1 / 56

Business Continuity Planning vs. Disaster Recovery Planning

Business Continuity Planning vs. Disaster Recovery Planning. Marilyn A. Blake, AU, CRM Joyce A. Hermann, AU, CISR. There’s an old saying…. No one plans to fail, they just fail to plan. What’s the Difference?.

tynice
Télécharger la présentation

Business Continuity Planning vs. Disaster Recovery Planning

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Business Continuity Planning vs. Disaster Recovery Planning Marilyn A. Blake, AU, CRM Joyce A. Hermann, AU, CISR

  2. There’s an old saying… No one plans to fail, they just fail to plan.

  3. What’s the Difference? Getting beyond just information systems recovery requires a more comprehensive type of plan than just a disaster recovery plan. Telecommunications companies cannot underestimate the importance of business continuity planning.

  4. What’s the Difference? Disruptions in service can be caused by power outages, floods, snowstorms, earthquakes or something as severe as a chemical or physical attack. It doesn’t have to be terrorism, hackers, or computer viruses—but it could be. Downtime from the disruption - whether it's hours, days or longer - can be costly.

  5. Parts of Continuity Planning • Emergency/Disaster Planning • Business Continuation Planning • Crisis Management

  6. What is an Emergency? • Any unplanned event that can cause deaths or significant injuries to employees, customers, or the public; • Or, that can shut down your business, disrupt operations, cause physical/environmental damage, or threaten the company’s financial standing or public image.

  7. Every Year Emergencies Take Their Toll on Business in Lives and Dollars Goal of the Plan: Limiting injuries and damages and returning more quickly to normal operations

  8. Who’s Job is it? Preparedness is EVERYONE’s job; during the first few hours/days following an emergency, essential services may not be available. So, EVERYONE must be ready to act. (according to their assigned roles)

  9. Think About This... • How long will your business last without computers or operating switches/equipment? • What would happen if you were denied access to your facilities, server, or customer records? • How long could you work without telephone service, electricity, water (utilities) or run only on generators? Even if these situations only kept your operations closed for a few days, it would be more than an inconvenience — especially if you had not planned how to handle it.

  10. Think about this…. If your building survived, without an business continuity plan, you have no guarantee that your business would. What if your customers didn’t all return? Even if emergency events only shut you down for a short period of time, your business would be interrupted and cause you discomfort.

  11. What is Business Continuity Planning? • It is the process of preparing for (through a business impact analysis), mitigating, responding to, and recovering from an “emergency” to your operations/employees/ customers/property • The process is dynamic • Planning is critical, but training, drills, testing equipment, and community coordination are also essential components

  12. Reasons to Develop a Plan • It is likely an emergency of some kind will effect you • Safeguarding life and property (physical and financial) • Employee morale • Liability as utility provider (public utilities commission) • Public image • OSHA requirement (1910)--must be written if you have more than 10 employees

  13. Fire Flood Hurricane Tornado Winter storm (snow/ice/hail) Earthquake Lightning Wind Storm Computer shutdown Tower damage Power surges/failure Explosion Civil disturbance Unexpected loss of key supplier Labor Strife Pandemic flu What are Some Examples of an Emergency?

  14. 5 Steps in the Planning Process • Establish a planning team • Analyze capabilities and hazards • Develop the plan • Implement the plan • Re-evaluate annually or after it’s been used for updates/corrections/nuances

  15. #1-Establish the Team • Size of the team will depend on the facility, but a group is best • Functional areas to include are: • Upper management • Safety coordinator • Line management • Human Resources • Engineering/maintenance • PR/Community relations (links to community organizations) • Accounting/purchasing • Legal

  16. #2-Analyze • Many documents are already in place (evacuation plan, employee manuals, insurance/risk management policies, purchasing procedures, etc.) • List potential emergencies (historical examples, technological possibilities, human error factor), their probability, and the best way to minimize it • Local organizations can help (Fire department, Red Cross, National Weather Service, Police department, construction companies, etc.)

