Upload
jonathan-mclaughlin
View
219
Download
1
Tags:
Embed Size (px)
Citation preview
Copyright 2004 Turning Point Solutions
Establishing Lines Of Communication
Before a Crisis
Copyright 2004 Turning Point Solutions
Organizing & Developing The Plan
Establishing Lines Of Communication Before a Crisis
Copyright 2004 Turning Point Solutions
• Who Owns BCP In Your Organization?
• 43% - Information Technology• 33% - Corporate/General Management• 8% - Risk Management • 6% - Facilities Management• 5% - Information Security• 5% - Other
CPM/KPMG Study 2002
• 37% - Information Technology• 22% - BCP Department• 15% - Other • 12% - Risk Management• 7% - Security• 5% - Financial
Strohl Systems Survey May 2003
Statistics to Ponder
Copyright 2004 Turning Point Solutions
• What Is Executive Sponsor’s Title?
• 28% - Vice President• 23% - Other• 16% - CIO• 14% - CEO/President• 8% - Manager• 8% - CFO
Strohl Systems Survey May 2003
Statistics to Ponder
• Who Defines Recovery Strategies?
• 76% - Information Technology• 5% - CEO• 4% - Non-IT Management
Veritas Study 2003
Copyright 2004 Turning Point Solutions
Make Planning Part of an Organization-Wide Program
Obtain support at the highest levels of the organization
Develop a Organization-Wide approach to recovery planning & strategies
Organizing & Developing The Plan
Identify and Include External Support Teams In The Plan Organization(Municipal Agencies, Vendors, Suppliers, Tech Support Orgs)
Copyright 2004 Turning Point Solutions
Recovery requirements and strategies must include the business perspective
Organizing & Developing The Plan
Faculty & Administrative Units
Business Impact
Business Partners,
Students & Families
Work-In- Progress
Transaction Processing
Application & Desktop
Requirements
Functional Impact
Data Center
Processing Platform
Requirements
Data Storage Backup &
Requirements
Applications Requirements
Data Communications
Requirements
User Desktop Requirements
Recovery Time Objectives, Requirements, & Priorities
Copyright 2004 Turning Point Solutions
• Where is Your Plan Kept?
• 62% - The company's main data center• 20% - Company building away from data center • 15% - Off-site at a third party's secure location• 5% - Don’t Know
Veritas Study 2003
Statistics to Ponder
• What Does the Plan Cover?
• 23% - Do not cover all essential data center functions.• 20% - Include recovery of the desktop environment• 15% - include IT recovery for remote offices
Veritas Study 2003
Copyright 2004 Turning Point Solutions
Ensure that Facultative and Administrative Requirements are Identified and Communicated
IT Platform & Data Backup Requirements Review Data Backup and offsite Storage frequencies Establish Battleboxes and send them offsite Meet with IT to work recovery objectives and
Requirements Special Requirements/Protection for Research
Programs
Organizing & Developing The Plan
Student Requirements
Copyright 2004 Turning Point Solutions
Organizing Communications
Establishing Lines Of Communication Before a Crisis
Copyright 2004 Turning Point Solutions
• How Many Employees are involved in Plan Development & Maintenance?
• 48% - Less than 10• 29% - 10-50• 16% - More than 100• 11% - 50-100
Strohl Systems Survey May 2003
Statistics to Ponder
• Is the Employees DR/BCP Plan Awareness & Training Program Sufficient?
• 75% - No• 26% - Yes
CPM/KPMG Study 2002
Copyright 2004 Turning Point Solutions
• What Is the Extent of Your organization’s reliance on 3rd party service providers?
