Download
business continuity disaster recovery n.
Skip this Video
Loading SlideShow in 5 Seconds..
Business Continuity & Disaster Recovery PowerPoint Presentation
Download Presentation
Business Continuity & Disaster Recovery

Business Continuity & Disaster Recovery

131 Vues Download Presentation
Télécharger la présentation

Business Continuity & Disaster Recovery

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Business Continuity & Disaster Recovery All about business Assumes the worst has happened

  2. Domain Definition • Preparation, testing, & updating of actions required to protect critical business processes from the effects of major system & network failures

  3. BCP • Created to prevent interruptions to normal business activity • Minimize effects of disruptive event • Enhance orgs capability to recover • Minimize cost • Mitigate risks

  4. BCP: Areas Covered • LANs, WANs, DMZ, Servers • Telecomm & data comm links • Workstations & workspaces • Applications, software, & data • Media & records storage • Staff duties & production processes

  5. BCP & DRP: Primary Concern • Life Safety • Evacuation routes • Assembly areas • Accounting for personnel • Protection of people always comes first

  6. Continuity Disruptive Events • All plans & processes are “After the Fact” • Examples: • Fires, explosions, spills • Earthquakes, storms, floods, ex • Power outages & other utility failures • Bombings, sabotage • Strikes & other job actions • Employee unavailability • Comm infrastructure failures

  7. Asset Loss • Revenues Lost during incident • Ongoing recovery costs • Fines & penalties • Competitive advantage, credibility or good will damaged by incident

  8. Four Prime Elements of BCP • Scope & Plan Initiation • Define scope & parameters of plan • Business Impact Assessment • Help buss units understand impact • BCP Development • Implementation, testing, maintenance • Plan Approval & Implementation • Senior mgt signoff & org. awareness

  9. BCP 1. Scope & Plan Initiation • Examine org. operations & support services • Distributed processing == special problems • All business units involved • BCP committee • Senior Management – total, highly visible support • Due diligence: Foreign corrupt practices act of 1977

  10. BCP: 2. Buss. Impact Assess. • What impact incident would have • Financial, Operational, Vulnerability • Primary Goals • Criticality Prioritization • Downtime Estimation • Resource Requirements

  11. BCP: 2. Buss. Impact Assess.Steps • Gathering info needed a. Critical business units & interdependencies • Vulnerability assessment (next slide) • Analyzing info compiled a. Clearly describe support required • Documenting results & present recommendations

  12. BCP: 2. BIA – Vulnerability Assess. • Similar to but smaller than Risk Analysis • Quantitative loss criteria • Revenue, capital, liability, operational expenses, contract agreements, regulatory requirements • Qualitative loss Criteria • Competitive advantage, mkt share, public confidence, etc • Common Steps • List Potential Emergencies, 2. Estimate likelihood, 3. Assess impact, 4. Resources Required

  13. Sample Vulnerability Table • Type of Emergency • Probability (High 5 – Low 1) • Human Impact (High Impact 5 …) • Property Impact • Business Impact • Internal Resources (Weak Resources 5 …) • External Resources • Total

  14. BCP: 3. BCP Development • Use BIA to create recovery strategy plan • Defining the continuity strategy • Elements: computing, facilities, people, supplies & equipment • Short-term goals & objectives • Vital personnel, systems, operations, equipment • Priorities for restoration • Acceptable downtime & minimum resources req. • Long-term goals & objectives • Org’s strategic plan • Funding, Management & coordination of events • Funding & fiscal Management • IT department: backup & restore, physical security, logical security, system administration

  15. BCP: 4. Approval & Implementation • Approval by Senior Management • Creating plan awareness • Org’s ability to recover will most likely depend on many individuals • Maintenance of Plan • Plans easily get out of date

  16. Disaster Recovery Planning (DRP) • Procedures for: • Responding to emergency • Providing extended backup operations • Managing recovery & salvage operations • “Primary objective is to implement critical processes at an alternate site & return to primary site & normal operations with time frame that minimizes loss to the organization.”

  17. DRP: Planning Process • Development & creation of recovery plans • BIA has been made so now defining steps needed to protect business in actual disaster • Recovery Timeframe Requiements • AAA – Immediate recovery needed, no downtime • AA – Full functional recovery within 4 hours • A – Same day business recovery needed • B – Up to 24 hours downtime acceptable • C – 24 – 72 hours downtime acceptable • D – Greater than 72 hours downtime ok

  18. DRP: Disaster Planning Process Steps • Data Processing Continuity Planning • Data Recovery Plan Maintenance

  19. DRP: Data Processing Continuity Planning • Common alternate processing types • Mutual Aid Agreements • Subscription services • Multiple centers • Service bureaus • Other data center backup alternatives • Automated Tools to create DRP (www.intiss.com/intisslinks)

  20. DRP: Mutual Aid Agreements • Both parties agree to support each other • Advantages • Very little or no cost • Same NOS, data comm needs, & transaction processing procedures • Disadvantages • Only use if no other option available • Same infrastructure with unused capacity highly unlikely • Limits responsiveness & support • What about disaster that affects both orgs

  21. DRP: Subscription Services • 3rd party commercial services & alternate processing • Basic Forms of Subscription Svcs • Hot Site • Warm Site • Cold Site

  22. DRP: Multiple Centers • Spread processing around multiple sites and insure excess capacity at each site • Adv: Financial • Dis: Mutual disaster could overtake both (or all) sites

  23. DRP: Service Bureaus & Other • Service Bureaus: Contractual Agreement to provide backup • Adv: Quick & available • Dis: Expensive • Rolling/Mobile backup site • Vendor remote re-supply of hdw • Prefabricated buildings

  24. DRP: Transaction Redundancy • Level of fault tollerance in transaction processing • Electronic Vaulting • Transfer of backup offsite • Remote Journaling • Offsite Parallel processing • Database Shadowing • Offsite parallel database(s)

  25. DRP: Maintenance • DRP easily get out-of-date • Regular audit procedures ensure currency • Review, evaluate, modify, update • After training exercises • After disaster response • When personnel change • When policies, procedures or infrastructure changes

  26. DRP: Testing • No plan really exists until tested • “Test plan must be created & carried out in orderly, standardized fashion & executed on a regular basis” • Reasons for Testing • Verifies accuracy of DRP • Prepares personnel • Verifies processing capacity of alternate site • To find weaknesses: if non found was probably a bad test. Mistakes WILL BE MADE

  27. DRP: Testing -- The Test Document • Documented Test scenario • Reasons for test, type of test, objectives • Granular details of what will happen • Scheduling of test • Duration of test • Specific test steps • Participants • Task assignments • Resources & services to be used

  28. DRP: Testing – Test Levels • Checklist review • Structured walk-through • Simulation test • Parallel test • Full-scale exercise

  29. DRP: Procedures • Details roles played & tasks assigned • External groups, financial considerations • Senior Management: • Remain visible • Directing, managing, monitoring recovery • Rationally amending plans • Clearly communicating roles & responsibilites • IT Management: • Identify mission critical apps • Reassess recovery site’s stability • Recovering & constructing data • Human resources • Financial

  30. DRP: Teams • Recovery Team • Primary task to get critical apps functioning at alternate site • Salvage Team • Isolate incident scene • Secure & control access • Return primary site to fully functional • Authority to declare incident over • Different personnel from Recovery Team

  31. DRP: Other Issues • Not over till main site fully functional • Interfacing with External Groups • Relations with external often overlooked • Employee Relations • Major incident == stress, pay checks? • Fraud & Crime • Alternate site much more easily exploited • Financial Disbursement • Media Relations