  17. Vulnerability Analysis Chart/Example Rank on a scale 1-5 (low impact-high impact) The lower the score the better

  18. #2-Analyze (Con’t) • Review your insurance & risk management policies • Are property values up-to-date? • Do you have coverage for floods, earthquakes, winter storms, tornadoes, etc.? Is NFIP available? • Do you have redundant systems to minimize your business interruption exposure in case of emergency? • What are your deductibles? • What about replacement for lost toll or data records? • Do you know how to call/fax/email in a claim? • What if you can’t get into the building? • Agent’s phone number in your cell phone

  19. #3-Develop the Plan • Executive summary/mission statement • Procedures (for reporting, escape, evacuation, resumption of operations) • Support documents (call lists, site maps) • Write the document (review and distribute) • Establish a training schedule for employees • Obtain upper management approval • Distribute to employees Telcom has prepared a sample fill-in-the-blank telco-specific document as a starting point for Step #3

  20. 3.The Plan…atthe Beginning Mission Statement—Sample In order to responsibly serve our customers, our communities, and your employees, ABC Telecom must be able to respond efficiently and effectively in all emergency situations and restore lost communications as rapidly as possible. The overall objective shall be returning customers communications service and the Cooperative’s operations to normal working conditions, while observing all safety precautions, as soon as possible.

  21. Table of ContentsAreas to Consider • Organizational Structure Plan—notification plans • Employee Information • Contractors • Generators—locations/rental options • Safety/Security/First Aid • Vehicles/Equipment • Utility Companies

  22. Table of ContentsAreas to Consider • Insurance • Important Vendors • Public Relations-releases/messages • Central Office/Tower sites • CATV • Directories: NTCA, VTIA, other local associations • Maps

  23. Organizational Structure Plan—notification plans • Key functional areas/responsibilities • Crisis Manager/Site Coordinator • Engineering/Maintenance Officer • Finance/Accounting Officer • Human Resources Officer • Security Officer • Communications Officer • Public Relations Officer • Outside Members—Police/Fire/Rescue • Communication Plan: first & second point of contact; employees; public: TV/radio/newspaper notification; two-way/cell phones/text messages

  24. Employee Information • Departmental Organizational Charts • Employee pager/cell/home phone numbers • Employee Information List—of Crisis Team including connection to the internet or your network capabilities

  25. Contractors It may be necessary to bring in contractors either in preparation or during an emergency or to help clean-up afterwards • Splicing • Construction • CATV • Engineering • Computer/Network specialist

  26. Generators In many situations, generators may be necessary to continue your business operations. Don’t forget, refueling plans • Portable trailer generators • Portable generators • COW • Rental options

  27. Safety/Security/First Aid • Security company contact information for your building (who has access) • Security—who’s allowed where • First-aid—list of responders/kits location (someone to inspect them on a monthly basis) • Evacuation plans from all buildings (posted) • Shelter/safe areas—identified and supplied (in each building with regular employees) • Identify local hospitals/medical treatment options

  28. Vehicles/Equipment • Vehicles: assigned to whom/VIN • Trailers: haul fuel to generators, equipment to repair, sandbag before a storm, etc. • Extra equipment in your warehouse to replace damaged equipment (inventory)

  29. Utility Companies • Local emergency numbers • Emergency Management • City/County officials (for all of your locations) • Local utility companies • Electric • Water & Sewer • Public Works

  30. Insurance • Property-Casualty Agent/Claims reporting information • Group Health Insurance Contact/claims reporting information • Life insurance or AD&D contact/claims reporting information

  31. Important Vendors • Banks/financial institutions • Computer/data back-up company emergency contact numbers • Building contractors • NTCA and VTIA and other associations (others who can help you) • Fuel companies • Tower maintenance • Towing services

  32. Central Offices/Tower Sites • All 911 addresses identified with specifics on what equipment is at that location • Is it Fiber or Copper? • Circuit IDs and any passwords necessary • Towers—owned and where you have leased equipment or shared tower space

  33. CATV • CATV distribution layout from the headend • Nodes • Channel line-up • Dish layout • 2-way CATV areas

  34. Directories • NTCA • VTIA • Other associations • Local associations--community

  35. Maps • I&R areas • Generator locations • Tower/CO/Switch sites • City/County • Buildings you own/have people or equipment

  36. Life Safety Plan-NFPA 101Sample Areas • Automatic Sprinkler • Alarm system • Emergency signs and lights • 2 means of egress • Exit doors unlocked • Handicapped occupants/helpers • Basement and upper levels to consider

