1 / 29

BCP/DRP Consultancy Project- An approach

BCP/DRP Consultancy Project- An approach. By D V Ramamohan Global Head of IT Consultancy Practice 3i Infotech Ltd. Agenda. Overview of BCM- BCP/DRP ? Approach to Execution of BCP/DRP Assignments Interaction. What is BCM………….

erma
Download Presentation

BCP/DRP Consultancy Project- An approach

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. BCP/DRP Consultancy Project- An approach By D V RamamohanGlobal Head of IT Consultancy Practice3i Infotech Ltd

  2. Agenda Overview of BCM- BCP/DRP ? Approach to Execution of BCP/DRP Assignments Interaction

  3. What is BCM………….. • Business Continuity Management is an holistic management process that identified potential impacts that threaten an organization and provides a framework for building resilience and capability for an effective response that safeguards the interest of its key stakeholders, reputation, brand and value creating activities. • Business continuity means maintaining the uninterrupted availability of all key business resources required to support essential business activities.

  4. What is BCP/DRP? The difference between business continuity and disaster recovery is not a ‚what' but a ‚whose'. This holistic view of business continuity management differs from what many managers traditionally term Disaster Recovery Planning which has been closely, if not solely, associated with information technology. By changing the focus, the emphasis is placed on the whole business, not just on technology issues alone. This reinforces the concept of continuity of all key processes, extending beyond information technology systems, important though they are in modern business.

  5. Threats to Availability DATA CORRUPTION COMPONENT FAILURE APPLICATION FAILURE USER ERROR MAINTENANCE SITE OUTAGE Why BCP-DRP….

  6. Goals of Disaster Recovery Planning • Disaster scenarios and Recovery Strategies: • “Building on fire / Shambles” • Alternate Site, Hot site vendor, Data vaulting • Facility stands inaccessible • Remote connectivity, tape libraries • Facility accessible, physical failure • Redundant systems, HW Vendor SLA’s • Facilitate & equip operational, logical failure • Standards, Documented procedures, security

  7. Why DRP?.....Few statistics • Major disasters: • 9/11attack, UK bombings, Flooding in Mumbai, Earthquake in Indonesia • Other statistics: • % of Hardware failure • % of Operational error • Cost per hour of downtime? - $ 78000 • Average incidents per hour? 9 • Hours per incidents? 4.2 hrs • Downtime cost per year? $ 2,970,000 (Research shows 80%) Source: Contingency Planning Research conducted on 450 fortune 1000 companies

  8. Let us execute an DRP assignment…

  9. What will be scope of work Subjects: IT Systems/Applications/Data Data Centre/Facilities/Services People Technical/Functional: Disaster Recovery Strategy and Solutions Disaster Recovery Plan and Procedures Implementation Guidance to implement proposed solutions Testing the Plan Training

  10. What will be the deliverables…. Business Impact Study Analysis and Risk Assessment Report Disaster Recovery Strategy vis-à-vis Scenarios DR Solution Architecture DR Team Organization and Roles Disaster Recovery Plan and Procedures Setting up Disaster Recovery Site, if need be Test Plans/ Mock drills reports Maintenance Plan Training

  11. What should be the Approach…….. Project Management Methodology: • Your own…. • Kick off meeting • Execution • Closure meeting Execution of assignment: • Step one: Key IT Assets identification and RA • Step two: Business impact analysis (BIA) • Step three: Design continuity treatments • Step four: Document the Plans • Step Five: Implement continuity treatments • Step Six: Test and maintain the plan • Step Seven: Training

  12. Step one: Key IT Assets identification and RA

  13. Asset identification… • Obtain/inventory the key assets • Hardware • System Software • Applications • Data • People • Facilities/Services • Perform Risk Analysis • Qualitative • Quantitative • Judgemental

  14. Risk Assessment and Management Asset Identification And valuations Identification of vulnerabilities Identification of threats Asset Identification And valuations Business Riks Rating/Ranking Of Risks Level of Acceptable Risk

  15. Step Two: Business Impact Analysis

  16. Business Impact Analysis • Establish the Organization’s Recovery requirements • Requirements defined by Business Units • Identify and Define Critical Business Processes • Identify Systems • Identify Recovery Timeframes and Recovery • objectives for each process • IT Department’s involvement is the enabler for the • Plan

  17. Step Three: Design Continue treatments

  18. Recovery objectives Wks Days Hrs Mins Secs Secs Mins Hrs Days Wks Data Loss (Recovery Point Objective) Downtime (Recovery Time Objective) Clustering Mirroring / Replication Backup Restore from Disk Vaulting Restore from Tape

  19. Step Four: Document the plans

  20. Document Plans • Organization of the Teams • Detailed Procedures – Technical & Manual Workarounds • Emergency Response Flow • Emergency Contact Lists • Crash Kits

  21. Business Continuity Committee (Management Authorization) Execution Teams BCP Team Leader BCP Spokesperson Internal Auditor Emergency Action Team Damage Asst. & Salvage Team Relocation Team IT Team Admin, Security & Support Team Operations Team BCP Team Organization

  22. Documentation should cover Risk Management Environmental Management Emergency Management Crisis Management IT Disaster Recovery Knowledge Management Facility Management Human Management Supply Chain Management Security and Privacy Health and Safety Communications PR Enterprise business process, people and technology

  23. Step Five: Implement Continue Treatments

  24. Step six: Test/Exercise the plans

  25. Test/Exercising the Plans • Controlled Test of Procedures • Structured Walkthroughs • Desktop Tests • Simulation Test • Partial Technical Tests • Full Scale Tests • Allows Management to understand: • Inaccuracies • Omissions • Apply Lessons Learned • Revise Procedures & Incorporate into the Plan

  26. Step six: Training…

  27. Training………. • Create Corporate Awareness of Developed Plans • Team needs to be made knowledgeable of their role • Training Primary & Alternates Contacts • Awareness on task handling (JD) for Team “Management Support is Key for any BCP-DR Activity”

  28. Few websites… • www.pas56.com Guide for BCM • www.thebci.org for BC Guidelines • www.bsi-global.com for BS25999 (Replacement of PAS 56) • www.iso.org/iso/catalogue_detail?csnumber=41532 for ISO/IEC 24762:2008

  29. Interaction

More Related