Post on 27-Mar-2015
Presented byPresented by
Information Technology Advisory Information Technology Advisory Group (ITAG)Group (ITAG)
www.ItagInfo.comwww.ItagInfo.comConsult@ItagInfo.comConsult@ItagInfo.com
Disaster Recovery/ Disaster Recovery/ Business Continuation Business Continuation
WorkshopWorkshop
About ITAGAbout ITAG
• Technical services firm designed to help our clients improve their competitiveness and profitability through the use of technology in business.
• Not a reseller of any software or hardware products.
Session Format Session Format
• DefinitionDefinition
• Stages of a Disaster Stages of a Disaster
• ConsiderationsConsiderations
• Plan MethodologyPlan Methodology
• Plan ComponentsPlan Components
DefinitionDefinition
Business Continuation Business Continuation Plan Plan
• Ability to ensure the restoration of Ability to ensure the restoration of your business activities to normal your business activities to normal operations as quickly as possible operations as quickly as possible after a disruption or disaster.after a disruption or disaster.
• Specific to your organizationSpecific to your organization
• In accordance with Corporate CultureIn accordance with Corporate Culture
Types of Disaster Types of Disaster
• Blizzards / Winter Blizzards / Winter StormsStorms
• Computer Failure / Computer Failure / Computer Viruses / Computer Viruses / Telephone SystemTelephone System
• EarthquakesEarthquakes
• Environmental Environmental HazardsHazards
• FloodingFlooding
• TerrorismTerrorism
• Power OutagePower Outage
• Transportation Transportation DisruptionsDisruptions
• FireFire
• Hurricane / TornadoHurricane / Tornado
Stages of a DisasterStages of a Disaster
Stages of a Disaster Stages of a Disaster
• RecognizeRecognize
• RespondRespond
• RecoverRecover
• RestoreRestore
Stages of a Disaster Stages of a Disaster
• RecognizeRecognize– protect human lifeprotect human life
– determine/assess nature of disaster or determine/assess nature of disaster or eventevent
– notify management/authoritiesnotify management/authorities
– inform employeesinform employees
Stages of a Disaster Stages of a Disaster
• RespondRespond– activate emergency response teamactivate emergency response team
– employee relocation proceduresemployee relocation procedures
– customers/partners/suppliers notifiedcustomers/partners/suppliers notified
– coordinate with fire, police, etc.coordinate with fire, police, etc.
– media notifiedmedia notified
– decision to activate business continuation decision to activate business continuation planplan
Stages of a Disaster Stages of a Disaster
• RecoverRecover– achieve your MARC (Minimum achieve your MARC (Minimum
Acceptable Recovery Configuration)Acceptable Recovery Configuration)
– short/long term interim processingshort/long term interim processing
– employee/operational logisticsemployee/operational logistics
– review events, begin documentationreview events, begin documentation
Stages of a Disaster Stages of a Disaster
• RestoreRestore– priorities set and maintainedpriorities set and maintained
– maintain flexibilitymaintain flexibility
– restore power, security, environmentals, etc.restore power, security, environmentals, etc.
– restore/replace hardware/softwarerestore/replace hardware/software
– cleanup and reconstructcleanup and reconstruct
– business operations return to normalbusiness operations return to normal
ConsiderationsConsiderations
Considerations Considerations • WhyWhy
• WhenWhen
• PeoplePeople
• External External RelationshipsRelationships
• InsuranceInsurance
• Data, Information & Data, Information & KnowledgeKnowledge
• TechnologiesTechnologies
• Legal ImplicationsLegal Implications
• CostsCosts
• SecuritySecurity
• Common DisastersCommon Disasters
Considerations Considerations
• WhyWhy– What do you stand to loseWhat do you stand to lose
• RevenueRevenue
• Customers / MembersCustomers / Members
• Market Share Market Share
• Competitive EdgeCompetitive Edge
– Industry statistics indicate that 43% of Industry statistics indicate that 43% of companies never reopen after a disaster has companies never reopen after a disaster has struck.struck.