  37. Emergency Pre-Storm Checklist Sample • 72 hours Prior: make sure all generators are serviced, vehicles are fueled, security for the buildings, contact information for insurance/FEMA updated, equipment/ supplies tied down/inside (as much as possible) • 48 hours Prior: backhoes/chainsaws checked; generators to appropriate places, educate employees on work orders/timesheets, maps of assigned areas • 24 hours Prior: food preparation, secure buildings—caulking, sand bags, lock down building

  38. Emergency Pre-Storm Checklist Sample • 12 hours Prior: check latest weather, distribute information/communications equipment to local emergency responders • Don’t forget to have employees change their voice mails and emails to say you’re closed or have different hours; make sure there is a main line for customers to call

  39. Samples of Plan ContentsPolicies/Procedures • Pandemic Flu—different from a traditional emergency because it’s not that you are shut-down from a disaster, your employees are sick and can’t come to work and/or your customers potentially are sick. • Computer/Server Shut-down • Bomb Threat • Inclement Weather • Storm—Pre-event planning

  40. Pandemic Flu Influence in the Plan • Avian influenza (H5N1) is a virus capable of mutating from birds to humans of which there is no vaccine available • Pandemics usually last 12-24 months • Last 3 pandemics 1968 (3m deaths), 1957 (2m deaths), and 1918 (50m deaths) • Medical community would not be inadequate • Could effect 50% of our world populations • World Bank estimates $800B in economic impact

  41. Pandemic—Business Effects • 40% fewer staff (either sick or caring for loved ones who are sick) • Huge demand for telecommuters—can your network handle it and can you install high speed connections for your customers • Customers—coming in to pay their bills • Local governments may quarantine

  42. Pandemic—Employees and Customers • Identify essential employees and functions/ operations (procedures manuals/cross training) • Modify frequency of face-to-face contact (hand-shaking, meetings, shared workspace • How will sick leave and FMLA react • Epidemics usually last 6-8 weeks and spreads randomly (not just the young and the old) and go in waves • Identify how techs will enter homes/businesses or not during a wave in the community • Keep up with www.pandemicflu.gov for updates on what the government is doing

  43. Emergency Example: Computer Server is Down Whether it’s a hacker, service interruption, or mechanical problem in your office: • Identify essential or key employees • Can employees work from home on a temporary basis? What computer equipment/connection do they have? • How can you continue to serve your customers? • Do you have off-site replication? How long does it take to “switch over”? What happens when you switch back to the data on the off-site server? • Key providers’ contact information available?

  44. Emergency Example:Bomb Threat • In the event you receive a bomb threat, the following info should be obtained and provided to your supervisor. It is paramount in case the threat is carried out and will assist the authorities: • What the person said • Male or Female • Bomb locations and time of activation • Anything additional

  45. Emergency Example:Inclement Weather Procedure • Do you have a plan for bad weather (hurricane to blizzard)? • Do hourly, salaried-non supervisor, and supervisors know what they are to do? How will they know updates? • What if there is mandatory evacuation? • Do you pay people still?

  46. Emergency Incidents While most emergency situations are handled locally, when there’s a major incident help may be needed from other jurisdictions, the state and the federal government. National Incident Management System (NIMS) was developed so responders from different jurisdictions and disciplines can work together better to respond to natural disasters and emergencies, including acts of terrorism. NIMS benefits include a unified approach to incident management; standard command and management structures; and emphasis on preparedness, mutual aid and resource management.

  47. ICS Features • Designed to coordinate responders so they use the same terminology/equipment and apply the same principles • Plain language with specific titles and terminology are key • Titles of personnel are based on their function at the incident, not their rank/regular job title

  48. Incident Action Plan • Spells out the strategy for managing the incident • Provides supervisory personnel with directions • Addresses 4 main elements: • What do we have to do here? • Who is responsible for doing it? • How do we communicate with each other? • What is the process if someone is hurt? • Can be written or oral as the site safety plan • It’s a chain of command system (fashioned similarly to the military system)

  49. Incident Command Posts • Command post is positioned outside established and potential hazard zone, but close enough to maintain command • Marked with a diagonally divided green/white square

  50. Staging Area • Temporary locations where personnel and resources are kept between assignment and deployment. • May be more than one staging area • Equipment and personnel are considered “available” if they have checked in. • Designated by a circle with a “S” inside s

More Related