Upload
ngodang
View
218
Download
0
Embed Size (px)
Citation preview
Info-Tech Research Group 1
Info-Tech Research Group, Inc. Is a global leader in providing IT research and advice. Info-Tech’s products and services combine actionable insight and relevant advice with
ready-to-use tools and templates that cover the full spectrum of IT concerns. © 1997-2012 Info-Tech Research Group Inc.
DRP
World Class Operations - Impact Workshop
Info-Tech Research Group 2
Beyond Practical Research – Workshops Get You To Results
Workshops: Leverage Best-Practices Research and Get to Action
• Unlike other Research firms, we believe it’s important to help our members implement improvements.
• An onsite 40-hour workshop, which allows you to make systematic improvements to your core processes.
• Workshops are designed to help focus attention, create alignment, and ensure best practices are put to work at your organization.
• Our workshops help you get to immediate impact and results and are tailored to your situation and needs.
Workshops: Focused on You Implementing Improvements
• The goal of each Capability Optimization Workshop is to create tangible benefits
and clear improvements as a direct result of the workshop.
• Specific deliverables, goals, metrics, and outcomes are established for
each workshop.
• Successful workshops will leverage our years of analyst experience and
written research to provide an engaging experience which focuses
on implementing and getting to measurable results.
• Each workshop begins by diagnosing the current state, and then
focuses on designing high impact improvements based on
best-practices research.
• Three and six month follow-up will occur to ensure benefit realization.
ITRG Workshops provide the best-practices and implementation support necessary to help an IT leader build a World Class IT Operation
Capability
Optimization
Workshop
Diagnose
Current
State
Right-
Sizing
Process
Process
Design
Measuring
Benefits
Implementation
Support
Info-Tech Research Group 3
Common DRP challenges include:
Misalignment with business needs, leading to higher costs or under-provisioning.
Focusing on major disasters, and lacking an appropriate response to less obvious disasters.
Lack of testing, and therefore lack of confidence in the plan.
No analysis of what’s required to improve recovery times.
Outcome of this workshop:
DR requirements grounded in a business impact analysis.
Incident response procedures for minor to major events.
Gap analysis derived from step-by-step DR walkthrough.
DR technology and process improvement roadmap.
DRP
Close the gap between your DR capabilities and service continuity
requirements.
Info-Tech Research Group 4
This workshop is broken into 5 days to develop a plan to meet DR and service continuity objectives
Name Goal List of deliverables
Module 1 Assess the current
state
Identify mission critical
applications and current DR
challenges.
• Prioritized list of critical applications.
• Critical applications and dependencies
topology diagrams.
• Workshop goals/current DR challenges.
Module 2 Determine recovery
time requirements
Determine the cost of
downtime & corresponding
RTOs/RPOs.
• Strategy for conducting a BIA.
• Estimated costs of downtime.
• Recovery objectives (RPOs/RTOs).
Module 3 Close the technology
gap
Prioritize technology
investments required to
meet RPOs/RTOs.
• Risk/impact analysis.
• DR capability gap analysis.
• DR technology plan.
Module 4 Close the process
gap
Modify processes to
minimize risk and reduce
downtime.
• Incident response plan.
• Escalation timeline from event to DR.
• Process gap analysis.
Module 5 Validate technology
and process changes
Use tabletop testing to
validate planned
technology and process
changes.
• DR technology and process validation.
• BCP considerations.
• Action items and scheduled follow-up.
Info-Tech Research Group 5
1.0 Assess the current state
1.1 Identify mission
critical business activities
and applications
Define criteria for “Mission
Critical”
Map mission critical
business activities
Identify the supporting
mission critical applications
1.2 Identify system
dependencies
Map mission critical (“Gold”)
system dependencies
Repeat for a tier 2 (“Silver”)
application
1.3 Identify current DR
capabilities and
challenges
Understand high availability
vs. fast failover vs. restore
from backups
Identify organizational DR
processes and capabilities
Identify DR capabilities for
specific mission critical
applications
Identify current DR
challenges
Info-Tech Research Group 6
2.0 Determine recovery time requirements
2.1 Understand BIA goals
and benefits
Walk through a BIA example
Identify BIA goals and
benefits
Develop a strategy for how
to include the executive
team in the BIA process
2.2 Estimate the business
impact of downtime
Determine availability
requirements
Estimate costs of downtime
(e.g. lost sales, reduced
customer confidence, etc.)
Compare the BIA for Gold
vs. Silver systems, and
re-assess criticality
Identify legal/compliance or
health/safety impact
2.3 Define RPOs and RTOs
based on business impact
Understand best practices
(e.g. RPO/RTO tiers)
Prioritize dependencies that
impact data and define
RPOs accordingly
Compare Gold vs. Silver
RPOs and RTOs; are they
appropriate?
