Upload
william-strickland
View
22
Download
1
Tags:
Embed Size (px)
DESCRIPTION
Disaster Recovery versus Continuity of Operations. “Disaster recovery” is the process by which you resume business in the short term after a disruptive event. - PowerPoint PPT Presentation
Citation preview
Disaster Recovery versus Continuity of Operations
“Disaster recovery” is the process by which you resume business in the short term after a disruptive event.
"Business continuity planning" is a more comprehensive approach to making sure the organization continues to keep operating and making money.
Disaster recovery could be considered a sub-part of continuity of operations.
Both apply across a range from an earthquake to a computer virus attack.
Business continuity actions
Mitigation: Something done to reduce the likelihood of occurrence and the severity of the loss
Avoidance: Actions taken to eliminate the event from occurring
Transference: Shift the risk to a third party
Federal Government Continuity of Operations Plan (COOP)
FPC-65 describes the planning considerations and requirements for COOP plans.
FPC-65 requires that all Federal Executive Branch agencies must:
Be capable of implementing their COOP plans with and without warning.
Be operational not later than 12 hours after activation. Be capable of maintaining sustained operations for up to 30 days. Include regularly scheduled testing, training, and exercising of
personnel, equipment, systems, processes, and procedures used to support the agency during a COOP event.
Provide for a regular risk analysis of current alternate operating facilities.
Locate alternate facilities in areas where the ability to initiate, maintain, and terminate COOP is optimal.
Take advantage of existing agency field infrastructures and give consideration to other options, such as telecommuting, work-at-home, and shared facilities.
Business Continuity Plans
Plans that enable your company to operate at possibly reduced levels during and immediately following a disaster.
Steps in Planning
To build a disaster recovery plan, the following steps should be taken: Identify critical assets Identify risks to the assets Determine the likelihood of the threat
and reduce it Steps to minimize damage Response actions
Contingency Plan Coordination
Designated person to coordinate the contingency plan
Adequate knowledge and knowledge to implement the plan
Select a team to develop and implement the plan Finance Legal Safety Production Administration
Business Impact Analysis
A business impact analysis (BIA) is the first step in developing a BCP. It should include:
Identification of the potential impact of uncontrolled, non-specific events on the institution's business processes and its customers;
Consideration of all departments and business functions, not just data processing; and
Estimation of maximum allowable downtime and acceptable levels of data, operations, and financial losses.
Business Impact Analysis
As part of a disaster recovery plan, BIA is likely to identify costs linked to failures, such as loss of cash flow, replacement of equipment, salaries paid to catch up with a backlog of work, loss of profits, and so on.
A BIA report quantifies the importance of business components and suggests appropriate fund allocation for measures to protect them.
The possibilities of failures are likely to be assessed in terms of their impacts on safety, finances, marketing, legal compliance, and quality assurance.
Risk Assessment
Combined likelihood and severity of the event
Tangible losses Costs that can be readily quantified
Lost productivity Lost income Extra expenses Property damage
Intangible losses Costs related to the event but hard to quantify
Lost business opportunities Damaged reputation
Examples of Risk Assessments
Tornadoes Earthquakes Thunderstorms Snows Extreme thunderstorms Hurricanes Floods
Potential Manmade Risks
Maps of hazardous materials routes Locations of hazardous facilities Pipelines Railroads Dams Rivers
Facility Risks
Electricity Telephones Water Climate control Data networks Structural
Security Risks
Workplace violence Bomb threats Physical security of property Sabotage Intellectual property thefts
Medical Threats
Illness Deaths Serious accidents
Factors that can Affect Risks
Time of day Day of the week Location
COOP Elements
Elements that make a COOP plan viable, include: Essential functions. Delegations of authority. Succession planning. Alternate facilities. Interoperable communications. Vital records and databases. Human capital. Testing, training, and exercise program. Plans for devolution and reconstitution.
COOP Plans
COOP planning objectives include: Ensuring continued performance of essential
functions. Reducing loss of life and minimizing damage. Ensuring succession to office of key leaders. Reducing or mitigating disruptions to
operations. Protecting essential assets. Achieving a timely recovery and reconstitution. Maintaining a test, training, and exercise
program for program validation.
FEMA’s COOP Elements
Elements that make a COOP plan viable, include: Essential functions Delegations of authority Succession planning Alternate facilities, communication
systems Vital records and databases A test, training, and exercise program Plans for devolution and reconstitution
Essential Functions
Essential functions are those functions that allow the organization to provide vital services
Essential functions are those functions which must continue to be provided without interruption
Delegations of Authority
Delegations should be predetermined and documented in writing. They should state explicitly: What authorities are delegated. To whom. Exceptions to the successor’s authority
to redelegate. Limitations on the delegated authority.
Succession Planning
Order of Succession provides an orderly transition of power in the event of an emergency
Orders of succession should be established management, supervisors, etc. who are responsible for performing essential functions
Alternate Facilities, Communications
In the event of a disaster, arrangements for alternate facilities should be identified beforehand
Arrangements should be made ahead of time to ensure communication systems can be brought back up and operational with limited interruptions
Vital Records
In the event of a disaster, loss of data and loss of records may occur
Provisions and procedures should be made in advance to ensure back up copies are made and available
Examples of these records include legal records, financial records, etc.
Tests
From a COOP perspective, tests are an excellent way to evaluate functions such as: Communications connectivities. Alert and notification procedures. Deployment procedures.
Training
Training is instruction in core competencies and skills and is the principal means by which individuals achieve a level of proficiency
Provides the tools needed to accomplish a goal, meet program requirements, or acquire a specified capability.
Training encompasses a range of activities, each intended to provide information and refine skills.
Exercises
Exercises are events that allow participants to apply their skills and knowledge to improve operational readiness.
Exercises also allow planners to evaluate the effectiveness of previously conducted tests andtraining activities.
Devolution
Devolution is the capability to transfer statutory authority and responsibility for essential functions from an agency’s primary operating staff and facilities to other employees and facilities.
Reconstitution
Reconstitution is the process by which agency personnel resume normal agency operations from the original or a replacement primary operating facility.