business continuity planning presentation and directiondcag.com/images/bcp_pres01.pdf ·...
TRANSCRIPT
![Page 1: Business Continuity Planning Presentation and Directiondcag.com/images/BCP_Pres01.pdf · Presentation and Direction Thomas Bronack, president Data Center Assistance Group, Inc. 15180](https://reader036.vdocuments.us/reader036/viewer/2022071106/5fe0bcde949182722438ffd0/html5/thumbnails/1.jpg)
Business Continuity Planning
Presentation and
Direction
Thomas Bronack, president
Data Center Assistance Group, Inc.
15180 20th Avenue
Whitestone, NY 11357
Phone: (718) 591-5553
Email: [email protected]
![Page 2: Business Continuity Planning Presentation and Directiondcag.com/images/BCP_Pres01.pdf · Presentation and Direction Thomas Bronack, president Data Center Assistance Group, Inc. 15180](https://reader036.vdocuments.us/reader036/viewer/2022071106/5fe0bcde949182722438ffd0/html5/thumbnails/2.jpg)
What is Business Continuity Planning?
Planning to ensure the continuation of
operations in the event of a catastrophic
event.
Business continuity planning goes beyond disaster recovery planning
to include:
• the actions to be taken,
• resources required, and
• procedures to be followed to ensure the continued availability of
essential services, programs, and operations in the event of
unexpected interruptions.
4/19/2012 Business Continuity Presentation 2
![Page 3: Business Continuity Planning Presentation and Directiondcag.com/images/BCP_Pres01.pdf · Presentation and Direction Thomas Bronack, president Data Center Assistance Group, Inc. 15180](https://reader036.vdocuments.us/reader036/viewer/2022071106/5fe0bcde949182722438ffd0/html5/thumbnails/3.jpg)
Key Elements
• Disaster Recovery
• Business Recovery
• Contingency Planning
• Crisis Management
4/19/2012 Business Continuity Presentation 3
![Page 4: Business Continuity Planning Presentation and Directiondcag.com/images/BCP_Pres01.pdf · Presentation and Direction Thomas Bronack, president Data Center Assistance Group, Inc. 15180](https://reader036.vdocuments.us/reader036/viewer/2022071106/5fe0bcde949182722438ffd0/html5/thumbnails/4.jpg)
Business Continuity Plan
• Identify Risks - Triage to assess all processes
All business functions
Data
Suppliers
Infrastructure
• Develop Plans for Everything
• Test and Exercise the Plans
• Layer Business Plan & Disaster Plan
4/19/2012 Business Continuity Presentation 4
![Page 5: Business Continuity Planning Presentation and Directiondcag.com/images/BCP_Pres01.pdf · Presentation and Direction Thomas Bronack, president Data Center Assistance Group, Inc. 15180](https://reader036.vdocuments.us/reader036/viewer/2022071106/5fe0bcde949182722438ffd0/html5/thumbnails/5.jpg)
Create a Business Continuity
Management Team
• Lead by Top Management.
• Project Monitored by the Board
of Directors.
• Regular Status Reporting to
Management.
• Broad-based Planning Project.
• Awareness for Everyone.
Key Players
Senior Officials
Internal Audit
Risk Management
Legal
Finance/Budget
Procurement
Safety
Others?
