business continuity planning for research and development organizations presented by steve davis,...
TRANSCRIPT
Business Continuity Planning
For Research and Development Organizations
Presented by Steve Davis, Principal, DavisLogic & All Hands Consulting
“Stuff” Happens
How should you help your company maintain "business continuity" in
the wake of disaster?
Are You Ready For Anything?
Eighty-one per cent of CEOs say that their company's plans were inadequate to handle the myriad of issues arising from the World Trade Center tragedy
Disaster Causes & EffectsCommon Causes
Natural Hazards
Ice Storm Earthquake Wind Flood Lightning Snow Frost
Man-made Hazards (Deliberate)
Theft Violence Fraud Arson Malicious Damage Strike
Disaster Causes & EffectsCommon Causes
Man-made Hazards (Deliberate) Riot Bomb Damage Bomb Hoax Terrorists Hacking
Man-made Hazards (Accidental) Operator Error Explosion Fire Water Leaks Fire Extinguisher
Discharge
Disaster Causes & EffectsCommon Effects
Man-made Hazards (Indirect) Power Failure Telecommunications Failure Smoke Damage Fire Suppression Agents Hardware/Software failure
Disaster Causes & EffectsCommon Effects
Denial of Service
Data Loss
Loss of Personnel
Loss of System Function
Lack of Information
Denial of Access
Compromised or Corrupted Data
Damaged Environment
Productivity Loss
Disaster Causes & EffectsCommon Effects
Loss of Control
Loss of Communication
Interrupted Cash Flow
Loss of Image
Loss of Market Share
Costs of Repair
Cost of Recovery
Lower Morale
Loss of Profits
Special Considerations
AnimalsEvacuation - whereOngoing care and feedingBites/Scratches
Hazardous MaterialsBio HazardsRadiationChemicals
Alternate Space
Wet Labs
Power Needs
Containment
Terminology
Business Continuity Planning
What is BusinessContinuity Planning?
Planning to ensure the continuation of operations in the event of a catastrophic event.
Business continuity planning includes the actions to be taken, resources required, and procedures to be followed to ensure the continued availability of essential services, programs, and operations in the event of unexpected interruptions.
Contingency Planning
Business Continuity Planning
Disaster Recovery
Security Business Recovery Crisis Management
BC Plan Components
BCP Disaster Recovery
Business Recovery
Business Resumption
Contingency Planning
ObjectiveCritical Computer Apps
Critical Business Processes
Process Restoration
Process Workaround
FocusData Recovery
Process Recovery
Return to Normal
Make Do
Example
EventMainframe or server failure
Laboratory Flood
Building FireLoss of Application
SolutionHot Site Recovery
Dry Out & Restart
New Equip. New Bldg.
Use Manual Process
Create a Business Continuity
Management Team
Lead by Top Management
Project BoD Monitors
Regular Status Reporting to Management
Broad-based
Awareness for Everyone
Key PlayersSenior OfficialsFacilities/SafetyRisk ManagementLegalFinance/BudgetProcurement
Business Continuity Process
Assess - identify and triage all threats (BIA)Evaluate - assess likelihood and impact of each threatMitigate - identify actions that may eliminate risks in advancePrepare – plan for contingent operations Respond – take actions necessary to minimize the impact of risks that materialize Recover – return to normal as soon as possible
Building a BCP Plan
Business Impact Assessment
The purpose of the BIA is to:
Identify critical systems, processes and functions;
Establish an estimate of the maximum tolerable downtime (MTD) for each business process
Assess the impact of incidents that result in a denial of access to systems, services or processes; and,
Determine the priorities and processes for recovery of critical business processes.
BIA Review Factors
All Hazards Analysis Likelihood of Occurrence Impact of Outage on Operations System Interdependence Revenue Risk Personnel and Liability Risks
Risk Analysis MatrixP
rob
abil
ity
of
Lik
elih
oo
d
Severity of Consequence
High
Medium
Low
Low Medium High
Area of Major
Concern
Developing Business Continuity Strategies
1. Understand alternatives and their advantages, disadvantages, and cost ranges, including mitigation and mutual aid as recovery strategies.
2. Identify viable recovery strategies with business functional areas.
3. Consolidate strategies.4. Identify off-site storage requirements and
alternative facilities.5. Develop business unit consensus.6. Present strategies to management to obtain
commitment.
Contingency Planning Process Phases
Assessment - organizing the team, defining the scope, prioritizing the risks, developing failure scenarios
Planning - building contingency plans, identifying trigger events, testing plans, and training staff on the plan
Plan Execution - based on a trigger event, implementing the plan (either preemptively or reactively)
Recovery - disengaging from contingent operations mode and restarting primary processes of normal operations by moving from contingency operations to a permanent solution as soon as possible.
Evaluating Alternatives
Functionality - provides an acceptable level of service
Practicality - is reasonable in terms of the time and resources needed to acquire, test, and implement the plan
Cost Benefit - cost is justified by the benefit to be derived from the plan
Emergency Management Planning
Work with local and regional disaster agencies and business associations
Assess special problems with disasters Loss of lifelines Emergency response
Review and revise existing disaster plans
Look for new areas for disaster plans
Include Disaster Recovery Planning
Elements of a Good Plan
Prevention, Response, Recovery, Remediation, Restoration
Top Priorities addressed first
Elements of a Good Plan
Action Plan responsibilities clearly definedCommunication alternatives are consideredRedundancies are in place
Elements of a Good Plan
Product sources are identified
Personnel sources are identified
Keys to Success
Vulnerabilities Clearly IdentifiedComprehensive Plan in PlacePlan Understood, Communicated and Updated Tested quarterly Adequately funded
Emergency Response Action StepsThe first 48 hours can make the difference.
Safety First!
Getting Started Off-Site
Stabilize the Building & Environment
Documentation
Retrieval & Protection
Damage Assessment
Salvage Priorities
Adapted from FEMA – handout contains details.
For More Information
Contact:
Steve Davis, Principal
DavisLogic & All Hands
DavisLogic.com
AllHandsConsulting.com