1 / 34

Business Continuity Planning

What is a Disaster?. . Natural DisasterTornadoes, severe winter storms, earthquakes, fires, dam failure, (floods and water leaks are statistically the number one threat), etc. Man-Made DisastersDisgruntled employees/spouses/significant othersDisgruntled StudentsHazardous material spills Ter

anila
Download Presentation

Business Continuity Planning

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Business Continuity Planning

    2. What is a Disaster?

    3. All Kinds of Disasters

    4. What is Disaster Recovery?

    5. As a Leader in your College PROTECT YOUR REPUTATION Why Should You Develop A Business Continuity and Disaster Recovery Plan?

    6. Protect the Organization’s Assets People, Equipment, Information (Data), Financial Minimize damage and loss Minimize confusion, indecision Instills confidence in staff and public Ensure employee and student welfare and safety Disaster Plan may be used for daily activities A Business Recovery Plan saves TIME and MONEY responding to disasters Deal with the media in an appropriate fashion Expedite the return to “business as usual” Why Should You Develop A Business Continuity and Disaster Recovery Plan?

    7. Plan for Proper Decisions “If You don’t know where you’re going, you’re liable to end up someplace else” - Yogi Berra

    8. Business Continuity Planning Methodology

    9. CONDUCT A BUSINESS IMPACT ANALYSIS A management level analysis that identifies the impacts of losing the entity’s resources. The analysis measures the effect of resource loss and escalating losses over time in order to provide the entity with reliable data upon which to base decisions concerning hazard mitigation, recovery strategies, and continuity planning. RECOVERY ANALYSIS

    10. UNDERSTANDING Business Impact Analysis(BIA) Describes the business functions at the process level Identifies critical equipment (all the equipment you need to operate in disaster mode) Frequency of operations/functions Continuously, annually, daily, weekly, etc. Identifies periods of high volume Financial, operational and service impacts identified Considers if job descriptions and operational procedures exist Sets business process priorities RECOVERY ANALYSIS

    11. UNDERSTANDING Business Impact Analysis(BIA cont.) RECOVERY ANALYSIS

    12. UNDERSTANDING Business Impact Analysis(BIA cont.) Identifies Function’s Interfaces and Interdependencies Identifies automated or manual transactions from other applications or systems Internal departmental – external companies (input-output) Identifies if written manual procedures exist Are they tested? Are associates trained to use them? Is extra staff required for later data input or job function? Number of Employees in Department Number of shifts, which is most important? Does each shift perform the same function or task? Considers the minimum number of people needed to accomplish tasks in Disaster Mode? RECOVERY ANALYSIS

    13. Backup and Restore of Information NO DATA NO RECOVERY Business Continuity Methods

    14. Information Media Recovery Microfiche “SHOULD” be backed up and stored OFF-SITE Paper Records Use fire proof filing or fire resistant filing cabinets Use an imaging system Critical stand alone pc’s are they backed up? Backup nightly - critical files to network storage, tape, or CD/DVDs *be careful while conducting incremental backups. Severs and Storage Networks - Is the IT department doing their job right? Are nightly backups tested?, Offsite storage, NAS (network attached storage, SAN (storage area networks) Off-Site storage facility should be used for paper documents, CDs, Tapes, etc. (test your storage provider ask for a backup tape periodically) Fire proof vault for cash, checks, blank checks, contracts, insurance policies, etc. Business Continuity Methods

    15. RECOVERY ANALYSIS QUESTION What is the best way to recover from a Disaster?        

    16. RECOVERY ANALYSIS ANSWER Never have one in the first place!         CONDUCT A RISK ASSESSMENT

    17. RECOVERY ANALYSIS How to Prevent Disasters Identify Hazards That May Cause A Disaster Mitigate The Identified Hazards

    18. RECOVERY ANALYSIS CONDUCT A RISK ASSESSMENT Identifies vulnerabilities and ranks hazards/threats Examines all possible risk sources…physical security, systems security, facility, location, surrounding area The report will prioritize findings and recommendations for mitigation consideration GFI’s LanGuard and Microsoft’s Security Assessment Tools are recommended starting points for computer security risk assessments COLLEGE RISKS WORKSHOP When students submit an application, where does their personal data flow and is it protected? When people are hired, how is their personal data transmitted from human resources to payroll and other departments, and what is being done to protect their information?

    19. RECOVERY ANALYSIS CONDUCT A RISK ASSESSMENT Some Items To Assess   Uninterrupted Power Supplies and Power Generators In a secured location, Is it tested regularly Fuel contract (refill after testing) and a major supplier of fuel and an alternate     Fire Suppression System Wet or dry pipes Fire extinguishers and usage training

    20. RECOVERY ANALYSIS CONDUCT A RISK ASSESSMENT Items To Assess Physical facility security Electrical power grid feeds Telecommunication central offices used Multiple voice and data communication providers routing through same central office Evaluation of data center and network security vulnerabilities Virus protection,trojans, worms, adware/spyware detection, unnecessary open ports and services being used on servers and workstations and network equipment, identify opportunities hackers would use to attack your network Physical facility security, backup validation and off-site storage rotation schedules Evaluate the security of vital records and one of a kind documents Insurance (do you have enough and the right coverage)

