Upload
sugar
View
56
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Disaster Recovery and Business Continuity Planning. Jane Holmes, CPP Director, US Payroll Meggitt USA. Title. Agenda. Disaster Recovery vs. Business Continuity Key Components to Disaster Recovery & Business Continuity Comprehensive - PowerPoint PPT Presentation
Citation preview
Jane Holmes, CPP Director, US Payroll
Meggitt USA
2
TitleAgenda
Disaster Recovery vs. Business Continuity Key Components to Disaster Recovery &
Business Continuity Comprehensive
Business Continuity Business Continuity Planning CycleBusiness Continuity Recovery PlanPayroll Business Continuity Recovery Plan
2
3
TitleDisaster Recovery vs. Business Continuity
Disaster Recovery focuses on the plan to reestablish operations by protecting the “Tools” of the business…
• Systems and Hardware • Data integrity and back-
up• Facilities and security• Data Flow• People resources and
documentation3
4
TitleDisaster Recovery vs. Business Continuity
Business Continuity keeps the business running during a disaster…
• Provides the location to perform work• Enables staff to resume work or provide for
substitutes• Enables systems and hardware to be
deployed or interim solutions placed in operation
• Completes the functions of the payroll department
4
5
TitleTypes of Disasters
Catastrophic climate or geological events
PandemicsFires, including arsonTerrorist attacks or
instances involving significant destruction of property
Labor walkouts or strikesSecurity breaches and
computer attacksSystem failures
5
6
TitleDisasters in the News
Australia/New Zealand Chile Japan East Coast Whiteout Mid-west Tornadoes &
Flooding Egypt Other political challenges
throughout Middle East and Africa
6
7
Title2011 Federal Disaster/Emergency Declarations
Winter Storms, Flooding, and Debris and Mud Flows CA, OR, UT, WA
Severe Winter Storm and Snowstorm CT, IL, MA, MO (2), NJ, NM, NY, ND, OK (2), WI
Severe Storms And Flooding IL, ME, MN, MT, NH, OH, OK, PA, VT (2)
Tsunami Wave Surge CA, HI, OR
Severe Storms, Tornadoes, and Flooding AR (2), KY (2), MN, MO, NC, TN
Severe Storms, Tornadoes, Straight-line Winds, & FloodingAL, GA, IN, KS, MS, NY, OK, TN (4)
Severe Storms, Tornadoes, and Straight-line Winds AL, IA, MA, MN, OK
Flooding IA, KS, LA, MS (2), MO, NE, ND (2), SD, TN
Flooding, Landsides, and Mudslides ID, PR, WY
Ice Jam and Flooding AK
Wildfires TX
Total Declared Disasters & Emergencies 69 (38 states & Puerto Rico)
http://www.fema.gov/news/disasters.fema?year=2011
Fire Management Assistance Declarations (85)AK, AZ (3), CO (3), FL, GA (4), KS, NE, NC, NM (8), OK (17), TX (43), VA (2)
7
Federal Disaster/Emergency Declarations thru July 2011
8
TitlePandemics - H1N1
April 2009 – Start of the H1N1 virus
Over 67 million cases reported thru 12/09
6/23/10 – CDC declares virus expired
8/10/10 – WHO declares global concern over
CDC & other health organizations believe there will be instances of flu for years to come
Survey of Fortune 200 companies report most have taken some action to prepare
8
9
TitleWhy It Is Important
to PlanDisruptions, even minor ones, can have
serious impactMissed or late payrolls• Potential federal, state, and local violations• Contractual breach – unions• Employee morale and productivity
Late third party paymentsLate tax and regulatory filingLate posting of General ledger data
9
10
TitleKey Components toDisaster Recovery
Create Comprehensive Recovery Plans
Identify communication vehicles and how they will be utilized
Involve Senior Leadership immediately
Establish government, civil authority, and private sector contacts before an event occurs
Ensure plan is communicated to team
10
11
TitleKey Components toDisaster Recovery
11
Emergency Management: Able to continue critical business processes within a predetermined period following a disaster or other business interruption
Continuity Planning: Able to resume normal business processes within a predetermined period following a disaster or other business interruption
12
TitleComprehensive
Business Continuity
12
Lead the enterprise in all aspects of emergency management as well as developing a comprehensive plan to respond to a crisis
INITIATE THEPROJECT
ANALYZE BUSINESS FUNCTIONS
DEVELOP STRATEGY AND MITIGATION
BUILD PLAN
TEST, EDUCATE, & MAINTAIN
Disaster Recovery Planning
Emergency Management
PREVENT____________
RESPOND____________
RECOVER____________
RESTORE____________
RESUME
13
TitlePayroll BusinessContinuity Team
13
Include functional subject matter experts and project management resources
BCT should include representatives from:
• Business Continuity (Lead)• Human Resources / Payroll• Benefits / Compensation• Legal / Public Affairs• Finance / Treasury• Communications• Operations
14
TitleRTO/RPO in Business Continuity
Planning
14
RTO (Recovery Time Objective) – Amount of time it takes to recover from a disaster event
• Payroll application failure recovery time drives solution and back up
• Be conservative - assume system is down the day before payroll runs – what do you need?
• Alternatives – file for check printing, paper check manual process, etc.
