Your Documents. Our Management. DASTA Guide to Business Continuity (BC) and Disaster Recovery (DR) Planning Dr. Robert L. Bailey, CRM, MIT, ECMp L E A R N M O R E A B O U T D A S T A A T W W W. D R M. G E 1
Introduction Dasta Introduction Summary The first records management company in Georgia Established in January 2014 Georgian, Dutch, French and American leadership Services 1 2 Physical Records Management Storage of documents at a specialized warehouse Ability to electronically or physically deliver documents Electronic Document Imaging and Storage Digitization of documents to provide added security Access documents at any time, within seconds A diverse, international leadership team George Akhalkatsi, Chairman Experience: EBRD, Bank Republic, Begiashvili & Company, Black Sea Capital, Transparency International Education: Tbilisi State University Daan Harmsen, Operations Experience: GeoCapital, Deutsche Bank, International Spark Program Education: Harvard University Ryan Millikan, Finance & Strategy Experience: HSBC, J.P. Morgan, Sakcable, Black Sea Capital Education: University of Chicago Booth School of Business 3 Secure Document Shredding Professional document shredding service Scheduled pick up of secure, confidential bins or other projects Paul-Henri Forestier, Board Member Experience: EBRD, Chemical Bank, Credit Lyonnais, BNP Paribas Education: Paris University 4 Related Services Document delivery and pick up Records and information management consulting Partners L E A R N M O R E A B O U T D A S T A A T W W W. D R M. G E 2
Things are Changing BC and DR planning have been viewed for year as activities that would be used in a limited number of sectors across businesses. Increased reliance on computing resources has forced organizations of all sizes to adopt new measures to protect their data and reduce the risk of going offline for long periods of time. L E A R N M O R E A B O U T D A S T A A T W W W. D R M. G E 3
Performing backup using the 3-2-1 rule Data protection experts advise using the 3-2-1 rule (three copies, two types of media, one offsite location when planning for DR strategy. Backup to the public cloud need to be leveraged by facilitating the backup of the virtual datacenter and using built-in encryption to comply with any security requirements. L E A R N M O R E A B O U T D A S T A A T W W W. D R M. G E 4
Replication to the DR site Datacenters can be vulnerable to different types of hazards, whether fire, earthquake or flood. Today s business rules demand continuous uptime even during such situations Performing backup and replication without a recovery action plan is not sufficient L E A R N M O R E A B O U T D A S T A A T W W W. D R M. G E 5
Cyber Attacks Preparing for Data Breach Threats Cybercrime Costs More Than $400B Annually A new McAfee-sponsored report from the Center for Strategic and International Studies (CSIS), The Economic Impact of Cybercrime and Cyber Espionage, revealed that cybercrime is having a significant impact on economies around the world. More specifically, it has cost businesses worldwide between $375 billion and $575 billion, more than the national income of most countries. Governments and companies underestimate how much risk cybercrime poses and how quickly that risk can grow, asserted CSIS. L E A R N M O R E A B O U T D A S T A A T W W W. D R M. G E 6
Disasters A-T Acts of God, Air conditioning failure, Arson Blackouts, Blizzards, Boiler explosion, Brownouts, Brush fires Chemical accidents, Civil disobedience, Computer Crime Disgruntled employees Disgruntled customers, Dust storms Earthquakes, Explosions Fires, Floods Gas explosions, Governments edict Hardware crash, Human error Ice storms, Interruption of building services Jokes Kidnapping Labor disputes, Lightning strikes Malicious destruction, Military operations Nearby hazards Outages of all kinds Personnel non-availability, Political activism Quakes, Quirky software Radar, Roof collapses Sabotage, Sewage backups, Sprinkler failure Telephone failure, Terrorists, Theft, Tremors L E A R N M O R E A B O U T D A S T A A T W W W. D R M. G E 7
Disasters U-Z Unplanned events Vandalism, Viruses War, Water damage Xenon gas leak Yellow fever outbreak Zebra on the loose (okay, maybe we should have stopped after Y ) L E A R N M O R E A B O U T D A S T A A T W W W. D R M. G E 8
