Business Continuity / Disaster Recovery from a Business Perspective Dan Esser, CBCP, FLMI 109...
-
Upload
carson-seddon -
Category
Documents
-
view
212 -
download
0
Transcript of Business Continuity / Disaster Recovery from a Business Perspective Dan Esser, CBCP, FLMI 109...
Business Continuity / Disaster Recovery from a
Business Perspective
Dan Esser, CBCP, FLMI109 Haywood Ct.
Columbia, MO 65203573-234-2948
2
Not just Computer Back-Up
• IT functionality - limited usefulness if the rest of the business is not present.
• Today’s primary discussion - non-IT functionality.
3
What you get to take with you
• An overview of BCP Structure and Techniques.
• A set of questions you can ask in your business to help you gauge preparedness.
• Some Tools and Resources that may be useful.
4
Disaster Fact
• Out of every FIVE businesses that suffer a major disaster,
• TWO will never reopen and
• A THIRD will fail within 2 years.
[DRI International]
5
BCP Like Life Insurance?
• Uses up resources.
• Only pays off if something bad happens.
• Costs every year - Never Finished
6
Kinds of Risks / Dangers
• Natural
• Proximity
• People
• Environmental
7
Natural Risks
• Earth
• Wind
• Fire
• Water
8
Proximity Risks
• Government Buildings
• Airports / Heliports
• Industries using Chemicals or Flammables
• Trains
• Highways
9
Risks from People
• Disease
• Bomb Threats
• Workplace Violence
• Cyber Attacks
10
Environmental Risks
• Asbestos
• PCB’s
• Mold / Sick Building Syndrome
• Piled up Paper
• Ongoing Construction
11
BCP as Advance Planning
• Business Continuity Planning is at least
partially the art of making all the decisions
that can be made in advance of a disaster.
12
BCP - Four Major Components
BIA
Life/Safety
DepartmentalRecovery
EM & R
13
BCP - Four Major Components
Life/SafetyPlan
14
BCP - Four Major Components
Business Impact Analysis
15
BCP - Four Major Components
Emergency Management & Response
16
BCP - Four Major Components
DepartmentalRecovery
17
RTO’s, RPO’s & Declaration
Disaster Event
Disaster Declaration
Department RTO
Info Tech RTO
Reconstruct WIP & Lost
Stockpiled Transaction Input
Normal Business Activities
Catch-up Processing
GAP
Pre-Processing Opportunity
18
How Important is Information Technology?
• If you can only afford to protect one thing in your business, protect your data. You will not recover without it.
• Just don't expect that alone to save you from a disaster.
19
Functionality is the Issue
• A business must regain process functionality.
• Computers are just a tool.
• They make things faster, but they are not the business.
20
Scenario
• You are a Progressive Organization.
• Your Data is Backed up and Off Site - Daily.
• You can Recover from any Disaster that Dares to hit you.
21
Scenario
• You are a Progressive Organization.
• Your Data is Backed up and Off Site - Daily.
• You can Recover from any Disaster that Dares to hit you.
NOTNOT
22
Scenario - 2
• A disaster event – fire, flood, anthrax,
something – has made your primary
business location unusable, either
permanently, or for a long time…
23
Good News - Maybe
• You already have the answers.
• Here are some of the questions to assist
your planning process.
24
Management Organization
• Where is the default meeting place for
senior managers if telephones are
unavailable?
• Is there a succession plan if several senior
managers are killed in the disaster?
25
Management Organization
• Who would face the media and regulatory authorities?
• Is he or she prepared to do so?
• Is there a backup person?
• Do all others know to NOT talk to the media?
26
Management Organization
• How many days can the company be
completely “down” before serious business
repercussions are inevitable? (loss of
customers, employees, regulatory
intervention)
27
Notification
• How would you contact employees,
suppliers, key customers, etc. without
access to your business records?
28
Infrastructure
• How much space would you need and how quickly could it be acquired?
• What space is available today in your city?
• Who is in charge of office layout, furniture, wiring, etc. …and who backs them up if they are made unavailable by the disaster?
