ht-swappable hardware. IT staff will restre them eventually after majr failure, but the business des nt depend n them. System will have s, but they may nt be current r culd be in. An alternate facility wuld nt be needed in this instance. Data Recvery Strategies: Cntinuus : Backup f cmputer data by autmatically saving a cpy f every change made t that data in real time r near real time. It allws fr the data t be restred at any pint in time. The data will be lcated in different physical lcatins t ensure data availability in the event f a disruptin. Full : A in which all f a defined set f data bjects are cpied, regardless f whether they have been mdified since the last. Incremental : An incremental stres all files that have changed since the last full, differential r incremental. Differential : A in which data bjects mdified since the last full r incremental are cpied. Testing and Exercises System Business Cntinuity Classificatin (Jan-12) 4

The purpse f testing is t cnfirm the business cntinuity slutin satisfies the rganizatin's recvery requirements. Plans may fail t meet expectatins due t insufficient r inaccurate recvery requirements, slutin design flaws, r slutin implementatin errrs. Dcumentatin Review: Staff will individually review the plan fr accuracy and ness and ensure supprting dcumentatin fr critical systems is up t date. Business cntinuity dcumentatin shuld be reviewed in cnjunctin with system changes and updated if necessary. Walkthrugh: Staff walkthrugh the plan as a grup, discussing each step alng the way. Simulatin: Staff members perfrm a walkthrugh in the cntext f a simulated disaster that includes peridic annuncements f events as they ccur. Staff d nt actually perfrm any recvery steps. Parallel: Staff members perfrm actual recvery steps t mve business prcesses t alternate lcatins. Staff build r activate recvery servers while primary servers are als still wrking. Primary everyday business prcesses shuld cntinue uninterrupted. Interruptin ( rehearsal): The business stps perfrming critical business prcesses, as thugh an actual disaster has ccurred. Staff members carry ut business peratins accrding t the interim plan. Minr issues identified in the initial testing phase may be dcumented and retested during the next test cycle. Significant cmplicatins, such as a lack f apprpriate technlgies needed t meet the maximum tlerable dwntime r system recvery effrts, shuld be addressed and reexamined immediately. References: NIST 800-34 Cntingency Planning Guide fr IT Systems The BS 25999 series will include tw standards, as fllws: - BS 25999-1:2006 Cde f Practice fr BCM - BS 25999-2:2006 A Specificatin fr BCM. NFOA 1600: Standard n Disaster/Emergency Management and Business Cntinuity Prgrams ISO/IEC FDIS 27031: Infrmatin technlgy -- Security techniques -- Guidelines fr infrmatin and cmmunicatin technlgy readiness fr business cntinuity System Business Cntinuity Classificatin (Jan-12) 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information