Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP).



Similar documents
Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain

Disaster Recovery Plan (DRP) / Business Continuity Plan (BCP)

CISSP Common Body of Knowledge: Business Continuity & Disaster Recovery Planning Domain Version: 5.9.2

Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning. Ed Crowley IAM/IEM

Business Continuity Plan

Assessing Your Disaster. Andrews Hooper Pavlik PLC. Andrews Hooper Pavlik PLC

Disaster Recovery Planning. Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT)

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 13 Business Continuity

Table of Contents... 1

Domain 3 Business Continuity and Disaster Recovery Planning

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four

BCP and DR. P K Patel AGM, MoF

Disaster Recovery Planning Process

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan

DISASTER RECOVERY Steps You Need to Take (Before It s Too Late)

Information Security Management: Business Continuity Planning. Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt.

D2-02_01 Disaster Recovery in the modern EPU

PAPER-6 PART-4 OF 5 CA A.RAFEQ, FCA

Temple university. Auditing a business continuity management BCM. November, 2015

Business Continuity Glossary

Protecting your Enterprise

How to write a DISASTER RECOVERY PLAN. To print to A4, print at 75%.

DRAFT Disaster Recovery Policy Template

Business Continuity Management

Unit Guide to Business Continuity/Resumption Planning

Business Continuity Planning and Disaster Recovery Planning

Business Continuity and the Cloud. Aaron Shaver US Signal, Solution Architect

NEEDS BASED PLANNING FOR IT DISASTER RECOVERY

DISASTER RECOVERY AND CONTINGENCY PLANNING CHECKLIST FOR ICT SYSTEMS

Creating a Business Continuity Plan for your Health Center

Disaster Recovery Planning

Disaster Recovery Plan Checklist

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK

Business Continuity Planning Preparing Your Organization

Business Resiliency Business Continuity Management - January 14, 2014

New Clerk Academy. August 13, 2015

Business Continuity and Disaster Recovery Planning

CISM Certified Information Security Manager

Cloud Computing. Chapter 10 Disaster Recovery and Business Continuity and the Cloud

Business Unit CONTINGENCY PLAN

Beyond Disaster Recovery: Why Your Backup Plan Won t Work

Disaster Recovery. Hendry Taylor Tayori Limited

Q uick Guide to Disaster Recovery Planning An ITtoolkit.com White Paper

Business Continuity Planning in IT

The Difference Between Disaster Recovery and Business Continuance

How to Plan for Disaster Recovery and Business Continuity

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

INSIDE. Preventing Data Loss. > Disaster Recovery Types and Categories. > Disaster Recovery Site Types. > Disaster Recovery Procedure Lists

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY

Business Continuity Planning for Risk Reduction

Ohio Conference for Payroll Professionals Disaster Recovery

HA / DR Jargon Buster High Availability / Disaster Recovery

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION

Desktop Scenario Self Assessment Exercise Page 1

NCUA LETTER TO CREDIT UNIONS

A SWOT ANALYSIS ON CISCO HIGH AVAILABILITY VIRTUALIZATION CLUSTERS DISASTER RECOVERY PLAN

Introduction to Business Continuity Planning

Disaster Recovery & Business Continuity Related, but NOT the Same! Teri Stokes, Ph.D., Director GXP International

Best Practices in Disaster Recovery Planning and Testing

TO AN EFFECTIVE BUSINESS CONTINUITY PLAN

Ensure Absolute Protection with Our Backup and Data Recovery Services. ds-inc.com (609)

Disaster Recovery Planning

Disaster Response and Business Continuity Plan

Module 7. Business Continuity Management

DISASTER RECOVERY PLANNING GUIDE

Ohio Supercomputer Center

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA

Business Continuity Planning: Bridging the Gap Between IT and Business

Western Intergovernmental Audit Forum

DISASTER RECOVERY BUSINESS CONTINUITY DISASTER AVOIDANCE STRATEGIES

Business Continuity Planning

Disaster Recovery and Business Continuity What Every Executive Needs to Know

Interactive-Network Disaster Recovery

MHA Consulting. Business Continuity Management 101

Business Continuity and Disaster Recovery Planning 3/16/2011. Lee Goldstein CPCP, MBCI President Business Contingency Group

The University of Iowa. Enterprise Information Technology Disaster Plan. Version 3.1

Business Continuity and Risk Management. Ken Kaberia Principal BCM Officer, Enterprise Risk Safaricom Limited

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

Virginia Commonwealth University School of Medicine Information Security Standard

SCADA Business Continuity and Disaster Recovery. Presented By: William Biehl, P.E (mobile)

Business Continuity and Disaster Recovery Planning from an Information Technology Perspective

Business Continuity Planning Principles and Best Practices Tom Hinkel and Zach Duke

Blackboard Managed Hosting SM Disaster Recovery Planning Document

Course: Information Security Management in e-governance. Day 2. Session 5: Disaster Recovery Planning

Business Continuity and Disaster Planning

Transcription:

Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP). Ed Fortin President Fortin Consulting Paul Godden Consultant & Quotation Author Friday 24 th February 2012

Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP) How to preserve critical business functions in the face of a disaster.