Prioritize dependencies
based on importance, and
define RTOs accordingly
Info-Tech Research Group 7
3.0 Close the technology gap
3.1 Use tabletop planning
to identify current DR
gaps
Review tabletop planning –
what is it, and how is it done
Walk through a DR scenario
Perform a gap analysis
between current and desired
RPOs/RTOs
3.2 Identify risks of failure
in your infrastructure
Assess risks-of-failure (e.g.
identify single points of
failure)
Estimate impact of failure
(e.g. risk of data loss, or
affecting other systems)
Prioritize risks based on a
defined risk tolerance
breakpoint
3.3 Create a DR
technology plan
Prioritize investments to
meet DR gaps and address
risk areas
Estimate costs
Create an implementation
timeline (e.g. a 3-year plan)
Perform a gap analysis
between current and desired
RPOs/RTOs
Info-Tech Research Group 8
4.2 Align service
management guidelines
with DR requirements
4.0 Close the process gap
Create a step-by-step plan
from assessment to
recovery
Define criteria and a
procedure for restoring
normal operations
Create Emergency
Response Teams (ERT)
4.1 Create an incident
response plan that closes
your DR gaps
Bridge the gap between
service management and
DR for less-obvious disaster
scenarios
Update severity definitions
and escalation rules to meet
DR timeline requirements
4.3 Identify other process
gaps that impact service
continuity
Minimize risks of downtime
by formalizing IT processes
Create a plan to address
process gaps
Focus on usability and
maintainability in your
process and reference
documentation
Create a formal DRP using
Info-Tech’s DRP template
(takeaway exercise)
Info-Tech Research Group 9
5.0 Validate technology and process changes
5.1 Use tabletop testing to
validate suggested DR
changes
Walk through a DR scenario,
assuming process and
technology changes have
been implemented
Perform a gap analysis: are
the proposed changes
enabling you to meet
RPOs/RTOs?
5.2 Lay the foundation for
business continuity
planning
Revise your planned
technology and process
changes as needed
5.3 Workshop wrap-up
Workshop re-cap and
feedback
Assign prioritized action
items for process and
technology changes
Assess existing business
continuity capabilities.
Enable continuity during an
IT outage (e.g. modify
business processes, etc.)
Identify business continuity
risks beyond IT (e.g.
suppliers, people,
documentation, etc.)
Schedule a 3-month
check-in with Info-Tech to
review progress and answer
follow-up questions
Info-Tech Research Group 10
Related tools and documents
This workshop includes the following tools and templates, in addition to this presentation, to
enable you to plan technology and process changes to meet your DR requirements:
Business Impact Analysis (BIA)
Tool
DR Planning and Monitoring Tool
DR Technology Investments
Prioritization Tool Severity Definitions and Escalation
Rules Template
DRP Workbook
• Determine application/system criticality, the business impact of
downtime, and corresponding recovery point and recovery time
objectives.
• Document your incident response plan and to monitor the status of each
task if the plan is invoked.
• Score technology requirements to help you prioritize what should be
done first and create a timeline for implementing changes.
• Review example of severity definitions that include disaster scenarios
and escalation times based on system criticality and DR requirements.
• Consolidate all workshop activities into one workbook.
Info-Tech Research Group 11
DRP Workshop Key Outputs
Five Key Outputs to be produced during the Workshop:
1
2
3
4
Business Impact Analysis (BIA) Tool
• Use this tool to determine application/system criticality, the business impact of downtime, and corresponding recovery point and recovery time
objectives
DR Planning and Monitoring Tool
• Tail Use this tool to document your incident response plan and to monitor the status of each task if the plan is invoked.
DR Technology Investments Prioritization Tool
• Use this tool to score technology requirements to help you prioritize what should be done first and create a timeline for implementing changes.
Severity Definitions and Escalation Rules Template
• Use this template as an example of severity definitions that include disaster scenarios and escalation times based on system criticality and
DR requirements.
DRP Workbook
• A collection of the input forms used in this workshop for whiteboard exercises.
5
Info-Tech Research Group 12
DRP Workshop: Built on World Class Research, Experience, and Standards
Research Process
• Team with over 30 years experience.
• Over 2,800 hours of research.
• Based on primary and in-field
research.
Tools & Templates
• 150 page Research Report
• 15 in-depth activities and exercises
• Business Impact Analysis (BIA) Tool
• DR Planning and Monitoring Tool
• DR Technology Investments
Prioritization Tool
• Severity Definitions and Escalation
Rules Template
• DRP Workbook
• More...
COBIT 5
• Grounded in open international
standards.