Creating a Business Continuity Plan. What We ll Cover... What is a BCP? Micky Hogue, CRM



Similar documents
Business Continuity Plan. Components and sequencing description

Disaster Recovery Plan

CISM Certified Information Security Manager

Disaster Recovery Plan

Disaster Recovery Plan Checklist

IT Disaster Recovery Plan Template

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

Offsite Disaster Recovery Plan

State of Oklahoma <Insert Agency Name Here> Business Continuity Plan Template DRAFT

MARQUIS DISASTER RECOVERY PLAN (DRP)

Massachusetts Institute of Technology. Functional Area Recovery Management Team Plan Development Template

Disaster Recovery Planning

Facilitated By: Ken M. Shaurette, CISSP, CISA, CISM, CRISC FIPCO Director IT Services

Overview of Business Continuity Planning Sally Meglathery Payoff

Disaster Recovery Planning

Business Continuity Planning (800)

Yale Business Continuity Program Emergency Response Guide

DISASTER RECOVERY PLAN

Clovis Municipal School District Information Technology (IT) Disaster Recovery Plan

New Clerk Academy. August 13, 2015

PPSADOPTED: OCT BACKGROUND POLICY STATEMENT PHYSICAL FACILITIES. PROFESSIONAL PRACTICE STATEMENT Developing a Business Continuity Plan

BUSINESS CONTINUITY PLAN OVERVIEW

Supervisory Policy Manual

UNIVERSITY INFORMATION TECHNOLOGY SERVICES (UITS) & INFORMATION WAREHOUSE FUNCTIONAL ANNEX 13

BUSINESS CONTINUITY MANAGEMENT PLAN

How To Prepare For A Disaster

Why Should Companies Take a Closer Look at Business Continuity Planning?

DISASTER RECOVERY AND CONTINGENCY PLANNING CHECKLIST FOR ICT SYSTEMS

(Mr. Krirk Vanikkul) Assistant Governor, Financial Institutions Policy Group Governor For

IT Disaster Recovery and Business Resumption Planning Standards

BUSINESS CONTINUITY PLAN

Emergency Response Plan

Information System Audit Report Office Of The State Comptroller

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA

It s the Business! Business continuity considerations for all organisations

Preparing a Disaster Recovery Plan (Church)

Sample Emergency Contact Form

Business Continuity Planning and Disaster Recovery Planning

Unit Guide to Business Continuity/Resumption Planning

BNA FEDERAL CREDIT UNION DISASTER RECOVERY PLAN

NETWORK SERVICES WITH SOME CREDIT UNIONS PROCESSING 800,000 TRANSACTIONS ANNUALLY AND MOVING OVER 500 MILLION, SYSTEM UPTIME IS CRITICAL.

How to Plan for Disaster Recovery and Business Continuity

Disaster Recovery Plan Documentation for Agencies Instructions

State Data Centre Disaster Recovery Handbook Version 1.0

Overview of how to test a. Business Continuity Plan

Regulatory Notice 13-25

THORNBURG INVESTMENT MANAGEMENT THORNBURG INVESTMENT TRUST. Business Continuity Plan

Clinic Business Continuity Plan Guidelines

ADMINISTRATIVE PROCEDURE #15 OFFICE OF INFORMATION TECHNOLOGY SERVICES (OITS) SERVICE REQUEST METHODOLOGY

BUSINESS CONTINUITY PLAN

Title: DISASTER RECOVERY/ MAJOR OUTAGE COMMUNICATION PLAN

AUDITING A BCP PLAN. Thomas Bronack Auditing a BCP Plan presentation Page: 1

Protecting Your Business

Best Practices in Developing an IT Disaster Recovery Plan. Vijaykumar Kulkarni AGM Product Management

Contact us for a free consultation today! officemove@aie195.com

OKHAHLAMBA LOCAL MUNICIPALITY

Business Continuity Plan

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan

Business Continuity Planning for Risk Reduction

Clinic Business Continuity Plan Guidelines

Emergency Operations California State University Los Angeles

State of Oklahoma <Insert Agency Name Here> Disaster Recovery Plan Template

Business Continuity Planning Instructions

Rockwell Financial Group Business Continuity Plan. Emergency Contact Persons Rockwell Financial Group has two emergency contact persons:

