Protecting your Enterprise

Similar documents
Temple university. Auditing a business continuity management BCM. November, 2015

DISASTER RECOVERY PLANNING GUIDE

BUSINESS CONTINUITY PLAN

Disaster Recovery Plan Documentation for Agencies Instructions

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain

Table of Contents... 1

Business Continuity and Disaster Recovery Planning

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

Business Unit CONTINGENCY PLAN

Business Continuity and Disaster Planning

Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP).

Business Continuity Planning for Risk Reduction

Technology Recovery Plan Instructions

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan

Business Continuity Planning and Disaster Recovery Planning

Best Practices in Disaster Recovery Planning and Testing

How to write a DISASTER RECOVERY PLAN. To print to A4, print at 75%.

Company Management System. Business Continuity in SIA

Beyond Disaster Recovery: Why Your Backup Plan Won t Work

BUSINESS CONTINUITY PLANNING GUIDELINES

2014 NABRICO Conference

Business Continuity Planning and Disaster Recovery Planning. Ed Crowley IAM/IEM

BCP and DR. P K Patel AGM, MoF

Why Should Companies Take a Closer Look at Business Continuity Planning?

This presentation will introduce you to the concepts and terminology related to disaster recovery planning for businesses.

Proposal for Business Continuity Plan and Management Review 6 August 2008

D2-02_01 Disaster Recovery in the modern EPU

Business Resiliency Business Continuity Management - January 14, 2014

Creating a Business Continuity Plan for your Health Center

Ensure Absolute Protection with Our Backup and Data Recovery Services. ds-inc.com (609)

Business Continuity Management

Business Continuity and Disaster Recovery Planning from an Information Technology Perspective

Business Continuity Glossary

Disaster Recovery 101. Sudarshan Ranganath & Matthew Phillips Ellucian

Business Continuity Plan

Business Continuity and Disaster Survival Strategies for the Small and Mid Size Business.

Unit Guide to Business Continuity/Resumption Planning

THORNBURG INVESTMENT MANAGEMENT THORNBURG INVESTMENT TRUST. Business Continuity Plan

How To Back Up A Virtual Machine

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 13 Business Continuity

MANAGEMENT AUDIT REPORT DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION

Business Continuity Planning (800)

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA

Business Continuity Management 101. Patrick Potter, CBCP MHA Consulting ISACA November 19, 2009

Desktop Scenario Self Assessment Exercise Page 1

Western Intergovernmental Audit Forum

Business Continuity Planning Guide

Business Continuity Planning and Disaster Recovery Planning

How To Manage A Disruption Event

Building and Maintaining a Business Continuity Program

Disaster Recovery. Hendry Taylor Tayori Limited

Module 7. Business Continuity Management

Business continuity plan

Domain 3 Business Continuity and Disaster Recovery Planning

Business Continuity Planning for Schools, Departments & Support Units

Business Continuity Planning

Disaster Recovery. Stanley Lopez Premier Field Engineer Premier Field Engineering Southeast Asia Customer Services and Support

ASX CLEAR (FUTURES) OPERATING RULES Guidance Note 10

TO AN EFFECTIVE BUSINESS CONTINUITY PLAN

Department of Information Technology Data Center Disaster Recovery Audit Report Final Report. September 2006

Virginia Commonwealth University School of Medicine Information Security Standard

NEEDS BASED PLANNING FOR IT DISASTER RECOVERY

Disaster Recovery Hosting Provider Selection Criteria

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION

ASX SETTLEMENT OPERATING RULES Guidance Note 10

How to measure your business resiliency

Disaster Recovery Planning. By Janet Coggins

Disaster and Pandemic Planning for Nonprofits. Continuity and Recovery Plan Template

Leveraging Virtualization for Disaster Recovery in Your Growing Business

With the large number of. How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning. Virginia A. Jones, CRM, FAI RIM FUNDAMENTALS

BUSINESS IMPACT ANALYSIS.5

The Difference Between Disaster Recovery and Business Continuance

CISM Certified Information Security Manager

IT Disaster Recovery...It's Just the Tip of the Business Continuity Iceberg

Disaster Prevention and Recovery for School System Technology

Information Security Management: Business Continuity Planning. Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt.

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy

Intel Business Continuity Practices

SCADA Business Continuity and Disaster Recovery. Presented By: William Biehl, P.E (mobile)

Principles for BCM requirements for the Dutch financial sector and its providers.

Q uick Guide to Disaster Recovery Planning An ITtoolkit.com White Paper

National Fire Protection Association s Contribution to Business Continuity Strategies

Transcription:

Understanding Disaster Recovery in California Protecting your Enterprise

Session Overview Why do we Prepare What is? How do I analyze (measure) it? What to do with it? How do I communicate it? What does it mean to management?

