Rod_Young
-
Upload
jaygoswami -
Category
Documents
-
view
214 -
download
0
Transcript of Rod_Young
-
7/28/2019 Rod_Young
1/47
DISASTERS..
SUCCESS .
PRESENTATION TO ITU EMERGENCYCOMMUNICATIONS AND INFORMATION
20 FEBRUARY 2012
4X
3
BLUE
BETA
|TELPPTV4
ROD YOUNG
EMERGENCY RESPONSE MANAGERTELSTRA CORPORATION LIMITED
TELSTRA
TEMPLAT
ITU Presentation Bangkok | Rod Young| Feb 2012 |
TELSTRA IN CONFIDENCE
-
7/28/2019 Rod_Young
2/47
TELSTRA BUSINESS SNAPSHOT
Australias leading telecoms & information services company xe an mo e n ras ruc ure, pro uc s an servces, .
million fixed and 13.2 million mobile services
World class core IP network Next IP
Largest fully integrated IP network in the world, supportingxe wre ess
Sin le national WBB network Next G
Coverage to >2.1 M sq kms & >99% population(810,000 sq mi)
z spec rum, +,
DC- HSPA+ 42 Mbps* enabled. LTE launched in Sep 2011 an Australian first
High speed wireless backhaul to 95% pops of which 90% isGigabit Ethernet
ITU Presentation Bangkok | Rod Young| Feb 2012 |TELSTRA IN CONFIDENCE
Peak network downlink speed. ctual customer speeds are lower
-
7/28/2019 Rod_Young
3/47
3
-
7/28/2019 Rod_Young
4/47
BUSHFIRE
ITU Presentation Bangkok | Rod Young| Feb 2012 |TELSTRA IN CONFIDENCE
-
7/28/2019 Rod_Young
5/47
QUEENSLAND FLOODS 2011
ITU Presentation Bangkok | Rod Young| Feb 2012 |TELSTRA IN CONFIDENCE
-
7/28/2019 Rod_Young
6/47
QUEENSLAND FLOODS 2011
ITU Presentation Bangkok | Rod Young| Feb 2012 |TELSTRA IN CONFIDENCE
-
7/28/2019 Rod_Young
7/47
ITU Presentation Bangkok | Rod Young| Feb 2012 |
7PRESENTATION TITLE | PRESENTER NAME | DATE |
-
7/28/2019 Rod_Young
8/47
CYCLONE YASI FEB 2011
ITU Presentation Bangkok | Rod Young| Feb 2012 |TELSTRA IN CONFIDENCE
-
7/28/2019 Rod_Young
9/47
Bridgewater Exchange15 J an 2011
an
TELSTRA IN CONFIDENCE
-
7/28/2019 Rod_Young
10/47
NETWORK IMPACT:
BLACK SATURDAYSEVERE TC LARRY 06 VICTORIAN BUSHFIRES
09QLD FLOODS 11 SEVERE TC YASI 11
28,000 PSTN 8,000 PSTN 23,200 PSTN 94,000 PSTN
services impacted services impacted services impacted services impacted
40 mobile base 27 mobile base stations 159 mobile base stations 220 mobile base stations
3000 ADSLservices im acted 2700 ADSLservices im acted 13,600 ADSLservices im acted 32,000 ADSLservices im acted
190 network siteslost mains power
40 network siteslost mains power
375 network siteslost mains power
680 network siteslost mains power
40 portablegenerators deployed
53 portable generatorsdeployed
70 portable generatorsdeployed
110 portable generators
104 red zones 43 red zones 450 red zones 268 red zones
10
7 Missing
fumes
ITU Presentation Bangkok | Rod Young| Feb 2012 |TELSTRA IN CONFIDENCE
-
7/28/2019 Rod_Young
11/47
EMERGENCY
MANAGEMENTFRAMEWORK
: MANAGING DISRUPTION-RELATED RISK STANDARD
ITU Presentation Bangkok | Rod Young| Feb 2012 |TELSTRA IN CONFIDENCE
-
7/28/2019 Rod_Young
12/47
TELSTRAS BUSINESS RESILIENCE CONTEXT
nc enManagement
Resilience
pera onaResilience
Business
Continuity
Critical InfrastructureProtection
Risk Management
ITU Presentation Bangkok | Rod Young| Feb 2012 |TELSTRA IN CONFIDENCE
-
7/28/2019 Rod_Young
13/47
WHAT IS BUSINESS CONTINUITY
- BCM is a risk management discipline, which through the development ofstrategies, plans, and actions provides for the protection and alternativemodes of o eration for the essential rocesses which if interru ted brin
serious consequences to the business.