    21. DETERMINE RECOVERY STRATEGIES Alternate site arrangements Communications and network equipment Unique and/or irreplaceable equipment Resources: staff, operations support, office supplies, life support (food, water, shelter) Emergency relocation costs Unique and/or irreplaceable equipment Environmental and off-site requirements Identification and suspension of non-critical functions or tasks Implementing manual processing functions and tasks (is this realistic in the aftermath?) Recovery facilities should be at least 30-60 miles away from the primary site Consider different power grids and telecom points of presence RECOVERY ANALYSIS

    22. DETERMINE RECOVERY STRATEGIES Use internal methods when possible - use your own facilities first Alternate site arrangements Hot Site: Vendor Hot Site, Shared Hot Site, Company Owned Hot Site, Mobile Facilities Service Bureau, Office or Warehouse Space, Reciprocal Agreement, Equipment Leasing, Drying Companies and Emergency Cleaning Companies Cold Site, Warm Site, Work Area Recovery (Call Centers, Mail Room, Specialized Equipment) Networking and Telephone Considerations Continuous and High-Availability Mirroring, Replication, Clustering E-Vaulting, Disk to Disk (SAN, IP SAN, NAS, ATA) Collocation Facilities Grid Technology - supports distributed processing connecting multiple organizational sites, devices and platforms transparently, Grid is designed to assist in recovery from system failures RECOVERY ANALYSIS

    23. Business Continuity Planning Plans Must be DOCUMENTED Invisible Plans don't work

    24. Developing the Business Continuity Plan   Bring the research, analysis, strategies, procedures and recovery team assignments together Tasks managed and controlled at the Command Center location Contains recovery team(s) information Detail the entire emergency response/crisis management process Contains contact information and notification procedures Detail tasks and responsibilities Further identification of critical operations, functions and/or computer applications and how they will be recovered Specify business process recovery and restore requirements Specify software recovery and hardware configuration requirements Specify off-site storage location for your data and vital documents     Business Continuity Methods

    25. Developing the BCP (cont.)   Detail recovery task sequence and functional interdependencies Identify everything that might be needed to perform part of the process: teams of people, equipment, transportation, support items, support providers, etc. Contain all procedures that might be used in the recovery process Contain a list of all vendors, service providers you will need to support your recovery strategies Contains a list of critical customers to contact Contain standard forms (POs, Blank Checks, Travel Advances etc.), supplies and documents Moving from Disaster Mode to Normal Business Continuity Methods

    26. Developing the BCP (cont.) Scenario Based Planning Plan for worst case disasters first (smoking hole) Scenario Based Plans Manage day-to-day risks that may become disasters DETAILED recovery procedures developed to mitigate lacking recovery strategy Business Function examples Work at home/telecommute, trailers, office space, operating procedures, machinery and equipment. Information systems Wiring and networking closets, hubs, routers, software failures, switches, firewalls, disk drives, power outages, turnkey systems, data communications and network security breaches Business Continuity Methods

    27. Plan Exercising – The Plan is Alive Before any recovery plan can be considered complete, it must be validated. Plan testing is a “practice recovery;” it allows you to validate the strategies, procedures and recovery team structures documented in your recovery plan. Plan testing normally consists of a mock disaster scenario or moving your critical applications to an alternate facility. We recommend that your recovery teams participate fully in the plan rehearsal, to validate team structures and responsibilities. Business Continuity Testing

    28. Business Continuity Planning Lifecycle and Plan Maintenance

    29. Budget for it Ask Emergency Manager Federal Grants – State Grants Homeland Security Money U.S. DEPARTMENT OF HOMELAND SECURITY ANNOUNCES EIGHT PERCENT INCREASE IN FISCAL YEAR 2008 BUDGET REQUEST State Colleges should apply for grants to accomplish Business Continuity Planning for Equipment and Plans. Many grants give Colleges money to educate on topics concerning Homeland Security however do not allocate money for actual Business Continuity Planning. HOW DO I GET FUNDING?

    30. Business Continuity Planning Federal Guidelines Continuity of Operations (COOP) COOP provides guidance on the system restoration for emergencies, disasters, mobilization, and for maintaining a state of readiness to provide the necessary level of information processing support commensurate with the mission requirements/priorities identified by the respective functional proponent. This term is traditionally used by the Government and its supporting agencies to describe activities otherwise known as Disaster Recovery, Business Continuity, Business Resumption, or Contingency Planning. Continuity of Government (COG) COG ensures the command and control of response and recovery operations as well as continuance of basic governmental functions. Key governance functions include legislative activities and the capability for elected officials to convene and operate in a safe location in accordance with local requirements.

    31. Business Continuity Planning Federal Guidelines NFPA 1600 Standard on Disaster/Emergency Management and Business Continuity Programs 2007 Current Edition Published by: FEMA, NEMA, IAEM, Establishes a common set of criteria for disaster management emergency management, and business continuity programs.

    32. Business Continuity Planning Guidelines National Incident Management System (NIMS) System recommended by Local, State, Federal Government Officials for managing many types of disasters. Incorporate NIMS into the Command Center Guide portion of Business Continuity Plan so the College Disaster Manager can speak the language of Emergency officials like Fire Department, Emergency Medical Technicians, Police and Bomb Squad.

    33. Business Continuity Planning Guidelines WHEN PRIVATE PLANS GO PUBLIC Many College,Universities and Government agencies have parts of their disaster plans available for ANYONE to see via the internet. Templates and ideas are available Security Breach (keep plans, status of plans and ideas for plans off the internet)

    34. Business Continuity FAMILY FIRST PEOPLE RECOVER FROM DISASTERS NOT COMPUTERS!

    35. Discussion – Thank You

More Related