The 10 Minute Business Continuity Assessment

CITY UNIVERSITY OF HONG KONG Business Continuity Management Standard

Business Continuity Glossary

EXECUTIVE CRISIS MANAGEMENT TRAINING. Presented by Roseanne Rostron, CBCP Raido Response

COMCARE BUSINESS CONTINUITY MANAGEMENT

DEPARTMENT OF LABOR AND EMPLOYMENT DISASTER RECOVERY AND BUSINESS RESUMPTION CONTINGENCY PLANNING GUIDELINES

Pulling up the Roots: a Guide to Corporate Relocation

Computer Security Incident Response Plan. Date of Approval: 23- FEB- 2015

Technology Recovery Plan Instructions

Disaster Recovery Plan

Best Practices in Disaster Recovery Planning and Testing

PAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA

Business Continuity Management

BCP and DR. P K Patel AGM, MoF

Data Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) Fax: (718)

DASTA Guide to Business Continuity (BC) and Disaster Recovery (DR) Planning

Disaster Recovery Plan

Transcription:

Creating a Business Continuity Plan Micky Hogue, CRM Sandia National Laboratories Albuquerque, NM 505-844-6640 Mlhogue@sandia.gov What We ll Cover... What is a Business Continuity Plan Why create a BCP? How is it used? What should it contain? What are the roles and responsibilities of Recovery Teams? Alternate Sites Establishing Requirements Vital Records Final Reports & Documentation Needed What is a BCP? It is a plan that gives a recovery team the information it needs to: Recover from a disaster Continue the business operations Return to normal operations

How is the BCP Used? As a ready reference for all information needed during the recovery phase following a disaster Lists strategies & priorities for recovery Lists contact information for recovery assistance & personnel Outlines the stages and flow of the recovery process What Should a BCP Contain? A general overview of the recovery effort, strategies and functions to recover Initial response / escalation procedures Alternate site information Recovery procedures Restoration / migration of information Calling lists Documentation needed at the time of the disaster General Overview General Overview of the Organization Managers & contact information Assembly sites evacuation & alternate BCP coordinators & contact information Recovery site information Critical dependencies Important deadlines Important agreements

General Overview (cont d) Recovery Strategies Address the priority that you wish to use to recover your information assets Include the identification of the assets, their location, and why important Establish the strategy to follow for several days during the recovery Uses the Vital Records plan to establish those priorities. Initial Response / Escalation Procedures Notification checklist Who do you call? What are their numbers? In what priority do you call? Security / 911 Building Management? Department Manager? Declaration Procedures Initiate Evacuation Procedures Account for all Personnel Alert recovery site Assess severity of situation Activate Recovery Team Initial Response / Escalation Procedures task check list # TASK Responsibility 1. Call local authorities. Call local emergency number (911, or 9-911, as appropriate. 2. Notify Security Call the 24-hour number (XXX-XXX-XXXX) 3. Notify building management. Notify building management office at XXX-XXX. 4. Notify the business unit manager. Date / Time Done? 5. Initiate evacuation procedures. Evacuate the premises, if appropriate. 6. Account for personnel. Assemble at a pre-designated assembly site for the post-evacuation head count; ensure that the business unit has updated home telephone listings for all personnel.

Declaration Procedures Determine procedures for when to declare a disaster Determine who can declare a disaster Establish Authorities and contact info If must activate a hotsite, make sure these persons can also activate that site through the vendor Organizational Recovery Teams Management Team --- Planning Appoints business recovery coordinator to oversee plan development & maintenance Confirms essential functions & acceptable downtime for recovery efforts Approves alternate site / relocation decisions Sets test objectives requirements to be met Reviews test results, ensures corrective measures are detailed and actions taken Organizational Recovery Teams Management Team Recovery Assesses the level of disaster Activates the disaster recovery plan Monitors recovery process Approves expenditures related to event

