Upload
garey-russell-knight
View
223
Download
0
Tags:
Embed Size (px)
Citation preview
RBTC:
Business Continuity 101
July 18, 2013
• What is Business Continuity?• Scenario Part 1• Why is BC important?• What types of plans are
needed?• How do you create them?• Scenario Part 2• Questions
Copyright CMS© 2011 CMS, Inc.
Business Continuity Defined
The ability of an organization to
ensure continuity of service, to
support its customers and to
maintain its viability before,
during and after an event.
Copyright CMS© 2011 CMS, Inc.
• Ensure continuity of time-critical business processes
• Safeguard corporate assets• Minimize effects of an
interruption• Train personnel to handle
emergency conditions
Purpose of Business Continuity
Copyright CMS© 2011 CMS, Inc.
Confidential 5
Respond vs. React
Copyright CMS© 2011 CMS, Inc.
• Hurricane Derick is powering through the coastal Carolinas.
• Significant impact is expected – Severe flooding– Power disruptions– Internet disruptions
• Storm will hit 2 a.m. on Saturday.
Scenario 1: How prepared are you?
Copyright CMS© 2011 CMS, Inc.
Pick a representative organization at your table.It is Thursday morning:• Based on what you know, would you recommend
activating your Emergency Management Team. Who would be on it?
• What are you top 2 priorities?• Do you have resources in place?
Scenario 1: What do you do now?
USE YOUR TIP CARD
Copyright CMS© 2011 CMS, Inc.
Exemplar Disruption Timeline
Emergency Response
ResumeBusiness(AlternateSite)
Vital Records
Transaction Backlog
ResumeBusiness(Home Site)
Systems & Applications Recovery Path
Business Unit Recovery Path
Telecommunications Recovery Path
Unplanned Interruption
OperatingSystemRestoration
Voice Network Restoration
BusinessUnitRelocation
Backlog/Data Synch
ApplicationRestoration
ManualOperations
DataNetworkRestoration
StandaloneSystemRestoration
Backlog/Data Synch
Why isBusiness
Continuity Important?
Copyright CMS© 2011 CMS, Inc.
Reason #1: Disasters really do occur
Copyright CMS© 2011 CMS, Inc.
• 43% of businesses that experience a disaster never reopen. 29% of such businesses close within two years, and businesses whose information systems fail due to a disaster lose, on average, 40% of daily revenues. (Contingency Planning & Management)
Reason #2 It’s good business
• Of those businesses that lost their records in a fire, 44% NEVER reopened their doors again, and 30% of those that DID reopen failed to survive beyond three years after the fire. (ARMA)
© 2011 CMS, Inc.
Costs of Downtime
Other Expenses
• Temporary employees• Equip rentals• Overtime
• Shipping• Travel• Legal obligations
Revenue • Direct Loss• Compensatory payments• Lost future revenue
• Billing losses• Investment losses
Financial Performance
• Revenue recognition• Cash flow• Lost discounts (A/P)
• Payment guarantees• Credit rating• Stock price
Productivity Number of employees affected x hours out x burdened hourly rate
Damaged Reputation
• Customers• Suppliers
• Financial markets• Business Partners
© 2011 CMS, Inc.
What Types of Plans are
Needed?
Copyright CMS© 2011 CMS, Inc.
-- Other (Legal, Secretary, CFO)
Disaster Recovery Plan
Life Safety Plan
-IT RecoveryTeam- HR Crisis Team
-Crisis Communications Team-Emergency Response
Team
Crisis Management Plan
Business Process
Recovery Plans
Four Types of Plans Used at Time of Disaster
Tells all staff what to do when specific emergency events happen
Identifies senior management
team’s roles and actions required
to mitigate the impact of crisis
Helps to ensure that essential business
processes continue following a disaster,
determines the “who, where, and when” of
recovery
Focuses on the recovery of IT systems based on business requirements
copy
© 2011 CMS, Inc.
What is the Process for
Creating Business Recovery Plans?
Copyright CMS© 2011 CMS, Inc.
Business Recovery Planning Overview
Understanding the organization
Exercising, maintenance
and review
Determining Recovery strategies
Developing and implementing a response plan
Create BCM Framework and Governance
Copyright CMS© 2011 CMS, Inc.
• Where do I go? What do I do today? What do I do in 3 days? What do tell my employees? Who is in charge?– Disaster Declaration Procedures– Emergency Evacuation Procedures– Detailed Task Lists over time (what to do on day 1, day 2, day 3 etc)– Notification Procedures – Contact information for all internal and external dependencies– Recovery locations (primary and secondary)– Team leaders and alternates– Manual workarounds and work procedures
• This may be the only document the Business Process Manager has at time of disaster
Elements of a BRP
Copyright CMS© 2011 CMS, Inc.
Your recovery strategy should not be a secret….
Copyright CMS© 2011 CMS, Inc.
• Storm stalls:– Severe flooding
(impact similar to the Flood of 1985)
– Rain expected for another two days
– High winds expected to die down by end of Sunday.
Scenario Update: Hurricane Derick +24 hrs
Copyright CMS© 2011 CMS, Inc.
• General infrastructure failure – public services off line.
• Most CRC buildings are uninhabitable. • Power substation in Blacksburg fails – Appalachian Power estimates 10 days until restoration.
• Gas shortage.
Scenario Update: Hurricane Derick +24 hrs
Copyright CMS© 2011 CMS, Inc.
Assume your building is unavailable, the power is off and your generators will not have enough gas to get through to Monday. Your EMT is already activated.• Based on what you know and what plans, procedures
and equipment you have in place right now:– Discuss the likely impact of the hurricane on your
business.– Discuss your top 2 priorities for recovery
• What was the most important thing you learned here today?
What to do?
Copyright CMS© 2011 CMS, Inc.
• Business Continuity Management is not rocket science
• Business Continuity Management is a process that mitigates and/or reduces risks
• This is not a project, but rather an on-going process that touches every part of the organization
• BCM requires the cooperation of all the lines of business
Key Take-Aways
Copyright CMS© 2011 CMS, Inc.
• Based on your experience in these exercises:– What worked about your plans?– What could have worked better?– What are some action items you’ll take back to
your team?
QUESTIONS?
What worked? What did not work?
Copyright CMS© 2011 CMS, Inc.
• Business Continuity Institute – thebci.org• DRII – drii.org• FEMA’s preparedness site – ready.gov
Helpful Information
Plans are of little importance, but planning is essential.
- Winston Churchill