demonstrating value of business continuity program using quantitative scoring of incidents
TRANSCRIPT
Continuity and Resilience (CORE)
ISO 22301 BCM Consulting Firm
Presentations by speakers at the
5th India Business & IT Resilience Summit June 1, 2017 at Meluha – The an Ecotel Hotel
Mumbai, India
Our Contact Details:
UAE INDIA
Continuity and Resilience
P. O. Box 127557
Abu Dhabi, United Arab Emirates
Mobile:+971 50 8460530
Tel: +971 2 8152831
Fax: +971 2 8152888
Email: [email protected]
Continuity and Resilience
Level 15,Eros Corporate Tower
Nehru Place ,New Delhi-110019
Tel: +91 11 41055534/ +91 11 41613033
Fax: ++91 11 41055535
Email: [email protected]
Post Event Reviews Demonstrating Business Continuity value by quantitatively scoring incident response
Microsoft Services Information Protection and Governance
On personal devices
24 x 7 collaboration
On the road
In the office
At home
Through social media
Public Data
Internal Data
Confidential Data
On Premise
Cloud
Applications
Network
Devices
‘Things’
Infrastructure
Today’s computing is heavily inter-connected
On personal devices
24 x 7 collaboration
On the road
In the office
At home
Through social media
Public Data
Internal Data
Confidential Data
On-premise
Cloud
Applications
Network
Devices
‘Things’
Infrastructure
…and failures are inevitable!
Microsoft Customer Service & Support Overview
What does CSS care about?
Telecom Services
PGVendor
PBX
Aceyus Reporting
ICM
NAVerizon IPTF/MPLS
Network
PG MS Nortel Bangalore Embassy
MS4 HostB11
Las Colinas
Charlotte
Existing MS Global Contact Center Infrastructure
GenesysIVR
PG Gateway
CVP/VHTPG
ICMAdmin
GW/Router
SBC
MS Nortel Bangalore Signature
PG
Fargo
SBC
SammD Mississauga
MS4 ICM PG s
Gateway
Gateway GatewayGateway
EMEA CarriersMunich
Redding
Shanghai
25 other Regional PBX s
APAC Carriers
Multiple Carriers
Multiple Vendor
PBX
Skype PSTNConnection
Customer
PSTN
• Voice Network
• Contact Routing
• Customer classification
• Agent Endpoint
• Reporting
48 Internal and external
technology platforms
Plus, regional partners and
customer network
dependencies
Call centers – Americas Global Call centers
What it takes to route a call?
Limitations of Business Continuity Exercises
Some (or all) participants are notified ahead of time!
Real incidents impose additional constraints not anticipated during exercise
Unable to exercise all components effectively in a complex setup
Repeat exercise scenarios can be difficult for participants to stay engaged
Key resources are made available, kept away from regular work
Exercises become invalid if/when configuration changes
Post Event Reviews
• Review of incident response using
quantitative metrics
• Score incidents based on response
effectiveness
• Categorize based on outcomes
• Identify and track corrective
actions • Focus on customer experience
• Events which have direct customer
impact
• Break/fix in nature
• Validate if continuity plans are
effectively mitigating impact
• Not a root cause analysis, it is
carried out by technical teams
• Operational events that are not
break/fix in nature
• Not an attempt to fully prevent
them from happening
Process In Scope Out of Scope
Incident response analysis
Metric Description
Time to detect Manual or automated detection of an
incident from time of occurrence
Time to Notify Stakeholder notification
Business
Engagement
Set up business response bridge and
get stakeholders join
Time to Escalate Fix team is engaged for
troubleshooting
Strategy
documented
Documented Microsoft, supplier
strategy in place
Strategy executed Customer impact mitigated
82.72% 81.82% 84.60%
17.28% 18.18% 15.40%
0.00%
10.00%
20.00%
30.00%
40.00%
50.00%
60.00%
70.00%
80.00%
90.00%
1 2 3
Target- Non defects
Defects threshold
YES NO N/A
Defect Trends - Overall
Defect Trends – Metrics-wise
0% 20% 40% 60% 80% 100%
Timely Escalation
Notification
Business engagement
Fix Team engagement
Documented
Implemented
Yes No N/A
• Partial Failures • Configuration Errors • Monitoring capability • Planned Maintenance/ Upgrades
• Onboarding process • Training
• Inaccurate plans • Scenario not
appropriately addressed
• Data freshness, change not captured
• Lack of awareness among stakeholders
• Escalation process not well defined
• Lack of Training
• Auto-resolved • Configuration
Errors • Operational Issue
Cause and Effect Analysis
Incident Response
Gaps
Timely Escalation Documentation Resolution
Notification Business Engagement
BC plan implementation
Blockers and Options
Program is still developing Enables effective planning
Lack of tools, investment Enterprise software is adequate
Management buy-in, a challenge Align with business goals
Our situation is different Focus on program scope
Scorecard already exists Translate readiness to reality