- e s ra s me o o ogy s rec e a ma or a verse even s a :
Have extreme or major impacts on the business
Require a planned and organised response.
-
There are a range of options that provide an appropriate level of BCMassurance to protect the related operational business objectives and,
Do nothing
Operational controls Business Continuity Plans
Crisis PlanITU Presentation Bangkok | Rod Young| Feb 2012 |
-
7/28/2019 Rod_Young
14/47
- The level of impact is commercially acceptable and no action is needed.
(2) Operational controls
- Proactive measures designed to prevent the occurrence and or mitigate the impact ofevents that eo ardise business continuit
-Can exist without a continuity plan for high frequency and relatively low impact eventsreferred to as operational outages. These controls include physical access restrictions,
(3) Business Continuity Plans- Document the procedures that provide protection to critical processes and alternative
modes of operation to ensure continuity of service
- Address extreme or ma or im act events that have a low fre uenc of occurrence.
(4) Crisis Plan
- Is activated when a major adverse event is elevated to crisis status or a crisis occurssuch as kidnap of staff or major financial loss
-Will focus on mana in the com an s re utation throu h effective communicationwith stakeholder groups.
ITU Presentation Bangkok | Rod Young| Feb 2012 |TELSTRA IN CONFIDENCE
-
7/28/2019 Rod_Young
15/47
PUTTING INTO CONTEXT
Very
CrisisPlans
g
Bus Continuit PlansHigh
MedRisk Treatments
.
15`LIKELIHOOD High
Low
-
7/28/2019 Rod_Young
16/47
TELSTRA BCM METHODOLOGY - 5 STAGES
12 Month Cycle
51 2 3 4Business Business Test &BusinessRiskContext ImpactAnalysis MaintainPlansAssessment
Threats to critical
parts of theEssential /Criticality of
processes and
Alternative strategies
to ensure an Business
omes
businessdetermined and risktreatments areimproved if
BusinessProcesses
dependencies isdetermined, as wellas the impact ofloss to Telstra
accep a e eve oservice identified,developed &
documented.
plans testedand
Ou
t necessary.identified. maintained
tputs
BCP TestingDocument
BusinessContinuity
Risk RegisterBIA & RA Report
BusinessImpact
Anal sis
BusinessContext
l
Oan
Worksheetocumen
ITU Presentation Bangkok | Rod Young| Feb 2012 |TELSTRA IN CONFIDENCE
-
7/28/2019 Rod_Young
17/47
STAGE 1 - BUSINESS CONTEXT
usines
Context
usines
Impact
Analysis
Risk
ssessme
usines
ontinuit
Plans
Test&
Maintain
t
The business environment in which the area conducts its
operations What are the major business objectives / deliverables?
What are the key performance indicators?
o are our ma or s a e o ers
Who are our key suppliers / vendors?
What are the markets served?
ITU Presentation Bangkok | Rod Young| Feb 2012 |TELSTRA IN CONFIDENCE
-
7/28/2019 Rod_Young
18/47
STAGE 1 - BUSINESS CONTEXT
Business
Context
Business
ImpactAnalysis
Risk
Assess-ment
Business
ContinuityPlans
Test &
Maintain
Outcome - Essential business processes & key dependencies requiringBusiness Impact Analysis identified
Corporate Criteria - Mandatory deliverables and supportingdocumentation for the Business Context stage 1
Outputs A document based on the corporate template, and endorsedby senior management.