Considerations Considerations
• WhyWhy– What do you stand to gainWhat do you stand to gain
• Continuity of BusinessContinuity of Business
• Ability to improve business processesAbility to improve business processes
• Customer Satisfaction / ConfidenceCustomer Satisfaction / Confidence
Considerations Considerations
• When should you begin developing When should you begin developing a plana plan– Now Now
• Don’t wait for a disaster to hit Don’t wait for a disaster to hit
ConsiderationsConsiderations
• PeoplePeople– Call TreeCall Tree
• StaffStaff– Identify special skills of staffIdentify special skills of staff
• Members/Customers/Partners/SuppliersMembers/Customers/Partners/Suppliers
• Emergency ServicesEmergency Services– FireFire– PolicePolice
– Establish policy for employees to report inEstablish policy for employees to report in
ConsiderationsConsiderations
• People (Employee Support)People (Employee Support)– Cash AdvancesCash Advances
– Salary ContinuationSalary Continuation
– Flexible / Reduced HoursFlexible / Reduced Hours
– Crisis CounselingCrisis Counseling
– Day CareDay Care
Considerations Considerations
• External RelationshipsExternal Relationships– BankBank
– Offsite Storage / FacilityOffsite Storage / Facility
– Technology Solution ProvidersTechnology Solution Providers
– Telecommunication SupplierTelecommunication Supplier
– Key SuppliersKey Suppliers
– PrinterPrinter
Considerations Considerations
• InsuranceInsurance
– Property ValueProperty Value
– CoverageCoverage• Loss of incomeLoss of income
• Power outagePower outage
– DeductibleDeductible
– Requirements for reporting a lossRequirements for reporting a loss
– Vital RecordsVital Records
ConsiderationsConsiderations
• Data, Information & KnowledgeData, Information & Knowledge– DataData
• Raw facts and figures Raw facts and figures – key data profilekey data profile
– InformationInformation• Process of combing data to become Process of combing data to become
meaningfulmeaningful– standard operating proceduresstandard operating procedures
– KnowledgeKnowledge• Process of using information to make Process of using information to make
decisionsdecisions– Knowledge MapKnowledge Map
DB
Data
Information
Knowledge
Collect
Categorize
Summarize
Analyze
Formulate
Informed BusinessDecision
Considerations Considerations
• TechnologiesTechnologies– InfrastructureInfrastructure
– Communications (voice/data)Communications (voice/data)
– InternetInternet
Considerations Considerations
• Infrastructure TechnologiesInfrastructure Technologies
– RedundancyRedundancy• Plug-n-Play Hardware/Traffic RoutingPlug-n-Play Hardware/Traffic Routing
– Wireless NetworkingWireless Networking
– Data BackupData Backup
– Backup PowerBackup Power
– Management ToolsManagement Tools• inventory, security, configurationinventory, security, configuration
Considerations Considerations
• Communication TechnologiesCommunication Technologies– VoiceVoice
• PBXPBX
• Cell PhonesCell Phones
– DataData• VPNVPN
• WAN ReplicationWAN Replication
• FaxFax
• PDAPDA
Considerations Considerations • Internet TechnologiesInternet Technologies
– EmailEmail
– Instant Messaging (IM)Instant Messaging (IM)
– Internet PhoneInternet Phone
– ASPASP
– Server HostingServer Hosting
– Online Data StorageOnline Data Storage
– E-commerceE-commerce
– Online DirectionsOnline Directions
Considerations Considerations
• LegalLegal– Contractual obligations such asContractual obligations such as
• Publishing (advertising, circulation, etc.)Publishing (advertising, circulation, etc.)
• IRS or other Government Mandates IRS or other Government Mandates (PAC reporting, etc.)(PAC reporting, etc.)
• Customer ContractsCustomer Contracts
Considerations Considerations
• CostsCosts– Plan DevelopmentPlan Development
• External consultantExternal consultant
• Internal resourcesInternal resources
• Software (if desired)Software (if desired)
– Offsite StorageOffsite Storage• TapeTape
• Critical Documents and FormsCritical Documents and Forms
Considerations Considerations
• CostsCosts– Ongoing Plan MaintenanceOngoing Plan Maintenance
• TestingTesting
• Software Maintenance (if desired)Software Maintenance (if desired)
– Contingency Alternative FeesContingency Alternative Fees• TechnologyTechnology
• FacilityFacility
• Telecommunications (voice/data)Telecommunications (voice/data)
Considerations Considerations
• SecuritySecurity– Secure critical file cabinetsSecure critical file cabinets
– Locking desksLocking desks
– Closing windows / doorsClosing windows / doors
• Most common disastersMost common disasters– Vulnerability/probability analysisVulnerability/probability analysis
Plan MethodologyPlan Methodology
Plan Methodology Plan Methodology
• Project InitiationProject Initiation
• Conduct Impact AnalysisConduct Impact Analysis
• Identify Continuity AlternativesIdentify Continuity Alternatives
• Review Internal Policies & ProceduresReview Internal Policies & Procedures
• Develop PlanDevelop Plan
Plan MethodologyPlan Methodology
• TestingTesting
• Incorporate Plan into Day-to-Day Incorporate Plan into Day-to-Day OperationsOperations
• TrainingTraining
• Plan MaintenancePlan Maintenance
Plan MethodologyPlan Methodology
• Project InitiationProject Initiation– Develop Project TeamDevelop Project Team
• Requires Project Team LeaderRequires Project Team Leader
• Cross-departmental participationCross-departmental participation– Allocate necessary resourcesAllocate necessary resources
– Obtain senior level buyoffObtain senior level buyoff
– Establish plan timetable and budgetEstablish plan timetable and budget
– Communicate mission Communicate mission
Plan MethodologyPlan Methodology
• Determine Vulnerability AnalysisDetermine Vulnerability Analysis
• Conduct Impact AnalysisConduct Impact Analysis– According to the Index for Disaster According to the Index for Disaster
Readiness 75% of companies surveyed do Readiness 75% of companies surveyed do not understand the financial impact not understand the financial impact associated with every key function in their associated with every key function in their organization.organization.