The BCP domain addresses: Continuation of critical business processes when a disaster destroys data processing capabilities Preparation, testing and maintenance of specific actions to recover normal processing (the BCP)

Disasters natural, man-made Fire, flood, hurricane, tornado, earthquake, volcanoes Plane crashes, vandalism, terrorism, riots, sabotage, loss of personnel, etc. Anything that diminishes or destroys normal data processing capabilities

Disasters are defined in terms of the business If it harms critical business processes, it may be a disaster Time-based definition how long can the business stand the pain? Probability of occurrence

Broad BCP objectives - ACI Availability the main focus Confidentiality still important Integrity still important

BCP objective Create, document, test, and update a plan that will: Allow timely recovery of critical business operations Minimize loss Meet legal and regulatory requirements

Scope of BCP Used to be just the data center Now includes: Distributed operations Personnel, networks, power All aspects of the IT environment

Creating a BCP Is an on-going process, not a project with a beginning and an end Creating, testing, maintaining, and updating Critical business functions may evolve The BCP team must include both business and IT personnel Requires the support of senior management

The five BCP phases Project management & initiation Business Impact Analysis (BIA) Recovery strategies Plan design & development Testing, maintenance, awareness, training

I - Project management & initiation Establish need (risk analysis) Get management support Establish team (functional, technical, BCC Business Continuity Coordinator) Create work plan (scope, goals, methods, timeline) Initial report to management Obtain management approval to proceed

II - Business Impact Analysis (BIA) Goal: obtain formal agreement with senior management on the MTD for each time-critical business resource MTD maximum tolerable downtime, also known as MAO (Maximum Allowable Outage)

II - Business Impact Analysis (BIA) Quantifies loss due to business outage (financial, extra cost of recovery, embarassment) Does not estimate the probability of kinds of incidents, only quantifies the consequences

II - BIA phases Choose information gathering methods (surveys, interviews, software tools) Select interviewees Customize questionnaire Analyze information Identify time-critical business functions

II - BIA phases (continued) Assign MTDs Rank critical business functions by MTDs Report recovery options Obtain management approval

III Recovery strategies Recovery strategies are based on MTDs Predefined Management-approved

III Recovery strategies Different technical strategies Different costs and benefits How to choose? Careful cost-benefit analysis Driven by business requirements

III Recovery strategies Strategies should address recovery of: Business operations Facilities & supplies Users (workers and end-users) Network, data center (technical) Data (off-site backups of data and applications)

III Recovery strategies Technical recovery strategies - scope Data center Networks Telecommunications

III Recovery strategies Technical recovery strategies methods Subscription services Mutual aid agreements Redundant data centers Service bureaus

III Recovery strategies Technical recovery strategies subscription service sites Hot fully equipped Warm missing key components Cold empty data center Mirror full redundancy Mobile trailer full of computers

III Recovery strategies Technical recovery strategies mutual aid agreements I ll help you if you ll help me! Inexpensive Usually not practical

III Recovery strategies Technical recovery strategies redundant processing centers Expensive Maybe not enough spare capacity for critical operations

III Recovery strategies Technical recovery strategies service bureaus Many clients share facilities Almost as expensive as a hot site Must negotiate agreements with other clients

III Recovery strategies Technical recovery strategies data Backups of data and applications Off-site vs. on-site storage of media How fast can data be recovered? How much data can you lose? Security of off-site backup media Types of backups (full, incremental, differential, etc.)

IV BCP development / implementation Detailed plan for recovery Business & service recovery plans Maintenance Awareness & training Testing

IV BCP development / implementation Sample plan phases Initial disaster response Resume critical business ops Resume non-critical business ops Restoration (return to primary site) Interacting with external groups (customers, media, emergency responders)

V BCP final phase Testing Maintenance Awareness Training

V BCP final phase - testing Until it s tested, you don t have a plan Kinds of testing Structured walk-through Checklist Simulation Parallel Full interruption

V BCP final phase - maintenance Fix problems found in testing Implement change management Audit and address audit findings Annual review of plan Build plan into organization

V BCP final phase - training BCP team is probably the DR team BCP training must be on-going BCP training needs to be part of the standard on-boarding and part of the corporate culture

This concludes our presentation, please feel free to ask any questions you may have. Ed Fortin President Fortin Consulting Paul Godden Consultant & Quotation Author Friday 24 th February 2012

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information