4/19/2012 Business Continuity Presentation 5
![Page 6: Business Continuity Planning Presentation and Directiondcag.com/images/BCP_Pres01.pdf · Presentation and Direction Thomas Bronack, president Data Center Assistance Group, Inc. 15180](https://reader036.vdocuments.us/reader036/viewer/2022071106/5fe0bcde949182722438ffd0/html5/thumbnails/6.jpg)
Business Continuity
Process
• Assess - identify and triage all threats (BIA)
• Evaluate - assess likelihood and impact of each threat
• Prepare – plan for contingent operations
• Mitigate - identify actions that may eliminate risks in advance
• Respond – take actions necessary to minimize the impact of risks that materialize
• Recover – return to normal as soon as possible
4/19/2012 Business Continuity Presentation 6
![Page 7: Business Continuity Planning Presentation and Directiondcag.com/images/BCP_Pres01.pdf · Presentation and Direction Thomas Bronack, president Data Center Assistance Group, Inc. 15180](https://reader036.vdocuments.us/reader036/viewer/2022071106/5fe0bcde949182722438ffd0/html5/thumbnails/7.jpg)
Project Reporting/Tracking
• Use summary reports for management
Measurable and quantifiable progress
Risk rating
Prioritization
Regular reporting (weekly or bi-weekly)
Sort on priority, progress, time-to-completion
4/19/2012 Business Continuity Presentation 7
![Page 8: Business Continuity Planning Presentation and Directiondcag.com/images/BCP_Pres01.pdf · Presentation and Direction Thomas Bronack, president Data Center Assistance Group, Inc. 15180](https://reader036.vdocuments.us/reader036/viewer/2022071106/5fe0bcde949182722438ffd0/html5/thumbnails/8.jpg)
BIA Review Factors
All Hazards Analysis
Likelihood of Occurrence
Impact of Outage on Operations
System Interdependence
Revenue Risk
Personnel and Liability Risks
4/19/2012 Business Continuity Presentation 8
![Page 9: Business Continuity Planning Presentation and Directiondcag.com/images/BCP_Pres01.pdf · Presentation and Direction Thomas Bronack, president Data Center Assistance Group, Inc. 15180](https://reader036.vdocuments.us/reader036/viewer/2022071106/5fe0bcde949182722438ffd0/html5/thumbnails/9.jpg)
Process Inventory and Triage The purpose of the BIA is to:
Identify critical systems, processes and functions;
Establish an estimate of the maximum tolerable
downtime (MTD) for each business process
Assess the impact of incidents that result in a denial of
access to systems, services or processes; and,
Determine the priorities and processes for recovery of
critical business processes.
4/19/2012 Business Continuity Presentation 9
![Page 10: Business Continuity Planning Presentation and Directiondcag.com/images/BCP_Pres01.pdf · Presentation and Direction Thomas Bronack, president Data Center Assistance Group, Inc. 15180](https://reader036.vdocuments.us/reader036/viewer/2022071106/5fe0bcde949182722438ffd0/html5/thumbnails/10.jpg)
Prioritize Risk Factors
Personal Safety Risk
Services Risk
Operational Risk
Revenue Risk
Liability Risk
Good Will (Societal) Risk
4/19/2012 Business Continuity Presentation 10
![Page 11: Business Continuity Planning Presentation and Directiondcag.com/images/BCP_Pres01.pdf · Presentation and Direction Thomas Bronack, president Data Center Assistance Group, Inc. 15180](https://reader036.vdocuments.us/reader036/viewer/2022071106/5fe0bcde949182722438ffd0/html5/thumbnails/11.jpg)
Risk Analysis Matrix
High
Medium
Low Low Medium High
Area of
Major
Concern
4/19/2012 Business Continuity Presentation 11
![Page 12: Business Continuity Planning Presentation and Directiondcag.com/images/BCP_Pres01.pdf · Presentation and Direction Thomas Bronack, president Data Center Assistance Group, Inc. 15180](https://reader036.vdocuments.us/reader036/viewer/2022071106/5fe0bcde949182722438ffd0/html5/thumbnails/12.jpg)
Risk Risk Numeric
Factor Rating Score
Degree of H 8 Process must function for core operations
Organizational M 6 Process required for daily settlement
Dependence L 3 Process is not critical to daily operations
Probability H 0 Probability > 0.5 that alternative process will work
of Successful M 2 Probability < 0.5 that alternative process will work
Alternative L 3 No plans for alternative process
Dependence H 5 Business functions depend highly on process
on M 3 Business functions depend somewhat
Automation L 1 Manual operation possible w/o penalty
Criticality of H 4 Critical business function - core process
Business M 2 Secondary line-of-business
Process L 0 Not a critical process
Explanation
BCP Risk Rating Methodology
Risk Rating Methodology
4/19/2012 Business Continuity Presentation 12
![Page 13: Business Continuity Planning Presentation and Directiondcag.com/images/BCP_Pres01.pdf · Presentation and Direction Thomas Bronack, president Data Center Assistance Group, Inc. 15180](https://reader036.vdocuments.us/reader036/viewer/2022071106/5fe0bcde949182722438ffd0/html5/thumbnails/13.jpg)
What Are External Risks?