ITU Presentation Bangkok | Rod Young| Feb 2012 |TELSTRA IN CONFIDENCE
-
7/28/2019 Rod_Young
19/47
STAGE 2 - BUSINESS IMPACT ANALYSIS
Business
Context
Business
ImpactAnalysis
Risk
Assess-ment
Business
ContinuityPlans
Test &
Maintain
What?
Analysis that establishes the potential impact on the business from amajor disruption to essential business processes and its keydependencies.
Why?
J ustifies the business continuity effort on the basis of impact.
Ranks processes and dependencies according to criticality. Establishes minimum acceptable service levels based on the impact
and duration of the failure.
ITU Presentation Bangkok | Rod Young| Feb 2012 |TELSTRA IN CONFIDENCE
STAGE 2 BUSINESS IMPACT ANALYSIS
-
7/28/2019 Rod_Young
20/47
STAGE 2 - BUSINESS IMPACT ANALYSIS
Business
Context
Business
ImpactAnalysis
Risk
Assess-ment
Business
ContinuityPlans
Test &
Maintain
How?
Part 1 - Process Impact Analysis
1. List key essential business processes identified in Stage 1
Determine the Maximum Allowable Outage (MAO) Determine Recovery Time Objective (RTO)
Determine the Worst Case Outage (WCO)
List impact from 1 to 5
ITU Presentation Bangkok | Rod Young| Feb 2012 |TELSTRA IN CONFIDENCE
STAGE 2 BUSINESS IMPACT ANALYSIS
-
7/28/2019 Rod_Young
21/47
STAGE 2 - BUSINESS IMPACT ANALYSIS
Business
Context
Business
ImpactAnalysis
Risk
Assess-ment
Business
ContinuityPlans
Test &
Maintain
How?
ar epen ency mpac na ys s
Identif the ke de endencies for rocesses with a Severe (4) or Extreme(5) impact.
Creation of BIA worksheets
ITU Presentation Bangkok | Rod Young| Feb 2012 |TELSTRA IN CONFIDENCE
-
7/28/2019 Rod_Young
22/47
STAGE 3 RISK ASSESSMENT
-
7/28/2019 Rod_Young
23/47
STAGE 3 - RISK ASSESSMENT
Business
Context
Business
ImpactAnalysis
Risk
Assess-ment
BusinessContinuity
Plans
Test &
Maintain
What?
ssessment to un erstan t e r s s an t e us ness exposure, an toassess the adequacy of risk treatments.
that were classified with a 4 or 5 impact rating in the BIA Stage 2.
To determine if appropriate treatment mechanisms and strategies are inlace to mana e those risks to the business.
To establish whether tighter risk treatments are required to reduce thethreat likelihood and impact.
ITU Presentation Bangkok | Rod Young| Feb 2012 |TELSTRA IN CONFIDENCE
STAGE 3 RISK ASSESSMENT
-
7/28/2019 Rod_Young
24/47
STAGE 3 - RISK ASSESSMENT
Business
Context
Business
ImpactAnalysis
Risk
Assess-ment
BusinessContinuity
Plans
Test &
Maintain
How?
1. Risk Identification - Identify risks to critical dependencies
. -impacting the dependencies, which in turn determine the risk exposure.