Organizational Recovery Teams Business Recovery Team - Planning Coordinates plan development Performs business impact analysis & documents it to determine maximum time you can be down Ensures equipment & facilities are available at alternate site Ensures records & resources are protected & available at alternate site Tests & updates plan on a regular basis Organizational Recovery Teams Business Recovery Team Recovery Initiates disaster notification process Serves as liaison between organization and senior management team Serves as a team leader for the organizational recovery team Tracks progress / completion of recovery activities Submits final disaster assessment reports Organizational Recovery Teams Organizational Recovery Team Planning Develops procedures to cover essential business functions Identifies resources needed to support recovery Works with tech support to plan & execute DR exercises Ensures all staff are familiar with plans Develops & reviews test plans Oversees corrective actions if necessary

Organizational Recovery Teams Calling Trees All staff work & home contact information Need 24 hour notification information Establish individual responsibilities for notifying others at the time of a disaster Must be kept up to date!! Alternate Site Develop a Recovery Site Checklist Confirm you can move to the site Verify the site requirements Facility Telecommunications Furniture Equipment Security Alternate Site Verify operating requirements Staffing assignments schedules Systems accessibility Redirection of reports Retrieval of vital records from offsite Supplies / forms Reroute phones / data lines

Alternate Site Notification Personnel Applications support / tech support Administrative areas (mail, etc.) Key customers Critical vendors Periodically report status to management Establish Requirements Requirements Matrix lists of what you need How much staffing required? Equipment needed? Make, Model & Speed Computers, fax machines, data lines, printers Desks, chairs, cabinets, etc. Forms, office supplies Software needed? Any software critical to your function, not commonly found in other departments Help to bring it up and running tech support people Vital Records Where are they located? Can anyone find them firemen, 1 st responders, etc.? Can you contact off-site storage? Do you know what to order? Keep a list of your vital records, locations, accessibility with your BCP Keep it updated!

Establish Recovery Procedures Procedures to Activate Teams Establish new telecommunications Voice recovery Data recovery Vendor connectivity Platform restoration Server applications Desktop applications / WAN Retrieval of Vital Records Establish Recovery Procedures Reconstruction Procedures Interim operating procedures Validating restored applications Identifying & re-entering lost transactions Processing backlogged work Alternate processing procedures Logon procedures Voice mail instructions Printer selections, etc. Restoration & Migration Establish a checklist of important steps so nothing is missed.

No. Relocation Tasks Responsibility Move to Interim Site/ Return to Home Site Date/ Time Don e 1 Evaluate/Select interim sites If unit cannot return to home site within six weeks, recovery team leaders will work with Real Estate Services to find an interim site. 2 Plan the relocation. Review requirements and plans for moving with your Real Estate Services representative. 3 Furnish the interim Site. Consider: space, special work area, telecom, security, environmental requirements, furniture, office equipment, special equipment, recovery plan, operation manuals, other special needs and supplies. 4 Install the technology infrastructure. Work with Telecom to ensure that the voice and data infrastructure is in place. 5 Hire a moving company. Obtain packing boxes at least one week prior to the move date. Develop Calling Lists You will need help to recover don t be afraid to ask for help Applications support vendors, companies own tech people Personnel others at your company who might be able to help Customers need to be informed Vendors can supply needed materials, equipment Documentation Needed Recovering a business costs money! Be prepared to spend it! Request a credit card increase have letters ready to go, and who to fax them too. Expense logs these expenses may be reimbursable by the insurance company Recovery Hours people want to get paid for their hard work

Documentation Needed Recovery Status Report Lists location of disaster, personnel status, recovery status, etc. Discusses move to alternate sites or recovery in place How did event impact others in company / customers, etc. Where do you stand on backlogged work? Was there legal or regulatory impact? Was there impact to highly critical projects? When do you anticipate move back to home? What expenses have been incurred? Summary Plan, Plan, Plan Gather as much critical information on what you will need to recover before an event ever happens Establish procedures for recovery Establish priorities for recovery Keep people informed Keep a record of what happened for a lessons learned evaluation Questions?

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information