Your Guide to Developing a Disaster Recovery Plan



Similar documents
Business Continuity Planning (800)

Disaster Recovery and Business Continuity Plan

Risk-Based Assessment and Scoping of IV&V Work Related to Information Assurance Presented by Joelle Spagnuolo-Loretta, Richard Brockway, John C.

POLICY. 1) Business Continuity Management 2) Disaster Recovery 3) Critical Incident Management 4) Risk Management

Unit Guide to Business Continuity/Resumption Planning

SCADA Business Continuity and Disaster Recovery. Presented By: William Biehl, P.E (mobile)

Overview of how to test a. Business Continuity Plan

Best Practices for Protecting Your IBM FileNet P8 Information

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

Prudential Practice Guide

Business Income Insurance Policy: End the Confusion

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015

THE INSURANCE POLICY: SIMPLIFIED!

PAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA

HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO AUDITS, CERTIFICATION AND TRAINING

AUDITING A BCP PLAN. Thomas Bronack Auditing a BCP Plan presentation Page: 1

Business Continuity & Disaster Recovery

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

Data Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) Fax: (718)

Business Continuity Planning and Disaster Recovery Planning

OC Chapter. Vendor Risk Management. Cover the basics of a good VRM program, standards, frameworks, pitfall and best outcomes.

Business Continuity Planning Instructions

With the large number of. How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning. Virginia A. Jones, CRM, FAI RIM FUNDAMENTALS

University of Michigan Disaster Recovery / Business Continuity Administrative Information Systems 4/6/2004 1

Business Continuity Planning

Desktop Scenario Self Assessment Exercise Page 1

Introduction to Business Continuity Planning

Prudential Practice Guide

CIS 523/423 Disaster Recovery Business Continuity

Business Continuity Business Continuity Management Policy

Department of Information Technology Data Center Disaster Recovery Audit Report Final Report. September 2006

Contingency Planning and Disaster Recovery Internal Control Questionnaire

Business Continuity and Disaster Recovery Policy

Preparing for the Worst: Disaster Recovery and Business Continuity Planning for Investment Firms An Eze Castle Integration ebook

Developing a Business Continuity Plan... More Than Disaster

Business Continuity Overview

Interest Rate Swap. Product Disclosure Statement

Chapter 4 Information Security Program Development

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan

CRISC Glossary. Scope Note: Risk: Can also refer to the verification of the correctness of a piece of data

Beyond Disaster Recovery: Why Your Backup Plan Won t Work

Version: 3.0. Effective From: 19/06/2014

Business Continuity Plan

Application / Hardware - Business Impact Analysis Template. MARC Configuration Requirements. Business Impact Analysis

Coping with a major business disruption. Some practical advice

Information Services IT Security Policies B. Business continuity management and planning

Documentation. Disclaimer

Checklist For Business Recovery

WHY DO I NEED DATA PROTECTION SERVICES?

Disaster Recovery Planning Process

Business Continuity Planning. Presentation and. Direction

DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES

Business Continuity Planning in IT

Subject: Internal Audit of Information Technology Disaster Recovery Plan

The following Accounting Standards Interpretation (ASI) relates to AS 7. ASI 29 Turnover in case of Contractors

Aligning Disaster Recovery and Business Continuity to Business Objectives. Session E7 John Jackson Fusion Risk Management, Inc.

BUSINESS CONTINUITY STRATEGY

Business Continuity and Disaster Recovery Planning

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

OUTSOURCING GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS, 2008

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four

Business Continuity Planning and Disaster Recovery Planning. Ed Crowley IAM/IEM

Disaster Recovery and Business Continuity with E-Commerce Businesses

International Accounting Standard 11 Construction Contracts

Sri Lanka Accounting Standard -LKAS 11. Construction Contracts

Yale University Business Continuity Planning (BCP) Quick Start Guide

PART 10 COMPUTER SYSTEMS

Guideline for the Measurement, Monitoring and Control of Impaired Assets

Report to the Audit Committee

1. Computer Security: An Introduction. Definitions Security threats and analysis Types of security controls Security services

STEP-BY-STEP BUSINESS CONTINUITY AND EMERGENCY PLANNING MAY

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY

NEPAL ACCOUNTING STANDARDS ON CONSTRUCTION CONTRACTS

Fundamentals of Business Continuity Planning Have a Plan!