3. Risk Evaluation Are any additional treatments required to mitigate therisks.
4. Risk Treatments - Develop strategies where risk exposure isunacceptable.
ITU Presentation Bangkok | Rod Young| Feb 2012 |TELSTRA IN CONFIDENCE
STAGE 3 RISK ASSESSMENT
-
7/28/2019 Rod_Young
25/47
STAGE 3 - RISK ASSESSMENT
Business
Context
Business
ImpactAnalysis
Risk
Assess-ment
BusinessContinuity
Plans
Test &
Maintain
Risk Identif ication Examples of risks to Business Continuity
Supply chain interruptions
Employee / third party malicious acts
Business risks industrial disputes, downsizing
Technology risks (major network, computer)
.ITU Presentation Bangkok | Rod Young| Feb 2012 |TELSTRA IN CONFIDENCE
STAGE 3 RISK ASSESSMENT
-
7/28/2019 Rod_Young
26/47
STAGE 3 - RISK ASSESSMENT
Business
Context
Business
ImpactAnalysis
Risk
Assess-ment
BusinessContinuity
Plans
Test &
Maintain
Current Risk Analysis What is the likelihood of the risk?
.ITU Presentation Bangkok | Rod Young| Feb 2012 |TELSTRA IN CONFIDENCE
STAGE 3 RISK ASSESSMENT
-
7/28/2019 Rod_Young
27/47
STAGE 3 - RISK ASSESSMENT
Business
Context
BusinessImpact
Analysis
RiskAssess-
ment
BusinessContinuity
Plans
Test &
Maintain
Current Risk Analysis By identifying the likelihood of the risk, and understanding the consequence, the risk
exposure can be determined.
.ITU Presentation Bangkok | Rod Young| Feb 2012 |TELSTRA IN CONFIDENCE
STAGE 3 - RISK ASSESSMENT
-
7/28/2019 Rod_Young
28/47
STAGE 3 - RISK ASSESSMENT
Business
Context
BusinessImpact
Analysis
RiskAssess-
ment
BusinessContinuity
Plans
Test &
Maintain
Effective vendor management, multiple vendor contracts
Documented operating standards and procedures Staff with relevant experience
Physical and logical security
rus pro ec on
Backup of data Evacuation lans
Available cash reserves
.ITU Presentation Bangkok | Rod Young| Feb 2012 |TELSTRA IN CONFIDENCE
STAGE 4 - BUSINESS CONTINUITY PLANS (BCP)
-
7/28/2019 Rod_Young
29/47
STAGE 4 BUSINESS CONTINUITY PLANS (BCP)
Business
Context
BusinessImpact
Analysis
RiskAssess-
ment
BusinessContinuity
Plans
Test &
Maintain
What are BCPs?
BCPs are documents that guide the actions to be taken:
Prior to,
During andFollowing an adverse event.
Ensuring acceptable levels of service,Recoverin business continuit ca abilit
What needs to be communicated and to whom
ITU Presentation Bangkok | Rod Young| Feb 2012 |TELSTRA IN CONFIDENCE
STAGE 4 - BUSINESS CONTINUITY PLANS
-
7/28/2019 Rod_Young
30/47
STAGE 4 BUSINESS CONTINUITY PLANS
Business
Context
BusinessImpact
Analysis
RiskAssess-
ment
BusinessContinuity
Plans
Test &
Maintain
How?1. Select a BCP team
2. Identify Trigger Scenarios
For loss of dependencies (with a 4 or 5 impact rating in the BIA).
