Emergency Response, Business Continuity - PowerPoint PPT Presentation

1 / 24

About This Presentation

Title:

Emergency Response, Business Continuity

Description:

Business Continuity Planning - The process of developing advance arrangements ... This is a component of the Business Continuity Management Program. ... – PowerPoint PPT presentation

Number of Views:100

Avg rating:3.0/5.0

Slides: 25

Provided by: nys5

Category:

more less

Transcript and Presenter's Notes

Title: Emergency Response, Business Continuity

1
Emergency Response, Business Continuity
Disaster Recovery

Fitting It All Together

NYSICA October 22, 2007
2
Why Have a Business Continuity Management Program?

There have been many examples in recent years
that illustrate an organizations need to plan
for an interruption of business as usual
Severe Weather Events
Power Interruptions
Workplace Violence / Attacks
Pandemics
White Substance
9/11

Is your agency fully prepared to respond to these
types of events?
3
Terminology

Some Definitions or Common Components of a
BCMP
Emergency Response Planning - The immediate
reaction and response to an emergency situation
commonly focusing on ensuring life safety and
reducing the severity of the incident
Business Continuity Planning - The process of
developing advance arrangements and procedures
that enable an organization to respond to an
event in such a manner that critical business
functions continue with planned levels of
interruption or essential change.
Disaster Recovery Planning -The management
approved document that defines the resources,
actions, tasks and data required to manage the
technology recovery effort. This is a component
of the Business Continuity Management Program.

BCP Glossary http//www.drj.com/glossary/drjgloss
ary.html
4
Program vs. Project

A project is an episodic, one time event with a
defined start and finish.
A Program is an on-going function requiring
Executive Sponsorship
a Policy and Mission Statement,
an Organizational Structure with defined Roles
and Responsibilities,
Executive Sponsor reporting relationship
Dedicated resources and budget

BCMP requires a Program, not a Project!
5
Ownership

A Business Continuity Management Program is the
responsibility of Executive Management.
They have ultimate responsibility for the
organizations assets and are accountable to the
stakeholders, employees and customers.
Historically, Business Continuity was owned by
Information Technology because the focus was IT
Disaster Recovery. The scope is much broader
now.

Business Continuity and Disaster Recovery are NOT
Synonymous
6
BC Planning a Professional Discipline

Certifications offered through 2 organizations
Disaster Recovery Institute Intl (www.drii.org)
The Business Continuity Institute
(www.thebci.org)
Various levels of Certification (Associate to
Masters)
Similar in Concept to PMP Training for Project
Managers

Executives must recognize that BC Planning
requires specialized skills
7
Establishing a Business Continuity Management
Program

Issue a Policy Statement and Charter
Define your budget
Hire Qualified Resources
Consulting Support with built-in Knowledge
Transfer
Permanent Staff with BCP Skills and Abilities
Assign and Train dedicated Resources
Various Training resources including local,
online

Success requires qualified, dedicated resources!
8
Methodology

Once you establish a Program, the next step is to
initiate a Project with the goal of developing a
Business Continuity Plan.
How?

By following the 10 Professional Practices for
developing Business Continuity Plans.
Business Continuity is a Professional Discipline
9
The 10 Professional Practices

Pre-Planning
Project Initiation and Management
Risk Evaluation and Control
Business Impact Analysis

Planning
Developing Business Continuity Strategies
Emergency Response and Operations

Source Disaster Recovery Journal / Disaster
Recovery International
10
The 10 Professional Practices contd

Post-Planning
Developing Business Continuity
Training and Awareness
Maintaining and Exercising Business Continuity
Plans
Public Relations and Crisis Communications
Coordination with Public

Source Disaster Recovery Journal / Disaster
Recovery International
11
Risk Assessment and Vulnerability Analysis

Identify potential vulnerabilities that could
impact your ability to provide services identify
mitigation measures.
Produce a Risk Assessment Report for Management
Review and Approval
Management must either implement mitigation
measures, implement additional controls to reduce
or eliminate the threat, or accept the risks.

12
Examples of Risks

Physical Security Lacking
Confidential Data Unprotected
Lack of Formal Security Awareness Training
No BC or DR Plan for Mission Critical Functions
Lack of Awareness or Training on BC/DR Plan
Standard Operating Procedures Out of Date
Lack of Redundancy for Network Communications

How many exist within your Agency?
13
Business Impact Analysis
Process involves extensive interviews of Subject
Matter Experts and Organizational Assets to

Identify the Agencys critical business functions
(and dependent processes) considering

Statutory Requirements
Economic Impact

Health Safety Issues
Time Sensitive Nature

Document Recovery Time Objectives for each
mission critical business function. The RTO is
the period of time within which business
functions must be recovered after an outage.
RTOs can vary greatly from hours to days, weeks.

14
Business Impact Analysis contd

Identify the resources (personnel and other)
required to deliver those critical functions
Prioritize the recovery of the critical business
functions
Identify Internal AND External Dependencies
(vendors, partner agencies, service provider)

Get Executive Management Approval and Buy-In of
RTOs!!!
15
Summary so far

What do we know so far?

the potential risks to our organizations
business, and their probability
Executive Managements tolerance for the risks,
and their desire to mitigate / accept them
The Agencys critical business functions, and the
timeframes in which they must be restored
The resources that must be available and the
dependencies that must be resolved to enable
recovery

Now we understand the requirements!
16
Developing Recovery Strategies
Identify Business Recovery Strategy Options for
Critical Staff

Identify facility size and environmental
requirements
Options to Consider
Alternate Agency or NYS Owned facility
Mobile Recovery Trailer
Reciprocal Agreement with other organization

REMEMBER Critical Staff for Critical Functions
at Acceptable Service Levels
17
Developing Recovery Strategies

Identify viable IT recovery strategies based on
various criteria including RTOs, cost, and other
constraints to restore business and IT operations

Hot-Site, Warm-Site, Cold- Site
Drop Ship
Self-Recovery
Agency Reciprocal Agreement

Recovery Costs are directly proportional to
Recovery Time Objectives
18
Emergency Response

Prevent / Minimize injury to personnel, damage to
structures, assets. Establish your ability to
respond.

Establish Roles and Responsibilities, and
Emergency Response procedures and document them
Establish the Emergency Operations Center(s)
Train those involved
Prove the validity of your plan through exercises

Have you ever had an emergency preparedness
exercise at your agency?
19
Developing Business Continuity Plans

Develop Continuity Plans for all organizational
units involved in delivery of critical functions.

Document the Organizational structure, roles
responsibilities, staff contact information
Document Vital Records
Document Contingency Plans to deliver services
(manual workarounds)
Document contact information for Vendors,
business partners, customers
Build Staging Kits to be placed offsite

How will THE BUSINESS UNIT respond to an incident?
20
Post Planning Practices