BUSINESS CONTINUITY PLANNING GUIDELINES

BUSINESS CONTINUITY PLANNING. Business Continuity Management Plan. Version 1.4

Business continuity plan

Guideline - Business Continuity Plan

CONSUMER ELECTRONIC FUNDS TRANSFER AND DEBIT CARD AGREEMENT

BUSINESS CONTINUITY PLANNING AT THE NATIONAL GALLERY OF AUSTRALIA. Erica Persak

Transcription:

Your Guide to Developing a Disaster Recovery Plan

Your guide to developing a Disaster Recovery strategy In a discussion of Disaster Recovery and Business Continuity there are five factors that should be addressed in sequence. Those five areas consist of: 1. How much does a disaster really cost? 2. Business continuity and your Bank 3. The Business Impact Analysis 4. The Information Technology Plan 5. The Business Continuity Plan Part 1 How Much Does a Disaster Really Cost? Most companies have not given much thought regarding how much a potential disaster would really cost them. FNTS has a tool to help you calculate what a disaster would cost you. The following is an illustration on how it works. Assume the following: 1. You have a $100 million dollar company. 2. Your net profit margin after tax is 5.77 percent. 3. You fixed costs represent 36.44 % of your Gross. 4. You have variable costs but cannot just turn them off, they must be ramped down. 5. Therefore, the total cost to the company would be 70.09% of the gross revenue. The points to consider here are that while the cost comes on gross, restoration of the revenue comes from after tax dollars. The fact is that you would lose $269,576.92 dollars per day. Additionally, it would take all of your profits from 12.15 days of revenue just to break even. Gross Revenue In Millions $ 100 260 $ 384,615.38 $ 1,923,076.92 Profit Loss 5.77% $ 22,192.31 $ 110,961.54 Fixed Cost 36.44% $ 140,153.85 $ 700,769.23 Variable Cost To Shutdown Total Cost To Company 27.88% $ 107,230.77 $ 536,153.85 70.09% $ 269,576.92 $ 1,347,884.62 Days to Recover 12.15 60.74 Example represents daily loss of 0.270% of gross revenue Forrester National Survey shows average of 0.380% of gross revenue Ave DR/BC plans cost approximately 0.0025% to 0.0030% of gross revenue 2

The question to ask yourself is this: Does my company have significantly cash rich resources capable of sustaining this kind of loss? If you have that much cash on hand, you don t need a Disaster Recovery / Business Continuity Plan. However, if you don t carry that much cash on hand, or you intend to finance the loss, read Part 2 and see how the financial community views the situation. Part 2 Business Continuity and Your Bank In today s rough economic times, many companies have opted to either forego development of a comprehensive Disaster Recovery Plan, or at minimum delay updating their current plan due to the desire to conserve cash. While this is an operational conservation effort to conserve cash for credit ratings, it can in fact actually hurt the credit rating or line of credit for the company. Three major changes in Federal banking enforcement can significantly affect your business. 1. FDIC Enforcement of the Individual Business Bank Credit Index Effective February 1 st, FDIC has announced that all banking institutions must comply with the guidelines that require the collective Bank Credit Index to be less than 100. Many banks have exceeded this number and it will take a stiffening of their loan portfolio to get back in line. The credit index is a business credit rating for each loan or line of credit customer based on the current financial condition. The bank index is the cumulative index of their portfolio. This effects you by a possible increase in your interest rate based on your risk. The two risks you face are a significant increase in your rating by your inability to show a plan to continue to generate revenue to pay your loan even if you did have a disaster. If a comprehensive plan is in place the bank is not required to penalize your rate. Secondly, if a plan is in place that shows how you would generate revenue, the bank can calculate your rating differently and you are not penalized by the group that does not have a plan in place unless of course you are one of the group that does not have a plan. 2. The Bank s Commercial Credit Index In order for the bank to comply, they have three alternatives to improve their own index. First, they can increase the interest rate on loans or lines of credit. This could affect you by driving your cost of money up significantly. For example, an increase of only 1% on a $50 million loan or line of credit would cost you $500 thousand dollars annually. Compare this to a plan that cost you even $100 thousand to create. Second, the bank can deny any more funding. If you feel that you will need (or might need!) additional funding or line use, denial could seriously limit or even destroy your business potential in this economy. Business that maintains a current DR Plan is more likely to receive additional funding since the Bank can justify to FDIC auditors that a plan is in place to continue to generate revenue and make the necessary bank payments. Lastly, because some banks have indexes that are so far out of balance they may be required to call the note to reduce the risk and index. Having a DR Plan in place to generate revenue would reduce the likely hood that you would be called. 3. LIBER (London InterBank Exchange Rate) Effective April 1 st, banks are required to use the LIBOR numbers to establish loan rates for each of the credit risk categories the commercial clients fall under. LIBOR is the rate that Banks charge other banks for money and is defined daily. This means that interest rates can rise immediately on any given day rather than the quarterly rate changes governed by the Prime Interest Rate which is a uniquely United States Number. Clients can no longer time the access to funds available based on projections (or reductions) of the prime rate. The question here is: Are you positioned with your financial resources, and have you made provisions to be able to continue to generate revenue to satisfy them while you recover from any kind of disaster? 3