3. Develop alternate workaround strategies
4. Prepare plans Document the alternate strategy in a Business Continuity Plan and
procedural documents and assign responsibility for requiredactions
ITU Presentation Bangkok | Rod Young| Feb 2012 |TELSTRA IN CONFIDENCE
STAGE 4 - BUSINESS CONTINUITY PLANS
-
7/28/2019 Rod_Young
31/47
STAGE 4 BUSINESS CONTINUITY PLANS
Business
Context
BusinessImpact
Analysis
RiskAssess-
ment
BusinessContinuity
Plans
Test &
Maintain
Business Continuity Team Responsibilit ies
The Business Continuity team is responsible for:
Maintaining procedures and contact lists
Testin the lans abilit to achieve service levels
Actioning the plan when required
ITU Presentation Bangkok | Rod Young| Feb 2012 |TELSTRA IN CONFIDENCE
STAGE 4 - BUSINESS CONTINUITY PLANS
-
7/28/2019 Rod_Young
32/47
Business
Context
BusinessImpact
Analysis
RiskAssess-
ment
BusinessContinuity
Plans
Test &
Maintain
Develop Continuity Strategies The 5 Rs
ITU Presentation Bangkok | Rod Young| Feb 2012 |TELSTRA IN CONFIDENCE
STAGE 4 - BUSINESS CONTINUITY PLANS
-
7/28/2019 Rod_Young
33/47
Business
Context
BusinessImpact
Analysis
RiskAssess-
ment
BusinessContinuity
Plans
Test &
Maintain
procedures into the BCP template ensuring the steps clearly describe:
What has to be done Who does what (role / responsibility, awareness)
When it has to be done (MAO, timeframes)
Escalation procedures References to supporting documentation
ITU Presentation Bangkok | Rod Young| Feb 2012 |TELSTRA IN CONFIDENCE
STAGE 4 - BUSINESS CONTINUITY PLANS
-
7/28/2019 Rod_Young
34/47
Business
Context
BusinessImpact
Analysis
RiskAssess-
ment
BusinessContinuity
Plans
Test &
Maintain
Prepare Plans Alternative Sites
Specify details of arrangements in place for any alternate sites to be utilisedas part of a workaround strategy.
An alternate site on permanent standby
Suitable workgroups at alternate sites that may be able totemporarily accommodate staff
Details of procedures for accommodation requests.
ITU Presentation Bangkok | Rod Young| Feb 2012 |TELSTRA IN CONFIDENCE
-
7/28/2019 Rod_Young
35/47
STAGE 4 - BUSINESS CONTINUITY PLANS
-
7/28/2019 Rod_Young
36/47
Business
Context
BusinessImpact
Analysis
RiskAssess-
ment
BusinessContinuity
Plans
Test &
Maintain
Prepare Plans Contacts
In the event of a major disaster contacting relevant people will be essential to
ensuring an organised and co-ordinated effort.
Contact lists need to be kept up to date & should include contacts for:
Continuity Team Members / alternates Stakeholders
Staff (after hours details)
ITU Presentation Bangkok | Rod Young| Feb 2012 |TELSTRA IN CONFIDENCE
STAGE 4 - BUSINESS CONTINUITY PLANS
-
7/28/2019 Rod_Young
37/47
Business
Context
BusinessImpact
Analysis
RiskAssess-
ment
BusinessContinuity
Plans
Test &
Maintain
Workaround strategies documented in continuity plans to ensure aprepared response occurs during a major adverse event
Corporate Criteria
Mandatory deliverables and supporting documentation the BCP stagecorporate criteria document
Outputs A BCP based in the corporate template
Plan Administration
System)
ITU Presentation Bangkok | Rod Young| Feb 2012 |TELSTRA IN CONFIDENCE
STAGE 5 -TEST & MAINTAIN
-
7/28/2019 Rod_Young
38/47
Business
Context
BusinessImpact
Analysis
RiskAssess-
ment
BusinessContinuity
Plans
Test &
Maintain
What is BCP Maintenance? A regular review process to ensure that changes in the business
environment are reflected in the Plan (6 monthly)
a s a es
An interactive exercise that validates the Plan, and assists inidentif in o ortunities to further develo and stren then the Planand the team that supports it (12 monthly)
ITU Presentation Bangkok | Rod Young| Feb 2012 |TELSTRA IN CONFIDENCE
STAGE 5 -TEST & MAINTAIN
-
7/28/2019 Rod_Young
39/47
Business
Context
BusinessImpact
Analysis
RiskAssess-
ment
BusinessContinuity
Plans
Test &
Maintain
Why do BCPs require ongoing maintenance?
Organisation restructures may impact business processes
Personnel - a loss of key personnel may impact the composition of youreams an con ac s s
Technology - new systems may change the way things are done
Vendors may change due to end of contract Suppliers may change the level of service support.
