1 / 22

TEL382

TEL382. Greene Chapter 11. Outline. What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For Disaster Responding to a Disaster Planning For Contingencies Recovering From Disaster Testing and Maintaining the Plan. What is a Disaster?.

sovann
Télécharger la présentation

TEL382

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. TEL382 Greene Chapter 11

  2. Outline • What is a Disaster? • Disaster Strikes Without Warning • Understanding Roles and Responsibilities • Preparing For Disaster • Responding to a Disaster • Planning For Contingencies • Recovering From Disaster • Testing and Maintaining the Plan

  3. What is a Disaster? • A disruption of normal business functions where the expected time for returning to normalcy would impact the organization’s ability to maintain operations, including customer commitments and regulatory compliance • Steps: • Determine Threats, Perform Business Impact Analysis (BIA), Determine Safeguards • BIA provides direction and guidance to those who plan the response, recovery and continuity efforts

  4. Disaster Strikes Without Warning • Must have a written plan! • Business Continuity Plan (BCP) should have: • Disaster Preparation : to be done in anticipation • Disaster Response: to be done immediately following incident • Business Contingency: alternate business processes prior to full recovery • Business Recovery: recovering information systems to their original state

  5. Understanding Roles and Responsibilities • Senior Management Leadership • BCP Team • Operational Management defines needs of department • IT Department • HR Department • Internal Audit Department • BCP Team Responsibilities: • Assessing damage, declaring a disaster, managing response, providing leadership, provide post-disaster assessment, plan impact analysis when changes made, testing plan, reviewing plan with management

  6. Preparing For Disaster • Predefined key elements: • Establish organizational structure to respond: chain of command and succession • Designate Emergency Command Center: Location where BCP Team meets and directs operations • Prepare Notification Procedures: Call trees, cell phones • Design Alternate Operations Sites: Delivery (product to customer) and Operational (HR, accounting, security, etc.) functions • Invest in redundant infrastructure: Hot Sites, Warm Sites, Cold Sites, Mobile Sites • Develop and implement procedures to support response, recovery and continuity activities

  7. Responding to a Disaster • Four Stages of Disaster Notification • Detection: Whoever first discovers it • Notification: Notify BCP Team • Declaration: BCP Team evaluates the situation and activates the plan • Activation: BCP Team Leader (or alternate) • Non-operational Business Concerns to be addressed before disaster: • Public Safety: Who, how, when, etc • Employee Relations: Show up to work, where, when, how, etc. • Media Relations: Single media focal point • Customer Relations: Who, how, what, etc. • Crime:

  8. Planning For Contingencies • Contingency Operations Established at Main Site or Alternate Location • Develop Business Contingency Operating Procedures (BCOP)

  9. Recovering From Disaster • Break Down into categories: • Mainframe, Network, Communications • Detailed Procedures Need to be Developed and Documented Before Needed • What needs to be done, where it needs to be done, how it needs to be done • Recovery Manuals on specific systems and/or devices

  10. Testing and Maintaining the Plan • Plans and Procedures are only theoretical until tested • Must be accurate, relevant and operable under adverse conditions • 5 Standard Testing Techniques: • Preliminary Review, Structured Walkthrough, Tabletop Simulation, Parallel Testing, Full-Scale Testing • Must revisit plan frequently to take into account changes • Should have SLAs with Major Vendors • Some Regulated Industries MUST Audit Plan

  11. TEL382 Wallace Chapter 1

  12. Outline • Introduction • Initiating the Project • Contingency Planning Coordinator • Scope of the Project • Adequate Funding • Selecting a Team • Planning the Project • Executing and Controlling • Closing the Project

  13. Introduction • Building a BCP is like any other business project • In developing a BCP, the early stages must be done sequentially. After a certain point, then many tasks can be done in parallel • Typical Steps: • Management Decision • Contingency Plan Coordinator (CPC) is selected • Sponsor and CPC define effort Scope • CPC selects Team • CPC and Team develop Project Plan • Project Plan is Executed • Reports Produced and CPC closes Project

  14. Initiating the Project • Sponsor from Senior Management • Selection of CPC

  15. Contingency Planning Coordinator • Public announcement • May begin by using an Outside Consultant • Tasking begins as plan developer, evolves to plan implementer, then plan maintainer

  16. Scope of the Project • Defines boundaries of what will be accomplished • A guideline: • Any event that would cost >5% of quarterly revenues merits its own plan • Build slowly and systematically • Written Scope Statement • Focus on Critical Business Functions and the Processes that Support Them • Most Plans can be developed within 6 Months

  17. Adequate Funding • Indicates Management Commitment • Project Budget Items: • BCP Training for CPC and some Team Members • Consultant • Overtime Expenses • Temporary Administrative Help • Food/Beverages • Bonuses/Trinkets, etc.

  18. Selecting a Team • Identify Stakeholders • Core Team (CPC, Assistant, Administrative Assistant) • Other Team Members: • Building Maintenance or Facilities Manager • Facility Safety and Security • Labor Union Representative • HR • Line Management • Community Relations • Public Information Officer • Sales and Marketing • Finance and Purchasing • Legal • Use Standard Tools • Initial Training • Knowledge of Department Processes • Team Meetings

  19. Planning the Project • Identify Activities • Write Paragraph on Each Task, Document Assumptions and Constraints • Estimate How Long Each Will Take • Decide Who Should Do What • Sequence the Tasks Into a Logical Work Flow • Assign Start Dates • Look for Problems in Plan • Resource Overobligation, Availability, etc.

  20. Planning the Project • Common Problems • CPC lacks experience • Lack of Management Support • Inadequate Funding • Too Many Locations • Too Many Departments • Business Interruptions • Not Enough Time

  21. Executing and Controlling • Scope Verification • Communications Plan • Mandatory, Informational, Marketing • Controlling • Change • Scope • Cost • Quality • Performance Reporting • Risk Response • Plan Testing

  22. Closing the Project • Turn Files over to Administrator • Report Results to Management • Identify Known Exposures • Thank the Team

More Related