External Risks are risks presented by
factors outside the enterprise; these
include: – risk present in natural disaster,
– labor strife,
– the possible failures of business partners,
– suppliers,
– public utilities,
– transportation,
– telecommunications, and
– other businesses.
4/19/2012 Business Continuity Presentation 13
![Page 14: Business Continuity Planning Presentation and Directiondcag.com/images/BCP_Pres01.pdf · Presentation and Direction Thomas Bronack, president Data Center Assistance Group, Inc. 15180](https://reader036.vdocuments.us/reader036/viewer/2022071106/5fe0bcde949182722438ffd0/html5/thumbnails/14.jpg)
Ris
k
High
Low
Threat Areas
Ap
pli
cati
on
s
Infr
astr
uctu
re
Exte
rnal
Facto
rs
Risk Areas
4/19/2012 Business Continuity Presentation 14
![Page 15: Business Continuity Planning Presentation and Directiondcag.com/images/BCP_Pres01.pdf · Presentation and Direction Thomas Bronack, president Data Center Assistance Group, Inc. 15180](https://reader036.vdocuments.us/reader036/viewer/2022071106/5fe0bcde949182722438ffd0/html5/thumbnails/15.jpg)
Review External Dependencies
Suppliers
Subcontractors
Vendors
Your
Organization
Clients /
Customers
Conduit
Organizations
Infrastructure Dependence (power, telecom, etc.)
System Up Time (computing, data,networks, etc.)
4/19/2012 Business Continuity Presentation 15
![Page 16: Business Continuity Planning Presentation and Directiondcag.com/images/BCP_Pres01.pdf · Presentation and Direction Thomas Bronack, president Data Center Assistance Group, Inc. 15180](https://reader036.vdocuments.us/reader036/viewer/2022071106/5fe0bcde949182722438ffd0/html5/thumbnails/16.jpg)
Loss of Lifelines
• What will we do if there is no power?
• No phone service?
• No Water?
• Government services?
• How will the public react?
4/19/2012 Business Continuity Presentation 16
![Page 17: Business Continuity Planning Presentation and Directiondcag.com/images/BCP_Pres01.pdf · Presentation and Direction Thomas Bronack, president Data Center Assistance Group, Inc. 15180](https://reader036.vdocuments.us/reader036/viewer/2022071106/5fe0bcde949182722438ffd0/html5/thumbnails/17.jpg)
Emergency Management
Planning
• Work with local and regional disaster agencies
• Assess special problems with disasters
Loss of lifelines
Emergency response
• Review and revise existing disaster plans
• Look for new areas for disaster plans
• Include Disaster Recovery Planning
4/19/2012 Business Continuity Presentation 17
![Page 18: Business Continuity Planning Presentation and Directiondcag.com/images/BCP_Pres01.pdf · Presentation and Direction Thomas Bronack, president Data Center Assistance Group, Inc. 15180](https://reader036.vdocuments.us/reader036/viewer/2022071106/5fe0bcde949182722438ffd0/html5/thumbnails/18.jpg)
Contingency Planning Issues
• Power and Telecommunication Failures
• System Failures
• Natural Disasters
• Local Emergencies
• Workplace Violence
• Supply Chain Disruptions
4/19/2012 Business Continuity Presentation 18
![Page 19: Business Continuity Planning Presentation and Directiondcag.com/images/BCP_Pres01.pdf · Presentation and Direction Thomas Bronack, president Data Center Assistance Group, Inc. 15180](https://reader036.vdocuments.us/reader036/viewer/2022071106/5fe0bcde949182722438ffd0/html5/thumbnails/19.jpg)
Contingency Planning Process Phases
Assessment - organizing the team, defining the scope, prioritizing the risks, developing failure scenarios
Planning - building contingency plans, identifying trigger events, testing plans, and training staff on the plan
Plan Execution - based on a trigger event, implementing the plan (either preemptively or reactively)
Recovery - disengaging from contingent operations mode and restarting primary processes of normal operations by moving from contingency operations to a permanent solution as soon as possible.
