Upload
erma
View
77
Download
0
Tags:
Embed Size (px)
DESCRIPTION
BCP/DRP Consultancy Project- An approach. By D V Ramamohan Global Head of IT Consultancy Practice 3i Infotech Ltd. Agenda. Overview of BCM- BCP/DRP ? Approach to Execution of BCP/DRP Assignments Interaction. What is BCM…………. - PowerPoint PPT Presentation
Citation preview
BCP/DRP Consultancy Project- An approach
By D V RamamohanGlobal Head of IT Consultancy Practice3i Infotech Ltd
2 - Confidential
AgendaAgenda
Overview of BCM- BCP/DRP ? Approach to Execution of BCP/DRP
Assignments Interaction
3 - Confidential
What is BCM…………..What is BCM…………..
Business Continuity Management is an holistic management process that identified potential impacts that threaten an organization and provides a framework for building resilience and capability for an effective response that safeguards the interest of its key stakeholders, reputation, brand and value creating activities.
Business continuity means maintaining the uninterrupted availability of all key business resources required to support essential business activities.
4 - Confidential
What is BCP/DRP?What is BCP/DRP?
The difference between business continuity and disaster recovery is not a ‚what' but a ‚whose'.
This holistic view of business continuity management differs from what many managers traditionally term Disaster Recovery Planning which has been closely, if not solely, associated with information technology. By changing the focus, the emphasis is placed on the whole business, not just on technology issues alone. This reinforces the concept of continuity of all key processes, extending beyond information technology systems, important though they are in modern business.
5 - Confidential
Threats to Availability
COMPONENT FAILURECOMPONENT FAILURECOMPONENT FAILURECOMPONENT FAILUREDATA CORRUPTIONDATA CORRUPTIONDATA CORRUPTIONDATA CORRUPTION APPLICATION FAILUREAPPLICATION FAILUREAPPLICATION FAILUREAPPLICATION FAILURE
MAINTENANCEMAINTENANCEMAINTENANCEMAINTENANCEUSER ERRORUSER ERRORUSER ERRORUSER ERROR SITE OUTAGESITE OUTAGESITE OUTAGESITE OUTAGE
Why BCP-DRP….
6 - Confidential
Goals of Disaster Recovery Planning
Disaster scenarios and Recovery Strategies:
1. “Building on fire / Shambles”
Alternate Site, Hot site vendor, Data vaulting
2. Facility stands inaccessible
Remote connectivity, tape libraries
3. Facility accessible, physical failure
Redundant systems, HW Vendor SLA’s
4. Facilitate & equip operational, logical failure
Standards, Documented procedures, security
7 - Confidential
Why DRP?.....Few statistics
Major disasters: 9/11attack, UK bombings, Flooding in Mumbai,
Earthquake in Indonesia Other statistics:
% of Hardware failure % of Operational errorCost per hour of downtime? - $ 78000Average incidents per hour? 9Hours per incidents? 4.2 hrs Downtime cost per year? $ 2,970,000
Source: Contingency Planning Research conducted on 450 fortune 1000 companies
(Research shows 80%)
8 - Confidential
Let us execute an DRP assignment…
9 - Confidential
What will be scope of workWhat will be scope of work
Subjects: IT Systems/Applications/Data Data Centre/Facilities/Services People
Technical/Functional: Disaster Recovery Strategy and Solutions Disaster Recovery Plan and Procedures Implementation Guidance to implement proposed
solutions Testing the Plan Training
10 - Confidential
What will be the deliverables….What will be the deliverables….
Business Impact Study Analysis and Risk Assessment Report
Disaster Recovery Strategy vis-à-vis Scenarios DR Solution Architecture DR Team Organization and Roles Disaster Recovery Plan and Procedures Setting up Disaster Recovery Site, if need be Test Plans/ Mock drills reports Maintenance Plan Training
11 - Confidential
What should be the Approach……..What should be the Approach……..Project Management Methodology:
Your own…. Kick off meeting Execution Closure meeting
Execution of assignment: Step one: Key IT Assets identification and RA Step two: Business impact analysis (BIA) Step three: Design continuity treatments Step four: Document the Plans Step Five: Implement continuity treatments Step Six: Test and maintain the plan Step Seven: Training
12 - Confidential
Step one: Key IT Assets identification and RA
13 - Confidential
Asset identification…
Obtain/inventory the key assets
Hardware
System Software
Applications
Data
People
Facilities/Services
Perform Risk Analysis
Qualitative
Quantitative
Judgemental
14 - Confidential
Risk Assessment and Management
Business Riks
Rating/RankingOf Risks
Level of Acceptable Risk
Identification of threats
Identification ofvulnerabilities
Asset IdentificationAnd valuations
Asset IdentificationAnd valuations
15 - Confidential
Step Two: Business Impact Analysis
16 - Confidential
Business Impact Analysis
Establish the Organization’s Recovery requirements
Requirements defined by Business Units
Identify and Define Critical Business Processes
Identify Systems
Identify Recovery Timeframes and Recovery
objectives for each process
IT Department’s involvement is the enabler for the Plan
17 - Confidential
Step Three: Design Continue treatments
18 - Confidential
Recovery objectives
Backup
Mirroring / Replication
Mins DaysHrsSecs WksDays MinsHrsWks Secs
Data LossData Loss(Recovery Point Objective)(Recovery Point Objective)
DowntimeDowntime(Recovery Time Objective)(Recovery Time Objective)
Restore from Tape
Clustering
Restore from Disk
Vaulting
19 - Confidential
Step Four: Document the plans
20 - Confidential
Document Plans
Organization of the Teams
Detailed Procedures – Technical & Manual Workarounds
Emergency Response Flow
Emergency Contact Lists
Crash Kits
21 - Confidential
BCP Team Organization
Business Continuity Committee(Management Authorization)
Execution TeamsExecution Teams
BCP Team Leader
BCP Spokesperson Internal Auditor
EmergencyAction Team
Damage Asst. &
Salvage Team
RelocationTeam
ITTeam
Admin,Security &
Support Team
OperationsTeam
22 - Confidential
Enterprise business process, people and technology
Environmental Management
Crisis Management
Knowledge Management
Human Management
Security and Privacy
Communications PR
Risk Management
Emergency Management
IT Disaster Recovery
Facility Management
Supply Chain Management
Health and Safety
Documentation should cover
23 - Confidential
Step Five: Implement Continue Treatments
24 - Confidential
Step six: Test/Exercise the plans
25 - Confidential
Test/Exercising the Plans
Controlled Test of Procedures
Structured Walkthroughs
Desktop Tests
Simulation Test
Partial Technical Tests
Full Scale Tests
Allows Management to understand:
Inaccuracies
Omissions
Apply Lessons Learned
Revise Procedures & Incorporate into the Plan
26 - Confidential
Step six: Training…
27 - Confidential
Training……….
Create Corporate Awareness of Developed Plans
Team needs to be made knowledgeable of their role
Training Primary & Alternates Contacts
Awareness on task handling (JD) for Team
“Management Support is Key for any BCP-DR Activity”
28 - Confidential
Few websites…
www.pas56.com Guide for BCM www.thebci.org for BC Guidelines www.bsi-global.com for BS25999
(Replacement of PAS 56) www.iso.org/iso/catalogue_detail?
csnumber=41532 for ISO/IEC 24762:2008
29 - Confidential
Interaction