– Establish rating scaleEstablish rating scale
Sample of Sample of InterdependenciesInterdependencies
Membership
Meetings/ Education
FMS
PAC
AMSCommittee
Management
Products
Exhibits
HR
Business Processes Data Repositories
Personnel Tracking
FinancialReporting
UserData
Source
Plan MethodologyPlan Methodology
• Business Process / Function Checklist Business Process / Function Checklist geared towards Associationsgeared towards Associations– Dues ProcessingDues Processing
– Meeting/Education RegistrationMeeting/Education Registration
– Exhibition ManagementExhibition Management
– Product Fulfillment / Inventory TrackingProduct Fulfillment / Inventory Tracking
– Lobbying / GrassrootsLobbying / Grassroots
Plan MethodologyPlan Methodology
• Business Process / Function Business Process / Function Checklist geared towards Checklist geared towards AssociationsAssociations– PACPAC
– Regulatory Tracking Regulatory Tracking
– Committee ManagementCommittee Management
– Chapter RelationsChapter Relations
Plan MethodologyPlan Methodology
• Standard Business Process / Function Standard Business Process / Function ChecklistChecklist– PayrollPayroll
– Cash ReceiptsCash Receipts
– Accounts PayableAccounts Payable
– Financial ManagementFinancial Management
– Human ResourceHuman Resource
Plan MethodologyPlan Methodology
• Standard Business Process / Standard Business Process / Function ChecklistFunction Checklist– Communications / Public RelationsCommunications / Public Relations
– Marketing / SalesMarketing / Sales
– PurchasingPurchasing
– ITIT
Plan MethodologyPlan Methodology
• Continuity AlternativesContinuity Alternatives– Do nothing or suspend business processDo nothing or suspend business process
– Perform business processes manuallyPerform business processes manually
– Reciprocal agreementsReciprocal agreements
– Purchase warm/hot sitePurchase warm/hot site
– Use service bureauUse service bureau
– Utilize Internet technologies, where Utilize Internet technologies, where applicableapplicable
Plan MethodologyPlan Methodology
• Identify Continuity Alternatives for Identify Continuity Alternatives for each business processeach business process
• Establish Minimum Acceptable Establish Minimum Acceptable Recovery Configuration (MARC)Recovery Configuration (MARC)
Plan MethodologyPlan Methodology
• Review Internal Policies & ProceduresReview Internal Policies & Procedures– EvacuationEvacuation
• Floor monitorsFloor monitors
• Transportation for community-wide Transportation for community-wide evacuationevacuation
• Procedures to assist people with disabilitiesProcedures to assist people with disabilities
– FireFire
Plan MethodologyPlan Methodology
• Review Internal Policies & Review Internal Policies & ProceduresProcedures– SecuritySecurity
– InsuranceInsurance
– Employee ManualEmployee Manual
Plan MethodologyPlan Methodology
• Develop PlanDevelop Plan
– Reporting StructureReporting Structure
– Establish Emergency Response TeamsEstablish Emergency Response Teams
– Communication StrategyCommunication Strategy• InternalInternal
• ExternalExternal
– Business Process Restoration GuidelinesBusiness Process Restoration Guidelines
– Readiness TimelineReadiness Timeline
Plan Methodology Plan Methodology
• Incorporate Plan into Day-to-Day Incorporate Plan into Day-to-Day OperationsOperations– AccountingAccounting
– PersonnelPersonnel
– TechnologyTechnology
– Internal CommunicationsInternal Communications
– Operating ProceduresOperating Procedures
Plan MethodologyPlan Methodology
• TrainingTraining– Employee OrientationEmployee Orientation
– Periodic Educational WorkshopsPeriodic Educational Workshops
Plan Methodology Plan Methodology
• TestingTesting– Planned and UnplannedPlanned and Unplanned
• Table Top ExercisesTable Top Exercises
• Walk Through DrillWalk Through Drill
• Functional DrillFunctional Drill– Business Process specificBusiness Process specific
• Evacuation DrillEvacuation Drill
• Full Scale ExerciseFull Scale Exercise
Plan MethodologyPlan Methodology
• Plan MaintenancePlan Maintenance