Proactive Approach In any plan, testing is a vital component- if it s not performed, thousands of hours of planning and implementation could be wasted if the target isn t achieved. Companies should include DR and BC testing in their audit checklists. L E A R N M O R E A B O U T D A S T A A T W W W. D R M. G E 9
Have You Selected a disaster recovery vendor? Selected a recovery management team? Developed plan objectives and mission statement? Educated those responsible for recovery planning? Interviewed disaster recovery users? Conducted a total risk assessment? Conducted a security review for your physical plant and your data? Developed recovery priorities? Written a recovery scenario that you can test? L E A R N M O R E A B O U T D A S T A A T W W W. D R M. G E 10
How are Records Lost? 50% from hardware or system failures 27% human error or accidental deletions 21% from software errors & viruses It s not if, but when Data Loss will occur!!! 60% of companies that lose their data go out of business within 6 months Data Loss Survey Results World Wide Survey L E A R N M O R E A B O U T D A S T A A T W W W. D R M. G E 11
Potential Business Disasters The need to protect records for: Administration Customers Engineering Finance Manufacturing Operations Personnel Research L E A R N M O R E A B O U T D A S T A A T W W W. D R M. G E 12
L E A R N M O R E A B O U T D A S T A A T W W W. D R M. G E 13
L E A R N M O R E A B O U T D A S T A A T W W W. D R M. G E 14
What is a Business Continuity Plan? It is a plan that give a recovery team the information needed to: Recovery from a disaster Continue the business operations Return to normal operations L E A R N M O R E A B O U T D A S T A A T W W W. D R M. G E 15
Four Elements of Disaster Preparedness Backup Recovery Plan Testing Replacement equipment L E A R N M O R E A B O U T D A S T A A T W W W. D R M. G E 16
How is a BCP Used? As a ready reference for all information needed during the recovery phase following a disaster Lists strategies & priorities for recovery Lists contact information for recovery assistance & personnel Outlines the stages and flow of the recovery process L E A R N M O R E A B O U T D A S T A A T W W W. D R M. G E 17
What Should a BCP Contain? A general overview of the recovery effort. Initial response/escalation procedures Alternate site information Recovery procedures Restoration/migration of information Calling lists Documentation needed at the time of the disaster L E A R N M O R E A B O U T D A S T A A T W W W. D R M. G E 18
Establish Requirements Requirements Matrix lists of what you need 1. How much staffing required? 2. Equipment needed? Make, Model & Speed Computers, fax machines, data lines, printers Desks, chairs, cabinets, etc Forms, office supplies Any software critical to your function, not commonly found in other departments Help to bring it up and running tech support people L E A R N M O R E A B O U T D A S T A A T W W W. D R M. G E 19
Vital Records Where are they located? Can anyone find them- firemen, 1st responders, etc? Can you contact off-site storage? Do you know what to order? Keep a list of your vital records, locations, accessibility with your BCP Keep it updated! L E A R N M O R E A B O U T D A S T A A T W W W. D R M. G E 20
Documentation Needed Recovering a business costs money! Be prepared to spend it! Recovery Status Report L E A R N M O R E A B O U T D A S T A A T W W W. D R M. G E 21
Application Payroll Sales/revenue/orders Billing Accounts receivable Accounts payable Inventory Cost of unavailability Union action, overtime Sales lost, net profit margin Bills not generated, days outstanding increases Payments held up Missed early pay discounts, credit problems Orders not processed, run out of critical material L E A R N M O R E A B O U T D A S T A A T W W W. D R M. G E 22
Summary Plan, Plan, Plan Gather as much critical information on what you will need to recover before an event ever happens Establish procedures for recovery Establish priorities for recovery Keep people informed Keep a record of what happened for a lessons learned evaluation L E A R N M O R E A B O U T D A S T A A T W W W. D R M. G E 23
Thank you! Your Documents. Our Management. Robert Bailey rlbailey@live.ca L E A R N M O R E A B O U T D A S T A A T W W W. D R M. G E 24