Continuity of Business



Similar documents
BUSINESS CONTINUITY PLAN OVERVIEW

Intel Business Continuity Practices

Business Continuity and Disaster Planning

Creating a Business Continuity Plan for your Health Center

THE CXO S GUIDE TO MANAGING EXPANSION... WHILE CONTROLLING COSTS & COMPLIANCE CONSIDERATIONS

Table of Contents... 1

White paper. SAS Solutions OnDemand Hosting Overview

Appendix 3 Disaster Recovery Plan

LOCAL RADIO STATION MODEL VULNERABILITY ASSESSMENT CHECKLIST. Developed by the Toolkit Working Group for the Media Security and Reliability Council

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan

Security in Space: Intelsat Information Assurance

BUSINESS CONTINUITY PLANNING GUIDELINES

Business Continuity & Recovery Plan Summary

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

The PNC Financial Services Group, Inc. Business Continuity Program

Why Should Companies Take a Closer Look at Business Continuity Planning?

IT Disaster Recovery Plan Template

Building and Maintaining a Business Continuity Program

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

Business Continuity Management. Policy Statement and Strategy

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION

Offsite Disaster Recovery Plan

PPSADOPTED: OCT BACKGROUND POLICY STATEMENT PHYSICAL FACILITIES. PROFESSIONAL PRACTICE STATEMENT Developing a Business Continuity Plan

DISASTER RECOVERY. Omniture Disaster Plan. June 2, 2008 Version 2.0

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK

Business Continuity at CME Group

Business Continuity & Recovery Plan Summary

Business Continuity Planning Instructions

Business Continuity Planning for Schools, Departments & Support Units

2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level. Tracy L. Hall, MBCP

How To Manage The Sas Metadata Server With Ibm Director Multiplatform

DISASTER RECOVERY PLANNING GUIDE

Business Resiliency Business Continuity Management - January 14, 2014

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

Identify and Protect Your Vital Records

Data Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) Fax: (718)

Business Continuity Planning at Financial Institutions

How To Ensure That Non-Peoplesoft Applications Can Withstand Adverse Events

MANAGEMENT AUDIT REPORT DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION

BUSINESS CONTINUITY PLANNING

IT Disaster Recovery and Business Resumption Planning Standards

CISM Certified Information Security Manager

Overview. Emergency Response. Crisis Management

a Disaster Recovery Plan

Disaster Recovery Policy

NEEDS BASED PLANNING FOR IT DISASTER RECOVERY

NAIT Guidelines. Implementation Date: February 15, 2011 Replaces: July 1, Table of Contents. Section Description Page

Business Continuity Glossary

Interagency Statement on Pandemic Planning

BUSINESS IMPACT ANALYSIS

TELUS Business Continuity Program past and future

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

MSRC Best Practices. Communications Infrastructure Security, Access & Restoration Working Group

Boston Financial Data Services Business Continuity Executive Summary. November 2009

Business Continuity Information Gathering Template

Desktop Scenario Self Assessment Exercise Page 1

Continuity of Operations Plan Template

Business continuity management policy

BT Conferencing Business Continuity Management. Planning to stay in business

Disaster Recovery Plan The Business Imperatives

Contingency Planning and Disaster Recovery for BOMA

Business Continuity / Disaster Recovery Context

IT Service Management

CONTINUITY OF OPERATIONS PLAN TEMPLATE

DRAFT Disaster Recovery Policy Template

Business Continuity Trends, Requirements and Expectations in Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting

IBX Business Network Platform Information Security Controls Document Classification [Public]

BC / DR Implementation Tying Disaster Recovery Investment to Measurable Business Value

Business Continuity Plan

UNION COLLEGE INCIDENT RESPONSE PLAN

LOCAL TELEVISION STATION MODEL DISASTER RECOVERY PLAN INCIDENT RESPONSE MANUAL. March 14, 2011

How Proactive Business Continuity Can Protect and Grow Your Business. A CenturyLink White Paper

KPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity

UNIFIED MEETING 5 SECURITY WHITEPAPER INFO@INTERCALL.COM INTERCALL.COM

Hong Kong Baptist University

Unit Guide to Business Continuity/Resumption Planning

This presentation will introduce you to the concepts and terminology related to disaster recovery planning for businesses.