1996-2006: A Decade of Natural Disasters 1 million thunderstorms 100,000 floods Tens of thousands of landslides, earthquakes, wildfires & tornadoes Several thousand hurricanes, tropical cyclones, tsunamis & volcanoes Sources: CDC & EK Noji, The Public Health Consequences of Disaster

Executives and Management are being held to a higher level of performance or Governance Governance and Culture Rising Expectations The Regulatory Environment (HIPAA, PCI, SAM, BL) Control Framework manage risk (ITIL, ISO, COBIT) Aligning business with IT Having a resilient business model Processes and Procedures Efficiency addressing mandates Delivering value Tools and technology Improve the management of Trust

Identifying exposures and managing associated risks increases your appeal to customers, stakeholders, business partners, and regulators. A stable and prepared business builds trust with its: The Public Regulators Stakeholders Business partners Increased customer satisfaction and. Lower total operating expenses Optimized expenditures Enhanced public value

Video?? Video

Three Phases of Continuity Departments Planning, Documenting, Testing, and Training Emergency Response - Life Safety First 72 Hours Damage Assessment First 72 hours Business Recovery up to 30 days IT Disaster Recovery up to 30 days Restoration Business back back to normal Phase I Phase II Phase III

Definitions Life Safety ERP Essential State Government Functions COG Essential Department Functions COOP Communications Functions CCP Business Recovery Functions BCP IT Recovery Functions DRP

Emergency Response The immediate reaction and response to an emergency situation commonly focusing on ensuring life safety and reducing the severity of the incident. typically the first 24 hours & up to... Definition from Disaster Recovery Journal (DRI) website at: http://www.drj.com/glossary/

Continuity of Operations & Continuity of Government (COOP/COG) (Also known as Business Continuity) Continuity of Operations (COOP) The activities of individual departments and agencies and their subcomponents to ensure that their essential functions are continued under all circumstances. This includes plans and procedures that delineate essential functions; specify succession to office and the emergency delegation of authority; provide for the safekeeping of vital records and databases; identify alternate operating facilities; provide for interoperable communications; and validate the capability through tests, training, and exercises. Office of Emergency Services (OES)

(DRP) Disaster Recovery Plan (formally known as - Operational Recovery Plan): The management approved document that defines the resources, actions, tasks and data required to manage the technology recovery effort. It provides for owners to define the Maximum Allowable Outage (MAO) requirements for the essential applications. This is a component of the Business Continuity Management Program. Definition from Disaster Recovery Journal (DRI) website at: http://www.drj.com/glossary/

Relationship of Plans Business Continuity Continuity of Operations Continuity of Government Emergency Response Operational Recovery

Costs Costs of of Disaster Disaster Events Events Costs Costs of of Recovery Recovery Controls Controls Total Cost of of Recovery Minimized Total Costs Level of of Protection Provided

Risk Assessment A Risk Assessment is the analysis of possible disasters, including natural, technical, social and human threats that can result in short or long term downtime. Each functional area of the organization should be analyzed to determine the potential negative consequences and impact associated with various disaster scenarios. During the risk assessment process consideration should be given to evaluate the safety of critical documents and vital records related to the continuance of business operations.

Risk Assessment Items to consider in determining the probability of a specific disaster should include, but not be limited to: Proximity to power sources, water bodies, and airports History of the area s susceptibility to natural threats Proximity to major highways which transport hazardous waste and combustible products Business climate and cultural risks Other factors

Business and Operation Impact Assessment A Business Impact Assessment (BIA) is the foundation for business and patient care continuity planning. A detailed BOIA should identify the business, financial and clinical operational impacts that may result from a disruption of operations. Negative impacts may results in: Cost of downtime Loss of Revenue Inability to continue with patient care Loss of automated processes

Awareness Financial Impact High Availability Cannot Be Acquired Out-Of-The-Box; It Is Built Into the Architecture and Preserved by Effective Processe Lost Revenue Direct Loss Compensatory Payments Lost Future Revenues Investment Loss Extra Expense Cost to Recover Overtime Expense Increased Fraud Risk Increased Error Rate Travel Expenses Temporary Employees Penalties Contractual Regulatory Legal Productivity Loss Number of Fully Burdened Employee impacted Delayed Collections Billing Losses Missed Discounts Damaged Reputation Patient, Suppliers, Partners, Banks, Financial Markets Credit Ratings

Assessing Key Business Areas The disaster recovery plan should include a descriptive list of the organization's major business areas. This list should rank the areas in order of importance to the overall organization. Each item should include a brief description of the business and processes and main dependencies on systems, communications, personnel, information systems and data.

The Process Getting Started Assess Assessments are critical to the planning of healthcare disaster recovery. They can provide detail information that can be crucial when making a decision. Accurate can be accomplished by having information before hand regarding risk factors and the impact of operations interruption. Determine what the Recovery Plan and Time Recovery Objectives. Determine what the objectives are for planning and recovery time. Determine the requirements for planning. These are the planning requirements that need to be met in order to accomplish your recovery plan and time objectives (RPO & RTO).Infrastructure

The Office space, phones, intranets, LAN/WAN access, internet/intranet, security etc. Systems Restore Includes both Hardware and Operating System Critical Applications Includes programs that are critical to the continuity of the business and patient care. Data Live records containing business and clinical transactions as well as specific procedures and business rules. Operations Continuity Daily operations and tasks to secure the continuance business and patient care processes.