• 39% - Moderate Use• 35% - Minor Use • 20% - Significant Use• 6% - No use
CPM/KPMG Study 2002
Statistics to Ponder
• During Call Tree Tests only 60% of the primary people on call lists are successfully contacted
Composite of Actual Test Results TPS
Copyright 2004 Turning Point Solutions
Develop an Effective Internal & External Emergency Management Organization
Organizing Communications
Executive Emergency
Management Team
(Include: SVPs, etc)
Operations Emergency Management Team(Include: Facilities, Security, Key IT Support &
Key Faculty & Admin Owners)
External Recovery Support Teams
Incident Response Team (IRT)(Include: Facilities, Security, Key IT Support & Municipal
Authorities)
IT Support Recovery
Teams
Faculty & AdministrativeSupport Teams
Students &
Families
Copyright 2004 Turning Point Solutions
Identify the roles and requirements of all internal and external Groups involved
Identify 3rd party vendors supporting applications software and other critical IT components
Conduct recovery walkthroughs and tests with 3rd party support vendors
Include 3rd party vendor contact information in the emergency contact section of the plan
Examine SLAs for emergency response provisions
Organizing Communications
Copyright 2004 Turning Point Solutions
Ensure that systems and networking infrastructure recovery requirements and strategies are included
Identify dial access requirements
Establish network recovery strategies for remote offices, branches, vendor and customer links
Organizing Communications
Establish a conference bridge phone line to conduct assessment, decision making and status review meetings
Establish a Emergency Status Information line to publish recorded recovery status messages for staff and employees
Copyright 2004 Turning Point Solutions
Establish Connections with Emergency Management Agencies NEDRIX Notify MEMA ESF18
Organizing Communications
Establish Credentials to Identify Essential Employees CEAS/BNET-NE
(Boston Approved, State considering it, Cambridge just starting to organize)
Copyright 2004 Turning Point Solutions
Establish Connections with Local Media Provide names of contact person to keep on file
Organizing Communications
Establish 3 Emergency Operations Center locations One in the building One in building nearby One at recovery site
Copyright 2004 Turning Point Solutions
Maintaining & Testing The Plan
Establishing Lines Of Communication Before a Crisis
Copyright 2004 Turning Point Solutions
Maintaining & Testing The Plan
Establish policies and guidelines to foster a culture where recovery planning and plan maintenance are part of the standard process
Include DR planning review in the change control process and enforce it
Include DR planning/requirements expense in all project budgets
Include DR planning review in all business related projects (acquisitions, reorgs, new customers, etc.)
Include DR planning review in the systems development life cycle
Copyright 2004 Turning Point Solutions
Maintaining & Testing The Plan
Fostering a DR Planning Culture (continued)
Train the Auditors
Add DR planning objectives and responsibilities to job descriptions and performance appraisals
Copyright 2004 Turning Point Solutions
Maintaining & Testing The Plan
Promote awareness of the plan
Conduct annual internal seminars for business and IT teams to meet and learn facets of the plan
Make DR part of the standard ongoing tasks/projects review at all staff meetings and activity reports
Meet with marketing and public relations to relate selling points of the program
Include plan reviews in Staff meetings
Copyright 2004 Turning Point Solutions
• What About Testing? • 24% - Companies that do not test
• 34% - US Companies the do not test• 48% - Said they don’t have time
Veritas Study 2003
Statistics to Ponder
Copyright 2004 Turning Point Solutions
Maintaining & Testing The Plan
Make testing a continual program in all parts of the organization
Conduct integrated testing wherever possible
Include offsite storage inventory reviews as part of the testing program
Develop test schedules for all critical IT components
Include business units in testing
Make call tree tests part of the program
Copyright 2004 Turning Point Solutions
Maintaining & Testing The Plan
Testing (continued)
Expand testing objectives beyond the data center
Use plan testing as a means for training, validating and updating plans
Test to validate recoverability. Test reporting should identify results, issues and next steps.
Copyright 2004 Turning Point Solutions
Be Ready when opportunity comes.
Luck is the time when preparation and opportunity meet.
Roy D. Chapin Jr.
Copyright 2004 Turning Point Solutions
Questions??????????????