Principles for BCM requirements for the Dutch financial sector and its providers.

What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility

Protecting your Enterprise

BUSINESS CONTINUITY MANAGEMENT FRAMEWORK

Business Continuity Planning in IT

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.

Transcription:

White Paper Continuity of Business SAS Continuity of Business initiative reflects our commitment to our employees, to our customers, and to all of the stakeholders in our global business community to be a responsible and reliable business partner.

Continuity of Business The version of this paper is December 2014. The content is extracted from the technical paper The Quality Imperative: SAS Institute s Commitment to Quality at http://www.sas.com/en_us/whitepapers/quality-imperative-commitmentto-quality-106810/download.html. For more information about SAS Continuity of Business (COB) initiative, send e-mail to COBProgramOffice@sas.com.

Continuity of Business Table of Contents Continuity of Business... 1 Core program components... 1 Plan contents... 2 A global approach to planning... 2 Enhanced company resilience... 2 Customer support... 3 IT recovery... 3

Continuity of Business 1 Continuity of Business At SAS we develop enterprise-class analytics software that guides our customers decisions about their business operations, their products and their customers. We also make an extraordinary investment in our employees, making us one of the top-ranked workplaces around the world. We extend this same vision and planning to manage risk in an increasingly interconnected and dynamic business environment. SAS Continuity of Business initiative reflects our commitment to our employees, to our customers, and to all of the stakeholders in our global business community to be a responsible and reliable business partner. Jim Goodnight, CEO of SAS Continuity of Business (COB) refers to an organization s plans and procedures aimed at protecting its key assets and continuing its critical business functions in the event of anticipated and unanticipated threats. COB takes into consideration corporate governance, information security, and corporate social responsibility, the primary factors that customers consider when selecting the strategic vendors to which they entrust their business. SAS global COB program evolved from its longtime disaster recovery and crisis management procedures. Applying an all-hazards planning approach, SAS incident preparedness and response is focused on protecting and recovering core business operations from threat impacts. Security, Facilities, IT, Communications, and the business units work together proactively to develop resilience and mitigation strategies. In a disruptive incident, they coordinate to execute response, recovery and business resumption plans. Under SAS pandemic plan, cross-functional taskforce members are engaged to coordinate proactive response activities in accordance with public sector guidance. A global COB Policy provides a layer of program governance, formalizing roles and responsibilities and standardizing specific activities that include annual plan maintenance and testing, staff training, and management program review. The main focal points for SAS COB program are: Protecting employees (life safety) Providing customer support Restoring the services upon which critical business functions depend. Core program components SAS COB program continues to develop in alignment with industry best practices and standards for business continuity. Key components of the program include: Executive oversight in risk management and program development Risk assessment and Business Impact Analysis (BIA) Impact mitigation and business resumption strategy development Business resumption and IT recovery plans to support recovery of critical business functions

2 Continuity of Business Emergency Operations Command (EOC) for disruptive incident management Annual plan maintenance, exercise, and staff training. Plan contents Typical COB plans at SAS include: Incident notification/escalation process Roles and responsibilities of response, recovery, and business resumption staff Internal and external call lists Alternative site information Application and system dependencies Critical third-party supplier requirements and contacts Business resumption strategies (for example, where appropriate, critical functions will use manual workarounds, staff can work from alternate locations, critical function services can be provided from staff in other geographic locations). A global approach to planning SAS Continuity of Business initiative extends to all SAS offices. Its COB methodology is applied corporate-wide, using standardized templates and processes for response, recovery, and business resumption planning, and using knowledge and resources at the local, regional, and headquarter-office levels. Each SAS office is responsible for developing and implementing continuity plans in accordance with corporate standards to ensure an appropriate level of planning to meet business drivers while mitigating risks. A global collaborative approach to planning also supports the identification, development, and implementation of backup strategies for critical business processes and IT dependencies. This approach ensures a sustained minimum level of care for local and global customers so that if required, support may be provided from another office or from SAS Headquarters. As was used for incidents such as the 2013 Boston bombings and the 2011 Japan earthquake and tsunami, global communication protocols are in place to support impact assessment and activation of local incident management response teams and SAS corporate Emergency Operations Command. Enhanced company resilience In addition to supporting incident preparedness, the COB program is also a catalyst for the ongoing improvement and increased resilience of SAS operations. In the short term, key business processes are documented, internal and external dependencies are assessed, and, where appropriate, employees are cross trained for key roles within the organization. However, a long-term result of SAS COB program is the improvement of business processes and enhanced company resilience because the ability to quickly recover from unforeseen incidents is closely tied to more efficient and effective dayto-day operations.