15
TitleRTO/RPO in Business Continuity
Planning
15
RPO (Recovery Point Objective) – The amount of data, measured in time, that can be lost in a disaster
• Consider if there is a means to reconstruct the lost data
• Need to look at what risks you will bear for the costs
16
TitleBusiness Impact
Analysis
16
Foundation for business continuity planning programs
• Identify departmental business processes and potential impacts due to an interruption
• Identify external resources that may impact your business
• Link these processes to the key functions necessary to support organization
17
TitleBusiness Impact
Analysis
17
Foundation for business continuity planning programs
• Determine Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs) based on their corresponding functions
• Realize the current state of recovery preparedness and established workarounds
• Evaluate recovery resource requirements
18
TitleRisk Assessment
Process
18
Interview senior management about enterprise risks and vulnerabilities
Conduct formal risk assessment survey with key employees
Score risk scenarios on probability and severity
Consider options for each scenario – mitigate, plan and accept
19
TitleBusiness Recovery
Strategy
19
Identify Business Functions, RTOs, & RPOs
Determine IT Network and System Requirements for current and future years
Design a Displacement StrategyEducate Business Units on roles and
responsibilities to build plansMaintain & Exercise Business Recovery
Plans
20
TitleBusiness ContinuityRecovery Scenarios
20
Disaster – Event which renders company’s facility unusable or inaccessible for a period of time estimated to exceed “xx” calendar days
Worst-Case Interruption – Company’s facilities are totally unusable or inaccessible and there is no salvageable equipment, data, documentation, etc.
21
TitleBusiness ContinuityRecovery Scenarios
21
Less-Severe Interruption – Ability to resume operations because of the plan identification structure for each time-sensitive operation, information system & support area
Localized Emergency – Equipment vendors & local utility companies able to replace computer & communications hardware & telephone circuits in “xx” calendar days
22
TitleBusiness Continuity
Recovery Components
22
Documentation Files – Business documentation and necessary files for resumption/recovery purposes are backed up and stored or located off-site and/or electronically imaged
Computer Files – Required to implement resumption of Mainframe, WAN & PC/LAN operating environments, and/or support time-sensitive business operations are backed up, & rotated & retained off-site for a pre-determined period of time
23
TitleBusiness Continuity
Recovery Components
23
Backup Storage Locations – Backup items for resumption/recovery stored on/off-site or quickly obtained or created from other identified sources
Internal and External Contacts – Information necessary to quickly complete internal/external contacts required during resumption is documented and maintained in plan
24
TitleBusiness Continuity
Recovery Components
24
Cloud Computing - Applications hosted by vendor in the “cloud” are accessed through the internet along with data files
25
TitleBusiness Continuity
Recovery Components
25
Resumption Time Frames – Time frame in which time-sensitive business operation and computer and application systems must be made current and available set by company at a maximum of “xx” calendar days
26
TitleBusiness Continuity RecoveryExternal Stakeholders
26
Bank for ACH filesTax authorities – federal, state, localBenefit providers – health, 401(k), etc.Third-party vendors – outsource
providersDistribution vendors – printing and
distributionUnion organizations
27
TitleBusiness Continuity RecoverySystem Interfaces
27
Time and attendance applicationPayroll application / ERPBenefits applicationAccounting systemBanking applicationTax applicationESS/MSS applicationData repository
28
TitleBusiness Continuity
Recovery Components
28
Communication devices to feed various forms of communications receipt
• Home/Cell Phone – off-duty and emergency response personnel (include “text” messaging)
• Work Phone – emergency response on duty• Pager – (alphanumeric/digital/voice) on-call personnel• Fax Machine – transmit forms/reports to remote
locations• Printer – document notification responses/reports
29
TitlePayroll Business ContinuityRecovery – In Action
29
Step 1 – Senior Payroll Mgmt meet at disaster recovery site to identify:
• Known impacts of disaster & determine action plan
• Expected timeline of displacement of employees & system outages
• Projected impacts to payroll processing
30
TitlePayroll Business ContinuityRecovery – In Action
30
Step 1 (cont.) – Senior Payroll Mgmt meet at disaster recovery site to identify:
• Availability of internal and external resources
• Establish communication channels & communicate plan to supervisors & activate phone tree
• Confirm available equipment and supplies
31
TitlePayroll Business ContinuityRecovery – In Action
31
Step 2 – Senior Payroll Mgmt and key payroll personnel establish alternate work area(s)
• Setup work spaces, resolve issues with equipment
• Create shift schedules and confirm staffing roles
• Set initial plan for following 2 weeks• Evaluate employee “assistance plan” needs• Confirm sufficient resources for those who will
work from home or alternate location
32
TitlePayroll Business ContinuityRecovery – In Action
32
Step 2 (cont.) – Senior Payroll Mgmt and key payroll personnel establish alternate work area(s)
• Prepare communication to employees and plan for updates
• Establish ongoing communication with employees and system support
Step 3 – Continue deployment as per plan
33
TitlePayroll Business ContinuityRecovery Planning
33
Building the plan• Create a Disaster Recovery Plan binder• Establish approval process to initiate all
security access to senior payroll operations• Include system support analysts on phone
tree • Define the risks and plan for mitigation and
response• Store off-site supplies critical to complete
payroll processing
34
TitlePayroll Business ContinuityRecovery Planning
34
Building the plan• Inventory and identify critical supplies and
equipment for payroll processing • Ensure your plan includes third-party
vendors and suppliers with points of contact
• Identify the three components of your operations – input, process, and output
35
TitleInput, Process, and Output
35
Input•Setting up employee income and deduction records
•Pay adjustments
•Time data
•Tax records
Process•Process data in application
•Validate payroll data
•Bank transfer processing
•Validate general ledger data
•Calculate gross to net
•Generate tax deposits and filing
Output•Checks/advices
•Third party payments
•Tax returns and payments
•Files for internal organizations
•Files for external organizations
•Reconciliations
•Reports (internal and external)
36
TitleWhat Makes an Effective Disaster Recovery Plan
36
Involve All the Pertinent GroupsMake an Assessment of Needs and
ResourcesPlan, Test and PlanCommunicate, Communicate and
CommunicateReview on a Regular Basis