Departments ITSD DTS Third-party vendors??????????????? Who Owns It?

What s It Worth? States Image Replacement Branding Daily Operations Competitive Advantage

Assessing our Knowledge Assets Employee Brains Paper Documents 42% 12% 26% 20% * 2005 disaster Resource Guide Sharable Electronic Knowledge Base Electronic Documents

Department Data Classification Matrix Time Sensitive Nature Category A (Highest, most essential) Category B (Moderate, some level of criticality) Category C (Very low, but still desirable) Legal requirements Protection of data is required by law (see attached list for specific HIPAA and FERPA data elements) Department has a contractual obligation to protect the data Reputation risk High Medium Low Other Institutional Risks Information which provides access to resources, physical or virtual Smaller subsets of Category A data from a department Data about very few people or other sensitive data assets

The Hamster Wheel of Pain (how management sees Disaster Recovery strategies) Disaster Management to most is Risk Identification Captures a simple Risk Management message, Identifying and fixing things Disaster Management (and the analysis and assessment of it s performance) needs to be organizationally focused & using business domain knowledge It s Fixed Ignorance Management s View Sheer Panic Yes Am I Hosed How do my strategies compare with my peers?

The Disaster Recovery Plan The Workflow It is crucial to develop an effective workflow. The workflow can determine how your DR plan will be executed. It also provides a guide and road map to the decision making process. The response and recovery time frame will impact on overhead costs and loss of revenue. Crisis Anticipation/ Declaration Emergency Response Mobilize Resources Restore Application Restore From Backup Resume Operations Restore To Normal Operations Remote Location Remote Location Remote Location Remote Location Overhead Costs and Loss of Revenue

Testing Annual testing of the ORP is essential to: Ensure for training the management and recovery teams. Validate that the procedures have the appropriate level of detail. Verify Call Back lists are current. Confirm that Recovery strategies are appropriate for your environment.

IMPLEMENTATION OF PLANS Disruption of business occurs and you are informed, next steps Emergency Response safety and security of staff. Securing the site. Activate COOP/COG Plan to ensure the continuation of essential functions. Implementation of the communication plan. After assessing incident, determine if implementation of BCP & ORP is required. Contact SISO to report incident. Implement BCP and ORP

OISPP Requirements DRPs must describe: Agency Administrative Information Critical Business Functions/Applications Recovery Strategy Backup and Offsite Storage Procedures Operational Recovery Procedures Data Center Services Resource Requirements Assignment of Responsibility Contact Information Testing

Disaster Recovery Lifecycle How well are we protected, now and in the future? What can we add or change to improve our recoverability? Given what we have, how do we handle a catastrophic Disaster? Put all this in place with our business partners

What else do I need to consider? Several things, but first and foremost, make sure your critical data/vital records, as in tape files, mirrored disk, paper archives, etc., are stored in a safe location (off-site storage) and can be retrieved Without your data, your plan will not work Maintain the plan on a regular basis Think out of the box!

Conclusions Physical and IT security will become more tightly integrated BCP must encompass all aspects of an organization Security is a crucial component to BC and disaster prevention Proper identification, planning, and implementation will ensure not only success, but business survival

At a Personal Level Contact your Emergency management or civil defense office Meet with your family and discuss how to prepare and respond Plan how your family will stay in contact if separated Complete these steps: Post emergency numbers on each phone Show responsible family members where to shut off utilities Install (and test) smoke detectors on each level of your home Contact your local fire department and learn about in-home fire hazards Learn first aid and CPR Meet with your neighbors and plan how the neighborhood could work together after a disaster Know your neighbor s skills (medical, technical) Consider special needs such as elderly, disabled, child care

Resources SISO web site: http://www.infosecurity.ca.gov/orp/ Budget Letter 07-03 ORP Policy Changes http://www.dof.ca.gov/otros/statewideit/it_bdgtlttrs.asp ORP Policy in the State Administrative Manual (SAM): Operational Recovery Planning: http://sam.dgs.ca.gov/toc/4800/4843.htm Operational Recovery Plan http://sam.dgs.ca.gov/toc/4800/4843.1.htm ORP SIMM 65A: http://www.infosecurity.ca.gov/policy/

Resources Web Sites: www.drj.com www.contingencyplanning.com www.globalcontinuity.com www.recovery.sungard.com www.disaster-resource.com www.fema.gov Professional Organizations

Business Continuity Disaster Recovery Thank You! Jack Orlove (916) 316-1375 Business Analysis Cyber Security www.cybercommunication.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information