Continuity of Business 3 Customer support SAS wants its customers to have the support they need to continue using SAS software on an ongoing basis. As such, SAS continuity of business planning is focused on services that must continue after a disruptive incident occurs. SAS global recovery strategies for several key customer-facing functions are summarized below: Communications - During an incident, SAS may communicate with customers through multiple channels including: company phone messaging, the corporate website, social media, email, instant messaging, video conferencing, personal contact with account managers, and other staff, and through business partners and the media. Contracts - SAS has designed and implemented measures to ensure that customer and software license key support will continue. This support can be provided through alternate methods and multiple channels that include recovery staff equipped to work from alternate locations. SAS Solutions OnDemand - SAS Solutions OnDemand, SAS hosted solutions, reside in secure data centers that are resilient to many types of potential incidents. Regular off-site rotation of data backups ensures that customers vital data can be protected during an incident, and that their services can be restored. For customers with more specific requirements, additional options such as off-site recovery offerings and recovery time guarantees are available. A Disaster Recovery Requirements Planning process is designed to help customers arrive at a solution that is cost-effective for their needs. Source code - Copies of the SAS source code for all production products, as well as for the current R&D environment, are kept on-site and off-site to expedite recovery. On-site copies are stored in a below-ground, fireresistant vault. Source code and distributed media for major SAS software releases are archived. Technical support - In daily operations, SAS uses a follow-the-sun support model routing calls to technical support staff in SAS offices around the world to provide support to customers on an around-the-clock basis. This provides a baseline strategy for global support during an incident. In addition, if SAS headquarters becomes inoperable, business resumption strategies include local staff working remotely and the transfer of responsibility to regional and global technical support staff. On-call staff at SAS headquarters are always available for global customer technical support and infrastructure needs. IT recovery SAS has a robust IT infrastructure housed in hardened, secure enterprise data centers. When an unforeseen incident occurs, there are plans in place to assess, restore, and resume normal operations for affected IT infrastructure. Recovery procedures include restoring facilities (for example, buildings and electricity) and support services (for example, telephone service and computer infrastructure) to facilitate the recovery of critical business functions. Critical systems are supported in data centers in separate locations, providing redundancy for critical IT infrastructure. The data centers are equipped with uninterruptible power supplies (UPS), diesel generators, multiple power feeds, and redundant switch gear for maximum reliability. They are staffed 24 hours a day and systems are monitored and alerted automatically. SAS uses Wide Area Network (WAN) network infrastructures that avoid the use of dedicated network paths, minimizing the impact of satellite, terrestrial, and undersea cable outages.

4 Continuity of Business Many components of the IT recovery plan are exercised regularly, as they are the same procedures used in maintaining a complex infrastructure for daily operations. Recovering from system failures and restoring data subsystems are handled by on-call staff.

SAS Institute Inc. World Headquarters +1 919 677 8000 To contact your local SAS office, please visit: www.sas.com/offices SAS and all other SAS Institute Inc. product or service names are registered trademarks or trademarks of SAS Institute Inc. in the USA and other countries. indicates USA registration. Other brand and product names are trademarks of their respective companies. Copyright 2014, SAS Institute Inc. All rights reserved. 3/11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information