Part 3 The Business Impact Analysis It is important to note that the BIA is not a planning component; rather the BIA establishes the guidelines (or road map ) for the development of the Business Continuity Plan (BCP) and related plans. The BIA is a report subject to executive management review and approval. An important component of the BIA is an evaluation, both internal and external, of the natural and manmade risks that threaten the organization. This is referred to as a Risk and Vulnerability Analysis and this analysis is included as part of the BIA. The BIA report identifies risks & exposures, reviews safety & security issues, and identifies the level of planning necessary for the Business to continue. For most businesses, critical operations are either revenue-generating operations or activities that directly support revenue-generating operations. Once critical operations, process flows and interdependencies are identified, strategies can be developed to ensure their ongoing function or rapid restoration. The BIA also reviews the level of existing planning both in the Information Technology department and throughout the other business units. Recommendations regarding additional planning or improvements to existing procedures are identified. The BIA answers the question Does your business need a comprehensive Business Continuity Plan or not? Part 4 The Information Technology Plan The Information Technology Plan (ITP) is often the only portion of the Disaster Recovery Plan that is in place. While corporate data is the asset you are protecting, remember that data that cannot be utilized or accessed is of no value in generating revenue. The ITP includes the need for planning in the following areas: Critical Data Management This is a formal plan to secure, classify and retrieve electronic information and critical applications. Data Center Recovery This is a formal plan to reconstruct systems & communication centers. Alternate Site Plan Management determines the type of Alternate Site Plan that is needed based on the established recovery time objectives, levels of service degradation and the response that is cost justified. Information Security Plan The need for additional Information Security Planning is based upon management's objectives, audit requirements, costs, and the effectiveness of existing controls. The ITP answers the question How will I recover and restore all the critical data, applications, and records that my business needs to continue in operation? Part 5 The Business Continuity Plan Generating revenue in a disaster aftermath is the entire point of the plan. As stated earlier, the ITP restores the data and applications, but the people execute making the money. How do they access the systems? Who is available? 4

Where do they work? Who is responsible for recovery? Where does the money go? How do we acquire materials to keep going? These are the keys to maintain the ability to generate revenue. The Business Continuity Plan (BCP) will develop the details of the response to a disaster situation by the business. This is the overarching plan for the business and defines the overall actions of the organization during an emergency. The central focus of a good BCP is to identify and develop solutions to maintain or rapidly restore critical operations. The Business Continuity Plan (BCP) is intended to establish policies, procedures and organizational structure for response to emergencies that are of sufficient magnitude to cause a significant disruption of the functioning of all or portions of the business. The BCP is the official plan of the business and describes the roles and responsibilities of support departments, operational groups and personnel during emergency situations. The BCP answers the question What will my business do to survive a disaster until we can return to normal business operations? Develop your plan today Most companies that do not have a comprehensive plan don t because they are not sure where to start. Find a methodology that will make sure questions get asked, the plan is complete, and the plan is maintainable. Disaster Management Institute (DMI) methodology is very complete and can be instituted in phases. Phasing is important since each phase is contingent on the phase ahead of it. Any disaster will create inconvenience, but a plan will make it survivable. The federal government reports that 80% of the businesses that face a two or more day disaster are out of business within 24 months. Don t let this happen to you. For information regarding disaster recovery or to develop your own plan contact 800.820.6924 or info@fnts.com 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information