ITU Presentation Bangkok | Rod Young| Feb 2012 |TELSTRA IN CONFIDENCE
STAGE 5 - TEST & MAINTAIN
-
7/28/2019 Rod_Young
40/47
Business
Context
BusinessImpact
Analysis
RiskAssess-
ment
BusinessContinuity
Plans
Test &
Maintain
ypes o es sWalkthrou h - Subect-matter ex erts stakeholders res onse team
members and a representative from the business area managementread through the plan to assess its effectiveness.
Simulation - Continuity Plan team members perform the tasks documentedin the plan simulating as close as possible the environment that wouldexist during the actual event.
- considered as meeting the test requirement.
ITU Presentation Bangkok | Rod Young| Feb 2012 |TELSTRA IN CONFIDENCE
STAGE 5 -TEST & MAINTAIN
-
7/28/2019 Rod_Young
41/47
Business
Context
BusinessImpact
Analysis
RiskAssess-
ment
BusinessContinuity
Plans
Test &
Maintain
Developing an Impact Scenario
Returning from lunch .
Building has been evacuated
What happens next?
What do you do?
ere o you go
Who do you notify?
When will you be able to get back in?
ITU Presentation Bangkok | Rod Young| Feb 2012 |TELSTRA IN CONFIDENCE
STAGE 5 -TEST & MAINTAIN
-
7/28/2019 Rod_Young
42/47
Business
Context
BusinessImpact
Analysis
RiskAssess-
ment
BusinessContinuity
Plans
Test &
Maintain
Testing Stages After
Validate test outcomes Has it met objectives?
Do the procedures work?
What problems had to be handled that were not anticipated?
a cou e one eren y o mnmse us ness srup on
Review test results & document in Testing template worksheet
Change BCP as required
ITU Presentation Bangkok | Rod Young| Feb 2012 |TELSTRA IN CONFIDENCE
TELSTRA ESLOS
-
7/28/2019 Rod_Young
43/47
VISIT AN INCIDENT CONTROL CENTRE
ITU Presentation Bangkok | Rod Young| Feb 2012 |TELSTRA IN CONFIDENCE
ESLO CONFERENCE 2011
-
7/28/2019 Rod_Young
44/47
ITU Presentation Bangkok | Rod Young| Feb 2012 |TELSTRA IN CONFIDENCE
VICTORIA POLICE STATE EMERGENCY
-
7/28/2019 Rod_Young
45/47
ITU Presentation Bangkok | Rod Young| Feb 2012 |TELSTRA IN CONFIDENCE
TELSTRA BCM METHODOLOGY - 5 STAGES
-
7/28/2019 Rod_Young
46/47
12 Month Cycle
51 2 3 4Business Business Test &BusinessRiskContext Impact
AnalysisMaintain
PlansAssessment
Threats to critical
parts of the
Essential / Criticality of
processes and
Alternative strategies
to ensure an
Business
omes
businessdetermined and risktreatments areimproved if
BusinessProcesses
dependencies isdetermined, as wellas the impact ofloss to Telstra
accep a e eve oservice identified,developed &
documented.
plans testedand
O
ut necessary.identified. maintained
tputs
BCP TestingDocument
BusinessContinuity
Risk RegisterBIA & RA Report
BusinessImpactAnal sis
BusinessContext
l
O
anWorksheetocumen
ITU Presentation Bangkok | Rod Young| Feb 2012 |TELSTRA IN CONFIDENCE
STAGE 1- BUSINESS CONTEXT
-
7/28/2019 Rod_Young
47/47
Business
Context
BusinessImpact
Analysis
RiskAssess-
ment
BusinessContinuity
Plans
Test &
Maintain
Essential functions
and processes
supporting key
business
objectives
ITU Presentation Bangkok | Rod Young| Feb 2012 |TELSTRA IN CONFIDENCE