29
Resource Requirements
• Who has purchasing authority? • Who is the purchasing backup?• How quickly would the company need
replacement resources? Day 1, day 3, etc.? – Do you know where to get those resources in
the quantities you need on a rush basis?– Have you ever tested whether or not those
suppliers can deliver on a rush basis?
30
Resource Requirements
• What custom documents and forms does the
company have where the entire supply is on
site? (checks, envelopes, letterhead,
invoices)
31
Advance Agreements
• Who is in charge of liaison with fire, police
or other emergency authorities?
• Who is his/her backup?
– Have you met with those authorities to
determine their protocols in emergencies and
establish a liaison relationship with them?
32
Advance Agreements
• Does the company have arrangements with its telephone carrier to place messages on inbound lines until they can be answered? – What messages will you use?
– Who will the telephone carrier recognize as having the authority to institute them or make changes?
33
Emergency Operations
• How would the company go about setting
up an Emergency Operations Center?
• Who would staff the EOC?
• Do you have EOC supplies already off site?
(Sample list in packet)
34
Emergency Operations
• Which critical business functions need to be up and running first?– How long can functions be down before the
company incurs regulatory scrutiny and penalties?
– How long can functions be down before customers abandon you for another supplier?
– What can you do to mitigate this?
35
Financial Preparation
• Are emergency lines of credit in place and
the authority to access them clearly
delineated?
• Does the company have arrangements with
its bank(s) to continue repetitive payments
for a short time?
36
Financial Preparation
• Are corporate accounting records and
processes backed up and documented off
site? (Key people may not be available
after a disaster.)
• Does the company have manual
disbursement procedures?
37
Salvage
• Did you know that wet records could be
freeze-dried and often saved?
• Do you have an agreement with someone
who does that kind of work?
• Do you know who does that kind of work?
(See list at end)
38
Salvage
• Information from hard drives of smoke or
water damaged PC’s can also be retrieved
by experts.
39
• Mail handling operations are often
overlooked. What would the company do
about lost mail, both incoming and
outgoing?
• Is there a plan to get mail flowing in an
orderly fashion after a disaster?
40
Security
• How easy is it for a non-employee to get
into your office today?
• How would you maintain security at your
primary site until salvage could be carried
out?
41
Departmental Readiness
• Who is the recovery coordinator for each
department and what preparations have they
made?
• What are those things that each department
needs that may be “below the radar” of
corporate planners and not easily obtainable?
42
Departmental Readiness
• Have the departments taken any steps to
safeguard those things? – Every Department
should consider what kind of problems an
“off-site box” at a remote storage facility
could save them.
43
Departmental Readiness
• Has each department determined how to
recover work-in-progress?
• Does each department know what resources
it requires to resume business operations?
(How many computers, desks, chairs, file
cabinets, fax machines, printers, copiers,
phones, etc.?)
44
Departmental Readiness
• How quickly would each Department need
replacement resources? How much on day
1, day 3, day 5, etc.? (This is how you
build the company list.)
45
Departmental Technology
• Is the operating department responsible for
replacing desktop technology or is IT?
Does everyone understand that?
• Have you written into your plan the
minimum hardware/software configuration
you require for desktop workstations?
46
Resources
• For Clean Up / Restoration– BMS Catastrophe – (www.bmscat.com)
– ServiceMaster (www.servicemasterclean.com/)
• Mobile Office Space / Data Centers / Equipment– Agility Recovery Solutions (www.agilityrecovery.com)
– Sungard (www.sungard.com)
– Rental Systems (www.rentsys.com)
47
Resources
• Business Continuity Education and Certification– DRI International (www.drii.org)
• Professional Journals – Articles and links to vendors– Disaster Recovery Journal (www.drj.com)
– Contingency Planning & Management (www.contingencyplanning.com)
48
Resources
• Workplace Violence Resources– Occupational Safety & Health Administration
(http://www.osha.gov/SLTC/workplaceviolence/)
– National Institute for Occupational Safety and Health (http://www.cdc.gov/niosh/violcont.html)
– Minnesota Department of Labor & Industry – Workplace Violence Prevention Resources (http://www.doli.state.mn.us/violence.html)
– USDA Handbook on Workplace Violence Prevention and Response (http://www.usda.gov/news/pubs/violence/wpv.htm)