– OngoingOngoing• Involve all levels of managementInvolve all levels of management
– Schedule Schedule • Periodic plan review and updatesPeriodic plan review and updates
– Review ConsiderationsReview Considerations• Does Plan reflect lessons learned from testingDoes Plan reflect lessons learned from testing
• Does Plan reflect changes in Business ProcessDoes Plan reflect changes in Business Process
• Does Plan include updated Call TreeDoes Plan include updated Call Tree
Plan Methodology Plan Methodology
• Plan MaintenancePlan Maintenance– Utilize unscheduled events to initiate Utilize unscheduled events to initiate
plan review and updatesplan review and updates• Technology UpgradesTechnology Upgrades
• Business Process ModificationsBusiness Process Modifications
• Personnel ChangesPersonnel Changes
• Facility ChangesFacility Changes
Plan ComponentsPlan Components
Plan ComponentsPlan Components
• Reporting StructureReporting Structure
• Emergency Response TeamsEmergency Response Teams
• Personnel Listing Personnel Listing
• Call TreeCall Tree
• Building / Floor BlueprintsBuilding / Floor Blueprints
Plan ComponentsPlan Components
• Polices & ProceduresPolices & Procedures
• Business Process Restoration Business Process Restoration GuidelinesGuidelines
• Existing TechnologiesExisting Technologies
Plan ComponentsPlan Components
• Reporting StructureReporting Structure
• Emergency Response TeamsEmergency Response Teams– Administrative TeamAdministrative Team
• Acts as command post for all disaster Acts as command post for all disaster activities. Makes major decisions. activities. Makes major decisions. Facilitates all information and provides Facilitates all information and provides direction. direction.
Plan ComponentsPlan Components
• Emergency Response TeamsEmergency Response Teams– Disaster Assessment/Restoration TeamDisaster Assessment/Restoration Team
• Evaluates extent of damage, determines Evaluates extent of damage, determines length of time facility will be unavailable, length of time facility will be unavailable, determines continuity alternative most determines continuity alternative most viable to situation.viable to situation.
– Communications TeamCommunications Team• Responsible for contacting all staff, press, Responsible for contacting all staff, press,
members, customers, etc.members, customers, etc.
Plan ComponentsPlan Components
• Emergency Response TeamsEmergency Response Teams– Operations/Support Services TeamOperations/Support Services Team
• Establishes facilities, desks, office supplies. Establishes facilities, desks, office supplies. Also can be used to secure lodging and Also can be used to secure lodging and transportation for staff as necessarytransportation for staff as necessary
– IT TeamIT Team• Manages technology (data and voice) Manages technology (data and voice)
reconstruction, computer usage and reconstruction, computer usage and coordinates alternative computing services.coordinates alternative computing services.
Plan ComponentsPlan Components
• Personnel Listing Personnel Listing – home address, phone, alternative home address, phone, alternative
contactcontact
• Call Tree Call Tree
• Building / Floor BlueprintsBuilding / Floor Blueprints
• Policies & ProceduresPolicies & Procedures
Plan ComponentsPlan Components
• Business Processes Restoration Business Processes Restoration GuidelinesGuidelines– Impact Analysis QuestionnaireImpact Analysis Questionnaire
– Business Process Contingency AlternativesBusiness Process Contingency Alternatives
• Existing TechnologiesExisting Technologies– Hardware Platform / Operating SystemHardware Platform / Operating System
– Software (with version releases/patches)Software (with version releases/patches)
Wrap UpWrap Up
• Questions & AnswersQuestions & Answers
• Thank YouThank You
Presented byPresented by
Information Technology Advisory Information Technology Advisory Group (ITAG)Group (ITAG)
www.ItagInfo.comwww.ItagInfo.comConsult@ItagInfo.comConsult@ItagInfo.com
Disaster Recovery/ Disaster Recovery/ Business Continuation Business Continuation
WorkshopWorkshopTHE END