4/19/2012 Business Continuity Presentation 19
![Page 20: Business Continuity Planning Presentation and Directiondcag.com/images/BCP_Pres01.pdf · Presentation and Direction Thomas Bronack, president Data Center Assistance Group, Inc. 15180](https://reader036.vdocuments.us/reader036/viewer/2022071106/5fe0bcde949182722438ffd0/html5/thumbnails/20.jpg)
Develop Scenarios
• How bad will the “big one” be? – Extended Power, Water, or Telecom Outages?
– Supply Chain Disruptions?
– Civil unrest?
• Develop various scenarios and pick
which ones to plan for.
4/19/2012 Business Continuity Presentation 20
![Page 21: Business Continuity Planning Presentation and Directiondcag.com/images/BCP_Pres01.pdf · Presentation and Direction Thomas Bronack, president Data Center Assistance Group, Inc. 15180](https://reader036.vdocuments.us/reader036/viewer/2022071106/5fe0bcde949182722438ffd0/html5/thumbnails/21.jpg)
Evaluating Alternatives
• Functionality - provides an acceptable level
of service
• Practicality - is reasonable in terms of the
time and resources needed to acquire, test,
and implement the plan
• Cost Benefit - cost is justified by the benefit
to be derived from the plan
4/19/2012 Business Continuity Presentation 21
![Page 22: Business Continuity Planning Presentation and Directiondcag.com/images/BCP_Pres01.pdf · Presentation and Direction Thomas Bronack, president Data Center Assistance Group, Inc. 15180](https://reader036.vdocuments.us/reader036/viewer/2022071106/5fe0bcde949182722438ffd0/html5/thumbnails/22.jpg)
It’s Not Enough
Just to Plan
• Use focus groups and brainstorming
Seek “what can go wrong”
Find alternate plans & manual work arounds
Find innovative solutions to risks
• Contingency plans must be exercised
Hold table top exercises for disasters
Conduct “fire drills” of plans
Train staff for action during emergencies
4/19/2012 Business Continuity Presentation 22
![Page 23: Business Continuity Planning Presentation and Directiondcag.com/images/BCP_Pres01.pdf · Presentation and Direction Thomas Bronack, president Data Center Assistance Group, Inc. 15180](https://reader036.vdocuments.us/reader036/viewer/2022071106/5fe0bcde949182722438ffd0/html5/thumbnails/23.jpg)
Trigger Event
Occurs
Execute Plan
Execution
Event Ends Activate Recovery
Plan
Recovery
Develop Plans
Planning
Identify Event
Triggers
Develop
Scenarios
Conduct Risk
Assessment
Risk Scoping &
Prioritization
Assessment
Test Plans
Organize Risk
Assessment
Team
Train on Plans
Contingency Planning Phases
4/19/2012 Business Continuity Presentation 23
![Page 24: Business Continuity Planning Presentation and Directiondcag.com/images/BCP_Pres01.pdf · Presentation and Direction Thomas Bronack, president Data Center Assistance Group, Inc. 15180](https://reader036.vdocuments.us/reader036/viewer/2022071106/5fe0bcde949182722438ffd0/html5/thumbnails/24.jpg)
Risk Management Formula
Risk Assessments
+
Contingency and Recovery Planning
+
Validation and Training
Due Diligence
Best Practices
Good Business
Judgement
4/19/2012 Business Continuity Presentation 24